Online threats lead to real-world harm, say security experts

Key Points
  • The time when people can have separate lives online and off is over, cybersecurity experts say
  • The world of the internet and the real world are now one, thanks to tracking technologies, cyber attacks
  • The number of people who suffer real-life consequences for online behavior grows daily
Erik Dreyer | Stone | Getty Images

Internet users who believe their (real) lives in the physical world will be shielded from online behavior are mistaken, cybersecurity experts say.

"The notion that there's this world on the internet and then there's real life, and that these are two separate things is simply not true anymore," says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, which promotes free speech online.

And believing otherwise can have grave consequences, especially for political activists, human rights advocates or others who express opinions online that prove unpopular or controversial.

Galperin told a recent cybersecurity forum in San Francisco that a belief one can stay anonymous on the internet is "one of the core conceits" of our age.

Anonymity in the digital world -- if it ever existed at all -- has largely been eliminated, Galperin and others say, by a combination of technology and online behavior.

That includes the pervasiveness of tracking and surveillance software and the global proliferation of malware produced not just by individual hackers but by nation-states and organized criminals.

Just as important is the sheer number of devices now accessible over the Internet.

In February, the research firm Gartner predicted that 8.4 billion "things" would be linked online this year. That's a rise of 31% from 2016.

More devices mean more targets.

"We see 120 million attacks every day," or almost 1,400 per second, says Vincent Steckler, CEO of Avast, a private security-software company based in the Czech Republic with 65 million U.S. users.

The internet is real life and real life is the internet.
Eva Galperin
Director of Cybersecurity, Electronic Frontier Foundation

A lot of these attacks include malware that's written to gather information on people, companies, governments and other entities. Once uncovered, this information can be used to threaten or harm people in the real world.

Even the mere threat of harm in the real world as a result of online behavior is enough to have an impact.

For example, Google employees who had their names published by right-wing provocateur Milo Yiannopoulos feared harassment after they posted comments critical of fired company engineer James Damore on an internal chat service. The so-called doxxing activity caused Google CEO Sundar Pichai to cancel a company-wide meeting to discuss Damore's firing.

"Things that happen online, like doxxing, have effects in the real world," says Alex Stamos, chief security officer for Google's chief rival, Facebook, at the same forum.

"It becomes a safety issue" in the real world for those who don't have a way to protect their information online, said Stamos.

"We track dozens and dozens of different types of harm" attempted on Facebook users, says Stamos, who also said Facebook turns off more than 1 million accounts per day over fraud, spam and hate speech.

While online attacks against large companies such as Sony and Target -- or celebrities like Jennifer Lawrence -- garner the most media attention, attacks against individuals are becoming increasingly common and damaging, according to Stamos.

"Things have shifted a lot away from attacks against large enterprises and large, well-protected organizations toward attacks against unprotected individuals who are aligned with them," Stamos said last week in San Francisco.

As an example, he pointed to the hack of emails sent by the campaign of Democratic presidential candidate Hillary Clinton last year, which were lifted from the laptop of the campaign's chairman, John Podesta.

"The internet is real life and real life is the internet," says the EFF's Galperin.