Why the World Won't Heed Hackers' Security Lessons

Francois Cousteix

Yesterday, the FTC admonished Twitter with a gentle wrist-slap, following its breach of security in 2009. The same day, on the other side of the Atlantic, one of its persecutors, a 23-year-old Frenchman called Francois Cousteix, aka Hacker Croll, was given a suspended jail sentence in a court in Clermont-Ferrant, central France. His defense--the same that all hackers use--was that he was doing it for the common good, to alert people to the dangers of using either "0000," "12345670," "katyperry," "katyperryishawt," or even "password" as their password.

So, why don't people do something creative when it comes to setting security on their web accounts? Not a week goes by without one of the big companies falling foul to hackers--it's happened to Yahoo!, it's happened to Google, and, most recently, it's happened to Apple and AT&T--and, if you'll remember the last example, what did the hacker cite as his motivation? Performing "a service to our nation." On closer inspection, perhaps not.

I've learned--the hard way--that it's wise to be brutal about changing your password regularly. A break-up turned an ex of mine into a password cracker, and I didn't discover the damage until six months later. Now I couldn't tell you how many different passwords I've got, and how often I change them. (There is, it has to be said, a problem with remembering them sometimes--a coding bug at FastCompany last month saw me changing my password three times a day and I resorted to Post-Its on my monitor to recall them.) But this is why the majority of net users don't do this--it's just too hard to remember everything--imagine older Internet users trying to remember the latest iteration of their password--as well as just what it was they sat down in front of the computer to do.

One would have thought that Twitter, a large, successful company, filled to the gills with Internet-savvy people who know that a mixture of letters, numbers--in short, gobbledegook, is what a site needs. Remember, however, the whole ethos of startups. A bloke in a garage. Two blokes in a Big Yellow storage firm. Two blokes, a girl, and a dog in the back office of their dad's Botox clinic. When you're starting up, you just do something that's quick and easy. And then you get big, and you forget to change it.

So, shit happens on the Internet. Each time a case like this hits the feeds, you'd have thought people would wise up. But they don't. There's probably a certain amount of "Oh, it'll never happen to me"-ness about their attitude, but the truth is, it does. Hell, if it can happen to the most powerful man in the world, then it can happen to us.

I'd like to add a little postscript to this post. I seriously toyed with heading the piece "Why Do Hackers Lie to Us?" the idea being that they always say that they're doing it for everyone's benefit (the This Is Going To Hurt Me More Than It Will Hurt You defense? Scrubbing up their Miss World credentials? (Yeah, I'd like to organize a Rollerskate for World Peace Demo on Facebook, too. With fluffy animals and disadvantaged children.)

But hackers do lie to us. Hacking is binary dishonesty, that's all, and the way hackers justify their actions is just egregious. It's like nicking your bike to tell you that your bike lock doesn't work.

But maybe, at the end of the day, we have the last laugh. After all, Francois Cousteix is about as average a hacker as you're going to find. He lives with his mother. He's unemployed. His social skills are probably lacking. Hell, I bet he's never even kissed a girl--and if he did, unlike Katy Perry, he probably didn't like it.

Add New Comment

0 Comments