There is some irony that I decided to read this book on a few days of holidays in a cottage where there is no phone, no 3G reception and certainly no internet. By following the journey of a handful of so-called hackers, Parmy Olson leads us into the sometimes facinating and sometimes seedy deep web (forums, chat rooms and other pathways hidden from google and outside your average facebook obsessed internet user’s conciousness) that houses the collective who call themselves Anonymous.
I won’t spoil the story for you, like the tale of uberhacker Kevin Mitnick (titled Take Down published 16 years ago) it’s an insight into parts of the internet, cyber security and some relatively distasteful behaviour online for a period of time from about 2006 to 2011. The links between Anonymous (and no doubt many similar groups) and WikiLeaks were eye-opening for me. As was frankly how rudimentary the exploits and techniques used by the group and the hysteria caused by garden variety SQL injection and confidence tricks.
As always, most hacking is possible because a) People are lazy and predictable and b) people are fairly easy to socially engineer. None of the techniques described in the book were particually advanced, to be honest back in my unix admin days I could have probably pulled off most of their hacks myself if I had the inclination.
A few observations from the book.
The internet is an amazing thing, its power to bring together like-minded souls from anywhere in the world, to transport information instantaneously and broadcast that same information to millions of people, can be used for both good and for evil.
Good password security which would have prevented most of the ‘hacks’ mentioned in the book is actually very basic, and yet even those who ought to know better got it wrong. As individuals you need to have secure passwords – long passwords, letters and numbers … 8 characters isn’t long, think 20!
Use different passwords for all your services important services, PayPal and your Internet Bank are probably pretty secure, but that doesn’t help you much when you’ve used the same password for some small online shop which doesn’t encrypt it’s password database and ends up giving a hacker your login (normally your email address these days) and password in clear text – we all use the same services Twitter, Facebook, PayPal and GMail etc – it doesn’t take long for a hacker to try these standard sites.
Also don’t email or share your password, ever. I’d suggest using a password you dont even know, applications like 1password will generate a unique, incomprehensible password.
Finally, anonymity, or at least the perception of anonimity leads to some pretty awful behaviour. It leaves me wondering how thin the veneer of civilised society really is. Maybe it’s nihilism ? Like Chuck Palahniuks Fight Club, these are a generation of lost soldiers – they channel the rage and futility of lives defined by suburban consumerism into destruction – of those they hate, and those they don’t even know. Academics call it the disinhibition effect.
Anonymous called it lulz, probably because they couldn’t spell schadenfreude.