Schneier’s Unbelievable Quote about Iraqi Hackers
Late last week I noticed an article, “Hackers attack Iraq vulnerable to cybercrime,” in USA Today. The article said that the Iraqi government has increasingly been using computers, but these computers are not very well protected because protection is simply not a very high priority at this particular point in time. Consequently, a number of Iraqi hackers are breaking into Iraqi government computing systems, despite that fact that American cybersecurity companies have been hired to harden many of these systems. The article went on to say that hackers have gained access to a considerable amount of sensitive information, including email messages and addresses of a large number of security officers who work for various ministries within Iraq (e.g., the Ministry of the Interior and the Ministry of Electricity and Communications). Several Iraqi banks have also fallen prey to such attacks. One hacker has repeatedly defaced Iraqi government Web sites, leaving derogatory messages aimed at US President Bush in addition to messages that call for the US to withdraw from Iraq.
The article included several quotes from Bruce Schneier of British Telecom. Schneier is quoted as saying: “There are hackers in Iraq. That’s fantastic. It implies a level of normalcy I didn’t know was there. If Iraqis can be hackers, it means they have food, shelter and clothing, and they’re not terrified for their lives.”
I must admit that I was very surprised by Schneier’s comments. If I read them correctly, the fact that hacking is occurring is according to him a sign that things are getting better in a country that has been undergoing hardship such as the hardship that the war in Iraq has imposed upon the Iraqi people. I suppose that in some arcane way Schneier is correct, but given that his statements convey a positive attitude towards hacking, I do not feel that he should not have said what he said.
Hacking is illegal in the preponderance of first and second world countries. Hacking costs organizations untold amounts of money every year and frequently endangers the public because of potential interference with plant process control and safety systems. Hacking that leads to identity theft has caused undue anxiety and financial hardship for literally millions of individuals around the world over the last few years. Furthermore, the money gained from hacking too often falls in the hands of wanton criminals.
Giving any kind of “attaboy” to Iraqi hackers or anyone else who gains unauthorized access to systems is aiding and abetting the enemy. Accessing systems without authorization is not noble, civilized, or in any way cute, nor engagement in such activity in any way healthy or normal. Hackers are parasites and plunders; they lower the quality of life and cause waste of money that could have otherwise been used to care for the sick, feed the poor, and educate young minds. Information security professionals must at a minimum eschew hacker activities and, accordingly, take a strong stand against them. I thus hope that Schneier, one of the most outstanding of all information security professionals, will retract his statements. Alternatively, perhaps Schneier was misquoted, as so often happens during press interviews. Let’s hope that the latter is instead the case.