Considering I’ve started the month with various online security posts (and I’m not done yet), I will continue with this post that will serve as introduction to my “How to surf safe in today’s digital world?“ post.
OK at first let me explain what’s the story with my focused interest on security these days. If you’re working in the media or IT, there’s a very slim chance that you haven’t heard of LulzSec, Anonymous and the recent rise of multiple other hacker groups all over the Internet. If you don’t work in the 2 mentioned sectors then let me fill you in with a summary on the recent events:
According to Panda Security‘s latest research report on the state of cybercrime, the second quarter of 2011 was “one of the worst on record” for global IT security. They blame the hacking groups like Anonymous and LulzSec for causing widespread mayhem to organizations such as RSA Security, the U.S. Defense Department, F.B.I. and various US Defence Department contractors, the Church of Scientology, the International Monetary Fund, Sony, Citigroup, SEGA, Visa, MasterCard, Federal and National Police departments in multiple international locations (at the time of writing of this post, they just released data from FBI contractors IRC Federal, and the German Federal Police), they all fell victims to the attacks. *Update 11-7@12:00PM: Something really big is about to happen today. One of the members of Anonymous twitted a few hours ago: “ATTN: Tomorrow will be two of the biggest releases for Anonymous in the last 4 years. Everyone brace. This is literally explosive.”
From their Twitter page (where they make all public announcements), they describe themselves as: “We are Anonymous, we are AntiSec, we are LulzSec. And we are the people, who will be silent no more. Expect us. The Internet is ours and you’re not gonna take it back from us. Please also realize that we are not your enemy but your citizens.” Anonymous to the Machine video with statement here: http://youtu.be/9TG4RTwctlw
Now that you know who they are (well sort of), lets see what exactly do they want? From what I read and seen, the answer is quite simple: they’re a team of anonymous hackers located all over the world that want to fight against corrupt and abusive organisations even if they’re doing it through highly illegal means (sort of like Watchmen). They are targeting mainly governmental organisations all over the world, their contractors and law enforcement departments with 2 purposes: 1. to expose their abusive actions and intentions and 2. to expose security threats in their users database by publicly dumping their users database.
I know some would agree with the 1st purpose, but at first sight the 2nd one sounds very malicious doesn’t it? Well don’t judge a book by its cover and don’t jump to hasty conclusions just yet, things might not be what they seem; I am not a supporter or involved with them but I am an objective observer of events. And this is (not) just my opinion here, but just like Watchmen they are doing everyone a favour in the long run by exposing the wrong doings of agencies that are supposed to be the “law enforcement”. The agencies which should work in the best interest of the population and are bound by ethical laws before the legal ones! They are also pointing out serious security flaws in the infrastructures of multiple large corporations or organisations. They say that if they can easily get their hands on your data, so can malicious hackers. The difference is that they release it publicly for the purpose of transparency, they make a big buzz about it (mainly for “the lulz” = to laugh at someone’s claimed high security), and they force those organisations to implement actual security that protects the users databases properly.
Hmm so now you might ask yourself: “if these vigilantes are doing something good in the end…and considering I’m not corrupt or involved with any of those agencies, why should I be worried? I’m just a good citizen minding my own business” My answer to that is: Well you should be very worried for your private digital data that resides on any physical hard drive, be it on your computer at home/office, on an email server or on any other machine connected to the Internet. Allow me to explain:
Anonymous might not be a threat to you or your firm directly (unless you’re corrupt and/or up to no good), but there are other very malicious hackers, crackers, cyber psychos and various evil intended individuals whom you should be very worried about! These people create viruses that automatically plant silent trojans, root-kits and all sorts of “bugs” into your computers, websites, email accounts, smartphones etc, that allows them to monitor your actions, conversations, transactions and your private data without your awareness. Some of them can even take control of your computer’s processing power and its Internet communication ability. Remember my words, the most dangerous hackers are the ones you don’t hear about! (and those that get caught after committing serious crimes against other people/companies. eg. Stuxnet creators). They are the real threat for the mass population not these vigilantes which like the spot light. Not defending or promoting illegal actions here but if anything, Anonymous managed to successfully increase the security awareness all over the world. They’re actually helping me and other security consultants prove a point that I was trying to make since I started working in IT as a consultant:
- DO NOT TAKE YOUR PRIVACY FOR GRANTED!
- DO NOT REUSE PASSWORDS!
- DO THE RIGHT THING THE FIRST TIME!
So not only that they are exposing bad-doings of various organisations (check the media, all the firms they exposed got all the black balls) but they are forcing security “WhiteHats” to implement proper security solutions not just claimed security = marketing stunts = ROI generators = users take the damage if something goes wrong because are completely clueless abt their private data being accessible by 3rd parties (fb much?). They’re also finally convincing users to protect themselves against maliciously intended individuals. And with this I’m going to end of this post and start a more useful one about How to surf safe in today’s digital world?