As CISPA Hits Congress, Cybersecurity Company Hypes The Fear Of Anonymous

from the fearing-fear-itself dept

Through TNW, we learn of a survey published by threat protection company Bit9 that states an attack by Anonymous is the number one thing IT security professionals fear. Doubtless the release of this survey was timed to coincide with CISPA, the dangerous cybersecurity bill that is being debated in the House this week. It's no surprise that a security provider would want to play up the fear of cyber attack, but I'm reminded of a quote from comedian Dara O'Briain: "Zombies are at an all time low level, but the fear of zombies could be incredibly high. It doesn't mean we have to have government policies to deal with the fear of zombies."

Apart from the fact that the fear of something is pretty meaningless (except to those who sell security, and those who want to pass bad laws), the details of the survey make it clear that this is entirely a matter of the hype around Anonymous:

61% believe that their organizations could suffer an attack by Anonymous, or other hacktivist groups.

Despite the utter sense of fear that Anonymous has created over the years, 62% were more worried about the actual method of attack, with malware accounting for the most cause for concern at 48%.

Only 11% of the respondents were concerned about one of Anonymous’ actual methods of attack – DDoS, while fears over SQL injections dipped to a measly 4%. Phishing was a concern for 17% of the respondents.

So, despite the fact that Anonymous apparently has them shaking in their boots, they know that their real vulnerability is malware—and that's not really Anonymous' game. The fear is manufactured.

What this survey calls attention to, though, is a fact that deserves more attention: under CISPA or a similar law, Anonymous would make a juicy target. Security companies and the government could collude and share data not only to strengthen their networks against attack, which would itself be perfectly reasonable, but also to identify and investigate Anonymous members, notwithstanding any other privacy laws. Regardless of how you feel about Anonymous' tactics, this should concern you: privacy rights and the 4th Amendment exist for a reason, and CISPA would wash them away online. The authors of the bill insist that it targets foreign entities, but it is arguably an even stronger weapon against domestic hacktivism that will inevitably be used and abused.

Filed Under: anonymous, cispa, cybercrime, fear, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    aldestrawk (profile), 24 Apr 2012 @ 3:16pm

    Re: Re: Re:

    Nice summary of botnets Rich. I would like to point out one aspect of botnets you did not mention. I don't have the time today to track down a reference, but my memory tells me that a large portion of botnet zombies become zombies because the user does not update their OS or application software to patch security vulnerabilities and/or they do not have anti-malware software installed. There is a correlation between pirated versions of Windows and malware infection. This could be due to the end-users risky behavior in general, by downloading software from any source and blindly trusting it not to be malware, or the end-users mistaken perception that Microsoft insists on applying security updates to only validated versions of MS software.
    This is not to say that fully updated systems running anti-malware and IDS systems cannot be infected. They can. However, it is more likely that a system that is not updated will be infected. This makes anti-malware software useful in limiting the size of botnets. Otherwise, why isn't everyone's computer part of some botnet? Frankly, I don't know how to convince people to keep their computers updated, but wider adoption of this practice would limit the size of botnets further. In addition, takedowns of botnets like Zeus and Kelihos is a new technique that pushes the balance further toward limiting the spread of botnets.
    One thing for sure, as you say, the problem of botnets will not be fixed through legislation and is not a valid argument in support of CISPA.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.