Generally, in battle, use the normal force to engage and use the extraordinary to win. Now, to a commander adept at the use of extraordinary forces, his resources are as infinite as the heaven and earth, as inexhaustible as the flow of the running rivers. They end and begin again like the motions of the sun and moon. They die away and then are reborn like the changing of the four seasons. -Sun Tzu
In the world of cyber-security things transform at the speed of light. From exploits to methods.What worked yesterday is not promised to be the solution tomorrow.
Given that a vast majority of everyone's lives are being conducted online, ethical problem solving students would do themselves as well as their dependents a huge favor and study the ways of the infamous idea known to us as Anonymous.
And before you make the claim that you do not shine the ethical light upon the activities of “the idea”, I'd purpose that you examine the definition of ethical hacking through the context of intention to weigh whether or not an attack/hack is ethical. Now....
I have not searched the actual statistics on missing children, teens, and adults who've vanished in recent times vs. a few years prior give or take so I don't have actual numbers to go by.
However, just going by the news and the increase of missing people posters around...it's safe to say that either those numbers have increased or the notification system(s) that we have in place these days have evolved to the point of more people having access to these numbers. Or a combination of both.
What can't be denied is that communication devices of some sort, being a must have by everyone, has played a major role in society having access to real time information. And social media is by far the most successful and reliable means of getting information delivered to a massive amount of people in a very short amount of time if the channel is correctly exploited. Which brings me to this....
Kids come up missing everyday that society doesn't even know about or haven't been made aware of until it becomes too late. Sure, we have the Amber Alert, ( and have had the Amber Alert for quite some time now) but if we were to compare the results of the Amber Alert with Twitter or everyone's favorite Facebook, when it comes to getting important information noticed, the Amber Alert pales in comparison.
Take the example of the cool kid who makes a video with a smartphone, uploads it to YouTube, then shares it on Facebook= Viral. Some entertainer or athlete does something out of the ordinary and Tweets about it = Trending Topic. On the other hand, baby Kyron comes up missing and we're still waiting to hear back from him. http://www.aolnews.com/2010/06/08/no-sign-yet-of-missing-7-year-old-oregon-boy/ An unfortunate dilemma indeed.
When I look at these situations through the eyes of an ethical problem solver I think to myself: what if there was such an application that worked across platforms and blogs in such a way to where anytime someone's child came up missing, the use of this application would ping everyone's account on all social media channels updating their status to display the news of the missing person?
Although we do have applications capable of delivering such a result ( in theory it would be relatively simple to pull off ) we also have tons of policies and security mechanisms in place to prevent those applications from performing as such. Not that the service wouldn't be noble and ethical. Far from that. It's just that within such an application lies the potential for abuse by not so ethical individuals who harbor a habit to tinker. So on a grand scale, ideas like these if implemented then abused, produces their own devastation which actually hinder the situation as opposed to helping it.
So the idea is fine. But such an idea is still just...“ an idea ”. The idea alone doesn't do justice should the situation arise where it could be of immediate benefit to one of your missing family members and you need this message spread far and wide....while in the meantime.... Tom, Dick, and Harry are Trending on Twitter. What do you as a parent do in such a situation? How about trying a variation on something that I did when I was faced with such dilemma?
The scenario: Your teenager gets into a verbal disagreement with the grandparents ( whom she's living with at the time ) and it spirals out of control to the point of the kid leaving the house. Cool. It happens. (We're teens, they're old and not hip to our lives so we're leaving. ) No big deal. It's called growing up...it happens. But it's happened and your teen does not come back to the house!
Not only has your teen not returned to the house, but your teen has not even made a phone call back to the house. Enough time has passed to where your family now has a situation on their hands. Your teen is officially M.I.A. She hasn't called and now you have family members spread across the entire United States starving themselves and not sleeping.
The solution: Approach the situation as if it were a penetration test. Define your immediate objectives. And proceed with the Information Gathering phase. We are all aware of the massive and reliable amount of tools at our disposal to perform this phase of the test. With the overall objective being to initiate contact with the missing person if for no other primary reason than just to know that person is alive and safe = everyone in the family can now eat and go to sleep. :)
Here's what you do:
- Footprint the missing person's social network ( for best known working results- Facebook ).
- Identify all potential targets associated with your victim= missing person. Initially you want to look at those closely associated and involved with the person's life on a day to day basis but in the end you want the exploit executed in such a way that everyone's account will either directly or indirectly be pinged by your delivered payload = message to get the teen to contact someone and let them know that they are still alive. ( in order to up the possibility of your exploit being a success, the content of your message is important here. The more graphic and emotional the better. Get creative, i.e. make a home video expressing your concerns etc. )
- Ping the social network for all alive targets on the network. Remember...timing is everything.
- Flood the wall and the message box of your victim and all alive targets that you discovered in your foot-printing phase with your payload. (Flooding in most social networks are considered an act of spamming. However, at this point you as the parent nor the recipients of the payload who claim to love this person I doubt would be too upset given the circumstances. Regardless...you have an objective. By design, the flood will get some reaction triggered that no matter what the reaction of the recipient of the payload is, that reaction will accomplish that objective = the contact with the missing person. Quick note to the parents here- be prepared for another argument with your teen over how their friends think that they're a loser because of what you did to their accounts. This is the time that you can kindly remind them to blame no one but themselves and that it's all a result of their initial actions in the first place. Hence...the other argument. )
The result : Not even ten minutes after delivering the payload = Contact was initiated. :)
With that being said. This is just one of the reasons why I love the “ idea ” that we've come to know and love as Anonymous. At a time when everyone around me has exhausted all other options ( oh...did I forget to mention that those who protect and serve us were notified = nothing that we can do...she's 17.) and I'm faced with being a parent asking myself what is it that I can do? It's one of those times when you draw upon all of your knowledge of hacking and ask yourself...“ Hmm, I wonder what Anonymous would do? ”
Although the aim of this post was not to arm one with the skills to protect themselves and their loved ones, tactics like the one used above plus a multitude of others can be acquired and further explained at The Hackers High School. http://www.hackerhighschool.org
Cross-posted from Petalocsta