About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

20 June 2011

Anonymous and Lulzsec Declare war on Corruption

After hacking the sites (and systems) of the CIA, the FBI, various US government departments, various corporations (most notably SONY), Lulzsec, and Anonymous have released a joint call to arms - a Jihad if you will - against corruption. And like many Jihadi movements, many commentators have already labeled it as "cyber-terrorism". Their "press release" is quite impressive, and full of good intentions but some points come to mind.

  • While the announcement itself asks for support for Wikileaks, how the evidence for corruption will be documented is not detailed. One of the standout features for Wikileaks is its impressive documentation, anonymisation and verification process. Simply releasing information is not enough, which leads to ...

  • How will the supposed corruption evidence be proven. It is one thing to break into a "secure" network, and even to retrieve data. But the legitimacy of the data needs to be proven - sufficiently that it will be difficult to label as a fake. Considering the skills of the attackers, there is actually a higher burden of proof to ensure legitimacy of the data.

  • Proving corruption will require a lot of corroborating evidence; and rarely will corruption be highlighted by a single data source. Furthermore, corroboration will require a number of disparate sources - e.g. an instruction via email linked to a bank account statement linked to an email on the success of the scheme. How many sources require infiltration before evidence is sufficient?

  • Inevitably there will be innocent bystanders hurt in the process - either because they are unknowing mules or wrongly targeted. Verification problems yet again?

  • Hacking into networks is illegal - and will remain illegal for the foreseeable future. Good intentions or not, this badly written, but informative article gives a good overview of the moral dilemmas awaiting the prospective hacker.

Given the revelations over the weekend relating to South Africa's own arms deal corruption saga, I am quite keen to see the results of this mass action. And I don't think it is cyber terrorism, yet. And, I do have some grave doubts on whether any real prosecutions or changes to corporate and government activities will actually result from this.

No comments: