Fear sells – and governments are accomplished salesmen
One of the phrases I like to use in relation to security is ‘fear sells’. The more we are afraid, the more we will buy to protect ourselves. Some security vendors implement this theory as a serious strategy (most don’t). But all governments do. And what we are expected to buy from them is their authority over us.
Today, the four horsemen of the apocalypse (internet) are terrorists, pedophiles, drug & gun runners and money launderers. We have to be afraid of them so that we accept and do what we are told by governments. We have to do this so that governments can protect us from the four horsemen who will run off with our children and blow us up with dope bought with illegal money. Protect by Control is the modern slogan.
Now I’m not saying that we should not be wary. The internet is a dangerous place. But so is the M25.
Now consider this statement released by the Arizona Department of Safety:
The week of June 20, 2011, the Arizona Department of Public Safety became aware that their email system had been compromised by a known cyber terrorism group, known as LulzSec… The cyber terrorism group has posted the stolen information on their website.
DPS Victim of Cyber Attack
What is terrorism? My dictionary says simply: “the use of violence and intimidation in the pursuit of political aims.” There are lots of other definitions – but that word violence or the threat of violence is always there. Wikipedia has an interesting comment:
The concept of terrorism may itself be controversial as it is often used by state authorities (and individuals with access to state support) to delegitimize political or other opponents, and potentially legitimize the state’s own use of armed force against opponents (such use of force may itself be described as “terror” by opponents of the state).
So where do we place LulzSec (now gone, of course) and the Arizona DPS? Graham Cluley of Sophos, never a fan of LulzSec, is far more temperate and accurate. Referencing, although not talking specifically about LulzSec, he commented today, “While there’s obviously a vast contrast between DDoS attacks and the bad guys looking to steal sensitive information for financial gain, the biggest concern is the attitude towards these attacks, with hackers portraying that it’s all a bit of fun. Companies and computer users mustn’t sit back and laugh along, thinking that these attacks won’t affect them. Businesses need to be sure of the quality of their security systems and all of us who entrust our sensitive information to third parties should be aware that the problem could affect us too.”
He was talking about the renewed attacks against MasterCard (of which, more here). But my point is this: according to Graham, MasterCard was taken down by hacktivists, not terrorists. He’s not trying to terrorise us into accepting the need for greater internet control – he’s simply telling us how it is.
That’s what the members of LulzSec were: hacktivists. Sadly, in the long run, they do their own cause more harm than good. Because political machines like the Arizona DPS will play the fear card, turn them into terrorists and turn the people against them and their message. And sadly, most of us will believe the political machines; and we will accept more and more political control over both our physical and cyber lives in order to protect ourselves from these terrorists, pedophiles, drug and gun runners, and money launderers.