Oct 03 2013
Maintaining anonymity on the Internet is hard. And it’s only getting harder as governments get savvy about how to track down people who are doing “bad things”. All it takes is one little mistake and you’re cover is completely blown. This applies to criminals as much as it does to political activists, something to keep in mind as you wander the web and express your opinions: OPSEC (Operations Security) is hard.
We have two recent examples of this. The Dread Pirate Roberts mastermind of Silk Roads, an online drug trafficking site that has been around for years, was arrested this week, and in part it appears that all it took was a few simple mistakes. One mistake was accessing the servers controlling Silk Road from an internet cafe near the hotel he was staying in at the time. Another was using an Gmail address that had additional contact information, at least if you have a subpoena forcing Google to disclose that information. Apparent the final straw was when “Dread Pirate Roberts” tried to get fake ID’s sent to his real address. Connecting your digital and physical identities like this is generally a bad idea.
The other story is that thirteen members of Anonymous have now been indicted on charges related to attacks against the MPAA, RIAA and several financial institutions. When Anonymous started attacking as a form of protest, they thought that the use of tools like LOIC and HOIC would keep them from being caught, because they’d be part of a crowd and hard to track down. That was a laughable assertion, primarily because the tools make no effort to hide the source of their traffic and makes tracking it back fairly simple. It’s more an issue of having the time and will to hunt down a nuisance than technical difficulty. But if you add hacking of web sites and other federal crimes to the list, you might find that the FBI suddenly has the will needed to find you. Funny, that.
The difficulty of maintaining on the Internet is much higher than most people understand. All it takes is logging in from the wrong location once or using an address that’s linked to your real world identity and you’re toast. Which makes it all the more amazing that th3J35t3r has managed to maintain some anonymity for a number of years now. Makes you think maybe he has people helping him maintain that anonymity in all sorts of places.
It’s only going to get harder to retain any sort of secrecy associated with identity as time goes by. Due, in part, to American spying, Brazil is considering creating their own ‘Internet’. The ITU is seriously considering taking control of the Internet away from American companies and allowing various countries to implement their own controls at their borders. Many of the proposed changes would require end users to explicitly tie their identity to their browsing and Internet activity. The idea of a balkanized or country specific Internet with borders, was once thought of as a laughable idea, but now might be a very real possibility.
If you’re planning on doing ‘bad things’ on the Internet, remember that keeping your identity a secret is hard now and it’s only going to get more difficult as time goes by. Both of the examples I used are clearly criminal actions, but it’s our governments who get to decide what ‘bad things’ are; the opinion that you felt free to express today might be added to that classification at any time. Since everything you’re doing online is now being kept in databases for future reference, keep in mind that what you’ve already said could some day be considered ‘bad’. May you live in interesting times.