The past couple of weeks have been about as rough as I can remember when it comes to personal privacy violations on the Internet. First there were multiple reported cases of doxing, personal site hacking, and email/Skype account infiltration surrounding the gamergate kerfuffle. Meanwhile, the whole celebrity hacking fiasco was unfolding as well. We tend to think of both of these events as singular explosions of hacks targeted at large public figures with large public presences. We don’t often think of celebrities of any variety as ordinary people with ordinary Gmail and Facebook accounts that are subject to the same flawed security provisions as everyone else. However, both of these events were likely precipitated by many small security violations and oversights on both the part of the victims and the institutions they relied upon. These high-profile hacks bespeak a larger societal issue with how we view computer security. There is a fundamental disconnect between how secure we feel on the web and how secure we actually are. In order to shed some light on this subject I figured I could offer some of the lessons I learned during some computer security courses I took during college. I also interviewed one of my college professors, who just so happens to be a computer security expert. Neither of us is privy to the nitty gritty details of all of the attacks; however, we can speak generally to how people should approach the topic of Internet security.

The first topic I would like to cover is that of Twitter and social network harassment. These forms of attack can be the work of an actual angry mob of Twitter users, or they can be the product of something called a Sybil Attack. This brand of attacks is named after a woman who suffered from multiple personality disorder, and as such a Sybil Attack is when one person utilizes several different accounts to create the illusion of a consensus among multiple users. In social networks these dummy accounts are known as Sockpuppets, and the damage they can do is very real. Sybil attacks can be used to manipulate any number of systems that rely on a 1-1 user to account ratio. Attackers can do things like drive down review scores on sites like Metacritic or Amazon, as well as attack people on social networking sites like Twitter and Facebook. The trouble of these attacks is that they are incredibly simple to perform and maintain. All you need are multiple email addresses in most cases, and perhaps some IP routing to disguise your location. One person with enough time and energy can easily control their own personal mob in a bottle. On top of the ease of use, Sockpuppet accounts are also disposable and easily replaced. As a result, a person launching a Sybil attack can behave like a hydra, regenerating a new account whenever one gets cut down.

Truthfully, if you are in the sights of a Sybil attack, there is not much recourse beyond contacting the particular service provider in question and moderating your feed using the tools available. You would need to have some major technical skills to track down your own attackers if they disguise their tracks at all. I’m talking IP packet capturing and tracing levels of skill. It certainly isn’t impossible to catch a harasser, but it is far from simple. Regardless of your own Internet sleuthing skills, reporting harassment to the proper authorities is definitely the first step to getting help.

If you happen to be a bystander and you see an Internet mob forming, the best thing to do at first is to look into who the participants are before joining the discussion. If you see a bunch of fresh or relatively unused accounts suddenly hounding one user, you are likely witnessing a Sybil attack. Therefore, take the discussion with a grain of salt. It is entirely possible that the mob is just one person with a lot of free time.

I hope this helps shed some light on one of the most common forms of Internet attack. I will be writing more about Internet security in the near future based on my interview with my teacher and on some of the topics of the day. I’m going to spread the topics across multiple posts in the hopes that they will be a bit easier to digest if they are served piece-meal.