A major study released in December has confirmed that websites belonging to independent media and human rights organisations around the globe are increasingly vulnerable to cyber-attack.
The report issued by Harvard University’s Berkman Center for Internet and Society has implications for all civil society organisations, including trade unions and leftist groups.
Though the study focussed on distributed denial of service (DDOS) attacks on websites, the researchers learned through surveys and research that organisations have reported a whole range of issues.
Hijacking of domain names, filtering of content (states censoring websites), and site defacements are common.
Denial of service attacks aim to keep a website offline and inaccessible. Site defacements occur when attackers get access to the site and are a form of cyber-vandalism. Hijacking of domain names is a particularly difficult problem to solve, especially for small organisations.
And the solutions to one problem (such as defending one’s site against denial of service attacks) actually make it harder to solve another (such as circumventing what has been called “the great firewall of China”).
The release of the study coincided with the well-publicised attacks by supporters of WikiLeaks on websites which were perceived to have lined up against Julian Assange and his project.
Those attacks managed to briefly shut down some of the most important websites in the world, such as PayPal.
But the focus of the Harvard study was on much smaller sites which in some cases take days or weeks to recover from such attacks and get back online.
While huge companies can easily recover from attacks – often within a few minutes — smaller groups struggle with this.
One cause for concern is that some of the most popular content management systems used by trade union and leftist websites are particularly vulnerable to these kinds of attacks.
Drupal and WordPress were both named in the report as being vulnerable if used with their default configurations.
The final section of the study consists of a number of recommendations for organisations seeking to protect themselves from cyber-attack.
These included making sure that sites were regularly, and thoroughly backed-up, which most will be doing already.
But they also recommended the creation of live mirror sites ready to take over if an existing site is brought down by a cyber-attack, which is something few unions or political groups will have done.
In looking over some of the sites attacked and those who were likely to be doing the attacking, it becomes clear that some of our sites are likely future victims if we are not careful.
For example, the Iranian and Vietnamese governments were named as possible perpetrators of cyber-warfare targetting opponents of the regimes.
When we campaign against the jailing of worker-activists in those countries, aiming to get the attention of those regimes, in doing so we may well be putting our own online presence at risk.
• Eric Lee is the founding editor of LabourStart (http://www.labourstart.org).