Wednesday, December 8, 2010

"Warnings All Ignored Again"

Back when my wife and I lived in Los Angeles, we would make a regular trip to Santa Fe every summer to enjoy the opera and chamber music offerings.  As a result we both began to develop an interest in the art work of that area, both traditional and modern.  Among the modern artists who particularly interested us was Bob Haozous.  He first came to my attention in an exhibit that we may have seen at the Institute of American Indian Arts Museum, which showed a piece called something like “Indian Child’s Pull Toy.”  It involved a flat piece of steel mounted vertically on a wagon and depicting a kneeling cowboy with his gun drawn.  The steel itself was shot full of bullet holes.

I think the first time I found something by Haozous that I could afford was when I discovered that he also designed bolas.  The one that really caught my attention depicted the naked upper torso of an attractive young women.  The rest of her body was in the mouth of a wolf.  (I suppose this is a good time to confess that I have been a long-time fan of the movie The Company of Wolves.)  Surrounding this lurid image was the caption “WARNINGS ALL IGNORED AGAIN.”

I have been thinking a lot about that caption in the wake of the ways in which events have been unfolding in response to the WikiLeaks release of the “Embassy Cables.”  When I gave Julian Assange the Chutzpah of the Week at the end of last month, I suggested that he may be living by the code of a warped version of an old Sixties motto:

If you are not part of the solution, you can make the problem so bad that someone else will finally get around to fixing it.

The problem that I had in mind was one that has been around for quite some time and has been most evident in the way most people tend to use their electronic mail systems.  The way I put it in my Chutzpah of the Week post was that Assange had found a rather embarrassing way to call attention to reckless acts on the part of members of the State Department who should have known to act with more discretion in what they put into their communications.  It is hard to imagine anyone who has not had to deal with sending off an indiscreet piece of electronic mail and then getting bitten by some unintended consequence.  Most of those bites involve minor pain that quickly passes.  In this case we do not know how great the pain will be or how long it will last.  From this point of view, all Assange did was remind us about a warning concerning the use of electronic communications that has been around for a long time and has been effectively ignored for all of that time.

Today we have learned that another such warning has entered the picture.  I have no idea how many years have elapsed over which I have read reports about the risks of cyberattacks and the need to do something about those risks.  Of course those responsible for the digital technology have not been entirely idle in the face of such threats, but there tends to be the usual fixation that every problem has a solution that just has to be found and implemented.  However, back when Udi Manber was working at Yahoo! he was astute enough to recognize that the development and deployment of malware was best viewed as an arms race.  It was not enough to come up with clever solutions;  one had to be eternally vigilant for new problems that would be clever enough to thwart those solutions.  As our government continues to jawbone over whether or not such vigilance should be a matter of national policy, malware developers continue to develop new stuff.

This brings us to this morning and the role that malware has now assumed in the controversy over the efforts to prosecute Julian Assange.  Here is how Raphael G. Satter and Jill Lawless have reported the current state of play for Associated Press:

Hackers rushed to the defense of WikiLeaks on Wednesday, launching attacks on MasterCard, Swedish prosecutors, a Swiss bank and others who have acted against the site and its jailed founder Julian Assange.

So-called "hacktivists" operating under the label "Operation Payback" claimed responsibility in a Twitter message for causing severe technological problems at the website for MasterCard, which pulled the plug on its relationship with WikiLeaks a day ago.

MasterCard acknowledged "a service disruption" involving its Secure Code system for verifying online payments. It was not clear how widespread the problem was. Earlier, MasterCard spokesman James Issokson said consumers could still use their credit cards for secure transactions.

MasterCard is the latest in a string of U.S.-based Internet companies — including Visa, Amazon.com, PayPal Inc. and EveryDNS — to cut ties to WikiLeaks in recent days amid intense U.S. government pressure.

This is just the latest of concrete warnings that our digital infrastructure is not as secure as we think it is (or would like it to be);  and, if MasterCard is vulnerable to attack, just how are we to respond to the latest run of “To The Cloud” commercials that Microsoft was been running on television?  The warnings could not be more blatant.  Will we continue to ignore them?

1 comment:

DigitalDan said...

As I understand it, there was no breach of security in the attacks on Mastercard. This was another in a long line of distributed denial of service attacks, whose effects appear to be difficult if not impossible to completely counter. They are in fact a consequence of the essentially net-neutral current design of the wired internet -- no one kind of traffic can be preferred over another, except at the end points.

DDOS represents a real quandary for the Internet, going forward.