Digital Kayak

Data Insecurity

Communicating through screens puts distance between people. The people you deal with become less real as a result.

By Adrian Duyzer
Published March 18, 2006

A few months ago, I was approached by a company looking for an upgrade to their web-based business management system. I requested administrative access to the system so I could prepare a proper estimate for the work, which they granted.

I soon found a major security problem: the passwords in their database were unencrypted, which meant I could read them easily.

Most people use the same password for every website they belong to, including their online email accounts. That means this information could have given me access to the email accounts of hundreds of complete strangers.

That could lead to emails from financial institutions and government. Fraud and identity theft could follow close behind.

Security

In the age of the "war on terror", we've become accustomed to hearing that word as justification for almost anything.

In February, the Christian Science Monitor reported:

The US government is developing a massive computer system that can collect huge amounts of data and, by linking far-flung information from blogs and e-mail to government records and intelligence reports, search for patterns of terrorist activity.

The system - parts of which are operational, parts of which are still under development - is already credited with helping to foil some plots. It is the federal government's latest attempt to use broad data-collection and powerful analysis in the fight against terrorism. But by delving deeply into the digital minutiae of American life, the program is also raising concerns that the government is intruding too deeply into citizens' privacy.

The privacy of non-Americans, on the other hand, is of little concern. Much, if not most, of the world's Internet traffic is routed through hubs in the United States.

Secretive American agencies are monitoring vast amounts of this voice and data traffic. They are already directly - and illegally, or at least extra-legally - spying on thousands of Americans, and monitoring the communications of millions more. There is nothing to hold them back from spying on you.

There are ways to protect privacy in spite of this monitoring, but the sloppiness that gave me access to the email addresses and passwords of hundreds of strangers trumps even sophisticated security measures.

Free Music

When people find out I have a little knowledge about the Internet, I often get asked about the best way to download music online.

The best way to download music - and movies, software, audio books and anything else that can be encoded into 0s and 1s - is to install a BitTorrent client like Azureus, configure it, and then head on over to the Pirate Bay.

Unfortunately for many but luckily for the RIAA, this is just too complicated for the average person.

But there are still some easy ways to find free music online. One is to use Google as described on tech-recipes. Because those instructions might be a little confusing to some, I created this simple page to make it easier.

The search technique used on that page, which is somewhat like a crude version of high-tech spy agency data mining techniques, can be used to find all sorts of files, including some that are personal and even confidential.

I was trying out the music search page, and I came across a small selection of freely available music files at www.securipho.be/files/3/.

People are predictable. If someone has a folder called files/3/, perhaps there is also a directory called files/4/.

www.securipho.be/files/4/ contains a bunch of personal documents, including an advisory on Cuban money and a letter giving 30 days notice before vacating a rental property.

What else might be there for anyone to see?

Distancing

People behave differently when they're online than they do in real life. Communicating through screens puts distance between people. The people you deal with become less real as a result.

Most people wouldn't read someone else's mail. When I told you I had stumbled across someone's personal files online, did you click the link to see what they were? Did you look more closely at any of them?

It's easy to do when click and you're intruding on someone's privacy. The proprietors of voyeur websites know this well enough. Any internet pornographer would tell you that people are less inhibited online.

The automated data-mining programs run by agencies like the American Department of Homeland Security put another layer of distance between citizen and watcher. All it takes is click and the US government is scanning the private information of millions, perhaps even billions, of people.

This ought to concern you, especially since the phrase "If Allah wills it, I will make the delivery tomorrow," which sounds pretty suspicious to me, was transmitted to your computer the moment you loaded this page.

They could be on to you right now.

Disclaimer

The "personal files" I linked to above aren't real. They're on a server my company pays for. The website name was registered today.

However, the situation I described did happen. I came across a stash of music and then a stash of personal files while looking for music files, just as I described, including the way the folders were organized. But I didn't think the owner of the files would appreciate me pointing out his error publicly, so I made up a site and put some fake documents on it.

Of course, I couldn't resist making it a little more dramatic.

I believe that takes this article out of the memoir category and into the fiction-based-on-a-true-story category. Put a sticker on it, Ryan.

Adrian Duyzer is an entrepreneur, business owner, and Associate Editor of Raise the Hammer. He lives in downtown Hamilton with his family. On Twitter: adriandz

2 Comments

View Comments: Nested | Flat

Read Comments

[ - ]

By Peter (anonymous) | Posted March 20, 2006 at 06:54:04

You write "Much, if not most, of the world's Internet traffic is routed through hubs in the United States." and link to a page which is nearly 7 years old and anything but true today. Today most countries have their own complete internet infrastructure and don't route their traffic trough the USA.

Permalink | Context

[ - ]

By adrian (registered) | Posted March 20, 2006 at 10:25:46

Peter - yes, the page is somewhat old, and I accept that criticism. I linked to it because I found it difficult to find the precise information I was looking for, and so I was forced to be vague and say "Much, if not most". However, what's at issue here is infrastructure, which does not change nearly as quickly as, say, software. So the fact the page is seven years old does not contradict my point. I would be happy to take a look at any evidence you have that supports your assertion that "most countries have their own complete internet infrastructure and don't route their traffic trough the USA", but until I see it, I think my point stands. This article (PDF): http://www.mohr.de/jrnl/jite/pdf/jite161... Has some interesting stats and is much more up-to-date. Although I don't understand significant portions of it (it's highly mathematical), it does show that North American data traffic still exceeds the closest competitor, Europe, by about 110 petabytes per year, or about 22%. This alone does not illustrate my point, except to demonstrate US data traffic clout, but in the Appendix, there is a brief look at Korean Telecom (KT). It says: "In the year 2003, KT (formerly Korea Telecom) had secured traffic capacity of 6 Gbit/s through transit contract with Tier-1 U.S. backbone providers, 2.6 Gbit/s through peering contract with Tier-2 U.S. providers, and 3.4 Gbps through peering with Asian providers. KT has also taken advantage of the multihoming strategy adopted by the popular U.S. content providers and established direct connectivity to portal sites such as Yahoo. Despite improvement in its net traffic balance, Korea Telecom pays substantial fees to the switching hubs in the U.S."

Permalink | Context

View Comments: Nested | Flat

Post a Comment

You must be logged in to comment.

Events Calendar

There are no upcoming events right now.
Why not post one?

Recent Articles

Article Archives

Blog Archives

Site Tools

Feeds