I’ve been following two security-related stories this past week: the growing problem of violent flash mobs and the alleged Anonymous hacks targeting San Francisco’s BART websites. I think the two stories are going to define a new reality for network security: the intersection between network security and physical security.
If you haven’t followed the story in San Francisco, officials in San Francisco decided to shut down cell phone service at some of its mass-transit stations in an attempt to stop a potential protest against the killing of a homeless man, allegedly by BART police. The hacking group Anonymous responded to the cell phone outage with a hack on a website used by BART passengers. The San Francisco Chronicle reported a comment from Anonymous:
“We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency,” the hackers wrote in an online posting. “BART has proved multiple times that they have no problem exploiting and abusing the people.”
There was a second BART-related hack, this time on the BART police database.
Anonymous and similar groups have become very prolific at attacking any organization they don’t like or agree with, but this might be the first time (and please correct me if I’m wrong) where the hack came as a result of a government entity taking an act to ensure the safety of the community.
Across the United States, city officials are trying to figure out how to combat flash mobs, which connect using the Internet and cell phones. If officials take steps to prevent communications between participants in order to provide physical security to its citizens and business owners, will they find their city is the victim of an Internet-based attack? One of the comments made by Anonymous was that the BART attack was easy because the information wasn’t encrypted or very well secured. Chances are, other cities have websites that are easy targets. According to an article in USA Today, 8 million Web pages were hacked this summer, many of them small businesses whose sites were victimized with drive-by malware.
What is happening in San Francisco shows that the lines between physical security and network security are blurring a bit. City officials need to make sure they are protecting their citizens and their employees online as well as offline.