Digital Assassination

The authors of the new book Digital Assassination: Protecting Your Reputation, Brand or Business Against Online Attacks, St. Martin’s Press --- Richard Torrenzano and Mark Davis --- are spotlighting three major Digital Assassination trends for 2012.

Digital Assassination begins as a willful act by someone who wishes to do harm through the Internet. It unfolds as a deliberate campaign to spread harmful lies the assassin has concocted or as attempt to take a fact grossly out of context or embellish it, making an ordinary shortcoming seem ghastly.

The trends are based on lessons from the top ten digital attacks of 2011, also announced today. 

__________________________________________________________

Critical Trends for 2012

Torrenzano and Davis see three major trends in Digital Assassination for the New Year:

First Major Trend: Blurring of Crime and Ideology

In 2012, it will be increasingly difficult to separate thievery from protest.

The eight major global crime syndicates recently surpassed a key milestone — more than 50 percent of their revenue now comes from cybercrime. 

As a result, news headlines are awash in stories about large-scale “smash-and-grab” attacks on financial institutions and the security firms that protect them, potentially leaving millions of credit card numbers, passwords and emails compromised.

Now, these same institutions are attacked by organizations claiming to have a higher purpose. Anonymous and Occupy are faceless and leaderless groups — that spontaneously organize ideological attacks.

It is not obvious their motives are purely ideological simply because the attackers purport to be members of Anonymous. 

Just as the Joker in Batman comics often threw stolen cash into the air summoning a frenzied mob to hide his getaway, so too, Digital Assassins purporting to support, for example, Pfc. Bradley Manning of Wikileaks fame, might actually be in it more for the money… not the ideology.

Second Major Trend:  Burglary and Reputational Attacks

In 2012, expect financial and reputational harm as a one-two punch.

As large-scale cyber attacks conflate ideological purposes with financial theft, the information gleaned from these large-scale attacks will also be used to punish individuals and institutions with reputational harm.

It will remain unclear, however, if the reputational attacks are the primary reason for the penetration of private networks, or if they are simply the cover for attacks mostly motivated by the desire for criminal profit.

Third Major Trend:  Democratization of Hacking

In 2012, people who lack technical skills can become proficient hackers.

With malware now available through hacker online “hardware stores,” it will be easier for non-technical people to order up cyber attacks, or even do it themselves.

More access to voice mail through “social engineering” spoofing techniques – like those used by News of the World – will focus on celebrities and high profile individuals who will endure reputational harm by the troublesome images or information they store on their mobile devices.

Increasingly, the person hacking you may not be in Russian organized crime or working for the Chinese People’s Liberation Army, but a business competitor, an activist or the creep down the street.

__________________________________________________________

Top Ten Digital Assassinations of 2011

The Top Ten Digital Assassinations of 2011 are notable for highlighting relevant trends for the year to come. 

Some are dangerous and disgusting. Others amusing. A few are both.

Celebrity Nudes: Digital Attack # 10

In October, the FBI announced the arrest of Christopher Chaney, a 35-year-old unemployed hacker from Jacksonville, Florida, who managed to worm into the devices of more than 50 entertainment figures—including Scarlett Johansson, Mila Kunis and Christina Aguilera.

In many instances, he hacked into mobile devices using passwords deduced from personal information he picked up from celebrity magazines and other news outlets.

Armed with passwords, he extracted intimate images from their devices.  He even set up email forwarding, so when his victims wised up and reset their passwords, Chaney received that new password as well.

Lessons:  Create pass codes with numbers and ASCII code no one can deduce.  Understand that embarrassing, intimate photos and information on digital devices are like dandelion seeds -- that when they go viral… they are everywhere instantly.

Zuckerberg Chicken, Fried: Digital Attack # 9

After famously announcing he slaughtered farm animals for his own meat, Mark Zuckerberg had his personal Facebook account hacked in December—revealing an image of the social media wunderkind holding a dead chicken by its feet. 

How did this happen? 

In the ever-morphing muddle of Facebook’s privacy settings, a loophole allowed Facebook users to access others personal photos by reporting an inappropriate profile picture. 

For Zuckerberg, this attack couldn’t have come at a worse time, during a sensitive period in which Facebook was coming to terms with the Federal Trade Commission over . . . its ever-changing privacy settings, as well as a pending IPO.

Lessons:  Now that Facebook has agreed to be more transparent and informative about its privacy settings, it should become easier to keep up with your privacy settings.

Gingrich Google Bomb: Digital Attack # 8

Digital mischief-makers picked up a piece of unclaimed real estate—NewtGingrich.com—and made a “Google bomb” out of it—conflating a search term with something else.

How does this particular Google bomb work?

Click on this site named after Newt and it may send you to a website that will help you book a Greek cruise—the same destination where the candidate and his wife, Callista, famously vacationed

Or it may send you to the homepage of Freddie Mac, which paid Newt .6 million for what he described as work as a “historian,” not as a consultant.

Or it may send you to Tiffany & Co., where you can open a six-figure account of your own.

Lesson:  Claim your digital real estate, especially your URL in all permutations, or others will, and do you serious reputational harm and embarrassment.

Poison Ivy: Digital Attack # 7

Employees of 48 U.S. defense and chemical companies received requests for meetings from reputable business partners.  When they clicked “yes” to the meetings, they also received what appeared to be the latest antivirus software updates, which they downloaded.

What they got instead was a digital surprise—Poison Ivy—a type of malware that revealed the secrets of their networks to a digital burglar.

In September, Symantec announced it had pinpointed this “spear-phishing” attack to one man’s computer in Hebei province in Northern China.  From this one source, Poison Ivy gained access to some of America’s top defense and industrial secrets.

Lesson:  Hackers sponsored by foreign governments will use you for industrial or political espionage. Expect that the next spear-phishing attempt may hide behind a trusted source or familiar name.

Brownback Blowback: Digital Attack # 6

Eighteen-year-old Emma Sullivan of Shawnee Mission East High School had enough of Kansas Governor Sam Brownback.  So she issued a tweet in November, creating a new hash tag—#heblowsalot.

Operatives in the governor’s office responded to this tweet by having Emma’s high school principal demand she submit a written apology to the governor.

Brownback, who was widely portrayed in the Kansas media as being surrounded by control freaks, soon admitted his staff “overreacted.”

With 9,000 followers, Emma now has nearly triple Governor Brownback’s Twitter feed.

Lesson:  Efforts to punish the teenager led to a little-noticed tweet being read around the world.  This is the “Streisand Effect” on steroids, a tendency of the online world in which digital suppression leads to digital promotion. Be measured in your responses.  Don’t swat a mosquito with a bazooka.

Sextortion Conviction: Digital Attack # 5

Self-styled after “Professor X” of the X-Men, Luis Mijangos, a 32-year-old ex-gang member confined to a wheelchair from a gang-related shooting—was sentenced in September to six years for “sextortion.”

What did Mijangos do?  He hacked into the computers of more than 40 underage girls and more than 180 women, luring them with a peer-to-peer file-sharing network to download popular songs for free. 

With malicious code inserted into these songs, Mijangos obtained access to these women’s personal secrets and intimate images on their computers.  He spied on them through webcams in their bedrooms.  In some cases, Mijangos attempted to extort his victims—compelling them to perform sexual acts for him before their webcams.

Lesson:  Webcams, which lets you view the world, can be reversed by assassins, to view your intimate private details and you. Keep a Post-It over your webcams when not in use.

American Election Threatened: Digital Attack # 4

Late in the year, Anonymous issued a blizzard of threats to disrupt the Republican Iowa caucus polling system.

Is this threat realistic?  Yes.  The potential of Anonymous to shut down voting in the Iowa caucus could easily be accomplished with code injection techniques.  The District of Columbia, as a test, invited hackers to try to crack its online voting system, a professor and his class at the University of Michigan altered the system to make it play “the Victors,” the school’s fight song.

Lesson:  Even with safeguards in place, in a close election… just the suspicion of hacking will haunt the results. Urge your state and local leaders to think twice about online voting.

Occupy Exposes Personal Police Information: Digital Attack # 3

Police officers risk their lives at work.  But should their lives also be risked at home?

In retaliation for closing Occupy camps across the country, protestors published the home addresses, phone numbers, salaries and personal details of police officers around the country.

“I hope the individuals behind these cyber attacks understand the consequences of what they are doing,” said John Adler, president of the Federal Law Enforcement Officers Association said last month. “There are very dangerous criminals out there who might seek retribution” against any of these police officers.

Lesson:  Anonymity allows attackers to “light up” targets for criminals and terrorists. Understand that something as mundane as a home address can be weaponized.

Stratfor Breach: Digital Attack # 2

Who will defend the defenders?

2011 ended with the hacking of an Austin-based security analysis firm, Stratfor, whose clients include the U.S. military, Wall Street banks and Fortune 500 corporations.  This attack did more than compromise private and proprietary information of tens of thousands of individuals and companies.

Anonymous added insult to injury by listing the passwords of Stratfor’s IT staff—the cyber equivalent of honking the horn of a getaway car.

This Digital Attack also allowed the shadowy group to mock its critics by taking their private emails and sensitive information and widely publishing it across the Internet.  Anonymous told one critic, “We went ahead and ran up your card a bit.”

Lesson: Digital attacks that appear to be “smash and grabs” of financial data…. cause serious reputational harm. The most secure information is that which you do not digitize.

Sony Playstation:Digital Attack # 1

Some 70 million Sony Playstation users in more than 50 countries received a real April fools when they plopped in their beanbag chairs only to find their accounts had been temporarily deactivated. 

The reason?

A hack attack forced Sony to suspend PlayStation, whose users’ personal data was potentially compromised—leaving players feeling as video game characters in Assassin’s Creed or Grand Theft Auto.

Lesson:  Digital Assassins find portals even in our entertainment vehicles...Be as careful with a game as you would with any other business transaction.

____________________________________________________

About the New Book: Digital Assassination

“In the future, which is now, everyone will have 15 minutes of shame.”

If you are a CEO or celebrity, small business owner, entrepreneur, physician, lawyer, journalist or politician, parent or child . . . you are at risk of Digital Assassination.

Digital Assassination: Protecting Your Reputation, Brand or Business Against Online Attacks by Richard Torrenzano and Mark Davis, St. Martin's Press-Macmillan, provides a road map that makes it easy to understand what is happening—why it is happening—and what you can do about it.

Co-authors Richard Torrenzano and Mark Davis, leading advisors to Fortune 500 companies and high-profile clients, predict what the end of privacy will mean for civilization—and provide a course of action to turn the tables on your would-be assassins. 

Using compelling stories from history and today’s headlines, they illustrate the "Seven Swords of Digital Assassination"— seven distinct forms that Digital Attackers assume and explain how they cut and slice at reputations in different ways. 

The book details how these online assassins work, and what you can do to minimize, neutralize, and even defeat them using the ‘Seven Shields of Digital Assassination’— seven actions to protect your reputation, brand, business or life.