It’s no secret that the PBS Web site was hacked recently. So were sites for Sony, the U.S. Senate and the CIA. And on Thursday, e-mail addresses and passwords of more than 60,000 Internet users were published on the Web. The culprits? Two groups known as “Anonymous” and “Lulszec.”
What is an Internet user to do?
This phenomenon had me a little concerned, as I’m pretty active on the Web and work for a Web site.
So I spoke to Dr. Rick Smith, an information security expert who wrote a textbook on the subject called Elementary Information for Security. He was able to put recent cyber attacks in perspective for me, as well as let me know what I should really be concerned about.
1) Recent high-profile attacks are not that sophisticated, technically speaking.
SMITH: I think what they’re trying to do is go more for publicity than sophistication. But then that’s what a lot of people do. To some extent, that’s what the Anonymous people were doing. Trying to make a splash.
From a sophisticated technical point of view this is not off the charts…
It looks like they’re using some fairly simple techniques and are just managing to find high-profile Web sites that are not very well protected.
That’s not actually a surprise. It’s very hard to protect a Web site well. This is akin to people breaking into the shopping mall after it’s closed. Yes, you can do it, if you work hard enough at it.
The thing that is absolutely the most off-the-charts that’s happened recently is there’s this worm that’s been going around that gets into control systems for industrial plants. Stuxnet.
There is some talk that suggests that this Stuxnet worm got into the Iranian nuclear plants and put their nuclear development program years behind. Now that took a lot of sophistication.
2) If you’re a regular Web user, you should be more concerned with botnet systems.
SMITH: A different type of attack which is also fairly sophisticated are these botnet systems, where people essentially broadcast bad programs to try to break into individual people’s computers and then steal their bank login credentials. There’s a lot of that going around these days, and it’s actually a thriving business.
3) Behave on the Web as you would walking down a city street.
SMITH: You may feel like you’re actually in your living room. But, in fact, you’re in a city. And what do you need to do when you’re walking down a city street? You have to think about your environment. You have to think about who’s around you. You have to be a little careful.
I think one reason people like to go to places like Facebook is it kind of feels like you’re more constrained. It seems a little safer…
For the most part, what you need to do is just be aware of what you’re doing.
Smith certainly had me thinking. Especially about those botnets. More of Smith’s advice will be available Monday, when he warns me about one of the likeliest attacks that I could encounter on the Web and gives me some tips for steering clear.