Over the past eight months, companies like Sony, along with the web server/sites of the U.S. Senate, CIA, and FBI, have all experienced major security breaches as a result of hackers. The motives behind these attacks vary, but many are said to be political or in an effort to expose a security flaw. Regardless of the reason, in each case innocent customers are having their personal data, including names, email addresses, and account numbers exposed, which opens them up to scams and phishing.
Two popular groups associated with hackings are LulzSec and Anonymous. LulzSec is a computer hacker group that claims responsibility for several high-profile attacks, but most recently teamed up with hacktivist group Anonymous for “Operation Anti-Security“. This movement encourages supporters to hack into, steal, and publish classified government information. Anonymous got their start back in 2003 on 4chan. They’re linked to a number of DDoS attacks and most recently, an attack on BART (San Francisco’s Bay Area Rapid Transit). On Sunday, Anonymous released thousands of names, email and home addresses, and phone numbers believed to belong to users of myBart.org.
Last week, a threat to destroy Facebook was released and it was linked to Anonymous. After a media storm, it was discovered that there once was an Anonymous “Operation Facebook,” but instead of destroying the site, the goal was to raise awareness about its privacy practices. An Anonymous member named Speakeasy shared the whole story about Operation Facebook. It was initially launched months ago by himself and 10-20 other Anonymous members. The plan was to urge Facebook users to delete their profiles on November 5th as protest. Additionally, they would create a privacy-friendly alternative. In mid-July, the group became bored and shut down the operation. Unfortunately, a single line from a document explaining the peaceful protest was discovered when people randomly discovered the empty chat room. That sparked rumors and now that chat room is more active than ever with members rehashing the idea of an attack.
Facebook’s infrastructure is strong and even if the site slowed down, or temporarily went down because of a DDoS attack, no one could say that Facebook has been destroyed. Some experts say that publicly shaming Facebook would result in its users losing trust and ultimately leaving the website, thus, destroying the social network. My question is: how much do users actually trust Facebook now? And, should the social giant leak users’ data, is that enough to get people to quit Facebook?
Facebook has been publicly criticized regarding its shoddy handling of users’ privacy . On May 31st, 2010 – Quit Facebook Day – more than 30,000 users committed to quitting the service in protest of Facebook’s sneaky privacy settings. With a user base of over 400 million, assuming everyone who said they would quit actually quit, the loss would not really register. The day came and went and while Facebook might have lost 30,000 users, today they are still growing strong with over 750 million users. If mystifying privacy policies cannot destroy Facebook, what will?
I suppose this moves me away from my initial point, but what does this say about Internet users and how much we value our privacy? Every day people install plug-ins, download files and submit their personal data without so much as glancing at a privacy policy. Who should be held accountable when a security breach occurs? Are we liable for assuming we can trust websites? I cannot say that I agree with the actions of LulzSec or Anonymous, or even understand them, but I do know that they’re pointing out a bigger issue on a user level: we aren’t taking our privacy or security as seriously as we should.
I digress. What initially started as a misunderstanding has now taken on new life. It is still uncertain if we can expect an attack on November 5th. It is easy to rally a group of angry Internet users – all it takes is a bad redesign – but should this group move forward, will they succeed where others have failed?