ComMetrics weekly review: Cloud computing and cyber-wars

What do WikiLeaks, Amazon, PayPal and Post Finance have in common? They’re all entwined in business relationships, use cloud computing and have suffered from cyber-attacks.

But what does this all mean for cloud computing? Should you take the risk or do we now need to worry about ‘hacktivists’, too?

WikiLeaks has transformed the general debate over Internet privacy from being about individuals to being about the government.

ComMetrics weekly review: Cloud computing, WikiLeaks and Amazon – Updated 2010-12-05

In this ComMetrics weekly review, we share some interesting things we learned about cloud computing, risk management, social media management and user rights.

Article source – ComMetrics weekly review: Cloud computing and cyber-wars

PayPal

Giving various reasons, the company recently restricted WikiLeaks’ account:

“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source.”

Some have cited pressure by the US government as the deciding factor in PayPal making a proactive decision to serve as morality police. As such, it judged WikiLeaks actions as wrong, even though no court has handed down a verdict of wrongdoing against the organization.

PostFinance, Mastercard and Visa

Earlier this week, WikiLeaks tweeted about PostFinance’s blocking of Julian Assange’s account. The tweet contained a link to this WikiLeaks press release:

“One of the most fascinating aspects of the Cablegate exposure is how it is throwing into relief the power dynamics between supposedly independent states like Switzerland, Sweden and Australia.”

PostFinance tried to explain that because Mr Assange was unable to prove Swiss residency, the bank could not give him an account under its operating rules and contrary to WikiLeaks’ belief, their decision had nothing to do with power dynamics.

Then Visa suspended payments to WikiLeaks pending an investigation of the latter’s business and Mastercard decided to stop processing any donations for at least one week.

Get our next post first – sign up with your email here, you will be glad you did.

Online pranks given more serious twist

Outsourcing data servers and processing can result in problems (see ECS – Amazon taking WikiLeaks’ servers offline). Once the credit card organizations were no longer willing to process donations, distributed denial-of-service (DDoS) attacks were initiated by WikiLeaks’ supporters.

Swiss PostFinance was hit by a DDoS attack on Monday, but its main website was restored by late afternoon. PayPal ‘permanently restricted the account used by WikiLeaks due to a violation of its acceptable use policy’.

The Anonymous group then instructed followers to hit PayPal, causing the site to crash for several hours. They like to crow about their achievements: in a statement announcing support for Assange, Anonymous organizers declared that, “‘Operation: Payback’ has come out in support of WikiLeaks and has declared war on the entities involved in censoring [their] information.”

Tidbit: Users can download a program from Anon_Operations and hand control of their computers over to support the cause by installing it and joining the DDoS attacks.

The installation guide suggests that users can claim they have a virus should any questions arise, but this claim fails to work, as proven earlier this week, when a young Dutch member was arrested for their participation.

Bottom line

Pundits of cloud computing suggest likely benefits include flexibility and access to far greater resources, which help lower costs. Risk experts point out that international agreements have yet to tackle which laws apply in case of disagreement, such as the one between ECS – Amazon and WikiLeaks.

For instance, police with search warrants could enter facilities in Belgium to remove some servers and/or shut down the facility, but if a court rules in favor of the plaintiff, everything must be returned. Unfortunately, while the courts were sorting everything out, applications and data may not have been accessible to the owner in Sweden and clients around the world for months. The potential damage may have threatened the survival of a user’s business, thereby jeopardizing jobs and canceling out any potential savings to be gained by using cloud computing.

Cloud computing requires better risk assessment and management. And really, censoring organizations such as Visa or PostFinance seems a poor way to support free speech.

Attacking others with a DDoS cannot be justified by suggesting that a wrong (e.g., financial institutions like Mastercard stopping processing of donations for WikiLeaks) can be righted with a second wrong (e.g., DDoS attack against PayPal or PostFinance).

Tidbit: The conflict of interest between officials’ need for discretion, the public’s need for knowledge and holding those governments to account cannot be resolved. However, the right to know should not be interpreted as giving everyone the right to access data or communiqués from foreign diplomats protected by rules of confidentiality.

If diplomats can no longer trust the process of negotiations and information exchange, the very fabric of effective diplomacy will be torn asunder.

PS. Julian Assange and WikiLeaks seem to have done the US a favor by debunking old conspiracy theories about its foreign policy. What better way than having leaked information showing US foreign policy as principled, intelligent and pragmatic.

Are you with me on these cloud computing matters and how they will affect customer relationship management or am I completely off? What have I missed? Please leave a comment; the floor is yours!

Tagged as: business ethics, computing in a cloud, corporate governance, cyber-wars, DDoS, information security, risk management, social media best practice, social media ROI, social networking, social networks, webinar, Wikileaks