Tuesday, 5 June 2012

Hactivism And CyberSecurity: Staying Safe Online

I've already blogged about owning your narrative, i.e. being able to control the perception that others have of you, but I left out the trolls. This was intentional since trolls and hackers need a post all to themselves because they operate outside the usual rules of online discourse. Besides, no matter what you do to promote yourself, if you get on the wrong side of Anonymous, you're toast.


There are many hacktivist groups and collectives, but the most famous is Anonymous because of their colourful antics on and offline. They have appropriated the Guy Fawkes mask as an emblem of defiant subversion and are such an influence on us all that when some Polish MPs protested the signing of ACTA, they wore the masks.


One of the biggest mistakes that security, surveillance, and law enforcement agencies make when trying to oppose them is either announcing that they're going to bring them down (good luck with that!) or bragging that they've done so or are about to, because five minutes later, retaliation in the form of DDoS attacks and defacements takes place. Trolling is another thing altogether but it needs to be discussed, since it's interlinked and does as much damage. We need to be able to protect ourselves in both instances. Here's how.


Hacktivists


If you don't understand what you're up against, you're vulnerable because you won't know what to expect. Most hacktivists believe their cause is just so when they pull your site down and publish your details on Pastebin, it's because they think you deserve it. Any harm done to "non-combatants" is dismissed as collateral damage. This is one of the reason why I personally disapprove of them. Besides, what they're doing is illegal and I don't approve of illegal activities on principle. If you want to avoid being hacked or DDoSed, follow these simple rules:



  • Don't draw their attention. Easier said than done, I know. Targets are anyone who makes a big splash on or offline, particularly if they inflate themselves or a situation to a degree that it's like a balloon just begging to be popped. Well-known targets include digital security executive Aaron Barr of HBGary Federal, pervert Chris Forcand, Scientology, and the FBI.

  • Don't use the same password for everything. Aaron Barr did, and see what happened to him. He also drew their attention by bragging that he was about to take them down.

  • Don't use an easily-guessed password.

  • Don't put enough personal data online that they can use that to extrapolate information about you, conduct social engineering operations to compromise you, or impersonate you.

  • Get the most up-to-date versions of and security systems for your PC and website host.

  • Using CMS? Use the most up-to-date versions.

  • Be aware of SQL injections and how to avoid them.

  • Check your emails filter list. If crackers get into your emails, they'll divert your emails to forward to them so they can spy on you and find out ways of breaking into your online accounts so they can steal your domain, move your website, or otherwise cause trouble for you. They usually send spam from your email address.


While no system is foolproof, following the above advice ought to keep you out of trouble. Remember, the worst online threat isn't hacktivists, it's hubris.


Trolls


Trolls often associate with hacktivists but they're not the same thing and should never be confused with them. Internet trolls like to cause trouble for the fun of it, or "lulz." The more distress they cause, the funnier it is for them. Remember this, because forgetting it could turn you into an internet meme to be laughed at for generations. Okay, a week or so. Or as long as it takes for you to stop responding.


As with hacktivists the trick is to not get their attention in the first place but if you do the best way to deal with them is to ignore them. Get off the internet if you have to and find other things to do for a week or so. If that's not an option, here's what to do:



  • Identify what it is that they're doing. Be specific: is it illegal? There's a massive difference between griefing/hate crimes/harassment and someone getting a rise out of you because you insist on responding, which just keeps it going. If it's illegal you can report it.

  • In cases of international stalking online, if it's confined to a particular online area and no one will help you, get off the internet, leave the community, and start all over again. Be prepared to cut all contact with everyone in that community because they're a connection to the problem and will be caught up in it sooner or later. Ignore this at your peril. Attempting to fight back when the community won't help you is a waste of time so don't bother. Don't complain about it; walk away and try to forget about it.

  • Do NOT attempt to suppress a meme. When vile or compromising images go viral, trying to get them all down is like whack-a-mole and is about as effective. Get professional legal advice. What can be prosecuted or sued? Go after those who harass by all means, but resist the urge to control the internet. You can't.

  • Comments you find hurtful may just be criticism. Sometimes there is grounds for that but be aware of freedom of speech laws. The line is crossed when they turn into threats to your life or property. Hate crime laws in the UK can get racist commenters sent to prison.

  • Reputation wreckers are the most insidious because the line between free speech and libel/slander can be very thin AND it's a civil, not a criminal offense. If ignoring them doesn't work it could turn into a criminal matter when it crosses the line to stalking. It is possible to bury bad news beneath oft-updated reports and press releases or rebranding and starting again.

  • Never let anyone take compromising videos or photos of you. Act on the assumption that the moment they've been shot, they'll go online. This ought to prevent tearful exchanges with your parents/employers/new lover later on.


If real life grievances spill onto the internet, that's bad because they have more of an incentive than a passing troll looking for a cheap laugh. Try to get along with others as much as possible and never assume you're immune to problems like the ones in the links. The minute you do, game over.

No comments:

Post a Comment