• United States



Description of Anonymous’ foolishness right on the mark

Aug 18, 20113 mins
Data and Information Security

My friend Rafal Los picks apart the tactics of Anonymous — and does a pretty good job of capturing the movement’s foolishness — in a post on Infosec Island.

See Los’ HP blog here.

I’ve questioned the methods of Anonymous several times in this blog.

It remains the tactics I disagree with: The fact that all of this is done anonymously with a lot of unfair collateral damage.

I know what some of you are thinking: How do you launch a successful revolution out in the open, where those doing the fighting can be easily identified and pursued?

My answer is that if you look at history, you usually see the face of the leadership. While a lot of operatives were anonymous, the leadership always showed itself: George Washington and other Founding Fathers during the American Revolution remain the best example.

I also remain at odds with Anonymous over the collateral damage. Sure, it’s good to expose companies and governments that oppress people or fail to get security right. But when you spill the personal information of innocents, who are you really sticking it to?

When people have to spend large amounts of time cleaning up the damage they did not deserve — because they had the misfortune of doing business with incompetent and/or dishonest corporations they trusted — you are just oppressing them in a different way.

That’s been my position. Now allow me to step back and share what Los had to say:

What groups like Anonymous fail to see is the very real consequence of their actions.

You’ve probably heard me say “Never let a valid cause get in the way of reckless actions”… and this is a perfect example of that. In this data breach …ask yourself who was hurt more.

Was is BART? Or was it the end-users who were almost immediately phished and attemptively compromised? Now ask yourself, how you can in good conscience support that kind of activity… honestly.

I know many of my colleagues in Information Security sympathize with the Anonymous cause, because it’s not too difficult to do so. While I won’t comment personally on how I feel about that – I can tell you I absolutely do not condone the reckless actions, and short-sighted activity that leads to more harm than good.

In the end, this does raise awareness for end-user education and that we should always be vigilant about what shows up in our mailbox. Users are the weakest link, and will continue to be… So how do you factor that into your IT Security and risk mitigation policy or framework?

Are you prepared for your users to be phished of their corporate credentials? What about your customers? Keep in mind as hacktivism continues on its rampage of corporations and governments… you are the collateral damage.

Well said, my friend.

–Bill Brenner

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a