• Experts in the information security field discussed the most recent examples of cyber-activism and cyber-war, as well as the legality and legitimacy of these activities
  • According to Enri

    que Dans, well-known blogger and professor at the IE Business School, “There is no way to stop a phenomenon like WikiLeak. In the future anybody will be able to disclose relevant information from a website”

  • The Summit, organized by Panda Security, gathered over 300 people in Madrid and has become a major event in the information security sector

The 3rd Security Blogger Summit, held last week in Madrid, focused on cyber-activism and cyber-war as well as on the new dangers posed to users and institutions on the Internet. The roundtable discussion centered around the most recent examples of these emerging phenomenons, international cooperation and the limits to these activities on the Web. The discussion also centered on the new trends for 2011 and the legal framework against this type of Web activity.

This year, the meeting organized by Panda Security, The Cloud Security Company, has placed itself among one of the main events for bloggers worldwide as shown by the more than 300 technology and computer security experts and bloggers that attended it.

The Summit gathered an impressive line-up of renowned speakers and journalists such as Enrique Dans, Chema Alonso and Rubén Santamarta, as well as Elinor Mills and Bob McMillan, two of the most prominent IT security journalists from the US. All of them coincided in underlining the importance of these coordinated worldwide attacks on international institutions.

Cyber-activism: Internet protests and demonstrations

The 3rd Security Blogger Summit kicked off with a keynote by Enrique Dans, well-known blogger and professor at the IE Business School, which focused on the part played by cyber-activism in recent revolts like those in Iran, Tunisia or Egypt. He also insisted in the concept that social media have taken down the barriers of activism as “You can retweet a message and believe you’re already part of a cyber-activist movement.”

As for recent events regarding WikiLeaks and Web attacks in defense of Julian Assange, Enrique Dans explained that “There is no way to stop a phenomenon like WikiLeak. In the future anybody will be able to disclose relevant information from a website, as contaminated as this might be.”

Bob McMillan, a San Francisco-based computer security journalist explained that, in his opinion, “WikiLeaks is as important as The New York Times”. “WikiLeaks has helped those who wanted to expose sensible information, and to think of changing the legislation in the wake of a denial of service attack like those in the “Operation Avenge Assange” is very difficult, even though these examples of cyber-activism may seem legitimate to you”.

During the course of the debate moderated by Josu Franco, Corporate Strategy Director at Panda Security, Elinor Mills, senior writer at CNET News on security issues with over 20 years of experience in the security field indicated that “People have replaced neighbor meetings with Internet-based tools”.

Chema Alonso, a URJC University Computer Engineer, postgraduate in Information Systems and author of the blog “Un Informático en el Lado del Mal”, added that “Technical evolution has changed the way people express themselves and now it is no longer necessary to gather 3 million people to attract some attention”. Rubén Santamarta, an IT researcher with over 10 years of experience in the reverse engineering and IT security fields, indicated that “Cyber-activism was born from the global situation we live in”.

When asked by the audience, Santamarta questioned the legality of cyber-activism vs. the apparent legitimacy of the initiatives behind it. “Users want honesty, and that’s the key of WikiLeaks”. “The worrying aspect is the lack of reaction from governments throughout the world after all the information disclosed by WikiLeaks”, said Enrique Dans.

Cyber-war: Reality versus sensationalism

The Summit participants discussed some of the most relevant examples of cyber-war, such as the alleged attacks targeting Iran’s nuclear plants using the Stuxnet Trojan, as well as Operation Aurora, concerning attacks on Google from China in order to steal corporate secrets.

Elinor Mills and Bob McMillan coincided in pointing out that the term ‘cyber-war’ was ‘too exaggerated’ for the actual events talking place. “We still do not know the real dimensions of cyber-war and it is easy to confuse it with espionage or even cyber-crime” explained Elinor Mills. Bob McMillan added that “Even though Stuxnet has been used as a cyber-weapon, that does not mean that we are already knee deep in a cyber-war. If there really was a cyber-war, it would be on a global scale, as the two Great Wars of the 20th century.”

Rubén Santamarta however insisted on the idea that the cyber-war phenomenon is at its early stages and it will probable become a reality in 10 years’ time. “We are talking about a war without an army. It is a fourth-generation war where it is possible to damage a country without having to invade it with soldiers. A country can have another one under control through the Internet even before they have declared war on each other.”

Santamarta also expressed his hope that “Not everybody is willing to launch attacks such as these”. Finally, Chema Alonso stated that “Fortunately at present, the people that can do such a thing are very few and must be extremely knowledgeable”.

More information about the 3rd Security Blogger Summit is available at www.securitybloggersummit.com.