Going After 'Hacktivists'

In the past few months, hackers like Anonymous and Lulz Security have claimed responsibility for breaching what were thought to be secure websites. But law enforcement seems at a loss to stop them. To help navigate through the web of cyber crime, Robert Siegel talks to Hugh Thompson, chief security officer at the software protection company People Security and adjunct professor of computer science at Columbia University.

ROBERT SIEGEL, Host:

To help us navigate through the web of cyber crime, joining us now is Hugh Thompson, chief security officer at the software protection company People Security and also adjunct professor of computer science at Columbia University. Welcome to the program.

D: Oh, thanks for having me.

SIEGEL: Here's a hypothetical case which happens to not be so hypothetical. Some hacker or a group of hackers break into the NPR computer system. First, just for starts, is that a crime? If so, do we know what crime it is? And who's trying to investigate that crime?

D: But to your hypothetical, one of the laws that prosecutors may use in their arsenal is the Computer Fraud and Abuse Act, which is a relatively recent piece of legislation that targets and covers computers that are in the federal interest.

SIEGEL: So if the NPR computer were in the federal interest, somebody could prosecute somebody for doing that. But what if they said: You know, it's just a radio network. It's not in the federal int-- It's not a dot.mil operation. Is it a crime for somebody to poke around in our computers?

D: And I think what we're dealing with is a big lag between the speed with which technology has moved, and the lumbering speed of the legal process.

SIEGEL: Let's talk a little bit about Anonymous and Lulz Security. What do we know about these groups? What do we know about their motives for hacking into places?

D: So Anonymous falls into this category loosely defined as hacktivism. So folks that believe in a cause and are using hacking as a new means of expression to forward that cause.

SIEGEL: We're talking about groups that hack into government or private enterprise computers just because they're there, because it'd be a fun thing to do.

D: Yeah, it's interesting. It seems that there's a division. So there are hacktivists, which I'd say Anonymous mostly falls into that category. So they have a set of goals, ideals, principles, and they use technology as a means of expressing those ideals.

SIEGEL: But what are those ideals? What are those goals?

D: Generally, they tend to support WikiLeaks, support free speech, support your ability to tinker and modify hardware and software.

SIEGEL: Laughing at Your Security Since 2011.

(SOUNDBITE OF LAUGHTER)

SIEGEL: What do you make of this idea of hacker vigilantism, and hackers saying we're good hackers and we'll go and get the bad hackers?

D: So they don't like Sony because Sony went out and prosecuted somebody that tried to manipulate the hardware and repurpose it, which Sony discourages. They seem to like Sega, because the Dreamcast allows you to make modifications; many people have. So it is a just a fascinating time.

SIEGEL: Hugh Thompson, thank you very much for talking with us.

D: Thanks so much.

SIEGEL: Mr. Thompson is chief security officer at People Security, and he's an adjunct computer science professor at Columbia University.

Copyright © 2011 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.