By Paul Wallis Feb 3, 2012
19 hours ago
Courtesy Of "The Digital Journal"
Sydney - Anonymous is generally reviled for their hacks by the people who should have systems that can’t be hacked. The FBI hack does make a point - These hacks relate to much bigger systemic problems.
Anonymous are a strange phenomenon, not entirely covered by the rather useless word “hacktivism”. Whether you agree with Anonymous, Wikimedia or other online groups regarding various specific incidents, the truth is that they expose massive issues in areas which are extremely sensitive. They’ve also become the unofficial penetration testers of the world.
The New York Times:
Uh-huh. Of course, anyone would know which private account, held by which police official and the significance of one particular email out of any possible number. Out of billions of possible accounts, and that quickly. Sure, they would. Add to this the fact that Anonymous, of all people, who are anything but amateurs, would not be rummaging around looking for an email unless it already knew its significance, and you have a problem and a half for the agency.
(As a matter of fact, and the only thing plausible about this view of the Anonymous hack, if you know the issues, is that email systems are anything but watertight. They’re quite rightly separated from sensitive information in any halfway decent security setup.)
Anonymous were able to access a live operational call. That of itself is a measurable situation. The big deal here is an imponderable, and a serious one- The agency can consider itself lucky that Anonymous is a relatively very benign group. If they had any intention of doing real damage, they could do it. Others may not be so friendly. Breaches of operational security can cost lives and lead to catastrophic damage. This doesn’t need spelling out, but it must be considered. The global cyberwar usually doesn’t play nice or anything like nice, 99% of the time. Agencies must recognize that they are at risk, and that doesn’t seem to be happening.
There are far more important issues, and they're systemic. Anonymous has exposed the denial culture at its worst on a regular basis. This group needs to be assessed on its performance, not on ridiculous press releases talking about these terrible hackers attacking those poor defenseless security agencies with billion dollar IT budgets. Anonymous, love them or hate them, acts in the public interest- As it sees the public interest. Its recent operations indicate that it has far more advanced capabilities than cyber criminals and their clunky setups. It has also managed to carry out attacks that even national cyber-spies haven’t been able to achieve.
So the issue is this-
Anonymous routinely exposes holes in security and upstages nice smug little denial episodes in government and business, without further compromising their targets to any great extent. Agencies and businesses should recognize and consider themselves lucky that Anonymous isn’t providing How To manuals. It could, but it doesn’t.
Which is worse:
A group which catches agencies or businesses with major gaps in security, or parties which may or may not breach the laws and act against the public interest themselves and expect to get away with it, as per the Wikileaks “scandal”?
Or a hacker group which so far has acted in the public interest, at least by its own standards, and hasn’t done any of the highly destructive things it appears capable of doing?
This is another gigantic elephant in the bathtub that most official responses to Anonymous hacks have overlooked with an almost fanatical zeal. The spiel is always the same- “We” (there’s always someone called “we”) are never at fault. Then, hilariously- “They”, those awful hackers, have committed a crime significantly less than the one(s) we were trying to cover up. Very plausible. Do wait for applause, won't "we"?
Wikileaks is another serial exposer of denialism, which is almost the new Fascism these days. The US military, for God alone knows what improbable reason, has been trying to duck the security issues on the Bradley Manning case for ages. This was a case in which the breach of security could have been disastrous. The lack of security, in an organization where installing 24/7 keyloggers and other basic overwatch methods would take a phone call, is hideous. A very slight variation on that case may have seen troops on the ground totally compromised. The military brass, which should know much better, has been trying to dodge that bullet by blaming a private with a service record that reads like a demolition derby. This is viable security, and due diligence? Like hell it is.
Which is the greater threat- Official denial of the truth, or groups exposing official denials?
Does the public have a need to know when governments screw up, or when businesses go nuts? If so, who’s going to tell them?
Could the world’s fun-loving corporations survive much scrutiny? Would they hide behind any disinformation options available?
Is there legitimate cause for public distrust of “information” from official and corporate sources which is fundamentally false?
How do you enforce transparency in a totally corrupt environment where massive breaches of security aren't even investigated effectively beyond finding someone to blame? Do you need someone to prove false information is false?
The FBI got very lucky indeed. It now knows it has a problem. If Anonymous were real enemies, the FBI and its associates could have wound up with dead agents and failed operations. The time is long past where blaming someone else for security breaches is even an attempt at an excuse.
Note: I am not affiliated or associated with Anonymous in any way. I’m not even necessarily an admirer on a case by case basis. I do, however, recognize their values and the basic tenets of their operations whether I agree with them or not in any particular case.
(Sorry about all these corrections, if you're re-reading- I write too many disclaimers, I think.)
I also think that they’re making an extremely valid point- The days of political, governmental and corporate hiding beyond public scrutiny must end. The public has seen too many examples of exactly how untrustworthy the information it receives really is. These are the issues nobody's talking about. It's time they did.
...an F.B.I. official said Anonymous had not in fact hacked into it or any other bureau facilities. Instead, the official said, the group had simply obtained an e-mail giving the time, telephone number and access code for the call.The e-mail had been sent on Jan. 13 to more than three dozen people at the bureau, Scotland Yard, and agencies in France, Germany, Ireland, the Netherlands and Sweden. One recipient, a foreign police official, evidently forwarded the notification to a private account, he said, and it was then intercepted by Anonymous.“It’s not really that sophisticated,” said the official, who would discuss the episode only on condition of anonymity. He said no Federal Bureau of Investigation system was compromised but noted that communications security was more challenging when agencies in multiple countries were involved.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
No comments:
Post a Comment