Periodically we like to share a few of the stories and posts from across the web that caught our eye. There are no editorial threads implied connecting these items together, other than being interesting.
#1: Tibetan Cyber Battles: VOA’s Kurt Achin posted a report from Dharamsala, India, this week, exploring the cat-and-mouse game being played between China and Tibetan exiles. As we’ve frequently discussed, the Internet as a tool can be wielded by just about anyone for any purpose, and the conflict over Tibet is no different. Achin documents just some of the ways Tibetan exiles are using the web to keep track of friends and relatives inside Tibet, and how Chinese authorities are trying to frustrate those same efforts. Among those he spoke with is Internet researcher Greg Walton, who notes:
“What is intriguing is that often we’ll see that the same command-and-control servers which are going after the big defense contractors, and stealing details of stealth bombers, or going after the big financial houses in New York – the same command-and-control servers are going after monks in Dharamsala.”
It’s a great read, and also a reminder of how long-simmering conflicts are increasingly moving online.
#2: Lock That Phone! Over at tech publication Ars Technica, Christopher Soghoian has an opinion article taking major mobile phone service providers to task for what he sees as lax security policies. Specifically, Soghoain – a graduate fellow at Indiana University’s Center for Applied Cybersecurity Research - argues the phone companies are putting users at risk by not “enforcing security by default.” Specifically, he says that most cell phone providers do not require users to enter codes locking their phones or their voice mail accounts.
While some may find it an inconvenience – to say the least – to have to punch in a four or five digit PIN number every time they use their phone, the growing incidence of mobile phone hacking and voice mail “spoofing” has some companies reconsidering their security policies. For example, just last week, AT&T announced all new mobile customers will have to enter a PIN code when checking voice mail. In his article, Soghoian says it’s time for all other wireless providers to do the same.
While enhanced security is almost always a good thing, Soghoian fails to note that the mobile companies know their customers’ likes and dislikes, and pushing such policies may drive users from company to company. Still, in light of the ongoing mobile phone hacking scandal plaguing England, it’s worth thinking about.
#3: Asking To Be Hacked: Among its other accomplishments, the group Wikileaks has inspired numerous copycats. Among them is “OpenLeaks,” a spinoff group founded by Daniel Domscheit-Berg and Herbert Snorrason, both formerly with Wikileaks. The group aims to be a secret-busting operation like Wikileaks, but unlike that group, OpenLeaks won’t publish documents on its website. Rather, the OpenLeaks team will provide leaked documents to established news organizations for their review and possible publication.
Domscheit-Berg says it’s crucial for leakers to trust their submissions won’t be hacked, along with any other sensitive material on their website. So they’ve taken the novel approach of inviting hackers to do their worst and try and break, or break into, their site. But since they don’t have any documents yet, OpenLeaks is using this test site instead to try and tempt hackers to break their security.
As tests go, it is an interesting approach. And as of this posting, the OpenLeaks test site remains secure.
However, hackers tend to be like bank robbers – the richer the target, the larger the thrill. Whether OpenLeaks can maintain security once it begins collecting secret documents is, pardon the pun, an open question.