JANUARY 11, 2012
On December 24th, the group of hackers known as Anonymous announced they had broken into the computer systems at Stratfor, a global intelligence company based in Austin. They seized control of the servers, collected emails, and even were able to publish credit card information that, unfortunately, was not encrypted.
The attack made headlines around the world, spawned dozens of articles, and hundreds of comments criticizing the company. Whatever your feeling about this attack, there are lessons here for all of us who live and work on the web.
According to Nicole Perlroth, of the New York Times, “the attack was also likely intended to embarrass Stratfor”. She goes on to close her article with this: “The scary thing is that no matter what you do, every system has some level of vulnerability, “says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
Rob Beschizza, of Boing Boing, continues the story, “It's true that websites are like storefronts, and that it's more or less impossible to stop determined people from blocking or defacing them now and again. Here, however, it looks like Stratfor left private files in the window display, waiting to be grabbed by the first guy to put a brick through the glass.”
He finishes by saying, “Now, I'm not a member of the national IT security planning task force. But I'm pretty sure that putting unencrypted lists of credit card numbers and client details on a public-exposed servers isn't quite explained by (using Irvine's words again) “no matter what you do, every system has some level of vulnerability.”
And on Jan 11th, the founder of Stratfor, George Friedman, responded to both his critics and the attackers:
“I don't know if the hackers who did this feel remorse as they discover that we aren't who they said we were.
First, I don't know who they actually are, and second, I don't know what their motives were. I know only what people claiming to be them say. So I don't know if there is remorse or if their real purposes was to humiliate and silence us, in which case I don't know why they wanted that.
And this points to the real problem, the one that goes beyond Stratfor's own problem. The Internet has become an indispensable part of our lives. We shop, communicate, publish and read on it. It has become the village commons of the planet.
But in the village commons of old, neighbors who knew and recognized each other met and lived together. Others knew what they did in the commons, and they were accountable.
In the global commons, anonymity is an option. This is one of the great virtues of the Internet.
It is also a terrible weakness.
It is possible to commit crimes on the Internet anonymously. The technology that enables the Internet also undermines accountability. Given the profusion of technical knowledge, the integrity of the commons is in the hands of people whose identities we don't know, whose motives we don't understand, and whose ability to cause harm is substantial.
I think this is a pity.
That's why I wonder who the hackers actually are and what cause they serve. I am curious as to whether they realize the whirlwind they are sowing, and whether they, in fact, are trying to generate the repression they say they oppose.
We are now in a world in which anonymous judges, jurors and executioners can silence whom they want.“
Stephen Cobb, of ESET, also questioned the reasoning behind the hacking, “… if you're going to break the law to break into a computer system, you should have clear and well articulated reasons for doing so.
After all, illegal acts of this nature carry risks for you and, potentially, unhappy consequences for thousands of innocent people. While most reports of the Stratfor incident have focused on the company's big name corporate clients the company had a lot of paying customers who were private citizens entirely lacking in nefarious agendas.
Many of us may feel compelled to call out those with whom we disagree and we may choose to break laws which we feel are deeply unjust. The peaceful exercise of civil disobedience has a proven ability to overthrow cruel oppression and strike down illegitimate regimes.
So perhaps the question today is: How far can you extrapolate the principles that inform civil disobedience before you risk losing the support of those you seek to liberate or empower?
That, and why would you not encrypt your customer's credit card numbers?”