Regular readers of talkRA will have noticed we had some difficulties over the last week. Hackers found an exploit and were able to inject additional code into some of the files on our host server. The code would have redirected visitors to other sites controlled by the hackers. Thankfully, the hacker’s code has all been stripped and talkRA’s software upgraded as well. In other words, things are back to normal… or as normal as they ever are.
It is worth learning a few lessons from the unpleasant experience. First, if the internet is the digital world’s equivalent of the wild west, then we should not be surprised if some of its inhabitants have taken on the role of law enforcers. In talkRA’s case, Google rode up like Wyatt Earp, showing they have the power to hogtie any threat to peaceful folk. By linking the results of their endless web crawl to the working of browsers, Google have made themselves effective intermediaries in who gets to see what. So, for a while, they told visitors to talkRA to run for cover. This is the current diagnostic page issued by Google on talkRA. Thankfully, it does not say there is a reward out for my capture, alive or dead. What it says is that Sheriff Google found some outlaw code on three pages they visited on August 5th, but everything has been all clear each time they visited since.
The second lesson to learn is that there is never enough security. The bandits are out there, looking out for any opportunities. These particular hackers were not going specifically for talkRA. They attacked everything on the host server. In the internet era, both attack and defence are automated; brute force and repetition means that every vulnerability will be tested sooner or later.
Finally, most hackers do it for the money. That seems to have been the motive for the attack on talkRA. If the hackers are making money, then somebody else is losing. That is bad for communication providers. They either lose directly or their customers lose. If customers lose, they have less money to spend and they become more fearful of using their services.
The internet wild west is still a long way from being domesticated, and may never be. Google try to play the part of peace officers, bringing order in the place of chaos, as best demonstrated by the new joint statement with Verizon on net neutrality. But Google also finds itself in more gun-slinging contests than Billy the Kid. Three stories in the last week bear this out. Premium-rate SMS trojans were found to be infiltrating Google’s Android OS in the wild. A security flaw in Android was discovered which would allow harvesting of a user’s password data. And now Oracle has accused Google of code-rustling. Oracle has launched a law suit, claiming that Android infringes Oracle’s Java patents. Oracle want a pay-off and an injunction that will block the continued distribution of Android, holding Google to ransom. It sure is wild on the digital frontier…
