This happened a few days ago, but I thought I would comment briefly on the story that hackers from the group “Anonymous” are claiming not only to have stolen about 1 gigabyte of data from NATO computer systems, but they have already released two documents that they claim came from this data incursion (click here to see the original article that inspired this post).

I wanted to include this bit of information to continue the discussion I have had for a while that most people simply do not understand the nature of computer security. I myself have been in the computer field for over 30 years, and through I am not a specialist in the area of security, I know enough to understand just how secure your online data is…and basically it just isn’t that secure.

Again I will repeat the analogy that I have used in the past that the security measures that you often hear being touted by online vendors (encryption, firewalls, and my personal favorite “the latest in security measures”) is a lot like what my mother taught me about locking the doors on our car when I was growing up. Locking your doors discourages the amateurs, the pranksters, and those perpetrators of opportunity who want to make off with your car. However, a professional car thief will indeed make off with your car if he or she wants it.

And so it is similar in the world of computer security.

There are just too many ways that data can be compromised…and that’s when you are talking about simply breaking into a computer system (guessing weak passwords, exploiting vulnerabilities in operating systems, exploiting vulnerabilities in applications, etc.). This is before you get into such areas as:

  • attacks on data that prey on people’s psychology
  • mistakes that are made by companies that accidentally expose their customer’s information
  • unscrupulous employees of companies who hold your information
  • and more

I certainly do not condone the unauthorized intrusion into computer systems. However, with such intrusions occurring so often, I sincerely hope that the general public is beginning to get a better understanding about the true state of computer security at the current time.