“I have been hacked; taking evasive maneuvers. Much apology, my friends,” wrote Rocky Barbanica, a producer for Rackspace Hosting, an Internet storage firm, in one such note.

Mr. Barbanica sent that out last month after realizing he had sent messages to 250 Twitter followers with a link and the sentence, “Are you in this picture?” If they clicked, their Twitter accounts were similarly commandeered.

“I took it personally, which I shouldn’t have, but that’s the natural feeling. It’s insulting,” he said.

- Viruses That Leave Victims Red in the Facebook
by Brad Stone for NY Times
2009-12-13

Hijacked communications are the tip of the iceberg – wait’ll you see how the underlying data gets used…

They’re building laptops with hand-crank generators for kids in third world countries.

You know what this means, right?

The next generation of Nigerian spammers is going to look a lot like Popeye.

- Unknown

Not to worry, those laptops are running a relatively secure operating system and, while amusing, the Popeye Scenario isn’t a particularly great threat to anyone – it’s the vulnerable systems that are of greater concern…

If this were a public health risk, (a) it would never have been allowed to get this far out of hand, and (b) labs would be working around the clock to produce enough anti-virus serums to stop the pandemic in its tracks. If every infected PC in Africa were a person, this would rank as the second worst pandemic in the history of the world.

- Africa Home of the World’s Largest Cyber Pandemic
by Jeffrey Carr for IntelFusion
2009-09-17

Yes, the Zombie Apocalypse looms large on the horizon – sit tight, turn off your lights, load your shotgun, and get ready to teach your spam filter a few new tricks while you read The Zombie Survival Guide by the light of your CRT or LCD display…

Switch to Linux – it’s a lot easier than you’d guess… and it’s free.

Activities conducted on information networks have a proven history of potentiating real-world violence: the internet is no different, though the ways in which civilians – often unwittingly – participate represent new threats to individual and national security.

Consider the vast amount of information you’ve willingly provided to a corporate-owned Human Terrain Mapping System, a recent US-based DDoS attack directed against Iranian government, and the likelihood that the less technologically-savvy are donating their resources to a criminal’s botnet.

Ubi amicitia, ibi oculus.

In all fairness to the realization of instant connections between people and the auxiliary benefits associated with maintaining close contact with one’s clique, the usefulness of modern networked applications – particularly social networking applications – is balanced by a counterpoint: should your willing (and, for most, plentiful) contributions to MySpace, Facebook, or any of the myriad resources for “connecting friends” be used to your detriment the unanticipated effects you neglected to consider when you opted out of private citizenship will become immediately apparent.

It’s not about over-sharing, it’s about whether your links to others earn you a place on a kill chain.

This military concept consists of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.

- Kill Chain at JargonDatabase.com

Whereas the US Army’s Human Terrain Mapping System has wasted taxpayer money and participants’ lives, web-based social networking applications require comparatively little resources, are continuously updated (by you), and are owned by private corporations who can co-opt your information for marketing purposes, sell it to the highest bidder, or share it with government.

“Because Facebook is so addictive, even if a high-school kid decides to run away with a college boyfriend and they’re three states away, they can’t keep themselves from checking Facebook,” Kelly says. Since the site tracks the geographic locations of log-ons, he says, “on a number of occasions, we’ve helped reunite families.”

- Walking the Cyberbeat

Web-based social networking is far more efficient than traditional Human Terrain Mapping Systems – and it is already being employed to the same ends:

On passing through the immigration control at the airport in Tehran, she was asked by the officers if she has a Facebook account. When she said “no”, the officers pulled up a laptop and searched for her name on Facebook. They found her account and noted down the names of her Facebook friends.

- Are Iranian authorities more sophisticated than we think?
by Evgeny Morozov

Update 7/14/2009: … and don’t blow your cover like the head of the British MI6…

In dubiis non est agendum.

If you had the opportunity to influence events in another country – a place which you have never set foot, know no one, and do not stand to profit or lose any material thing you value – and you simply had to click a button… would you?

Matthew Burton, a contributing editor for the Personal Democracy Forum, writes of his experience participating in a Distributed Denial of Service (DDoS) attack against Iranian government websites:

… after a few minutes of letting the attacker run in the background, I stopped it. I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn’t even suffer the guilt of knowing what I’d done, as it’s unlikely I would ever find out.

- On the Weaponization of the Collaborative Web
by Matthew Burton

Participating in an attack of this nature – however justly conceived – should impart some measure of guilt to those who give the action a second thought.

Parasītĭcam cænam quærit.

A trend in network-enabled malicious software turns the infected system into a “zombie” which completes commands received from the botnet – rather than simply compromising a system, the malicious user (or criminal organization) responsible for building the botnet has the ability to pilfer passwords and sensitive data from every zombie machine and issue overwhelming attacks against target networks.

Many are infected.

Are you one of them?

If the applications on the list below are not familiar to you, give them a try:

• A-Squared Anti-Malware for Windows
• AVG Anti-Virus for Windows
• Rootkit Hunter for Linux and Macintosh

Let the purge[s] begin.

The site promises to deliver some utility you (or an unsuspecting member of your family) might find useful – perhaps it’s a collection of new smiley-faces to be included in chat, perhaps it’s an cartoon engine for creating cutesy avatars… whatever it is, it apparently includes a healthy dose of eyes-glazing-over legalese before it happily installs itself on your system:

Please read carefully. By clicking the button above and downloading Zwinky, I accept and agree to abide by the End User License Agreement.

* Bonus: Also includes Smiley Central™, Cursor Mania™, Popular Screensavers™, the MyWebSearch search box and Search Assistant – relevant search results in response to incorrectly formatted browser address requests.

- Zwinky: A World of Fun. All in One Toolbar.

So, what does Zwinky/MyWebSearch/Smiley Central® do?

Oh, you get lots of fun avatars, icons, and spyware:

Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information.

- Fun Web Products “My Web Search” Removal Instructions

MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.

- Adware Report

IAC Search and Media (formerly Ask Jeeves, Inc., owner of FunWebProducts.com and a slew of other spyware fronts) is but one of many corporations providing “free” products which exact a hidden cost: your privacy, anonymity, and the performance of your system.

Do you share a machine with anyone gullible enough to download these ostensibly-innocuous applications? Don’t.