Most of my readership work in the world of InfoSec, and within that there is likely to be a wide spread of political views. Unless any of you are die-hard Union activists or old-fashioned beer-and-sandwiches lefties, you may not be aware of an event that took place at the weekend, Netroots UK. It was a UK version of the US Netroots Nation which has been around for some years, and is a movement that seeks to influence debate, predominantly from a leftwing perspective. The UK variant was the first of its kind here, and drew together student campaigners, anti-racism campaigners, TUC leaders and union activists. The theme was how they could act cohesively to raise awareness of the issues they support and how to further their causes. Traditionally the left has a poor record of such cohesive activity, often leading to the divide and conquer approach succeeding when utilised by their opponents.
Key to the discussions this past weekend was dissemination of ideas and organisation, i.e. social media and the internet. The conference itself was organised initially by bloggers (although sponsored and hosted by the TUC) and some of the key speakers were notable bloggers such as Laura Penney. This is a topic that InfoSec professionals need keep a periodic eye on. Ignoring the poilitics of the movement, there are two issues that should be of note:
1. As I have stated, the left has a history of a fragmented campaigning. However, when it gets itself galvanised, it is able to mobilise large numbers of people to the cause, often on the fringes of the usual core support (i.e. the Iraq War marches were swelled by groups outside of the typical leftwing marching community). If this happens, you have a large group of people able to use the internet and social media to organise themselves. This could easily translate to cyber protests, hacking, mass emailings and DDOS attacks of a fashion not seen before. It’s not even beyond the realms of possibility to imagine websites/messageboards/public inboxes of HM Gov, Local Gov or even sensitive commercial organisations (e.g. animal testing companies, defence contractors) being attacked and taken down. In the case of public sites, these attacks could prevent genuine emails and traffic from getting through and slowing/stopping public services being provided.
2. Frankly, even if they don’t get organised, the Wikileaks saga has taught us that small groups of activists with technical know-how can deliver hammer blows to systems. Their reach is far beyond the size and scope that traditional methods of protest would have given them. As examples, Tunisia, Sweden, South Korea, Australia as well as the US have all seen Government websites taken down by DDOS attacks. This ability is still in its infancy and sends a shudder down the spine with its potential.
So, you ask, what does it matter if a few Government websites are taken down? The answer is that with the cuts biting all across the globe, the accent is on ‘channel shift’ – i.e. providing public services through a cheaper medium, and the internet is the medium of choice. Across the world, everything from council tax bills to voting is starting to move online. It’s not a huge stretch to imagine full-blown electoral processes happening online, and they are surely a potential target for activists. I picked on the left today as it’s newsworthy, but any group of any persuasion with an axe to grind has an opportunity to disrupt democratic process through technology.
We as technology and security professionals have spent years arguing that the democratic process can be enhanced through the use of technology. It appears that we have won the argument, and as such we can now reap the rewards of that success. Part of that reward is that people will try and wreck it for their own purposes and we must be vigilant in exactly the same manner in which we protect traditional democratic processes. Keep your eyes open and your ears to the ground as this is only going to get bigger.