Another year, another round of sobering reminders that we might as well have all the information that flows through our internet endeavors neatly inscribed on our foreheads for all the good standard online security protocols do. 4.6 million users of the carelessness-enabling temporary photo service Snapchat have had their account details partially distributed, while some of telephony provider Skype’s communicative platforms have been beset with paranoia-fueling messages by a group apparently determined to bring Western-style online chicanery to the Middle East. What, if anything, should discerning social media aficionados do? Should they leap into the virtual arms of alternative services which at least have yet to disappoint them? Alas, they may be facing somewhat of a dilemma. Join me after a relevant picture and we’ll flesh out the situation.
Wearing a White Hat
We’ll start with Snapchat since I mentioned it first, a company which—like so many before it—has fallen victim to a stunt from an ignored security firm, in this case Gibson Security. I wonder if some companies are flippant about patching exploits because in every case they weigh the cost against the potential backlash and figure that the blame for any violation would ultimately go to the criminals responsible. After all, everyone is aware that hacking is tantamount to magic with any system vulnerable to a breach should the nefarious attackers type fast enough. Of course, despite the glamorized media presentation to which the public is so frequently exposed, securing a system really is as simple as being rigorous in designing it and responding quickly to possible issues.
There have been plenty of these cases, yes, but we need more. Companies need to be shamed into doing better than tackling issues that could lead to intrusions merely by making said intrusions “more difficult to do.” That’s why we should appreciate White Hat hackers, those who use their considerable skills to find flaws in systems before less scrupulous individuals can make wider use of them. If they test your systems for you and help you avoid a catastrophic failure, perhaps you should thank them, respond sensibly to their comments, and possibly even pay them for their efforts. Although, now I think about it, I suppose there’s a risk that a Snapchat payout would disappear as soon as you’d counted it.
Sounding a Warning
We turn now to Skype, an industry standard which had no worse a security record than any other popular program until its owner Microsoft was implicated and involved to various degrees in last summer’s fallout from Edward Snowden’s wide-ranging divulgence of surveillance information. When it emerged that Microsoft may have provided the NSA with backdoor access to Skype records, it became irrevocably embroiled in the backlash against government intrusion, and now messages encouraging users to abandon their accounts have been posted on Skype sites by a group calling itself the Syrian Electronic Army.
The Skype service has not been affected, although there wouldn’t really have been much point in targeting it since we already know our data isn’t exactly hidden from prying eyes. While the group responsible for the hacks maintains some degree of anonymity for its members, I’m not inclined to view it as cynically as I have its notorious predecessor. These are frustrated people lashing out at a system which has massively failed in many ways during recent years, and their methods have seemingly been fairly innocuous without the kind of smug bluster that has made Anonymous’s self-styled ‘protests’ fundamentally empty and pointless.
The Importance of Garnering Publicity
Whether seeking to expose security flaws or troubling business practices, it unfortunately seems that attacks like these don’t tend to achieve too much in the long term. I’d be very surprised if significant numbers of users decided to switch to other programs, that’s for sure, and anyone invested enough to care that much about the safety of their online chatter was probably already careful with what they said using these services. That said, I don’t want people to stop trying, because when largely-benevolent hackers get hold of data they at least tell people about it. I can only guess at how many unknown leaks have been and continue to be quietly exploited by criminal enterprises.
As for how we should proceed, well, we should be sensible, never assume that data is safe, and try to remember when stories like these break that determining how exactly an attack was possible is just an important a task as identifying those responsible. The internet is still a little like the Old West, full of possibility but with unclear laws; perhaps some big companies should hire some Deputies to help keep data safe. Providing them with cowboy hats would be optional but highly desirable.