If the cornerstone of Internet security can be brought down by a computer hacker with some solid skills and a grudge as big as the sky, face-to-face meetings just got a whole lot more important.
There was nothing blazingly new in this week’s news report that an Iranian hacker, a disciple of Ayatollah Ali Khamenei who boasted about his online exploits under the pseudonym Comodohacker, had compromised three companies that issue digital security certificates that verify a Web site’s identity, DigiNotar, Comodo, and GlobalSign. But it pointed to the limits on the basic, tacit assumptions we make whenever we go online—that our private communications stay private, our e-commerce accounts won’t be hacked, our public personae and reputations are ours to control, and when we hear from trusted contacts, it’s really them
Comodohacker reads like the typical lone wolf. He has no known affiliation, may have spied on up to 300,000 Iranian protesters last summer and passed their communications on to a hostile government, and takes no responsibility for what that government might do with the information. He targeted DigiNotar, a Dutch company, for reasons of personal ideology.
“He gained control of the server in about 10 days and generated 531 fake certificates, including some for well-known sites like Google, Skype, and Facebook,” The New York Times reported. “Google on Thursday issued an unusual warning to its users in Iran, calling on them to change passwords and check if their e-mails were being forwarded to unfamiliar or suspicious addresses.”
A subsequent audit found that DigiNotar was unbelievably sloppy about its own security, allowing malicious software to take root on its main servers and protecting its digital certificates with just one weak password.
This tale played out behind the scenes, at a level where most users—including most event professionals—see no need to understand or monitor what’s going on. Our son is a network security specialist who’s obsessively discreet about anything he publishes or distributes online, so he’s taught us to follow his lead (usually). But I couldn’t do my job if I had to worry, actively and consciously, about how any word I write or any online presence I create might be misdirected. Could you?
Over the years, I’ve had similar worries about virtual meeting platforms, from Skype to TelePresence. For many routine conversations and most linear, public presentations, they’re fine. But if there’s any reason to wonder who else is in the room, just outside camera range … that’s when the discussion has to go face-to-face. And that’s without worrying about perfect strangers like Comodohacker who can do enormous damage while covering their tracks.
Comodohacker isn’t the end of online communications or virtual meetings, but the story is a wake-up call for anyone who thinks technology can mediate the informal, sensitive, often transformative conversations that really do belong in a hallway between sessions. Your participants might know which topics to avoid when unknown ears might be nearby. But you might consider reminding live participants to be careful when their comments are being broadcast to a wider virtual audience, and making online threats a part of the risk management planning for your next hybrid event.
Mitchell Beer, CMM, is president of The Conference Publishers Inc., Ottawa, one of the world’s leading specialists in capturing and repurposing conference content. Beer blogs at http://theconferencepublishers.com/blog and tweets as @mitchellbeer.