Social media answers your concerns… and hacks your enemy

By Kevin Bailey, Head of Market Strategy.

Social media

When it comes to pulling together sympathizers for a cause, the world of social media knocks spots off legacy methods.

For new political parties it can take years, even decades, to get representation within a government to have their cause heard – let alone effective in law. Fund-raising used to require events, dinners and auctions to raise enough to benefit things like the church roof repairs. But check out Barack Obama, who raised over $400 million for his 2008 presidential campaign, which was surpassed in 2012 with over $600 million. Not bad, considering the majority of donations were for less than $200. A great way to have crowd sourcing pay for the work you are yet to do!

But the darker side of social media providing the response to a cause can be severely detrimental to a business. Take Dropbox, a company regularly questioned over the validity of their security systems for user data protection in the cloud. They didn't think about the repercussions when their staff were found booting local teenagers out of a public soccer field in San Francisco's trendy Mission District because they didn't have a permit to play. Video of the heated exchange went viral, gathering nearly 300,000 views at the time of writing. Dropbox may have retrospectively apologized, but the damage was already done. We all know the old saying that “any press is good press”, but that was when media was printed rather than online, meaning individuals will be able to read/watch the coverage for years to come.

Enter the “socially responsible hacker”, a bit like Greenpeace on a PC rather than a boat. These groups have stores of personal data that has been stolen without anyone yet realizing it. Most hacks of data do not become visible until 3-6 months after the original hack, normally on a name list site or via some method of ransomware. 

In the case of Dropbox, hackers pulled a rabbit out of their big black hat over the last couple of days and posted hundreds of emails and passwords from "Hacked Dropbox accounts" onto Pastebin, with links from Reddit, claiming to have access to a further 7 million login credentials and looking for donations via Bitcoin to trigger further disclosures.
Dropbox claim that their systems had not been hacked and there is no reason to doubt this. Remember – when a hacker looks to extract personal information, logins and email credentials, they don't just come away with data for one system. They get diverse data that fits many systems.
This means that when you or your business gets hacked, every individual who has been compromised needs to consider every login credential and portal access that may have been affected.

So if you suspect that your information has been hacked or acquired, you need to change all your credentials – not just the application or service that has been made public. Change everything. Yes, it is tiresome, but it’s less expensive and damaging than clearing up the mess once the horse (hacker) has bolted!

A final twist in the plot for this event is that the “Socially responsible hacker” may be trying to make mutton look like lamb as almost all the credentials appear to be a long time out of date. So perhaps our individual is less of a modern day Robin Hood and more of a Gary Kraser, the man who posed as a relief effort pilot in the wake of Hurricane Katrina on his fraudulent website, AirKatrina.com (one of 4,600+ bogus websites) and received 21 months in federal prison for his contribution.