With the number of high profile hacks in the last few years, it seems like hackers — rather than security researchers — have the upper hand. This is obviously a cause for concern, and governments are beginning to take notice.
For example, the UK Government recently released some (terribly misguided) guidelines on how to spot if your child is turning into a cyber criminal. One of the ideas that that more totalitarian governments such as China’s have tried is to block access to sites like Github where some of the offending material is located. While it’s unlikely a more liberal government would take such an extreme measure, if the problem gets bad enough they could try a similar approach to that used for pirated material: ask Google to remove the links from its database.
As has been shown with pirated material, however, any attempt to block access to offending content is a terrible idea that just doesn’t work.
Google Isn’t Everything
Even if Google blocking access to websites explaining how to hack was a good idea (and it isn’t!), it’s incredibly impractical for a number of reasons.
First, although its name has become completely tied with online search, Google isn’t the only search engine out there. From major search engines like Bing and Yahoo, to smaller ones like DuckDuckGo (which we love here at MakeUseOf) it’s impossible to block them all.
Why This Longtime Google Fan Now Prefers DuckDuckGo: http://t.co/wGcMqdTKsK Giving up Google is easier than you’d think.
— Justin Pot (@jhpot) October 16, 2015
While the US Government has the technical ability to order every search engine based in the US to remove all links to information on hacking (they aren’t one of Reporters Without Borders “Enemies of the Internet” for no reason!), this would probably be called unconstitutional and be met with much resistance.
Even if by some obscene miracle it did get written into law, search engines in other countries with less regulated Internet policies would continue to operate as normal and be easily accessible to US citizens. Short of putting up a massive firewall similar to China’s (which can be bypassed) there’s not a lot that can be done to stop people finding the information through search engines.
Second, Google isn’t even where people find the really really good stuff; for that they look to the Dark web. This is a collection of websites that can only be accessed using the Tor browser. The most infamous Dark web site was the Silk Road which was shut down in 2014.
On the Dark web it’s possible to anonymously buy guns, drugs, pornography, and, yes, hacking information. Anyone who is looking for much more than a tool to do DDoS attacks is going to know how to access the dark web. Google plays absolutely no role in the situation.
The Dark web is set up to be anonymously accessible for anyone from anywhere. It’s very design makes it nearly impossible to block.
It’s A Cat and Mouse Game
If, for a second, we assume that it was somehow feasible to block access to information on hacking it still wouldn’t be a good idea. Not all hackers are evil geniuses: there’s white hat hackers (the good guys) and black hat hackers (the bad guys).
Security researchers — many of whom are white hat hackers — are involved in a game of cat and mouse with the people who want to steal your credit card details. They need access to the same information so they can study it and come up with ways to block the tools and techniques.
Back in the early 2000s, Cross Site Scripting (XSS) was a serious security threat. Hackers were able to run malicious code on other people’s websites using code injection. While XSS is still possible almost every website defends against it. A security threat was identified, studied, and beaten. If security researchers had been blocked from studying the threat, we might still be dealing with XSS.
Hacking Windows: Exploit bugs before companies patch them Hacking Linux: Press backspace 28 times
— SecuriTay (@SwiftOnSecurity) December 17, 2015
Put simply, making information on hacking harder — or illegal — for people to access will only block well intentioned researchers. Anyone looking for it with mischief in mind isn’t going to be put off.
Ignorance is No Defence
When a major hack, like the Ashley Madison one earlier this summer, happens we blame the company for failing to adequately protect user data. The reason we’re able to do that is because the kinds of hacks that most of these companies are hit with are well understood — they’re just not defending themselves properly.
Looks like ISIS better watch out for this DDOS terrorist group pic.twitter.com/8PJfNxqTd6
— SecuriTay (@SwiftOnSecurity) December 14, 2015
If all the information on hacking was kept locked up, a huge amount of the information on how to defend yourself would be as well. Rather than having to apologise for their atrocious data protection they could hold their hands up and say, “Sorry guys but there was no way we could have seen this coming.”
That’s not a good situation to be in. By having all the information available, there is no excuse for companies not to be employing the latest and greatest security techniques. Poorly encrypted passwords aren’t acceptable anymore because everyone knows there are tools out there that can beat them.
Fortunately, there’s no way Google is ever going to block access to information on hacking. Whether you’re curious about information security or want to turn to the dark side and start hacking for profit, Google will continue to be a place to start learning.
From a technical perspective, it’s just not possible for Google to truly block access to information on hacking no matter what demands are made. Even if the information is stripped from Google’s results, people will just use other search engines or dive into the dark web.
The idea is just silly and would only benefit hackers. Security researchers would be hamstrung by it. With people unable to develop better defences against hacks, we’d see even more security breaches than we currently do.
Worse still, companies would legitimately be able to deny their role in failing to protect their users. If they’re hit by some unknown hack there’s very little they can do.
What do you think? Am I wrong and Google should be made block all access to information on hacking – or is the idea as silly as I think it is? Tell us in the comments.