Cyber criminals are just people. The difference between us and them is that they know how to exploit something that 99% of the world is still trying to work out. I think of them as expert craftspeople, and just like a master craftsman—a builder or carpenter, for instance—they are experts in their field. To our detriment, their expertise is ripping people off with the tools that most of us are only just coming to terms with.
Anyone with an agenda, with technical skills above normal and an axe to grind, can create major problems for anyone that they perceive has wronged them. We have seen it numerous times over the last five years. The most well-known example is Anonymous, the hacker group known for their denial-of-service attacks on big corporations.
Anonymous is a group of competent and motivated individuals who will do anything for their cause. The problem is that the cause changes with the people involved, and the core people change regularly. In addition to these changes, most of the attacks are done in such an illegal way that any good that they are trying to achieve is lost on the very people that they are protesting on behalf of.
Don’t get me wrong, some of the things done by Anonymous in the “Arab Spring” were notably above board and incredibly visible; for instance, they helped protesters avoid surveillance by the Tunisian government. But most of the time, that’s not how they operate.
When attacking an unjust regime, staying anonymous is pretty critical to you continuing to breathe. Yes, staying hidden can be justified as self-preservation—but it can also make you feel like you’re above the law and ordinary ethics.
If you’re attacking an organisation or business that has done something oppressive or evil, surely it’s possible to do it in a way to reinforces the perceived problems with their products or the way they do business. This way you damage their reputation and get normal people involved. Simply defacing a website doesn’t accomplish that.
The problem with these kinds of attacks is that they can be used to harm anyone—whether it’s an authoritarian government or a business that has simply gotten on someone’s bad side. And since cyber criminals are just regular people, there’s no guarantee they will use their powers for good.
So, what does all this mean for you? First, you must recognize that you can be targeted. Even if you don’t run a corporation and aren’t in the public eye, the joy of sabotaging your life is enough reward for some hackers.
Second you need to know if you are being targeted, the easiest way to do that is through google alerts. Your name, the business name, your industry are all good keywords to see if you are making your name known for all the wrong reasons.
But, most of all, the three most important modern components – common sense, paranoia and don’t trust anyone.