Hackers and "higher motives"

(As happens, this post originally appeared in Monday's Security newsletter.)

I'm sure you saw or heard about the purported "Harry Potter 0day" last week. (Recapping: A hacker claims to have gotten access to the text of the most closely guarded book of the year -- the final release in the billion-dollar Harry Potter franchise -- and posted spoilers online.) Because I have to spend enough time dealing with that kind of idiocy in my day job, I made very sure not to cast my eyes on any of the alleged spoiler information for my recreational reading; even though I suspect that hacker "Gabriel" is full of it, I don't intend to spend the evening of July 21 doing a delta analysis. (I may check the next day, when I'm done reading, but unless I wake up tomorrow and have to go help JK Rowling figure out how the alleged hack occurred, I'm pretty sure I'm going to go with Plan A: Forget all about it.)

But there appears to be one angle that a number of reporters have missed (maybe they were trying not to see spoilers either?): This "Gabriel" is, allegedly, one of those People With A Higher Motive. According to Jeff Trexler over at The Blingdom of God (great blog, BTW), the person responsible used a milw0rm infection to get onto a computer at Bloomsbury Publishing and get at the the text. And he did it, he says, to making reading the book "useless and boring" -- because, he believes, the Pope would approve of disrupting the reading of a "neo-Pagan" book, and "to protect you and your families."

Leaving aside whether "Gabriel" is smart to have given his heart and soul to Jesus considering what's gonna happen to the rest of him if the irate fanbase tracks him down, not to mention whether he's just provided more free publicity for the last thing on Earth that needs more of it, not to mention what kind of illiterate freakshow escapee thinks that after six trillion-page books he's going to convince millions of people that reading the seventh would be "boring," there's an interesting point here for those among us in charge of securing intellectual property.

The Potter text has great financial value, of course -- except that after incidents with previous books it's pretty clear that attempting to purloin advance copies of Harry Potter for financial gain will get you a whupping from some mighty nasty lawyers. But "Gabriel" wasn't operating for gain. He doesn't want to make money from an alleged theft; he has a Higher Motive. As such, he was willing to take actions that perhaps an ordinary thief would not have risked. And he'll definitely be harder to catch. It's one more thing to keep in mind for anyone engaged in risk analysis -- what's worth not just filthy lucre to your enterprise's potential attackers, but worth something they might hold in even higher regard?