Tuesday, April 19, 2011
Hacking and Corruption have close Parallels
There is a close parallel between hacking and scams that are emerging as India rises to rid itself of chronic corruption in its system. In an earlier post “Fake Pilots a Big Threat to India’s National Security “I wrote about pilots getting licenses on altered marksheets. Since then every few days a fake pilot has been arrested. The first time money was exchanged to alter a pilot mark sheet, it was a scam but afterwards it became an accepted way of life facilitated by officials themselves who deliberately hassle or fail aspiring pilots. The scam becomes the norm and even competent individuals who normally would not indulge in such practices are forced to comply. Obviously not many realized that when the scam is exposed, they would suffer the consequences. Exploiting loopholes or bypassing regulation has been a key catalyst for sectoral corruption. Violation of FSI (Floor scale index) or environmental norms in real estate is an example. Such corruption is dangerous for the people who buy these properties. On paper its all clear, but when the truth is unearthed it is a different story. The very sad part about corruption is that the upright person who does things the correct way suffers.
Hackers operate in a similar way. There are few hackers with a sophisticated understanding of technology who are able to uncover vulnerabilities in code and then create code called exploits which exploit this vulnerability. This code is made freely available on hacker sites or sold for a fee to be used by amateurs to gain entry to websites, server, and desktops. In a similar but different way are code snippets called viruses or worms. These have a life of their own. They are created by an expert programmer to exploit one or many such loopholes and are built with the ability to self propagate. Using the network or transferred through files and USB drives these self replicating code propagate through IT systems causing loss of data, outages in IT systems or seeding desktops with more potent malware.
The biggest challenge today is the elimination of these loopholes or vulnerabilities through better processes, accountability, audit, and better software development practices. As consumers and buyers we should demand secure code from the vendors as we demand accountability from those who indulge in corruption. Today, the money earned from corruption is many times more that that earned by hacking but this will change in the next five to ten years. Software product vendors and developers should heed and take steps now.