So why do I connect these two events?
From the time that I was in grade school, I have always been a fan of Sir Arthur Conan Doyle’s brilliant fictional character Sherlock Holmes. I’ve read all the stories. I’ve seen all the movies with Basil Rathbone and Nigel Bruce. I’ve seen all the movies without Basil Rathbone and Nigel Bruce. I’ve seen every episode of every TV series featuring the character, most particularly the ones starring Jeremy Brett, which I find to be the renditions most faithful to Conan Doyle’s original work. One of the things that always fascinated me about the character was not only his brilliant forensically scientific thinking, but also his pithy expressions of complex and enduring ideas. For example:
“But is it coincidence? Are there not subtle forces at work of which we know little?” From The Adventure of the Blanched Soldier.
[Free Tool: Obtain your Identity Risk Score from Credit.com]
Had Sherlock ever lived, and were he alive today, would he not perceive those subtle forces at work in both the Fox and Michaels debacles? That the humans who act on those subtle forces probably don’t know each other and never will has nothing to do with it—the subtle forces are a pervasive part of the modern world in which we live. Whether for prank or profit, the vulnerability of the digital systems on which we—and indeed our entire economy—rely have served to create those forces, just as the sun and the moon create our wind and weather.
My point is really quite simple: new technology brings with it new opportunity, new convenience, and new problems. When asked why he robbed banks, Willie Sutton famously (and probably apocryphally) said “that’s where the money is.” Now the money is everywhere in digital form. Clever thieves don’t need guns. And those thieves are aided and abetted by everyone who hacks databases and publishes private information. As we have often said in this column, once your personal information is out there, it’s OUT THERE. So while LulzSec and the Fox breaches likely played no role in the Michaels fraud, whatever the motives of LulzSec may be, they are potential enablers of for-profit criminals, identity thieves who grab every piece of personal data that they can, correlate various bits of information from different sources, and thereby make their attempt to perpetrate fraud more sophisticated and more likely to succeed.
[Related article: 77 Million People Affected by Playstation Hack]
The digital world has made mincemeat of coincidence. The attacks on Michaels and Fox are part of the suddenly obvious zeitgeist of exploiting data vulnerability—for whatever purpose. And everyone who does it helps everyone else to do it, sooner or later, for better or worse. Right now, the only countermeasure we have is to remain cautious and vigilant, individually and as a society. If you check your bank account online every day, you can’t be too harmed at an ATM machine, given the ubiquitous daily limits on cash withdrawals. And Michaels, which no doubt has a security department, needs to get on the stick and work with law enforcement to prevent further compromises, and to design systems and procedures to more effectively protect their customers from problems like this in the future.
As another favorite fictional character of mine once said: “Keep watching the skies.”
Note: Regarding the moniker LulzSec—I’ve spent all week trying to figure out the meaning of that abstruse name, and all I know is that “lulz” is Internet slang for laughs, and according to the group’s twitter page, LulzSec stands for “The Lulz Boat.” Maybe Gavin McCloud is behind this?