Thursday, January 27, 2011

"My account got hacked"

Some bite-sized wisdom from Jeremiah Grossman:

Funny how people, "my account got hacked," rather than "someone hacked into my account", like they think getting hacked is an act of nature.

I had a good laugh, but it's got me wondering... given how frequently attacks occur online, maybe it really does make sense for people to conceptualize attacks as something that just happens as opposed to something more akin to "that guy robbed me." Makes it easier to deal with somehow, or perhaps easier to accept that there will likely be no retribution?

And more disturbingly, does this "act of nature" approach to hacking explain the general public's sometimes apathetic response to routine privacy violations, both online and offline?


Zygo said...

"Someone hacked my account" is less efficient language than "my account got hacked." The former introduces a distracting and irrelevant third party into the statement, who probably cannot be usefully discussed further. The intended message is "my account was compromised, and it's all you need to know or I want to talk about," and adding a "someone" just invites "someone who?"

Terri Oda said...

Now I want to hear the longer comment about sea monsters. ;)

But yes, it is more efficient language, and we say something similar with other crimes "I got mugged" "my luggage was stolen" so maybe it doesn't really mean much at all. Still an amusing thought exercise and a funny statement, though!

Zygo said...

OK, one more try...

The other thing that struck me was the term "act of nature". When I think of account compromise, I think "act of robots."

It is actually scary to think about real, live human beings attacking me. Of course I realize that there's at least one person behind each of the thousands of automated attacks that fail each day, but that person usually isn't the one attacking me, their hordes of software agents are. Software agents aren't scary to me at all--I can watch their futile probing all night if I'm having trouble sleeping.

If you use terms like "virus" and "worm" to describe malware, then a botnet--a large creature consisting of self-replicating cells driven by an intelligence that lurks under the visible parts of the Internet looking for inexperienced captains or crews--might seem like an archetypal sea monster.

I don't believe in sea monsters, because I'm an archetypal oceanographer. I know the ominous thumping on the bottom of my boat is some prat with a remote-controlled submarine, and it would normally not occur to me to describe an encounter with one in any other terms.

So "My boat got wrecked!" is what you'd tell your friends and colleagues who might be wondering what happened to your boat. "Something wrecked my boat!" would be what you state on your insurance claim. "The boat was hijacked by a RoboSquid CVE2010-0442 exploiTorpedo, then directed to play Viagra ads loudly through the PA system while driving erratically through the harbor until it collided with a pier and segfaulted" would be what the insurance adjuster writes on their report.