The View

Greasing the wheels with hackers in cyberspace

Starbucks, which itself is busy developing various apps and other cyber devices, is displaying much less of a welcome to talented hackers who spot software vulnerabilities than companies in Silicon Valley

PUBLISHED : Wednesday, 24 June, 2015, 9:35am
UPDATED : Wednesday, 24 June, 2015, 9:35am

Have you heard of Egor Homakov? Well, neither had I until learning of how he discovered a vulnerability in the Starbucks loyalty card system allowing online hackers to extract cash from the company.

Homakov, who works for an outfit called Sakurity, which deals with issues like this, promptly reported his findings to Starbucks, which responded with threats of legal action rather than gratitude for his help. Mind you what more could be expected from a company that specializes in selling unnecessarily complicated sugary drinks yet claims to be a coffee specialist.

Starbucks, which itself is busy developing various apps and other cyber devices, is displaying much less of a welcome to talented hackers who spot software vulnerabilities than companies in Silicon Valley. Over there some of the biggest names, including Microsoft, Facebook and Google, have been offering rewards to hackers who identify these vulnerabilities and they do so without asking too many pointed questions about how these people managed to penetrate their systems.

In fact both the rewards to hackers and the scope of companies offering big money is, if anything, expanding. This raises a wider question of how businesses should deal with people and organisations that skate close to the fringes of the law, not necessarily crossing the line but are most definitely somewhere in the borderlands of legality.

And this is a problem not confined to the corporate world as we have recently seen in revelations that the Australian government has been paying off people smugglers to ensure that their boats are turned away from Australia’s shores. Defending this action Prime Minister Tony Abbott said: ‘We’ve done the right thing, we’ve done the moral thing, the decent thing, the compassionate thing. We’ve stopped the boats by doing whatever is necessary within the law to stop the boats’.

Abbott may well be exercising a liberal interpretation of what is within the law but the fact that remains that despite its dubious legality his government’s actions seems to be working.

The same goes for the companies paying off hackers who may argue that they are not holding corporations to ransom with the knowledge they have acquired on system vulnerabilities but will only divulge this information after receiving substantial rewards.

There is both a moral and legal dilemma here and it is one that companies face to greater and lesser degrees all the time. Anyone who has done business across the border will be giving a knowing nod by now as they have confronted issues of this kind on an alarmingly regular basis.

How are permits to be obtained, building licenses to be secured and all manner of other licenses to be granted without some official being paid off? Even beyond the plethora of the Chinese licensing system there are all manner of inspections, interactions with the police and so on that are made a lot easier with the transfer of funds.

Bigger companies often claim that their hands are clean in this respect but closer examination of their operations shows that middlemen are used to sort out problems like this. The middlemen run legitimate companies and the corporations paying them studiously avoid asking whether their facilitation efforts involve bribery. In all events they are careful to avoid a direct relationship with corrupt officials.

It is pretty much common knowledge that this kind of thing goes on. Off the record companies will tell you that they are faced with a simple choice: either pay up or have no business.

There is no glib solution here but it is yet another example of the harsh reality of the business world where vivid colours are often replaced by shades of grey.

The bottom line is that what might be described as ethical considerations are fine and dandy but at the end of the day practical imperatives dictate a blurring between lines dividing the ethically sound and ethically questionable.

The dilemmas that arise from this ambiguity are hardly new; indeed in Hong Kong levels of petty (and not so petty) corruption prior to the establishment of the Independent Commission Against Corruption meant that local businessmen confronted this problem on a very regular basis. Hong Kong is not exactly squeaky clean these days but at least the worst excesses of routine petty corruption have been eliminated.

What interests me is that in the modern age of business the ancient dilemmas of how far it is possible to go to facilitate business have simply moved off the streets and into cyberspace where the people with an ability to hold businesses to ransom can do so from a perch in front of a computer screen and legitimize their activity with a whole new host of terminology, often employing the word ‘consultancy’.

My oh my how things have changed, but only in form, hardly in substance.


Stephen Vines runs companies in the food sector and moonlights as a journalist and a broadcaster