This past week there were articles all over the Internet about "The China Incident." If you have been so distracted by the unfortunate disaster in Haiti that you didn't see it, Google has threatened to pull its operations out of China because an attempt to hack it and 30 other companies occurred. Worse, Google says it has evidence pointing to the Chinese government as the source of the intrusions.
The scary part is that although initial reports implied that the hackers were looking for information on Chinese dissidents, it now seems that they were after intellectual property. This raised an interesting question: what if they installed a Trojan horse into Google's source code without stealing anything? How would you know what happened?
I spent 20 years in application development, and I know firsthand that the more complex systems can easily be in excess of 1,000,000 lines of code in size. If someone inserted 100 - even 1,000 - lines of new code as a backdoor, is a company like Google really going to notice the %0.1 difference in size? Worse, what are the bigger implications, e.g. what could they steal from users such as you or me using such a technique?
At least Google made an effort to protect itself. A recent New York Times article said that 20% of people choose their passwords from the relatively small pool of 5,000 words and variations. 1% of people use "123456" as their password, with the 2nd most popular password being "12345." While I realize that having your financial information on a computer does not impress you with the same sense of urgency for security as the old school safe deposit box did, that makes this doubly disconcerting since there is so much more data to be mined from people's personal computers than you could ever find in a single safe deposit box.
This is your personal identity at risk. My brother was the victim of identity theft several years ago. And while the damage was more limited than what you typically find in the news articles written in Wired et al, it still took him forever to straighten the situation. Imagine if all of his data were pilfered and his identity completely taken over by a rogue hacker.
Better still, imagine if your identity were completely taken over.
Don't tempt fate. You, me, and every individual are not Googles unto ourselves. We don't have the same facilities available to protect the intellectual property that is our life. This means that it is that much more important to ensure the safety of our digital selves.
The scary part is that although initial reports implied that the hackers were looking for information on Chinese dissidents, it now seems that they were after intellectual property. This raised an interesting question: what if they installed a Trojan horse into Google's source code without stealing anything? How would you know what happened?
I spent 20 years in application development, and I know firsthand that the more complex systems can easily be in excess of 1,000,000 lines of code in size. If someone inserted 100 - even 1,000 - lines of new code as a backdoor, is a company like Google really going to notice the %0.1 difference in size? Worse, what are the bigger implications, e.g. what could they steal from users such as you or me using such a technique?
At least Google made an effort to protect itself. A recent New York Times article said that 20% of people choose their passwords from the relatively small pool of 5,000 words and variations. 1% of people use "123456" as their password, with the 2nd most popular password being "12345." While I realize that having your financial information on a computer does not impress you with the same sense of urgency for security as the old school safe deposit box did, that makes this doubly disconcerting since there is so much more data to be mined from people's personal computers than you could ever find in a single safe deposit box.
This is your personal identity at risk. My brother was the victim of identity theft several years ago. And while the damage was more limited than what you typically find in the news articles written in Wired et al, it still took him forever to straighten the situation. Imagine if all of his data were pilfered and his identity completely taken over by a rogue hacker.
Better still, imagine if your identity were completely taken over.
Don't tempt fate. You, me, and every individual are not Googles unto ourselves. We don't have the same facilities available to protect the intellectual property that is our life. This means that it is that much more important to ensure the safety of our digital selves.