Internet Security 1 : Let’s be safe out there.
There are a number of reasons why you should always blog anonymously and very few against it. There are some fanatics in the AGW debate whose activities go far beyond what would be termed acceptable behaviour both in the blogosphere or outside it. Indeed, if they were traced and they can be, they could end up in a court of law.
Remember Greenpeace’s infamous “we know who you are, we know where you live” post at their website and consider that it was written by their Director of Communications, not some deranged and criminal loner. Interestingly, Greenpeace neither apologised for it and removed it nor appear to have disciplined the person concerned. That’s the sort of “end justifies the means” mentality the ordinary person has to protect themselves against.
Back on topic. There’s a lot of stuff myself and others can tell you about online security. It could end up as a bewilderingly long list of “do’s” and “don’ts” which would obscure the essentials of Information Security (IS). Instead, I’m going to tell you a story.
Once upon a time there was a man named Innocenti Bloggs. He received his forename from his mother who was, yes you’ve guessed it, Italian. With a surname like that, his father of course, could only be an Englishman. Innocenti discovered the internet.
After the usual tentative start, he realised it was actually very handy. All that information, if not at his fingertips, then at least at the end of his mouse. Next came the mastery of email, which was quickly followed by the relatively easy transition to online banking. With so distinctive a name, he of course bagged an email address of InnocentiBloggs@hotmail.com. Success followed success. He was on a roll.
Now that he was comfortable, he started getting into the interactive aspects of the internet by reading blogs by commentators whose thoughts on things he found of interest. Pretty soon he had a nice collection of them in his favourite’s folder. None of them were in any way controversial.
After a few months of lurking, he tentatively assayed his first comment and things took off from there. He started commenting regularly, made the acquaintance of many like-minded or at least interesting people from all over the world and spent a pleasant half hour most evenings catching up and exchanging banter. This went on for a number of years.
And then came the fateful day. He went into work as usual but was intercepted in the lobby by his boss and an HR person and led to a private room. There was something to be discussed. Had he been sending offensive emails they asked him? Of course not he replied, at which point they started producing printouts of the emails and asked if that was his email address. Of course it is he replied but he didn’t send them.
They went on to tell him that some of the emails came with very explicit porno pictures attached. Some of the porn was the worst sort, child porn. He was told that under the circumstances he would have to be suspended while the whole thing was sorted out.
He went home in a daze and straight to his PC to check his email account. His password wouldn’t work and he was soon locked out. That evening his family and friends kept phoning him to complain about the filth he’d sent them. Things got worse. Within a month the police, accompanied by a child protection officer were knocking on his door.
They had a piece of paper with them authorising them to take his child into protective custody. In God’s name why, he asked in shock. He’d been downloading paedo porn. They’d already been to his email provider and his account was full of it. He was formally cautioned that downloading such material was a criminal offense. They lost their child.
Welcome to the nightmare.
End of story.
That is a true story and believe me, there are worse ones out there. What the hell had gone wrong? In a nutshell, information leakage.
Without noticing or even meaning to, he’d offended a not very nice person (an NVNP) on a blog somewhere who was determined to ‘pay him back’. The NVNP spent the next few hours googling the internet for comments by Innocenti. There was lots of material, stretching back years. At the end of it, he knew Innocenti was married with one child, his wife’s name, his child’s name, what he did for a living, where he worked and his email address.
The latter was particularly useful since it gave the NVNP Innocenti’s real name to google for even more information on him. With this information at hand, he monitored every comment made by Innocenti, waiting for the right opportunity. It duly arrived in the shape of another comment by Innocenti to a friend, saying they were going away for the weekend and he wouldn’t have internet access but would catch up Monday.
That weekend, the NVNP found a free WiFi point and began to break into Innocenti’s email account. He tried the wife’s name with no success, then the child’s. Straight in. Since there were years of email there from both blogging and personal correspondence, he skim read until he’d got a list of email addresses he was going to use.
He then registered Innocenti with a number of porn sites (he had his own list of favourites too) and requested pictures be automatically emailed to him at Innocenti’s email address. When enough material had arrived, he started emailing it out to family, friends, work, and every organisation Innocenti was a member of. It was as simple as that.
For me, the interactive aspects of the web are its best feature and I enjoy them to the full but I do think very carefully before giving out any personal specifics on the internet. You should always be mindful that you may be putting in harm’s way not only yourself but the ones you care about.
Lessons to take away:
- Don’t give out personal information on the internet.
- Set up a separate and anonymous email address to be used solely for blogging, never for personal stuff
- Always use passwords which are a mixture of numbers, upper and lower case letters with a length of at least 10 chars. Always write them down but on a piece of paper.
Like the guy used to say in Hill Street Blues, “Let’s be safe out there.”
Related articles :