Stupid Hackers, Stupid Moles

by Darius Kazemi on November 14, 2007

in industry

Update: Well, that lasted about a half a day. Hopefully no permanent damage was done. Original post below. My sentiments still hold.

So, someone hacked Surfer Girl’s blog. For those of you who don’t know, she’s a person who’s been posting anonymous, sometimes-scarily-accurate industry insider gossip. She recently got a lot of press for a post about development troubles at Ubisoft. The hacker has gained access to her entire Google account, including her email, and has been dropping hints about who she really is–probably enough info so that people who know her in real life now know that she’s Surfer Girl.

This sucks for her. This hacker is a douchebag.

On the other hand, I find it hard to have much sympathy for someone who posts fairly sensitive industry info anonymously to a public blog. Nobody deserves to be “outed” like that, but you can’t be outed if everything you do is out in the open.

And if you’re going to be an anonymous insider: please have an entire alternate identity set up for that job, including email address, blog, etc. Make sure there are literally no links between your personal stuff and your alternate stuff.

{ 1 comment }

Bradley Momberger November 14, 2007 at 6:11 pm

It’s a terrible thing when people seek to willfully destroy privacy/anonymity like this, but it’s also important to take with you the lesson it brings. You can *never* be careful enough when you are doing something anonymously which you don’t want to be traced back to you.

Assume aliases. Use Tor or other proxy routing. Write in a different style than your usual conversational tone. Redact, redact, redact again anything potentially identifiable. Set up domains with phony contact info. Pay for things with offshore accounts, shell companies, trusted international friends, etc. Generate your passwords with random alphanumeric character strings. Distrust *everything* coming over email, as this is one of the most common attack vectors. And for gosh-sakes, be paranoid about your security on the home front. If possible, do all your anonymous stuff from an OpenBSD box running the bare minimum of services.

When all else fails, call for support from your fans to go vigilante on anyone trying to hack your identity. This isn’t a game, it’s war, and those who try to play fair/nice end up getting hurt.

Comments on this entry are closed.

Previous post:

Next post: