The Guardian report that electronics giant, Sony, had been subjected to a cyber-attack from a "hacktivist" group called Anonymous. Sony allege that Anonymous stole names, email addresses and phone numbers of 25 million of its gamers, and that debit card details of customers in Western Europe were compromised during the attack. They claim that they are the victims of a cybercrime.
Criminologist, David Wall, classes hacking as a true cybercrime, as it only takes place within cyberspace; it could not ordinarily exist in the real world, were it not for the technology. I can see how Sony might feel upset and disturbed by this attack. Perhaps it might explain why it took them 2 days to inform the US authorities of the breach and a further 4 days to tell their customers about it. It might also explain why they failed to attend a House of Representatives hearing on potential legislation for notifying the authorities of cyber-attacks that risk the loss of sensitive information. Now, the cynic in me might ask whether there might be other financial reasons why they failed to disclose this information, but, no, I can see that they were still in shock and loss, and that they were afraid to go out in case they were mugged and lost data all over again...hmmmm.
The real world victims are those customers who have had their data compromised. With Sony's track record of coming forward, there may be more than they have admitted to. Returning to Wall's typology of cybercrime, the theft of online details would be described as a hybrid cybercrime; identity theft and stolen debit/credit cards are a part of the everyday, real world crimes that people fall victim too. However, technology makes it easier for these types of crime to occur, as there is more scope for these types of crimes to take place.
The alleged perpetrators, Anonymous, are said to have conducted a separate, denial-of-service attack a couple of weeks earlier, in response to a civil hearing that Sony are taking against another hacker. Members of Anonymous are also thought to have been behind bringing down Mastercard, Visa and Paypal after pulling their services from Wikileaks. If Anonymous are responsible for the data theft as claimed by Sony, then there seems to have been a significant shift in their normal MO.
Many questions remain. Why might only customers from Western European countries be at risk of having their debit card details stolen? Why did Sony fail to disclose these attacks earlier? Why is it taking so long to implement cyber security legislation?
Away from this story, more general questions arise. What happens to the data that we provide online? Who receives my data?Where is my data stored? Why do companies need as much information as they do? Why do I need to register with them?
Perhaps one answer lies in the close relationship that commerce and government have. Big Brother Watch report that Tom Tom have sold location gathering data to the Dutch authorities for a significant profit. Effectively, each Tom Tom has a GPS unit that tracks each person's road use. Customers were told that the tracking system was an integral part of navigating through traffic. Every single Tom Tom user's information was then aggregated to provide a detailed plan of road use in the Netherlands. The Dutch Authorities have now passed this on to the Police, who have now set targeted speed traps, thereby increasing their revenue stream. Tom Tom deny any prior knowledge of how this information would be used. Apple, too, have recently been accused of keeping track of their customer's whereabouts.
Therefore, it seems that what is important in discussing cybercrime is the power to define it. True cybercrimes, such as hacking, only normally affect powerful state and commercial technologies. Governments and business are therefore better placed to say what cybercrime is and who perpetrates it. Of course, governments will ensure that citizens take other cybercrimes, such as paedophilia, seriously, as this is a traditional cybercrime that everyone knows of. However, the misalignment in power relations between consumers, and the corporations and the state, means that they divert consumers' attention away from their cybercrimes. Passing on consumers' personal details, without asking, is theft. That, too, is a cybercrime.
No comments:
Post a Comment