The world appears to be a grumpy today, what with students scrapping in Westminster and the Wikileaks thing. Whilst this blog will focus on Wikileaks, I was hugely amused by the news of my friend Simon getting caught up in the ‘kettle’ yesterday – a man less likely to be joining their protest you’d be hard pushed to find.
However, the Wikileaks saga appears to be turning more sinister by the day.
Ignoring the moral issues here, the collateral damage of revenge attacks is going to be high. Your average punter is going to struggle to buy stuff via Paypal, report the loss of their Mastercard or process a Visa purchase. Given it is three weeks before Christmas, this is bad. Even if it doesn’t actually take stuff down, the uncertainty in the minds of people will cause problems on its own. Companies that are under attack will try to relocate their websites elsewhere faster than the people attacking can redirect the attacks. It is not beyond the realms of possibility that other websites sharing the infrastructure of where the attacked website is newly located could also be adversely affected if it is attacked again. This could therefore affect health sites, charities and public bodies providing essential services as well as regular businesses, disrupting the livelihoods of many many people.
Such activity also sets an unholy precedent for this sort of action going forward. Who is next? What is the next cause célèbre to gain this sort of support? Is it acceptable that a relatively small number of people are able to create this kind of damage to sites and trading organisations that affect the livelihoods and lives of millions?
From the other side however, it seems that governments are able to bring pressure on organisations hosting websites or providing services to someone they deem unsuitable. Everyone screamed when the Chinese Government banned Google. This is along the same lines and sets an unpleasant precedent amongst western governments. If the (apparently liberal leaning) Obama administration will do this, what could it mean if a more right-wing administration (Sarah Palin anyone?) uses this precedent in the future. Who draws the line? Organised crime and child pornography are clearly unacceptable. But who decides what information is in the Public interest? What happens when the Government decides that facts about abortion or euthanasia shouldn’t be available? What is a step too far? This is uncharted territory.
Focusing on a strictly IA angle, it appears that kits have been released that people can download to enable them to become part of the DDOS assault. DDOS = distributed denial of service and means flooding a website with so many requests that it keels over it. Imagine you are driving up the motorway and suddenly 100,000 cars appear from nowhere. All of a sudden the motorway is chock full and ground to a halt. DDOS does this to websites.
It’s been described as a ‘cyber march’, and its irresponsibility is breath taking. In fact, let’s be blunt: the release of hacker kits to get people to supplement DDOS attacks is plain stupid. Members of the public who may feel a certain way about one side of the cause will be tempted to download it, without ANY understanding of what that software will actually do to their PC. Best case if they do download and run it, they have broken the law (DDOS is illegal). They may end up having their connectivity blocked by ISPs who think they are part of an evil botnet network PLUS they have identified themselves as someone who is available for ‘cyber marches’ to the authorities. Worst case, the download may not be ‘legitimate’ and contain all sorts of viruses, key loggers and other bad stuff. How do you know your download is ‘real’? Can you control what the software is doing this time? What about the next time they decide to activate it? You are going to see a huge volume of spam email asking people to get involved. Social media stuff, and a whole pile of innocent people are going to get dragged into a technological argument they only vaguely understand. Have a look at the rest of the Sophos NakedSecurity team’s comments here.
So here’s the advice, whatever your take on the Wikileaks bunfight, do NOT under any circumstances download anything that supports or purports to support the cause.