Within the tech world, there is something known as a Chaos Monkey. It is a software tool that simulates chaos and uncertainty, rampaging through a system pulling at cables and kicking computers. Simulate big problems so you can prepare for them; that’s how the thinking goes.
Chaos Monkeys are tame – they are a tool employed by network administrators to make their systems safer and more stable. However, 2016 was a year when it seemed like the Chaos Monkeys had broken out of their cage, throwing a lot of online life into fearful instability. Why? Because 2016 was also the year of the hacker, and they wrecked havoc.
Hacking is the unauthorised entry into a system – an internet burglary, a cyber-trespass. The tools of a hacker are many, but whether through scanning, cracking, sniffing or spoofing, Trojans, loggers, viruses or phishing, hackers touched almost every part of our collective lives the past year.
Hackers rocked the sporting world. Just as the cheers and applause were fading from the Rio Olympics, the World Anti-Doping Agency (Wada) confirmed that a group called the “Fancy Bears” used a technique called “spear phishing” to access confidential databases, by sending highly-targeted emails to WADA, probably laced with malicious code. The campaign was called #OpOlympics and they released confidential athlete information onto the internet to, in their words (they have a website), expose doping cover-ups.
Hacking was no less significant in the commercial world. Also in September, Yahoo! disclosed that hackers had stolen information – names, email addresses, security questions, phone numbers – from 500,000,000 people. Half a billion. The actual hack happened two years earlier, but it looks like Yahoo’s hand was forced when some of the data was dumped on the dark net, sold by a user called “Peace of Mind”, resulting in the eye-watering number of affected users receiving exactly the opposite.
Hacking hit health care too. The personal data of 550,000 blood donors was accessed, possibly stolen, from the Australian Red Cross, including details of their “at-risk sexual behaviour” and names and addresses.
The hackers also targeted peoples’ romantic and sexual lives. After the enormous hack of the Ashley Madison website (“discreet encounters made easy”) in 2015, this year the adult dating service FriendFinder was hacked, exposing the private details of more than 400,000,000 accounts. Brazzers, a pornography site, also had 700,000 emails hacked.
But perhaps the most consequential hack of 2016 came at its end, during the United States presidential election. More than 19,000 emails were stolen from Democratic Party officials. They showed Democratic National Committee officials conspiring to press Bernie Saunders on his atheism, calling each other “damn liar”, “scummy”, and referring to donors as “clowns”. It caused the resignation of DNC chairwoman Debbie Wasserman Schultz. The US Intelligence Community formally pointed the finger at Russia, saying they were “confident that the Russian government directed the recent compromises of emails from US persons and institutions”.
Stealing data is nothing new, but weaponizing confidential information for political ends, used for so-called “influence operations”, certainly is.
The fact, both sad and scary, is that this article could be 10 times the length, and still not cover all of this year’s hacking incidents. Minecraft, Banner Health, Interpark, Telegram, Three, Weebly, Wendy’s, Verizon, Anthem, VKontakte and the National Childbirth Trust all sustained unauthorised disclosures. It has happened to banks, websites, telecommunications companies, retailers, restaurants and governments, for almost any reason you can imagine: financial gain; public embarrassment; political manipulation; or simply for “teh lulz”.
These, of course, are just the ones that we know about. Each was a huge and deliberately public disclosure of data. Each was necessarily sophisticated and most were alleged to be backed by states. Increasingly it is our opinions that are also the target of hacking, as perpetrators try to skewer the reputations of their targets.
But for most people affected, it isn’t the headline-grabbing, earth-shattering hacks that matter. It is the grubby, day-to-day hacks that pass uncelebrated but nonetheless ruin lives. It is the passwords that are guessed, or the malicious software – much of it freely available on forums – introduced crudely onto laptops. Hacking isn’t only done by sophisticated criminal cartels or shady parts of intelligence services, it’s also done by embittered ex-boyfriends, jealous co-workers and online stalkers, and most of it passes unremarked upon.
The basic way the internet is designed, to be fast, open, frictionless, makes it inherently vulnerable to attack. At its idealistic origin, the collegial engineers worried more about how to get the internet to withstand a nuclear war, not about how it might be itself offensively used. They thought they were designing a giant lecture hall, not a bank, hospital, sex shop and a shopping mall wrapped into one.
It is a global network with no checkpoints, tariffs, police, army or regulators. Hundreds of billions are spent on computer security, but the threats just keep getting bigger. I don’t know who will be attacked in 2017, or how, but hacking will get wider, wilder and more influential. The Chaos Monkeys aren’t getting back into their cages yet.
Carl Miller is the research director at think tank Demos in the UK.