“You don’t understand,” said the soldier who sat next me, who was speaking into his phone. His hand was shaking. “They’re dangerous. Really dangerous. You need to find somewhere safe! Go to your mother, and call me as soon as you get there.”
He hung up, and held the phone with both hands on his lap. I could see the beads of sweat forming on his forehead.
“Is everything OK? Is there something I can help with?” I asked politely.
He shot a frightened look toward me. “Did you hear what’s happening on LinkedIn?” he asked.
“A bit,” I said. “What, exactly? What did they do now?”
“It’s not what they did, it’s what was done to them,” he muttered, and buried his head between his hands. “Didn’t you hear that LinkedIn was hacked? One hundred and seventeen million encrypted user passwords are now being sold to anyone who can pay all of two thousand dollars for them, and I’ve heard that hackers who’ve scanned these encrypted passwords were able to decipher ninety percent of them. That means that over one hundred million user accounts are now hacked. What’s more, I’ve just returned from Afghanistan. Do you know what this means?”
“No,” I said. “What?”
“I fought the Taliban there, and now, they know who I am,” he muttered. “I had always worn a nametag on my uniform, and any Afghan wanting to take revenge on me will have already found my password. He’ll know where I live, based on the personal details in my account. They know who my wife is. They know how to get to our house!”
“Oh.” I said. “This is the world without privacy that we’re all afraid of. But it’s OK. They won’t find your wife.”
He looked up with a miserable glance. “Why not?”
“Because LinkedIn was already hacked once, four years ago, in 2012.” I explained. “They just didn’t understand how serious the problem was back then. They thought that only six and a half million passwords were stolen. Now, it turns out for all of that time, Russian hackers had all of those passwords, and although they really may have used them during that time – they might have already sold them to the Chinese, to ISIS, or to other centers of power – you can still set your mind at ease, provided that you changed your password.”
“Actually, I did,” he said. “In 2013, I think.”
“So you see? Everything’s OK,” I reassured him. “Or, in more exact terms, sufficiently OK, since this whole episode should teach us all an important lesson. Real privacy doesn’t exist any more. One of the more secured companies in the world was hacked, and this event wasn’t exposed for four years. Now, think about it, and tell me, yourself – what are the chances that some of the world’s databases hadn’t been hacked yet by the intelligence services of countries like Russia, China, or even the United States, working under the radar?”
He thought for a moment. “None?” he suggested.
“That’s what I think, too.” I said. “Hey, Snowden managed to steal enormous amounts of information from the National Security Agency of the United States, and no one was even aware that the information disappeared until he let the cat out of the bag himself. He was just one more citizen concerned about what this agency was doing. What are the chances that the Chinese haven’t managed to bribe other people at the agency to send them the information? Or that the United States hadn’t located its own agents in Russian or Chinese communities, or anywhere else in the world? Chances are that all of this information about us – not just passwords, but identifying particulars, residential addresses, and so on – are already in the hands of large governments around the world. And yes, ISIS may also have gotten its hands on it, though that’s a bit less likely, since they aren’t as technologically advanced. But one day, a Russian or Chinese Snowden will funnel all of this information to Wikileaks, and we’ll all know about everyone else.”
“But only within the period that information was gathered in,” he said.
“Right,” I answered. “That’s why I’m claiming that we’ve all lost our historical privacy. In other words, even if one day we enact new legislation to protect private information, a large portion of the information will already be circulating around the world, but it’s only valid during the period it was gathered in. It’s nearly certain that by today, various intelligence services can piece together impressive profiles of much of the world’s population, though they can only rely on the information gathered during that time. So even if ISIS managed to get its hands on those passwords, and even if they managed to hack your profile during the period between 2012 and 2013 and extract data about you without you knowing about it, the big question is if you were even married at the time.”
“Yup,” he said. “But I was married to my ex-wife, in a house I used to live in. Does this mean that ISIS could get to her?
“If all of these assumptions are true, then yes.” I said. “Maybe you should call her and warn her?”
He hesitated for a moment, and shrugged.
“It’s OK,” he said. “She’ll manage.”
This article was originally written by me in Hebrew, and translated and published at vpnMentor.