I fear we may soon lose our nerve. On the back of Sony’s Playstation Network being infiltrated with millions of members’ details stolen, Sega has now revealed that over 1.3 million members on its Sega Pass gaming network has been compromised, with passwords and personal information of 1.3 million members accessed by hackers. It is the latest in a trail of highly public failures in online security, and the paying public who entrust their confidential details with these networks have a right to ask: is anything really safe online?
The global companies that create these networks for people to play, communicate, compete and interact have done so with the understanding that the subscription fees pay for a certain level of service – high speed online connection, quality gaming experience, and last, but not least, strong security measures. In return, the company makes a tidy profit for hosting these virtual environments and creating new ways for its members to interact and challenge each other. But when the big names fall prey to these highly organised trouble makers, the impact can cause global ripples of nervousness.
Indeed, smaller companies are reeling from similar attacks. A friend of mine uses a Melbourne-based hosting company, Distribute IT, to host his videos and online promotional data. The hosting company’s home page has now become a blog page where the company is posting regular updates to its customers. The attack on this company’s servers was malicious and apparently intent on destroying data. 5 days later, they are still struggling to bring their full set of services back to speed, illustrating the effect of such destructive attacks. It appears that Distribute IT has been deliberately targeted – kill the host company and you take down anyone that relies on them for their online presence.
So what are the motivations of hackers? Some are politically driven, to override a webpage with their own message. Others seek to maintain a reputation within the hacker community. Some would be focused on revenge. But there is a more troubling trend emerging, of companies being held at ransom until they pay up, at which time their site is released. Of course, there would be a demand for further, regular payments to keep the site “protected” from any future attacks.
This scenario was played out at another colleague’s online business less than a fortnight ago. A Denial of Service attack was launched on their online store, bringing down the servers that were not able to keep up with the tens of thousands of page requests a second. A short while later, an email was sent through – pay up and we’ll stop the attacks. Police were called in, and the culprits were tracked back to Russia. The Denial of Service was halted by the hackers to indicate who was in control of the site, and then the attacks continued after payment was not forthcoming.
A workaround solution was eventually found, filtering out all non-Australian IP addresses, letting local traffic flow freely on the site. Luckily, most, if not all business on that site is generated in Australia and so that fix has worked for this particular company. But if you had a global business with customers worldwide, you’d be in big trouble.
This is an issue that will not go away, and it’s a global concern that requires an international approach. As we all gradually migrate to the cloud-centric file storage paradigm, there will be more than monsters in the closet – a veritable school of online piranhas will be sniffing out opportunities to threaten, invade and destroy our data. The answers to this threat aren’t yet clear, but one thing is certain – consumers will demand no less than complete protection in return for their trust and at times well-earned money, and will be baying for blood if the system falls over, as it has spectacularly over the last few weeks.