Jacques Mattheij

Technology, Coding and Business

The rise of the destructive programmer

In the early days, even if the fruits of the labour of programmers could be used for destruction (for instance, to compute the trajectory of a missile) the work itself was as far as I can see always creative.

Codebreaking, a long time programmer pastime is all about reading or at least being able to read, and so not about destruction. Even if it may appear that way on the surface, especially with the word ‘breaking’ in there.

For quite a few years this situation persisted, programmers made stuff and the world used it.

And then something changed.

I think it started when money first got directly involved. Some programmer in a bank somewhere figured out that rounding errors are an excellent source of income if the number of transactions is large enough. Nobody would ever miss all those half pennies. But that was an inside job and an easy one at that. That person is probably still alive and living the good life on a tropical island. As victimless crimes go it even has a certain charm.

But it still was a crime and it inspired many others: easy money through programming skills, no need to mess with guns and it’s easy to make a clean getaway (most of the time…).

Over time, as more and more of the world turned digital and more of the worlds wealth was stored in and transferred through networked computers criminals figured out that they wanted a piece of the digital action.

And instead of learning how to do the work themselves they decided to hire others to do the dirty work for them, which was by far the easier route.

As long as networks were relatively small, proprietary and well guarded this was really hard and highly skilled work. After all the number of attackers was fairly small and the number of defenders was larger and they usually had access to better equipment and hopefully more knowledge. Break ins were few and far between. But they did happen and there wasn’t a bank or other agency that used computers with dial up lines (even if only for back-up of their leased lines) that didn’t experience attempts, sometimes successful to penetrate the defenses.

Little by little the situation reversed from a time when the defenders had the advantage to one where the attackers had the advantage, sometimes even a significant one.

The targets are no longer just banks or other hardened institutions. With the rise of global networks and then finally the internet and the worldwide web the amount of loot that was laying around increased exponentially. Lots of those fruits are hanging low enough that even entry level petty crooks could get a slice of it. Either on servers set up in an insecure way but processing signifcant volume of e-commerce and credit card transactions or even softer targets, such as homecomputers with buggy software administered by non-tech people and mobile phones. All of them conveniently linked by a unified architecture spanning the globe.

Destruction has always been easier than creation, and unfortunately in the digital world it isn’t much different. Making glass, floating it to make flat sheets, cutting those to size and finally framing it are all expert jobs that take lots of study and lots of knowledge. Any idiot can throw a brick through a pane of glass.

The early computer criminals at least had some skills. Nowadays computer criminals are the equivalent of packs of kids throwing rocks through panes of glass. The rocks are conveniently provided by those with skills in easy to use kits. Enough of them can easily cause significant economic damage to bring down a business. Denial of service (the digital equivalent of arson) on an e-commerce site is far easier to do than to break in to the servers, and just as effective. You wouldn’t want anything to happen to your revenue stream now, would you? So pay up or be destroyed.

Impressionable kids, maybe for the first time able to show off their sometimes amazing skills are being turned into a force worth reckoning taking this to a whole new level. And then there are tons of loners. People that try to make a buck off their fellow human being, either through outright theft or by redirecting the flows of money into their own pockets without anybody being the wiser. Spammers, scammers and other pests are using those same skills that could be used for creation for destruction instead. And there are lots of them.

I can see why it works. If you’re a gifted kid and you get a chance to make some money by using your skills your first reaction is likely to jump at it. Especially if you’re living in a poorer country where the money you can make in this way is a large multiple of what you could make in an honest way, a creative way.

And so the legions of the destructive programmers will continue to grow, attracted by the vast riches that are hanging like ripe plums for the picking from the vines of the web.

Maybe there is a way to turn the tide, to give these people an alternative, a way to make money comparable to what they’re making on the dark side. There has to be a way in which all those skills can be put to a good use, one that we all benefit from. And then maybe we’ll be able to reduce the ranks of the destructive programmers, and to turn all that brainpower towards creation.

Of course there is a small army of security professionals that do what they can to balance the equation but I think in the longer term the advantage will shift further and further towards the attackers. If only because the incentives are getting ever higher, and the chance of getting caught and convicted is relatively small. Smaller than if you were to steal an apple at a grocery store.

We will need to deal with this, sooner or later. And preferably sooner or we may find that authorities will use this low-key cyberwar as leverage to enact all kinds of idiotic laws to protect us. These laws will likely have absolutely no effect on the problem but they will have an effect on the lives of ordinary citizens.

HN Submission/Discussion
If you read this far you should probably follow me on twitter: