By David Lyon
Hack, hack, hack, hack, hack, hack, hack, hack. Are you sick of this word yet? I am.
The media have never had much flair for reporting matters of a technical nature. Whether this is because the public have no stomach for the required level of detail or is simply the latest concession to our current diet of theatre over fact is anyone's guess.
As someone who works in the field of IT, however, I always bite my tongue whenever the word 'hacked' comes up. Formerly a word with a fairly pedestrian and technical meaning, it now seems to be a sell-out word for hire; a mercenery who will be whatever you want it to be so long as the price is right.
When Gary McKinnon logged into a US Department of Defense computer by doing nothing more than using details that he'd correctly guessed, it was reported as a "hack". When a long list of celebrities had their voicemail accessed due to unethical journalists entering the default security PIN of '1234', it was a "hack".
Now Yes Scotland has been subject to a "hack".
While the act of illegally accessing someone's data remains completely unethical and unmistakably illegal, the reporting of these stories do not accurately convey the real dangers and threats that exist in the technical world.
From the media's perspective, 'hacked' seems to be a hand-wave way of saying 'something technical happened, but we don't know or care what'. They might not know, but they should certainly care, as they are verging on misinformation with the current approach.
Factually, the word "hack" misrepresents the nature of what has actually taken place. If we briefly analyse the connotations and perception of the word, most people would be left with the impression that this is an aggressive unilateral act; that one may employ some kind of force or method and use it to access another individual's property at will to their own devious or malicious ends.
These stories sell partly because the scenario has a clearly defined victim and perpetrator that people can safely form an emotional attachment to. They form a stereotypical 'victim' and 'criminal' image. The victim is helpless and hurt by the act; the perpetrator irresponsibly committed the act. Motive? Selfish gains. The victim comes off whiter than white and the perpetrator quite unmistakably 'wrong and bad'.
To introduce facts into these matters requires an adjustment to this simplistic and naive picture.
There is no such thing as a unilateral 'hack'; you cannot 'break in' to a computer. You cannot simply pick an individual and access their personal details on a whim. There is no appropriate amount of 'force' that will break into a system. There is no 'method' that will circumvent any and all security.
In short, it is all vague nonsense designed to cultivate a bit of unhealthy fear. Fear is the other selling point of these articles; the reader feels that the scenario seems probable and 'could happen to me'.
There is an unreported accomplice involved in all of these scenarios, however: the unwitting victim. The celebrities who perhaps didn't change the access code on their voicemail from the default of '1234'; the US Department of Defense employee who possibly had a blank password.
Does this detail change the unethical and illegal nature of the acts and the perpetrators? Absolutely not. Does it affect the factual quality of the reporting? Absolutely so.
These unhelpful headlines might catch eyes and ears, but they contribute to a culture of misunderstanding within the non-technical audience; misunderstanding that leads to unnecessary fear and panic for their own security.
We may or may not find out what exactly happened at Yes Scotland in the forthcoming weeks. At the moment, we do not have enough information to draw any conclusions as to the degree of sophistry employed in the act (or lack thereof), nor if it involved a technical 'hack' or the password simply being purchased from an unknown source.
Either way, the word 'hack' has to be gouged out of the journalistic dictionary. Find a better word (or words) that more accurately convey what is happening. 'Illegally accessed' carries less drama but will still evoke the requisite morbid curiosity in your readership. 'Sniffed' is a real technical word that will leave the audience scratching their heads.
Perhaps in the absence of any grown-up words, 'phished'?
On the other hand, I suspect that the first lamb of factual reporting in this manner would be the readers' interest. Gone is that easy 'good vs. evil' line between the perpetrator and victim. Reality just isn't that simple. The nuance found in accurate reporting is the enemy of the feeding frenzy that is the goal with these kinds of stories.
In light of this, I'm not sure we can blame the media for avoiding the sort of accuracy that I'm driving at. Is the real problem here that we secretely enjoy a good piece of theatre more than the boring news of mundane real-life where nothing is as simple as Good vs. Bad?
Perhaps all of this; perhaps none of it.
Perhaps we need to change first.
At the end of the day, I hope that the individual who illegally accesed the Yes Scotland mailbox is prosecuted for it and brought to justice. A security audit wouldn't go a miss, either.
In the spirit of this article, we will be publishing a guide in the near future for our readers to manage their online security. Stay tuned.