What the heck is hacking? A Guide for publishers in understanding hacking and system design

“Hackers have become scapegoats: We discover the gaping holes in the system and then get blamed for the flaws” –Emmanuel Goldstein

“A hacker is someone who experiments with systems… Hacking is playing with systems and making them do what they were never intended to do.” ­–Dorothy Denning

Hypothetical event: 

“Breaking News: Penguin Publishers Hacked!” read the headlines across news sources on the web and in print.

Publishers, I’d imagine are all shocked, and some competitors may be secretly smirking at the unfortunate event that has befallen the giant book producer. What this event also signifies is the vulnerability of publishers who have their books, financial information and other technological trade secrets online. Hackers sending out false information on behalf of the publishers, selling manuscripts to other publishers under false pretense, and perhaps just the removal of valuable information from their systems.

Many rush to their offices, call their IT personnel—in-house and outsourced—to either strengthen their buffer zone (put up firewalls), or completely remove their businesses from the World Wide Web.

Perhaps not so extreme, but a catastrophic event such as the hacking of a publisher, would send most of the others into frenzy. Much like the several supposed terrorist attacks across the world, and governments’ response to protect themselves and their citizens, so would publishers need to find their own protective, preemptive, and restorative measures to protect themselves from cyber terrorism, or intellectual property theft in the form of hacking.

Even if publishers themselves would not think themselves targets, their publishing partners, such as Amazon could face a similar threat. In this instance, valuable banking transactions, and the personal accounts of customers could be seized.

This scenario is not all that hypothetical. In fact, a recent series of hacker attacks on publishers is raising questions about potential third-party security holes that leave websites exposed to cracks, it was reported What’s New In Publishing Online in September 2014. “Third parties already snagging profits from many publishers by using the publishers’ own data for monetary gain, the news that hackers are using these same third-party JavaScript tags as a way to break into publisher sites feels especially insidious”[1]. The news source site, Reuters and was one of the victims who were infiltrated through third-party partners’ systems to access their data by using JavaScript tags.

“A potential problem with JavaScript tags is that if a platform vendor would not have control or validation over the creative, it could return inappropriate content such as adult material or extremist views[2].”

French newspaper, Le Monde has been the most recent victim. Their Twitter account was hacked allegedly by a Syrian Electronic Army in service to the Syrian president. “Among media sites hit were London newspapers the Daily Telegraph, Independent and Evening Standard. The Canadian Broadcasting Corp and New York Daily News also said they had fallen victim to the hack.[3]

What is also more shocking, or perhaps not, is that nearly 80 percent of publishers said they were ignorant as to which and how third-party companies, like Google and Taboola were accessing their audience data.

Although this scenario is hypothetical, publishers need to understand hacking and its implications.

Hacking and piracy are forms of intellectual property theft, which is described as, “theft of material that is copyrighted, the theft of trade secrets, and trademark violations. A copyright is the legal right of an author, publisher, composer, or other person who creates a work to exclusively print, publish, distribute, or perform the work in public.[4]

As publishers move their business models online to maintain readership numbers and remain relevant among their audience and competitors, they face risk of intellectual property theft.

Intellectual property theft through cybercrime, has become less sophisticated as individuals with minimal programming knowledge are able to purchase software to carry out hacking activities which are immune to firewalls, according to the CIO[5].

Furthermore, intellectual property rights could be considered to be trade secrets that give business a competitive edge. In the publishing industry, the same concept applies. Whatever trade secrets a publisher possess, from editorial, circulation and distribution (operations), advertising and sales, financial information and technological innovations, these needs to be protected under copyright law and intellectual property law.

Publishers that have shifted their business models online possess several types of rights when they acquire an author and eventually sell the book in various formats online. Furthermore, if the book has the potential on becoming a blockbuster film, publishers will most likely have bought secondary media rights to earn revenue from such a platform. It is therefore important for publishers to understand their intellectual property rights when it comes to hacking and piracy.

Hacking, says David Gunkel (2000), “designates an activity that is simultaneously applauded for its creativity and reviled for its criminal transgressions (798)[6]. The concept of hacking is diabolical in understanding for most hosting systems. Hackers, the ones who are hacking, need a host. How they gain access to this host is through a so-called back door that has been left wide open. “Hacking only fixates on and manipulates an aporia, a bug, or back door that is always and already present within and constitutive of the system as such[7].”

By this statement, hacking works like a parasite that feeds off a system that has not taken precautionary measures to secure it completely. “The activities of hacking must be seen as highly attentive and even compulsive responses to specific systems that both call for and make the hack possible in an by their very systems’ design[8].”

What is a system’s design? When one speaks about a system’s design, one is actually referring to system design. This is a term more often coined by computer scientists and engineers. In this case, publishers might consider themselves to not be affiliated with this profession. Rightly so, but it is important to understand what system design involves when publishers so often acquaint themselves with technology and operating their businesses online. This is a fair argument that deserves attention from publishers who have web-based content in various formats, such as EPub, PDF, Podcasts, analytics, websites, and so forth.

To understand system design, one must separate the two terms:

A system, defined by Jim Waldo, Distinguished Engineer at Sun Microsystems, “is a set of interacting parts, generally too large to be built by a single person, created for some particular purpose…Hardware and software that allow the programs on [computers] to interact with each other over a network are systems.”[9] Waldo further explains that deciphering a system requires a look at the layers of that system. The larger the piece of software, the more layers there are in the design, and the more complex the system. He further iterates that design has an ambiguous definition but that more often than not, in computer science, one will discover the design of software by its code. This code could have been created prior to the production of the system or may have evolved with the implementation of the system itself (2006: 2)[10].

Waldo urges training in system design. “If system design is in fact learned as part of an apprenticeship, there are two places that we should expect such learning to take place. The first is in graduate school, where a student can work with a single faulty member, his or her advisor, who acts as a master. The other is on-the-job, learning the arts of system design by doing such design.[11] This is already taking place through agile methods and open source software. Agile methods is an approach to writing code, and systems based on small groups of programmers working collectively as one unit[12].” This method is often peer reviewed. Similarly, open source projects also provide forum and discussions on system design.

Publishers should invest in hiring system designers, or sending their in-house web specialists to attend such training, if they have not. This, in the long run, will cost publishers less money than to outsource IT specialists to work on a system that they had no hand in creating, and access confidential information. Also, in-house system designers will be able to come up with exclusive system design for the publisher that will make it less likely to be hacked or copied.

Publishing and media school courses should invest in in-depth system design curriculum, so that graduating publishers who move into the industry are geared to create software, and design systems for the publishing businesses. At least it would be useful to have an adequate understanding of such a system when the subject is broached in hiring IT specialists to install several software programs should the company face cyber threat or intellectual property theft.

If publishers choose not to invest in system design, then there is the outsourced alternative:

How can publishers protect their system’s data from getting hacked? According to WikiHow[13], there are at least a few ways to prevent getting hacked. These are:

  1. Use a port scanner to identify open ports on your network and the software that’s running them. It is important to update these programs.
  2. Regularly backup your data and test the backups.
  3. Store the backup files off line for extra security.
  4. Encrypt data with encryption software that has important company information in transit mode, such as emails.
  5. Use the latest antivirus software.
  6. Use real time protection software to manage your operating system.
  7. Use anti-adware and spyware software that protects your system from monitoring passwords and confidential data.
  8. Install intrusion detection software to point out when your system is accessed illegally.
  9. Install a firewall to maintain a secure interface between your publisher’s network and other public networks.
  10. Regularly update software programs for added security and that all default passwords are reset.

These precautionary measures seem obvious and self-explanatory, but it is important for publishers, as well as emerging publishers like ourselves to be informed of the means of protection, and the costs involved to ensure intellectual property and other confidential company information is protected online, all the time.

Conclusively, publishers need to educate themselves on system design, hacking and third-party agreements to secure their data. Publishers need to take control of their own data. There are not a lot of tools available to attain this, but with greater investment in system design, publishers should be able to create these tools themselves. This way publishers protect their customers, their intellectual property, but also their profits.

 Work Cited:  


[1] Pritchard, M. 2014. What’s New In Publishing article: “Open to hackers? Partners can be a publisher’s weakest link”: http://www.whatsnewinpublishing.co.uk/content/open-hackers-partners-can-be-publishers-weakest-link-0

[2] Pritchard, M. 2014. What’s New In Publishing article: “Open to hackers? Partners can be a publisher’s weakest link”: http://www.whatsnewinpublishing.co.uk/content/open-hackers-partners-can-be-publishers-weakest-link-0

[4] Cyber Crime- Intellectual Property Theft- Internet, Pirates, Trade, and Secrets: http://law.jrank.org/pages/11992/Cyber-Crime-Intellectual-property-theft.html

[6] Gunkel, David J. “Hacking Cyberspace” in JAC, Vol. 20, No. 4. Fall 2000.

http://www.jstor.org/stable/20866366

[7] Gunkel, David J. “Hacking Cyberspace” in JAC, Vol. 20, No. 4. Fall 2000.

[8] Gunkel, David J. “Hacking Cyberspace” in JAC, Vol. 20, No. 4. Fall 2000.

http://www.jstor.org/stable/20866366

[9] Waldo, J. 2006. “On System Design” in Harvard University Press: http://scholar.harvard.edu/files/waldo/files/ps-2006-6.pdf

[10] Waldo, J. 2006. “On System Design” in Harvard University Press: http://scholar.harvard.edu/files/waldo/files/ps-2006-6.pdf

[11] Waldo, J. 2006. “On System Design” in Harvard University Press: http://scholar.harvard.edu/files/waldo/files/ps-2006-6.pdf

[12] Waldo, J. 2006. “On System Design” in Harvard University Press: http://scholar.harvard.edu/files/waldo/files/ps-2006-6.pdf

2 Replies to “What the heck is hacking? A Guide for publishers in understanding hacking and system design”

  1. I like idea of having quotes at the beginning that are short and to the point to give the reader a sense of the tone of the essay. However, I think the quotes are a bit misleading because they suggest the essay might be about the positive sides of hacking, while when you continue to read, you realize the essay is about information theft.

    The hypothetical event “Breaking News: Penguin Publishers Hacked!”, is a playful starting point for the essay and a good way to demonstrate a point instead of attempting to talk about it without an example. The hypothetical situation, similar to recent incidents of large companies being hacked, reminds the reader that being hacked is a realistic concern even for a publisher as big as Penguin.

    The explanation of how publishers can be hacked through third-party systems was informative and supports the essay well by giving an example of how hacking can happen. This assertion is backed up by a real example of Le monde having their Twitter account hacked, which further strengthens the point. Finally, that 80 per cent of publishers don’t know how Google is accessing their audience data is a compelling argument that publishers need to become more informed.

    The next point starts with “Hacking and piracy are forms of intellectual property theft.” My issue with this part is that it groups hacking and piracy together, when they are two very different acts, with hacking having many different definitions that are not necessarily about intellectual property theft or crime. I think the essay could have explained this better by saying that piracy can happen through a certain type of malicious hacking.

    The point about people with minimal programming knowledge being able to purchase software to carry out hacking activities for them is also an informative argument because it demonstrates that nowadays, hackers don’t have to have such specialized knowledge.

    After giving some necessary background on hacking and how it works, which was a good way to lead to the next argument because the target audience know little about hacking, the essay then leads the reader to an explanation of system design. The background about hacking is also a compelling reason why publishers should get training in system design, as the essay asserts. The essay also does a good job of explaining that publishers need to hire system designers to have unique system designs that are more difficult to hack. The steps that publishers can take to protect themselves from malicious hacking are clear and realistic.

    Overall, this essay gives good reasons for why publishers need to hire system designers, but there are some points, such as the definitions of hacking and piracy, that could have been clearer and better defined.

  2. Your essay strayed too far away from the topic of publishers. You mention publishers several times, but they do not become the focus of the essay. Most importantly, it does not address the specific concerns that publishers should have with regards to their information. To do this effectively, it would have had to outline the kinds of data that publishers collect and what would happen if that information got out. It touches on these topics, but they are not brought to the forefront, nor are they addressed in depth.

    I also found the organization of your essay to be a little scattered. It jumps from definitions to comments and back to definitions without much of a transition between them. In the definitions, it conflates hacking with piracy and, while I know there is a connection between them, that connection is not made explicit in the writing.

    Finally, I am not convinced that the system design argument is the answer for publishers to avoid being hacked. I only skimmed through the Waldo paper, but it seems to me that he is making a case for software engineers to think holistically. While this generally sounds like good advice, it seems to me that non-systems thinkings isn’t what makes publishers vulnerable—it is that they don’t think of themselves as targets and may not have considered that they have valuable data. As such, the first step would be to ensure they hire or contract out security and put in place good practices to avoid breaches.

    I appreciate what you were trying to do with the essay—warn and education publishers of the inherent risks with collecting and user information. I think a more focused essay with that explicit goal would have hit the mark.

Comments are closed.