Hackers are Time Magazine's 2016 Person of the Year: Why

This fall, hackers took millions of Americans offline by remotely controlling a large number of Internet-connected devices, such as baby monitors and digital video recorders, to send spoofed network traffic in a flood attack. Over Thanksgiving weekend, the San Francisco Municipal Railroad was shut down after an IT administrator reportedly clicked on a false link embedded in a malicious email.

In 2016, hackers took aim at American democracy itself. The presidential campaign teetered on the brink of a steady stream of leaked documents and emails in a series of sophisticated digital intrusions. While there was no indication that the voting machines used by 128 million American voters on November 8 were rigged, the question of whether they might have been rigged was raised repeatedly and slowly became a certainty.

What’s important is that, in a country where every vote is supposed to be taken seriously, the past 12 months have taught a powerful lesson: a few lines of malicious code can reveal so much.

The distinction between good and bad, and the moral ambiguity in between, exists.

who are they?

Who are they? “Some 400-plus-pound guy sitting in his bed,” as Donald Trump put it in the first presidential debate. Are they punks in black hoodies? Are they slobs with dark circles under their eyes in windowless rooms?

Security researchers have shown in recent years that the truth is worse than imagined. There are good and bad hacker groups, some sponsored by a country or terrorist organization, some are freedom fighters, truth seekers, anarchists, tinkerers. There are also criminal bosses and, of course, even salarymen. A recent survey of 10,000 hackers in the United States, the United Kingdom and Germany found that the average annual salary of hackers is $28,744.

A hacker group held an entire Los Angeles hospital hostage in February, demanding a total of $17,000 in ransom to restore employee access to email and patients' electronic health records. The average ransom demand for individuals who want the hijacked information returned was $679 in 2016, double the average price last year. The FBI estimates that ransomware, a program that infects a computer or network and holds the data hostage until a fee is paid, will generate $1 billion for the saboteurs this year.

According to British insurance company Lloyd's, hackers have cost businesses at least $400 billion worldwide, a figure that is certainly underestimated. Because hackers have much longer activity cycles than regular criminals, it is likely that the biggest breach of the year has not yet occurred. This huge uncertainty has prompted a boom in the cyber defense, cyber forensics and cyber insurance industries, which are expected to be valued at $200 billion by 2020.

Besides money, what other costs are we paying?

However, money is not the point of the problem. The most important thing is the vulnerability and uncertainty caused by it. Think about Stuxnet, a computer worm jointly developed by Israeli and US intelligence agencies seven years ago to invade Iran's nuclear program. Its main purpose was not to destroy laboratory equipment, but to undermine Iran's confidence.

“The intent of the operation was to shame them if the project failed,” one American participant told The New York Times in 2012. In a way, even if you’re not building centrifuges in Iran, or making a Hollywood blockbuster, or sending nude selfies, all hackers have the same power over you: to shame.

The Democratic Party has suffered heavy losses this year. In the most notorious breach since Watergate, hackers stole thousands of pages of documents from the Democratic National Committee, the Democratic Congressional Campaign Committee, Hillary Clinton's campaign and the Gmail account of the committee's chairman, John Podesta.

Then, using a network of online allies like WikiLeaks and a fake website called DC Leaks, the gathering of information about the breach seemed designed to maximize the Democrats’ progress. WikiLeaks published a database of Clinton campaign emails that was easily searchable and gave the news media one story after another, from the focus test of Clinton-style jokes to Podesta’s preferred method for cooking creamy risotto.

Truly explosive revelations are few and far between. But that’s not the point. In this type of conflict, the hackers’ goal is to provide the media with distracting but harmless information and, more importantly, to question the integrity of the electoral system.

"As you can see the US presidential election is becoming a farce." Hackers claimed they had hacked into the Democratic National Committee (DNC) after its chairman was forced to resign ahead of the July meeting.

When the DNC asked Irvine, California-based CrowdStrike for help, the cybersecurity firm traced the hackers to two groups, Fancy Bear and Cozy Bear. CrowdStrike said the first group was secretly affiliated with the GRU, the Russian military’s main foreign intelligence agency.

The other was tied to the FSB, the successor to the KGB. By the fall, the U.S. government seemed to agree, formally charging Russia with cyber-hacking the Democratic Party and alleging that Moscow was trying to “interfere” in the election.

Espionage and disinformation have a millennia-long tradition in political management. During the Cold War, both the Soviet Union and the United States interfered in foreign elections.

How to fight back?

How to fight back, now that the encryption surrounding Pandora's box has been broken? Nineteen months ago, CIA Director John Brennan announced the most sweeping overhaul of the agency in its 69-year history, largely motivated by cyber threats.

On December 1, the FBI and other law enforcement agencies gained a powerful new legal tool that expands their ability to search multiple computers, phones and other devices across the country and even overseas using a single warrant. At the same time, private companies will do their part to emphasize user security awareness and make disclosures of breaches more transparent.

The more fundamental challenge is that the free information on which entire societies depend is now on the offensive. At the national level, it is unclear how the United States can project its power elsewhere in the world, because there is no equivalent to battlefield power in cyberspace. Nor are the rules of engagement defined. Last year, China and the United States signed an agreement that appears to have reduced government-led hacking, but the treaty’s effectiveness in the digital battlefield may be limited.

And the retaliation is growing. In December, Russian officials said the hacking of their banking system was retaliation by the United States for its meddling in the election. The country's central bank said hackers had managed to steal 2 billion rubles, or about $31 million, this year. No one has publicly said who they are or why they did it.

Where can we find refuge in this extremely uneasy modern situation?

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.