Megaupload Shutdown : Is the world now a safer place?
Now the dust has settled, what will happen next?
Last weekend, there was a lot of media noise about the shutdown of Megaupload.Even the US and French presidents have chipped in, although they perhaps weren’t expecting such strong reactions from Anonymous and their operation #OPMegaUpload.
While it’s not for NETASQ to take sides in the debate over digital rights, we nevertheless have a role to play, since we design, manufacture and sell solutions which our customers expect to help them stay the right side of the law. We therefore have to provide the tools to block unwanted sites including those potentially hosting illegal downloads.
So in response to this latest turn of events, the question is a simple one: Has this shutdown made the world a safer place or not?
Have we forgotten Napster, Kazaa, Edonkey, Bittorrent and all the others?
As you’ve already guessed, the answer is no. Alternative solutions abound and the “community” has already moved on. One can therefore legitimately ask the question as to whether such defence strategies are effective. In any case, almost immediately such a site is shutdown, several others invariably pick up the baton.
However, beyond this battle which seems lost before it starts, the CSO can learn an important lesson:
Human problem – human solution.
No site closure is going to suddenly change the opinions of “cultural pirates” since they simply don’t accept the idea of paying for content they believe should be freely available.
Installing a mobile phone jammer in a class room, apart from being illegal in most countries, will not help adolescent students to pay attention. In the same way, implementing URL filtering or blocking facebook will not make employees more productive.
Of course, application firewalls offer a way to limit the risk of downloading illegal content to your enterprise network. But if your security policy is based solely on imposing restrictions through technology, it will likely fail – and fatally. Worse still, your daily task will become ever more difficult as you battle incessantly against your employees’ attempts to bypass your security measures.
The signing of a charter is a necessary prerequisite, and the repeated explanation of its justification is essential.
Will the cops beat the robbers?
The above question is borrowed (paraphrased) from the French journalist, Stephane Soumier, who was commenting on the French Business radio channel BFM in his morning broadcast. To bring down numerous sites, Anonymous uses a simple, yet effective tool named LOIC. All that’s required to saturate the targeted server is to win enough souls and enough bandwidth. Unfortunately, most recruits do not consider the penalty they incur in joining the process.
Faced with such effortless (on the part of the attackers) potential for damage, Enterprises may feel powerless. Certainly, it’s not a fair fight at the moment, since the concept of return on investment, while completely foreign to the attackers, is a daily obligation for those selecting security solutions. Given this challenge, we must constantly expand the scope of security for the highly sensitive areas of business continuity and risk management.
Risk = Hazard + Outrage
Stephen J Dubner, one of the authors of Freakonomics, defined risk, in a recent interview with a risk consultant, as the sum of the hazard (actual) and the degree of outrage (generated by the evocation of risk).
The Megaupload case and the response from Anonymous is a good example. The danger is real, even if the long term impact is limited. The simple evocation of a group of anarchists capable of turning off the Internet, is enough to bring many responsible enterprises out in a cold sweat.
So what do you think? Should we fear the wrath of Anonymous on a large scale. Will the closure of Megaupload slow down the pirates or give them a boost?
As always, don’t hesitate to leave your opinions in the comments section below.