As CISPA Hits Congress, Cybersecurity Company Hypes The Fear Of Anonymous

from the fearing-fear-itself dept

Through TNW, we learn of a survey published by threat protection company Bit9 that states an attack by Anonymous is the number one thing IT security professionals fear. Doubtless the release of this survey was timed to coincide with CISPA, the dangerous cybersecurity bill that is being debated in the House this week. It's no surprise that a security provider would want to play up the fear of cyber attack, but I'm reminded of a quote from comedian Dara O'Briain: "Zombies are at an all time low level, but the fear of zombies could be incredibly high. It doesn't mean we have to have government policies to deal with the fear of zombies."

Apart from the fact that the fear of something is pretty meaningless (except to those who sell security, and those who want to pass bad laws), the details of the survey make it clear that this is entirely a matter of the hype around Anonymous:

61% believe that their organizations could suffer an attack by Anonymous, or other hacktivist groups.

Despite the utter sense of fear that Anonymous has created over the years, 62% were more worried about the actual method of attack, with malware accounting for the most cause for concern at 48%.

Only 11% of the respondents were concerned about one of Anonymous’ actual methods of attack – DDoS, while fears over SQL injections dipped to a measly 4%. Phishing was a concern for 17% of the respondents.

So, despite the fact that Anonymous apparently has them shaking in their boots, they know that their real vulnerability is malware—and that's not really Anonymous' game. The fear is manufactured.

What this survey calls attention to, though, is a fact that deserves more attention: under CISPA or a similar law, Anonymous would make a juicy target. Security companies and the government could collude and share data not only to strengthen their networks against attack, which would itself be perfectly reasonable, but also to identify and investigate Anonymous members, notwithstanding any other privacy laws. Regardless of how you feel about Anonymous' tactics, this should concern you: privacy rights and the 4th Amendment exist for a reason, and CISPA would wash them away online. The authors of the bill insist that it targets foreign entities, but it is arguably an even stronger weapon against domestic hacktivism that will inevitably be used and abused.

Filed Under: anonymous, cispa, cybercrime, fear, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Rich Kulawiec, 24 Apr 2012 @ 9:10am

    Speaking as a "cybersecurity" professional...

    ...(although I hate that term) I think I should take a moment to point out the #1 threat to just about every computing operation anywhere on the planet.

    Its own users.

    I've said for years that competent system/network administrators should presume that their users are (variously) stupid, lazy, careless, insane, or actively hostile -- and plan accordingly. (And if the users turn out to be none of these things? Oh happy day. Celebrate with scotch. But go back to presuming this tomorrow.)

    Users will reply to spam and download trojans. They will infiltrate malware and exfiltrate data. They will pick extremely poor passwords, re-use them elsewhere and write them down. They will give out sensitive information to the nice man on the phone who says he's from IT. They will bring in their home laptop (the one that hasn't been updated in two years and that the kids use all the time) and plug it into the corporate finance network. They will click on every shiny thing they see. They will send critical email messages to the wrong address (because, surprisingly, not all domains end in .com) and assert that their boilerplate disclaimer complete with unenforceable adhesion makes it all better. They will pass around USB sticks that have thoughtfully been preloaded with keystroke loggers. They will mistakenly send a 4,000-page document to the printer. They will leave that DVD on the airplane and lose their laptop in the hotel. They will use IE despite being furnished with Firefox, Chromium, and Opera. They will forward chain mail fake virus warnings "just in case".

    And so on.

    If you've been following the history of major network intrusions and serious data loss incidents for the past few decades, you know that nearly all of them have been caused by someone inside the operation involved. Sometimes it's a system or network admin: we screw up too. But if you're betting to win, bet on the users: they seriously outnumber us.

    You can't just drop in a product or service like the ones that Bit9 is flogging and address this. It doesn't work that way. You have to design with this in mind, from the first cocktail napkin to the whiteboard to the formal layout. If you try to retrofit it, you guarantee failure.

    Nor can you address this with legislation. Doesn't matter who writes it or what's in it, it's all worthless.

    Good security doesn't come from products with colorful marketing brochures or from legislation dictated to congresscritters by whoever dropped the most cash into their coffers. Good security comes from smart, paranoid, ruthless, cynical people with an eye for detail and a grasp of The Big Picture. Oh, it's not perfect: we make mistakes all the time. But it's the best we've got.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.