Rik Ferguson: Lulz Sec show up the data risks of our times

Click to follow
The Independent Online

The rumour this morning that the UK census data for 2011 had been leaked to a hacking group known as Lulz Sec was a shock for all of us. The mere suggestion that such an eventuality was possible set alarm bells across the country.

Lulz Sec, a group of hackers who have "taken it upon themselves to spread fun, fun, fun, throughout the entire calendar year" have a track record when it comes to releasing personal data that falls into their hands.

They have been responsible for the compromise of several high profile sites and have already released lists of thousand of user names and passwords, encouraging their followers to use and abuse the accounts in question.

Even the thought that they may be about to release the most sensitive data, provided in good faith by the vast majority of UK citizens was chilling to say the least. As events unfolded Lulz Sec eventually posted an update through Twitter that explicitly denied their involvement with the entire affair. But such was the fear that we are still awaiting a definitive statement from the Office of National Statistics assuring us that our data is secure.

The fears are well founded. Data itself is becoming both more concentrated and more digitised, mobile devices are becoming more powerful and it is increasingly difficult to secure the infrastructure in a mobile enabled world.

Network boundaries are blurring almost into non-existence as both information and devices become more mobile. The rise of the ubiquitous USB device is oiling the wheels of industrial espionage. Disgruntled employees and the exponential growth in popularity and acceptance of mobile devices is making accidental data leakage all the more possible, probable and common.

Add to this the apparent rise of the hacktivist hacker group and the ever present threat of organised online crime and it is little wonder that such a concentration of data should represent a risk.

In an age where utilities companies, credit card companies, banks and other financial institutions are moving their customers ever more toward online services, e-billing and e-statements aren't we only making it more simple to steal an identity and at the same time more ethereal to assert one?

Stolen documents and templates for document creation are available online if you know where to look, so that's your driving licence taken care of and your passport for that matter. When it comes to proving your address; well don't you normally need something like your most recent utility bill for a mortgage or your last three months bank statement?

The standard advice has always been, and continues to be "Buy a shredder, shred all personal correspondence, deter identity thieves". The truth is though, much identity theft is perpetrated electronically and if the criminal can use their software to steal your login details for your utility companies, bank and mortgage provider they have no need to go rummaging through your bin bags at three in the morning.

We cannot retreat back into the paper based society of the 1900s as advances in information technology have voided any pretence of reliability that may ever have offered. Neither can we rely on having chips implanted under our skin; that technology as it stands today has already been shown to be unreliable, and besides, if all it takes is ownership of a chip, then aren't offenses such as kidnap and murder viable options for identity theft?

Perhaps society would return to the parochial notion of: "If you weren't born in the village then I don't know you and I don't trust you".