LulzSec, Anonymous, ICE, FBI and users Part IV

Get caught up on this series Part I, Part II and Part III.

Well, it goes to show how quickly the internet works. LulzSec calls it quit, see NY Times article. However, in my opinion this doesn’t change a whole lot about what I said in my previous posts. There will be another group that decides to do the same sort of thing. I’m sure the individual members of LulzSec will be active with groups like Anonymous and perhaps join up with some other hacking group out there.

At any rate, it’s important to discuss the overall structure of the internet. While many users believe the internet should be free and anonymous and all those things. It’s starting to become apparent that this is not going to be the case. With major US ISPs deciding to go after pirating directly, it seems that deep packet analysis is going to be the way of the future. Wait, what is deep packet analysis? Well, when you send information across the internet it’s broken up into smaller pieces and sent to the end point through many different routes. This ensures that the data all makes it to the other side in the fastest manner possible. Initially, it was difficult to determine what this information was. Now there are many different suppliers that allow ISPs to figure out what these packets of data are. This gets to the root of the Net Neutrality debate. I haven’t talked about that yet, which I’ll do later this week I believe.

Anyway, since the ISPs know what you’re sending, you’re already less anonymous there. They know where you live, who you are and how you are paying your bills. They know a lot of other information about you too. Next, the EFF has shown that based on your browser and plugins that it is likely your browser configuration makes it unique like a finger print (article). On top of that you have a lot of  “Cookies” based on the websites you’ve visited. These are useful to you and to commercial websites. It stores personal information and allows you to get your recommended books list from Amazon. This means that over time, you’ve accumulated a great deal of identifying information on your computer that is accessible through your browser. Using your browser it is easy to identify you and your online habits. However, the EU just implemented a law about requiring consent for websites to use cookies (BBC article).

Sadly, these are not the only structures that we need to be aware of. Many companies like Google are required by the US government to have a backdoor for them to execute warrants and do general snooping of the email systems. I’m sure Facebook is also required to do this, but I haven’t directly heard this yet. This has caused at least one acknowledged case of hacking by a Chinese group on Google (article). With these backdoors there is only so much an individual user can do to protect themselves. In cases like this, the strongest password in the world wouldn’t have protected your emails.

Groups like Anonymous, LulzSec and Ninja Hackers are trying to increase the amount of freedom and anonymity users have on the internet. The Government and businesses are trying to decrease it. The US government does want to initiate a national level internet ID, which basically would tie all your information together. While easy for users, it could be very high risk for them as well. The difference in how these groups feel that the internet should be operating is the root cause of the “Softwar.”  This will not stop, and we, the users, will be stuck between these two sides, unless we force our government to decide one way or the other.

Additional Reading:
Lawrence Lessig Code 2.0. Many of the ideas I got for this post are discussed in this book, which I’m currently reading, you can download it for free legally here.

LulzSec, Anonymous, ICE, FBI and users Part III

Get caught up on this series Part I, and Part II.
So I’ve been talking about these four groups and how they have been interacting. However, these groups are not interacting in a vacuum. Theses groups are either hacking governmental organizations or they are hacking corporations.When Anonymous and LulzSec (or any other hacking group) goes after a company, they are trying to get one of two things, some times both, either user data or  some sort of dirt on the company itself.

User information can range from names, locations, email address to IP addresses and credit card information. Since these guys are going after big companies, like Sony, Blizzard, and other gaming companies, they are most likely going after as much information as they can get their hands on. When it comes to dirt on a company, they go after big companies and small alike. They went after Bank of America in an attempt to reveal improper behavior to punish someone for the financial mess we’re in. Small companies like HBGary was a bit of a grudge match. HBGary claimed that they were able to bring down all of Anonymous, which pissed the group off. HBGary was hack and completely discredited and also showed a lot of nastiness going on in the security world in general.

In some ways it’s pretty obvious how stealing using information impacts the user. Recently, Sony’s PlayStaion Network was down for a month, because of the security breach, which included some 1.3 million user’s information being stolen including credit card information. In another case a game called Brink was hacked and 200,000 users information was stolen.

So, obviously these guys are in the wrong right? Well, yes and no. They think they are completely in the right here. They could have been doing all these things and not made it public. Just stole the information, then sell it to someone and make a lot of money from it. Or perhaps use it themselves. In some cases they did that. Anonymous ordered about 100 pizzas to a Sony Executive’s house. In fact, Sony is currently being sued for the weakness of their network. We would not have known about it, without the hacker attack.

The US government is fighting back and taking down servers which have obvious impacts on users and hosting agents at the same time. However, both ICE and the FBI feel they are 100% in the right based on the law. ICE firmly believes that it has the required authority and rights to take down websites, and the FBI feels it can take whatever servers it needs to find these guys.

It’s the immovable object versions the unstoppable force, with the regular internet users in the middle. Most users won’t notice unless some website they are using goes down, or they find out their card has been hacked. Users that play games, watch movies, and create content have the most risk in this battle.

How can users mitigate their risk? Well, the best thing to do is to get a specific online credit card that has a low limit that will cover your gaming and general online purchases. If you’re only spending $10/month on games then get a card that will have a maximum of $100 or something like that. Minimize the number of credit cards you use online, and try to avoid using debit cards as much as possible. Additionally, try to create difficult passwords, something with multiple capital letters, numbers and special characters if the website allows it. Such as: Dr.Wh0d^nn!t something more random might be better, but it’s still a much more difficult password to deal with than drwhodunit. If you are unable to create passwords like this, then you should request it from the website you are using.

Finally, there’s only so much you can do as a user. Some of this has to deal with how the internet is structured. I’ll discuss this tomorrow. Protect yourself as much as you can.

The NY Times posted this article yesterday about LulzSec.

LulzSec, Anonymous, ICE, FBI and users Part II

Yesterday, I discussed Users, Anonymous and ICE. Today I will introduce LulzSec and the FBI and how they interact with the other two groups, if I have space I’ll also add some of the impact on users.

LulzSec is a rather new hacking group. I think I’ve been seeing posts about them since about June. I’m pretty sure they’ve been around longer than that, but within the last few weeks they’ve really picked up their online activity. This group claims they are fighting for the user and are going after, white hat, black hat, and government agencies. White hat and black hat are different types of hackers. White hats will find vulnerabilities, and then notify the firm of this vulnerabilities in their systems. The white hats help protect user data from the black hats, which are typically the bad hackers. LulzSec is something of a gray hat. They hack firms and then publicly display the vulnerabilities, by they claim they are doing this only to force the firms to change their behavior. They are also attempting to out bad apples, or so they say, in the white hat community. These guys are apparently pretty good, as their domain name was seized by ICE, and they took it back. On the ICE seizure page, in my previous post, they added this “rage guy” to it. They claim they only do it for the Lulz (lols or laughs).

I found this on the Telegraph’s website. No idea who owns the copyright

This of course did not make the US government too happy. So, two days ago the FBI got involved in the situation. They proceeded to take the server which the LulzSec website was hosted. Which impacted innocent websites as well. As the hosting agent wasn’t aware of this action until a few hours after it occurred. According to the hosting agent, the FBI took additional servers that weren’t involved at all. Here’s an article from the NY Times with a bit of a time line of the event. The LulzSec website is currently no longer up, as it appears the server with the website has been taken offline.

LulzSec has been targeted by both governmental agencies and some members of Anonymous and other hacking groups. The hackers are trying to show that these guys are a bunch of amateurs and aren’t covering their tracks very well. There’s been one LulzSec arrest so far in Spain. There have also been numerous Anonymous arrests as well. Each arrest supposedly is a leader in the movement, which each movement denies and mocks the arresting government as being incompetent and the person they caught is only a bit player in their campaign.

So what’s the big idea? They hack stuff, they get arrested, they lose connection to the internet. What’s the big deal? Well, I think that both Anonymous and LulzSec are using hacking as a means of protesting, but also attempting to fight over the structure of the internet. Anonymous feels that no one is listening to the larger internet community on how they feel firms should interact on the internet, and they also feel that the internet should be open and should be unregulated. LulzSec is a bit more of a loose cannon and are basically trying to cause as much mayhem as they possibly can. However, I think that they are using a different technique to achieve the same aims, an unregulated internet.

Tomorrow I’ll discuss some of the impact on users and what the structure of the internet means for most users, and how it can affect how the internet works in the future.

LulzSec, Anonymous, ICE, FBI and users

I this post, and some future posts, I plan to discuss several different entities and how they are currently impacting web usage, some potential future impacts and how users fit in with all of this. First I’ll talk about the users and then talk a little bit about each of the other entities and some of the current activities.

For users, I think every one is aware of the broad range of types of people on the internet. You have your grandma and grandpa who only use the internet for email, or I’ll these users novices. Then you have the more sophisticated users, which use various chat programs and may look at different websites and get their news, these are basic users. Intermediate users and basic users kind of blur together they’ll probably user online games, both paid games and simple online games like yahoo games etc. Next there are Advanced users. These people are consumers of content and may create some. They are probably also aware of how to create websites and pretty technically savvy people. Then you have the Power users. People that use massive amounts of content, create their own content and spread large amounts of information over sites like 4chan, reddit, digg, and various other Web 2.0 sites. These users are typically well aware of what’s going on with these four groups I listed above. These groups do not have hard and fast end points, it’s more of a continuum. In some cases it’s difficult to tell the difference from an advanced user and a power user.

So why are the Power users, and some advanced users, aware of the activities of these groups more than other people? In some cases these power users are actually involved in Anonymous, or actively support the action of the members of Anonymous. Ok, is that a good or bad things? Well, that’s a really difficult question to answer.  I can only answer that by explaining who and what Anonymous is.

Anonymous came about from the chat rooms of 4chan, and similar groups such as that. I’m sure there are many other sources that I’m completely unaware of, probably IRC(Internet Relay Chat). But what do they do? Well, partially they are a response to the governmental responses to Wikileaks, an organization devoted to safely leaking government or business related information (whistle blower site). They decided to attack, through a Distributed Denial of Service attack (DDoS) (Which basically take a website offline), websites that didn’t want to work with Wikileaks, like PayPal, MasterCard, Visa, and Amazon. However, it has since escalated to include many governmental agencies. Such as the US government and other organizations. This wouldn’t really be that big of a problem if it was just DDoS, which are illegal but short lived. They also started to hack companies and steal information.

So who is ICE and why do I care about them? Well, ICE is the US commerce department. The same people that are in charge of the US boarders. Some how, they have been given broad authorization to target websites that are either streaming or directly distributing copyrighted material. They do this through seizing websites. Which has been considered very questionable under constitutional authority. See the picture below for an example of a website seized by ICE.

ICE Seizure web page

Well, I still don’t know if that’s a good or a bad thing. They could be going after child pornography or shutting down those pirating websites. You know, those are good points. ICE, accidentally shut down a few websites, wrongly claiming the accused was distributing child porn. These were actual businesses that were shut down due to this. 
Well, this post has gotten rather long. So tomorrow, I’ll post about LulzSec and the FBI and hopefully discuss how all four of these groups intersect with each other. As a teaser, all four of these groups feel that they are fighting over the control and structure of the internet.

Copyright and the O’Dwyer case

So, I’m not sure how many of you out there have heard about this O’Dwyer case. Tech Dirt has a nice article about it today check it out here. If you don’t feel like reading it I’ll summarize it. An UK student is being extradited to the US over a website he set up which links to streaming content. The website had already been ICE’d, or seized by the US government. Apparently that wasn’t enough now the Southern District of New York wants to bring this kid over to the US and try him, for something. However there are some problems:  “a) perfectly legal in his home country and (b) probably legal in the US.” (tech Dirt article). So, this is a bit of a problem. O, and by what he means by legal in the US is that it’s not criminal, and you can only be extradited for a criminal offense.

So, this really brings into focus some of the activities of ICE in general. There are a lot of people that are concerned with the overly broad approach to seizing domain names as there is not much judicial oversight. What that means is that these actions could have a chilling affect on freedom of speech, destroy businesses, and in some cases lives. One of the seizures involved a false accusation of child pornography. That can completely destroy a person’s reputation. The other problem is that it’s not even clear that these actions are completely illegal.

The US copyright laws are getting progressively more difficult to understand. This comes at a time when users are interacting with copyright in their daily activities. To enjoy media people should not have to concern themselves with a byzantine set of laws. I plan in the upcoming weeks to write some posts about the history of copyright and how it has changed over time. I’ll also discuss some of the Creative Commons “Copyleft” movement that’s been founded by Lawrence Lessig.