Article Options

The Real Consequences of an Anonymous Data Leak

Wh1t3Rabbit| August 15, 2011 - last edited August 16, 2011
Post a Comment

Earlier today, I checked out the information leak that the now-infamous Anonymous collective released from their hacking into the BART system over the weekend in retaliation for what they perceived was a breach of civil rights by BART during a protest last Friday.  I don't need to give you details since you can look those up, or an opinion on whether BART violated civil rights or not ... but I will give you an idea of the consequences of one of these little stunts.

 

As you can see, the site was released middle of the night day, Sunday night (see image below).

 

BART_Release_Site.jpg

 

Shortly thereafter, one of the people who had their information leaked, and just so happens to work here at HP, got this email:

 

phishing.jpg

 

Yes, this is your typical USPS delivery notification phishing email, and if you look closely at the link you'll realize it points to some site that's obviously not the USPS... but I digress.

 

Interestingly enough, I'm happy to put Karen into the "gets it" class of user.  She's security aware, and does a good job of being paranoid.  When I sent her an email about the fact that her information as exposed she was already well on top of the situation.  In fact, she forwarded me the phishing email she was suspicious of so I can investigate it.  First off, way to go Karen ...second off, I think this makes several interesting points.

 

What groups like Anonymous fail to see is the very real consequence of their actions.  You've probably heard me say "Never let a valid cause get in the way of reckless actions" ...and this is a perfect example of that.  In this data breach ...ask yourself who was hurt more.  Was is BART?  or was it the end-users who were almost immediately phished and attemptively compromised?  Now ask yourself, how you can in good conscience support that kind of activity... honestly.

 

I know many of my colleagues in Information Security sympathize with the Anonymous cause, because it's not too difficult to do so.  While I won't comment personally on how I feel about that - I can tell you I absolutely do not condone the reckless actions, and short-sighted activity that leads to more harm than good.

 

In the end, this does raise awareness for end-user education and that we should always be vigilant about what shows up in our mailbox.  Users are the weakest link, and will continue to be... so how do you factor that into your IT Security and risk mitigation policy or framework?  Are you prepared for your users to be phished of their corporate credentials?  What about your customers?  Keep in mind as hacktivism continues on its rampage of corporations and governments... you are the collateral damage.  Stay vigilant, ever more so now that the war is on.

 

 

If you're like to go check to see if your information was leaked, go here: http://www.djmash.at/release/users.html

Labels: Hacktivism| phishing
Labels:
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author(s)


Twitter Stream
Follow Us
Community Announcements
50 Must Read IT Blogs