How safe is your information online?
We live our lives online these days. It’s an illness. We ‘Flickr’ our bus journeys, ‘Tumblr’ our hipster interests and our friends know how terrible we are on the X-Box. Our piano playing cats have a home on Youtube, we ‘Facebook’ the changes in relationships and we all laugh at the one guy still on MySpace. [How is Tom anyway? But, as we become increasingly tangled in the World Wide Web, how safe is our presence on the Internet, how protected is your data? Who are the people trying to get at your data and are they as bad as people would have you believe? Studentpunch.com investigates.
Let’s start with an old favourite and continual enemy of the private and secure, Facebook. Facebook is the ‘social network,’ or at least according to all those film posters last year, and with 700 million users across the globe it is a behemoth of status updates and awkward drunken photos. Yet Mark Zuckerberg’s communal empire has always had to deal with the harsh criticism of his site’s frankly dark and creepy side. Whether it be Facebook’s ownership of your photos or the trolling memorial pages or the inability to fully delete your account or data mining or censorship of editorial content or, well you get the idea, the site has had to constantly fight the fires caused by breaches of people’s perceived privacy. In fact, Facebook faced a wave of disapproval both from users and organisations such as the ‘Information Commissioner’s Office’ and the ‘European Union data-protection regulators’ just last month when Facebook enabled its facial recognition features, called ‘Tag Suggestion.’ This opt-out feature scans the uploader’s photos and then the photos of their friends for matching faces; it’s pretty clever stuff but got people up in arms for a couple of reasons. Firstly, people didn’t want their names suggested or being available for selection and secondly, Facebook made this technology opt-out rather than opt-in. Graham Cluley, a senior technology consultant at the Internet security firm Sophos, described the situation best saying, “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.”
Unlike the majority of the other examples that will feature here, the major risk to your security and your privacy is you. In fact, Facebook’s previous discrepancies have made the site one of the safest social networks around and, according to website Zonealarm [and presented via theatlantic.com], Facebook ranks above such sites as Twitter and LinkedIn. So it is up to you. If you want to remain private [or, you know, as private as you can be on a social site like Facebook] then go and do the work to change your account settings, stop friends or friends of friends being able to view your photos and ramp up the difficulty for those trying to perv on you across cyber space, because you’ve only yourself to blame otherwise.
But it’s not just at your desktop where you are at risk, no. Now that humanity has decided that the ‘everything machine,’ or ‘the internet’ as most sane people call it, needs to be everywhere we go and permeate all things we do, nowhere is safe.
Sony, maker of the second best video-games console ever the PlayStation 2 [for those wondering it comes just below the Sega MegaDrive, which ranks among the greatest ever human inventions. Don’t agree? Well, you’re wrong], has had its far share of ‘security issues’ when the company [in various guises] felt the full wrath of online hackers. To get to the start of this story, however, we only have to go back as far as spring.
As long as there have been PCs, consoles, and Smartphones, there have been people trying to jailbreak consoles. Most companies are, and quite justifiably, less than pleased with nerds… sorry hackers, messing around or completely removing the operating systems of their products. And while others such as Microsoft welcomed the development the Kinect got after its launch and even went as far as to release the programming code, Sony clamped down. In Australia they went as far as to get a ban on jail breaking the PlayStation due to the acts violation of copyright. In Asia, the US and Europe, Sony has launched several legal cases against those who sell, and make a profit from, the jail broken consoles. The hacking community, as you might imagine, took the news of their peers facing court action… well, less than favourably. On the 6th of April a group known as Anonymous brought down the websites of Sony, Sony Style and PlayStation through what is known as a ‘DDoS’ attack [Distributed Denial-of-Service]. The most common form of ‘DDos’ involves saturating the target site with external requests, mirroring what would happen if the site received an abnormally large spike in traffic, until the point where it cannot respond to the real traffic or the site slows to a glacial pace.
Things didn’t stop there, however. In fact, for Sony the situation got much worse, and in the space of less than a month the company faced two unprecedented breaches of security. The first, and most prominent, happened between the 17th and 19th of April when the personal information of 77 million users of the PlayStation Network [X-Box Live for the PlayStation] were ‘exposed.’ This information included customers names and birthdays, which is no big deal really. However, it also included passwords, online handles and credit card details, which is just a tad more serious I’m sure you’ll agree. Oh, and if you sitting reading this and you haven’t changed your PlayStation passwords I’ll forgive you if you run like Forest Gump to your black box of fun and immediately change it from the name of your first pet. Sony blames Anonymous for the attack and Anonymous denies it.
The second of the security breaches came at the very start of May when information concerning around 24.6 million users of Sony Online Entertainment was stolen. Again the usual, standard, stuff was taken by the hackers [who have yet to be identified]. However, according to CNET.co.uk, “credit and debit card numbers and expiration dates for about 12,700 non-U.S. customers from an "outdated" database and about 10,700 direct debit records listing bank account numbers of customers in Germany, Austria, the Netherlands, and Spain may have been stolen.” I’d love to say that the problems ended there for Sony but unfortunately within the month of May alone Sony, and their subsidiaries, were hacked seven [yes, that’s 7 with a capital ‘head in a box’] more times.
It’s around the same time, remember we’re only talking about May 2011 here, that LulzSec [Lulz-Security] joined Anonymous on the hacking scene, exposing the personal information of American X-Factor contestants, just like Simon Cowell was about to do for his own gain and a larger audience share, but LulzSec did it without a sappy, nauseating Westlife soundtrack. But who are these ‘organisations,’ these hacking collectives and what do they want?
Anonymous, as the name suggests, are pretty secretive with their identity, even going as far as to wear Guy Fawkes masks [as popularised in Alan Moore’s V for Vendetta] when in public, despite the group’s position as the foremost hackers of recent times. Their anonymity is based on the principle that without individuals the group adopts a shared online identity and this is reflected in their mission statement: “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.” The “legion,” formed in and around 2005 on website 4chan, is best described as an anarchic global brain and up until the end of 2010 the group’s most successful online ‘attack’ was against YouTube when on March 20th 2009 Anonymous uploaded several porn videos onto the site. The ‘attack’ was motivated by YouTube’s removal of music videos. I suspect, however, that most people reading this will recognise the name Anonymous from their involvement with WikiLeaks towards the end of last year. The worldwide pressure WikiLeaks faced in its continued publication of secret United States cables culminated in several websites, who hosted the documents and dealt with the financial support of WikiLeaks, removing WikiLeak’s content from their servers and refusing to deal with the organisation. This action was the start of a trio of attacks by Anonymous called operations ‘Payback,’ ‘Avenge Assange,’ and ‘Bradical’ respectively. In the first bout of Anonymous’ ‘Hactivism’ the group brought Amazon, PayPal, MasterCard and Visa to their knees via the aforementioned DDoS method of online assault. When Julian Assange [founder of WikiLeaks] was arrested and then refused bail [in relation to his extradition of Sweden] Anonymous crashed the website of the Swedish prosecutor. Finally there is operation ‘Bradical,’ whose name is in reference to Bradley Manning the suspected leaker at the heart of the cables. A spokesman for Anonymous, Barret Brown, said that the group’s threat to disrupt activities [which would include exposing private information about personnel and other harassment methods] at Quantico, where Manning was held, was in direct response for the alleged mistreatment of Bradley Manning.
If Anonymous see themselves as vigilantes, the Batmen of the web if you will, then LulzSec were most defiantly the Jokers of Internet. The Wall Street Journal called LulzSec’s actions “Internet pranks” rather than serious warfare and the group focused mainly on pacing Internet memes on sites and mocking or embarrassing companies. The group, however, disbanded after only 50 days. During its short existence, LulzSec, which consists of around 6-8 people at any one time, targeted the CIA, the US Senate and the UK’s Serious Organised Crime Agency. LulzSec’s mission statement, which included some “Nyan-nyan-nyans” for good measure, focused around the entertainment LulzSec got out of their hacking. They said, "We release personal data so that equally evil people can entertain us with what they do with it … this is the Internet, where we screw each other over for a jolt of satisfaction.”
It is reported, however, that as the seriousness of LulzSec’s actions increased, when the targets they chose were of a higher profile and when one member of the group was arrested and charged here in the UK under the Criminal Law Act and Computer Misuse Act by the e-crime unit of the Metropolitan police, other members of the group became nervous and quit feeling the hacking had gone too far, especially in reaction to the cyber attacks on the FBI. LulzSec said of their disbandment "For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could."
The increased legal threat that hacking groups are facing hasn’t, however, stopped them acting out against the rest of the Internet. In fact just last week, on the 4th July no less, a group with ties to Anonymous took control of the Fox News Politics Twitter account and began announcing to their 35,000 followers that American President Barrack Obama had been shot and killed by two gunshot wounds. A representative of the group Scriptkiddies, who undertook the Independence Day hack, "We are looking to find information about corporations to assist with anti-sec [an offshoot of Anonymous and LulzSec focusing of corporate and government security]. Fox News was selected because we figured their security would be just as much of a joke as their reporting."
July 4th also saw Apple servers hacked by Anonymous, with the group pulling the usernames and passwords of several users. Anonymous claimed they could do more if they wanted to but were “busy elsewhere.” When reading around all the information surrounding these hackers you get the impression that, legal or not, they see their actions as justified and that, in their eyes, there is a clear dichotomy of good and evil. Groups like Anonymous see themselves as the self-appointed sheriffs of the web, exposing and embarrassing those who step out of line or act against the ‘greater good.’ In many respects and as a general rule of thumb, the more websites are attacked and pushed the better, the safer, these sites become. If these hackers keep fighting for justice and truth, as cheesy as that may sound, then we, as a collective who sail the seas of the Internet, have an improved experience. We shouldn’t be scared of the hackers, not now at least. What is becoming increasingly clear though, is that we should be concerned about the companies, like Google and Facebook etc who, at the drop of a hat, we are willing give our information to. Because if the site is giving away its content like Facebook or Google + for free, YOU are the product they are selling. YOU and all the personal information you have given their sites.
Daniel W. Raper
Like Daniels writing follow him on @danielwraper
