“Someone who sets out to crack the security of a system for financial gain is not a hacker at all,” Brian Harvey, a lecturer at University of California, Berkeley, wrote in a 1998 essay about computers and ethics. “A hacker is an aesthete” who dabbles in the darker science for higher rewards, and journalists ought to know the difference.
That fine distinction seems to have been obscured by time and an explosion of computer data theft. So there was no need to beat around the bush in the San Francisco Business Times’ headline last week: “Hackers Break into CSU East Bay Server, Steal Personal Data.”
The California State University school said that hackers stole the names, addresses and Social Security numbers of 6,037 people, mostly faculty and staff members who had been with the school between June 2001 and August 2013. Around 500 people had their birth dates stolen, too.
The hack apparently occurred last year but was only discovered in August. There have been no reports of identity theft related to it.
Officials at CSU East Bay, which has a main campus in Hayward and satellite campuses in Concord and Oakland, know the drill for handling computer breaches. The school discovered an earlier, similar-sounding hack in January 2006, affecting 2,200 then-current and former faculty and staff stretching back to 2001. That data included names and Social Security numbers, too.
The school, then as now, told potential victims how to obtain their credit reports and put fraud alerts on their accounts. It also assured them in 2006, “The university took strict measures to reduce the likelihood of this incident occurring in the future and is exploring options for improving the level of security for storage of protected information.”
The Cal State hack is a minor incident in comparison to breaches recently announced around the country. Security expert Brian Krebs reported on his website last week that Home Depot had suffered a colossal breach affecting customers at nearly all of its U.S. stores. Krebs said the breach could be bigger than Target, where hackers stole 40 million debit and credit card numbers. Stolen credit card information is already turning up for sale on the Internet, he said, although Home Depot is still investigating the hack that may have occurred as far back as April.
Also last week, in an ominous gesture that could portend rough times ahead for Healthcare.gov, the Obamacare website, hackers breached a test system, which, in the words of a government spokesperson, “was made possible by several security weaknesses.” No personal data was reported taken.
And, of course, there is the infamous iCloud computer breach that flooded the Internet with private naked celebrity photos that turned out to be not so private. The method used for busting through Apple’s flimsy security was published at a popular computer code repository called GitHub by a couple of Russian techs who were shocked to see their hack of AppleID used for nefarious purposes.
“Stealing private ‘hot’ data is outside of our scope of interests,” they wrote at their website. “We discuss such methods of hacks in our narrow range, just to identify all the ways how privacy can by abused.”
In other words, they are aesthetes, who warn of hackers who are not aesthetes:
“For everyone, who was involved in this incident, I want to remind, that today we are living in Brave New Global World, when privacy protection wasn't ever so weak, and you have to consider, that all your data from ‘smart’ devices could be accessible from Internet, which is the place of anarchy, and, as result, could be source of undesirable and unfriendly activity.”