The Hacker Playbook (Joshua Cummings)

Cyber Security In Our Culture

As technology evolves and becomes more apparent in our everyday lives so do the methods used by criminals evolve to target this new technology. Computer hacking is becoming much more popular among criminals seeking to achieve wealth, serve an agenda, or simply to cause grief. The global accounting advisory firm, Grant Thornton, estimated the cost of cyber-attacks in 2015 to be over $315 billion.^[1] The impact of these attacks are clearly generating widespread concern over the matter.

As companies, governments, and other organizations are becoming increasingly aware of this threat they are working more diligently than ever to prevent future attacks. Gartner, a technology research firm, estimated an annual increase in information security spending of 4.7% to $75.4 billion in 2015.^[2] It is increasingly evident that organizations are taking extreme measures to prevent cyber-attacks.

Banning Details

Original Letter from the CDCR

In September 2015 Peter Kim posted on social media that he had received word that his book was banned from all California prisons. The book, entitled The Hacker Playbook: A Practical Guide to Penetration Testing, informs the technically educated reader of efficient ways to conduct system penetration testing. The California Department of Corrections and Rehabilitation (CDCR) stated in their letter that the book was banned from all California inmates stating:

“Your publication contains explanations on how to modify the functionality of a computer system, damage operating systems, and/or descriptions of how to sabotage or disrupt computers, communications, or electronics, which poses a threat to the safety and security of our institutions”.^[3]

This isn’t the first time a prison has reacted to the use of cyber-security related literature. In June of 2012 an inmate in Texas was banned from using computer and instant messaging systems at the prison after ordering a copy of the information security handbook Hacking Exposed. Although the book was written by three renowned security experts, the title alone seemed enough to cause the institution to deny the inmate access to computer systems.^[4]

Although there are many books written in the area of cyber security, the only two to raise concern use the word hack in the title. This raises questions as to whether the books were specifically called out for use of this word in the title rather than their subject matter.

The Term Hacker

Although the term hacker may refer to a variety of users and professionals, its use by popular media has caused the term to develop primarily negative connotations. Popular media has used the term to describe individuals who use computers or other electronics in a criminal sense. However, the term is actually used by those in technology to refer to a wide range of individuals.

The term hacker originates from MIT in the early 80’s when it was used to describe someone who was working on a tech problem (AKA hacking). Current professionals, users, and experts use the term to refer to someone who is an expert in the field of computers, regardless of the individuals intent. Unfortunately, because of usage by the popular media, the term has primarily negative connotations to those outside of the technology sector.^[5]

Why The Book Is Criticized

Cyber security experts are required to understand the ways in which cyber criminals go about attacking a system. They even regularly attack their own company’s system in order to find any ‘holes’ that they can patch. In other words, security experts need to “think like a criminal”.

“As other ethical hacker books state, do not test systems that you do not own or do not have permission to scan or attack.” (Intro-Disclaimer)

Although the book is meant to be used by ‘ethical hackers’ to analyze systems in which they have authority to do so, it could be used by the unethical to attack systems and steal data. Therefore, in addition to the word hack being used in the title there are some legitimate concerns over the content of the book.

Fear Of Cyber-Attacks

In the summer of 2014 JPMorgan Chase & Co. was victim to one of the most severe cyber-attacks in history. Over the course of 2 months, data from 76 million households and 7 million businesses was compromised. Hackers accessed customer names, addresses, phone numbers, email addresses, and internal information relating to users.^[6]

Another major attack, this time on the Target Corporation, led to the compromise of over 40 million credit cards and the theft of personal information, e-mail, phone numbers, etc. from as many as 110 million people. The attack occurred over the 2013 holiday season and is marked as one of the biggest retail cyber-attacks in history. In 2015 the company agreed to settle with banks and credit unions, who lost money because of the breach, for $39 million.^[7]

Attacks such as these have led to the fear of cyber-attack among the public. Unfortunately, most don’t understand how IT systems work, and therefore, are unaware of how cyber-attacks work. This wide spread fear has led to the overreaction of organizations.

Conclusion

With cyber terrorism being ranked as the second greatest fear by Americans last year it’s clear that concern is growing by the general public.^[8] Due to this widespread fear and lack of understanding by the majority of the population we may see increased controversy over access to these types of materials in the near future.

References

1. Grant Thornton. Cyber attacks cost global business $300bn+. 22 September 2015. <http://www.grantthornton.global/en/insights/articles/cyber-attacks-cost-global-business-over-$300bn-a-year/>.
2. Gartner. Gartner Says Worldwide Information Security Spending Will Grow Almost 4.7 Percent to Reach $75.4 Billion in 2015. 23 September 2015.<http://www.gartner.com/newsroom/id/3135617>.
3. tweaked540. “Received a letter that my book was banned from California prisons.” /R/MildlyInteresting. September 2015. <https://www.reddit.com/r/mildlyinteresting/comments/3mt2cn/received_a_letter_that_my_book_was_banned_from/>.
4. Sauter, Molly. “Hacking” Strikes Fear in the Heart of Texas Bureau of Prisons. 15 June 2012. March 2016. <https://www.eff.org/deeplinks/2012/06/hacking-strikes-fear-heart-texas-bureau-prisons>.
5. Yagoda, Ben. A Short History of “Hack”. 6 March 2014. <http://www.newyorker.com/tech/elements/a-short-history-of-hack>.
6. Gongloff, Mark. JPMorgan Says Data Breach Hit 76 Million Households. 2 October 2014. March 2016.
7. Stempel, Johathan. Target in $39.4 million settlement with banks over data breach. 2 December 2015. March 2016. <http://www.reuters.com/article/us-target-breach-settlement-idUSKBN0TL20Y20151203>.
8. Bonker, Dawn. “What do Americans Fear?” Blogs.Chapman. 14 October 2015. <https://blogs.chapman.edu/happenings/2015/10/14/what-do-americans-fear/>.