Archive

Archive for August, 2011

CYBERSPACE: THE FUTURE OF BATTLEFIELDS AND WARS

By Joseph Lerner
(Political Analyst)

Copyright: www.rieas.gr

After the recent Cyberattacks that have targeted the Lockheed Martin, Google, Sony, Nintendo’s database, and the US Government and Military Websites and Canadian government’s Websites the reality of how the modern wars are fought is changed. NATO has been dragged into a new battlefield that it was aware of, but hardly imagined that such an era would arrive so soon. Here and now, there are urgent needs to adopt a new paradigm when developing our new strategies and tactics as NATO allies, when it comes to the future of Modern Warfare that its main battlefield is the Cyberspace.

In the past, we fought on the sky, grounds, mountains, deserts, sea and oceans. This is changed. In the past, we knew who the enemy is, where the enemy comes from or how the enemy looks like. When engaged in any combat mission we were able to physically identify and see the enemy. These equations are no longer valid in Cyber Warfare.

In Cyber Warfare one often cannot see, sense, hear or know when the enemy attacks. The enemies are often unknown. The attacks always have the element of surprise. The Cyber Assault strategies, tactics and methods, as well as the Cyber Assaults’ patterns of behaviour tend to constantly change. All these elements make the Cyber Warfare new uncharted territories to be meticulously studied and learned about in great details.

Often by the time that the intrusion or attack is identified the damage is already done. In these cases, all we could do is: containing the damage that is already done and preventing it from spreading to a wider area. As NATO allies we are no longer in a position to take our time and reflect on various thoughts and strategies then develop countermeasures. This is a fact: we have already been attacked. The only pragmatic and sound strategy is: developing new multidimensional and multilayered Cyber Defense and Cyber Offence Strategies and Systems.

“Along with the rest of the U.S. government, the Department of Defense (DoD) depends on cyberspace to function. It is difficult to overstate this reliance; DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe. DoD uses cyberspace to enable its military, intelligence, and business operations, including the movement of personnel and material and the command and control of the full spectrum of military operations.” Department of Defense Strategy for Operating in Cyberspace, print July 2011. Link for downloading the complete document: http://1.usa.gov/rkg46T

According to the Department of Defense Strategy for Operating in Cyberspace, the US cannot afford any form of Cyber-Defense vulnerability by any possible means. Therefore, it will not be surprising to witness that the future battles are fought behind the computer monitors and through our Cyber Operatives laptops.

The future War Rooms in Pentagon and NATO Command Centres will look much differently and highly advanced than today. A considerable portion of the NATO’s battle strategies are going to be developed by the Generals and Commanding Officers who are highly gifted computer scientists and Cyber Security experts. The future wars are multilayered and fought in the land, sea, sky, streets, deserts, mountains and Cyberspace. If Sir Winston Churchill was alive today he would have said, “…we shall fight our enemies on the seas and oceans, we shall fight with growing confidence and growing strength on the Air…. and we shall fight them in Cyberspace… We shall never surrender….”

“Cyberwar declared as China hunts for the West’s intelligence secrets. Urgent warnings have been circulated throughout NATO and the European Union for secret intelligence material to be protected from a recent surge in cyberwar attacks originating in China. The attacks have also hit government and military institutions in the United States, where analysts said that the West had no effective response and that EU systems were especially vulnerable because most cyber security efforts were left to member states.” The Sunday Times, link: http://bit.ly/af3Qa1

It is unknown that how much intelligence the Chinese hackers have acquired through these recent Cyberattacks. The extent of loss of intelligence is unknown. This makes the whole issue more complex, since here and now there is not much to work with when it comes to threat assessment and developing countermeasures. Therefore, we have to start upgrading our Cyber Security Systems, implementing new security measures and new Cyber Command Centres for our NATO Forces to prevent the hackers from putting our men and women in uniform and nations in danger. For this reason one of the NATO’s priorities needs to be: coming up with a solid and extraordinary Cyber Defense Technology to prevent our combat and peace keeping missions in the world from being jeopardized.

The least damage that one could think of after each Cyberattack is: the astronomical costs of repairing, upgrading, redeveloping and restructuring our entire computer and Cyber Security Systems, especially during these challenging economic times. McAfee in its 2009 published Cyber threat-analysis states “The Threat Is Real”

“Critical infrastructure owners and operators report that their networks and control systems are under repeated cyberattack, often from high-level adversaries like foreign nation-states. Assaults run the gamut from massive DDOS attacks designed to shut down systems all the way to stealthy efforts to enter networks undetected.” Stewart Baker, CSIS; partner, Steptoe & Johnson, In the Crossfire, Critical Infrastructure in the Age of Cyber War, A global report on the threats facing key industries, McAfee Print 2009. Link for downloading the complete document: http://linkd.in/nkpzDM

It is imperative to realize that we as NATO allies indubitably need to focus on developing extraordinary and formidable Cyber Defense Technology to protect our entire critical infrastructures such as power plants, power-grids, telecommunication networks, financial institutions, military infrastructure, governments’ databases, etc. If any intruder could possibly bypass our Cyber Security Systems, hack into any of our key infrastructures, then the consequences could be devastating.

The science and art of Cyber Security and Cyber Defense are constantly changing and growing areas of focus. This makes it extremely hard to even come up with the cost estimation of the National Defense budget that it needs to be dedicated for upgrading and maintain our Cyber Security Systems, as well as keeping our Cyber Defence experts up to date. Each time that a new technology is introduced and new techniques are developed our invisible Cyber Enemies get smarter and learn how to develop countermeasures.

To win the Cyber Warfare we need to take the ability of our enemies away, when it comes to our enemies’ being able to technologically mutate in timely fashion and learn our ways, as well as taking away the enemies’ ability of resiliency.

“The demand for new cyber personnel is high, commensurate with the severity of cyber threats. DoD must make itself competitive if it is to attract technically skilled personnel to join government service for the long-term. To achieve its objectives, DoD will focus on the establishment of dynamic programs to attract talent early, and the Department will leverage the 2010 Presidential Initiative to improve federal recruitment and hiring processes.” Department of Defense Strategy for Operating in Cyberspace, print July 2011. Link for downloading the complete document: http://1.usa.gov/rkg46T

When it comes to developing the ballistic missile technology we could say, hypothetically speaking, NATO has reached an advance balletic missile technology, and our missiles could travel 2700 miles carrying warheads that make an X amount of impact with precision. Then for the next ten years we would keep only fine tuning our existing ballistic missile technology. Then after ten years we could upgrade them to be used for another decade until such a ballistic missile technology needs to go out of circulation. However, such paradigm, methods or theories do not apply to Cyber Security and Cyber Defense Technologies. Whenever we do any form of hardware upgrade, then the next year we are in need of another major upgrade.

Even if we as NATO allies reach a point that we could confidently say that our Cyber Defense Systems’ hardware technology is good enough, then we will still remain under threat when it comes to the skills and human resources that our enemies have in their disposal. This reminds me of the famous phrase by Joseph Stalin: “human resources decide everything” (Kadry Reshayut Vsyo). The most important part of Defense spending of NATO indubitably needs to be more focused on recruiting the highly gifted Cyber Security and Cyber Defense experts who are able to immediately identify each single possible threat through their ingenuity, and spontaneously develop countermeasures for it, both in terms of defense and offence as deterrent.

The modern world of Cyber Security and Cyber Warfare requires a total shift of paradigm. The old ways of strategic thinking no longer apply today in our modern time. The kinds of Cyberattacks that we are witnessing today only existed in the science fiction stories and movies a decade ago. The Cyberattacks regardless of what country or entity benefits from them, could be initiated from anywhere in this world. This calls for new alliances and NATO partnerships when it comes to developing and establishing our new Cyber Security System and Cyber Warfare Technology.

“With terrorists increasingly resorting to hacking and using internet for communications, India and the US Tuesday inked an agreement to promote increased collaboration in cyber security. The memorandum of understanding on cyber security was signed by R. Chandrashekhar, secretary, India Department of Information Technology, and Jane Holl Lute, deputy secretary for the US Department of Homeland Security (DHS). The agreement entails closer cooperation and the timely exchange of information on cyber security.” India, US ink an agreement on cyber security, The Economic Times, July 2011, online source: http://bit.ly/nQvWEu

The agreement between the US and India that its focus is to promote increased collaboration in Cyber Security is probably one of the most important events in our century, when it comes to international relations and defense collaboration. This is because of the following facts:

a) India is a democracy that respects Human Rights and free-market

b) India is a member of Commonwealth

c) Indians are fluent in English

d) India suffers from the same terrorist threats as NATO countries do

e) India produces some of the most gifted Cyberspace experts

f) India benefits from highly complex infrastructure that is already fibre-optic ready

g) India is China’s neighbour and has a greater population than China

h) India has a very important strategic position in the region. Map: http://1.usa.gov/oYmT3X

All these elements not only make India the NATO’s closest friend and best partner in our war on terror, but also India is one of our most important partners in developing and maintaining our global Cyber Security Systems. India is the future rising economic power in the region that shares the same democratic values as we do as NATO allies in our free world.

Our success in preventing the future Cyberattacks not only is going to depend on our ability to have an extraordinary defense technology and system in place, but also depends on how great we are in identifying the threats and their sources, then launching the proper offensive counterattacks that could bring down the intruders’ and abusers’ systems. This way not only we could benefit from having a great state of the art Cyber Security technology, but also we as NATO allies will have a great Cyber Warfare Technology as deterrent in place. For this reason we need to adopt new ways of thinking when it comes to developing our Cyber Security and Cyber Warfare policies, as well as when it comes to allocating funds for our Cyber Security and Cyber Warfare industries.

The cost of Cyber Security and Cyber Warfare technologies and maintaining them are extremely high. This is because of the fact that these industries always depend on highly gifted experts. These are the industries that will create the future brain drain in the world as it already has. Therefore, the common methods of dedicating a fixed annual budget for Cyber Security and Cyber Warfare industries are no longer feasible or pragmatic. We need to have a financial system and policies in place so that as new threats and challenges occur, we will be able to immediately allocate funds to respond to these challenges and threats spontaneously. Furthermore, it is imperative to realize that allocating funds to cover the costs of the NATO’s Cyber Security and Cyber Warfare Technologies are indubitably the most important priority to focus on when it comes to protecting our nations, economy and interests in the world.

“US Government and Military Websites Redirected to Chinese Servers: The report says telecommunications companies in China disrupted the Internet for only about 18 minutes — but they were a big 18 minutes. They “hijacked” about 15 percent of the world’s online traffic, affecting NASA, the U.S. Senate, the four branches of the military and the office of the Secretary of Defense.”  Jason Ryan, ABC News, Technology, Washington, Nov. 17, 2010, online source: http://abcn.ws/9XWRbm 

The time frame of the Cyberattack that is indicated in this report was about 18 minutes. The speed of identifying and responding to any Cyber-threat is often within seconds and minuets. This is the speed that we are talking about when it comes to Cyber Security and Cyber Warfare. These issues present the very fine lines that the future policy makers, security and defence experts are going to need to deal with and address. For this reason NATO needs a new shift of paradigm when it comes to its future Cyber Security and Cyber Warfare strategies, legal and technological structures to properly address these issues.
Joseph Lerner is a Canadian political analyst specializing in Homeland Security and geopolitics. He regularly writes about National Security, Counter-Terrorism, immigration and security challenges. Lerner has served as the Campaign Strategist for the Conservative Party of Canada WD in Canada’s 2011 Federal Election running a successful War Room.  In 2007, he held the position of Communication Analyst and Strategist in the Ontario’s Provincial Election. Lerner is the former Vice President of Conservative Party of Canada, WD EDA. He has served as the Chair of Policy Review and Fundraising Committees. Website: http://www.ideasthatshape.com

Mossad’s Miracle Weapon: Stuxnet Virus Opens New Era of Cyber War

By Holger Stark

The complex on a hill near an interchange on the highway from Tel Aviv to Haifa is known in Israel simply as “The Hill.” The site, as big as several soccer fields, is sealed off from the outside world with high walls and barbed wire — a modern fortress that symbolizes Israel’s fight for survival in the Middle East. As the headquarters of Israel’s foreign intelligence agency, the Mossad, this fortress is strictly off-limits to politicians and journalists alike. Ordinarily, it is the Mossad that makes house calls, and not the other way around.

 

The agency’s strict no-visitors policy was temporarily relaxed on a Thursday in early January, when a minibus with darkened windows pulled into a parking lot in front of a nearby movie theater. The journalists inside were asked to hand over their mobile phones and audio recorders. Meïr Dagan, the powerful head of the Mossad, had invited them to the facility. It was his last day in a position he had held for seven years. On that January day, the journalists were there to document his legacy: the Mossad’s fightagainst the Iranian nuclear program.

He spoke passionately about the risks of a possible military strike against Iran, saying that he believed that such an attack would lead to a conflagration in the region that would include a war with Hezbollah and Hamas, and possibly with Syria. And anyone who believed that a military strike could stop Tehran’s nuclear program was wrong, said Dagan. It could slow down the program, he added, but only temporarily. For this reason, the outgoing Mossad chief was against bombs — but in favor of anything that could set back the Iranian nuclear program without starting a conventional war.

Delay was the new magic word. And to that end, the Mossad head had created a miracle weapon that everyone in the room on that January day knew about, but which Dagan did not mention by name: Stuxnet.

Stuxnet, a computer virus that can infiltrate highly secure computers not connected to the Internet, a feat previously believed to be virtually impossible, entered the global political arena more than a year ago, in June 2010. The virus had attacked computers at Iran’s Natanz nuclear facility, where scientists are enriching uranium, and manipulated the centrifuges to make them self-destruct. The attack penetrated into the heart of the Iranian nuclear program.

Stuxnet is the world’s first cyber-weapon of geopolitical significance. Frank Rieger of the legendary German hacker organization Chaos Computer Club calls it “a digital bunker buster.” The virus represents a fundamentally new addition to the arsenal of modern warfare. It enables a military attack using a computer program tailored to a specific target.

One year later, there is not an Internet security firm or government of a major country that is not addressing Stuxnet and its consequences, as well as taking action as a result. To learn more about Stuxnet and understand what is behind the virus, SPIEGEL traveled to Israel — the country where the cyber-weapon was invented.

Following the Trail

The Israeli branch of the US computer security firm Symantec is housed in a nondescript modern complex in Tel Aviv, a 15-minute drive from Ben Gurion International Airport. Sam Angel, the head of Symantec Israel, meets visitors in the underground garage and takes them to the conference room on the fourth floor. At the beginning of his PowerPoint presentation, Angel says: “Stuxnet is the most sophisticated attack we have ever seen. This sort of an attack, on a mature, isolated industrial system is completely unusual.” He projects a map onto the wall, showing the countries where such an attack has taken place: Iran, Indonesia, Malaysia and Belarus, where a man named Sergey Ulasen discovered Stuxnet.

Ulasen, who works in the research and development department at the VirusBlokAda security firm in Minsk, received what seemed to be a relatively mundane email on June 17, 2010. An Iranian firm was complaining that its computers were behaving strangely, shutting themselves down and then rebooting. Ulasen and a colleague spent a week examining the machines. Then they found Stuxnet. VirusBlokAda notified other companies in the industry, including Symantec.

 

When the engineers at Symantec got to work, they came across two computers that had directed the attacks. One of the servers was in Malaysia and the other was in Denmark, and they were reachable through the addresses http://www.todaysfutbol.com and http://www.mypremierfutbol.com. They had been registered, under a false name and with a forged credit card, through one of the world’s largest Internet registration companies, a firm based in the US state of Arizona. Symantec rerouted the incoming and outgoing communication at the two servers to its computer center in Dublin, which enabled it to monitor the activity of the virus. Whoever had launched Stuxnet had gotten away, but at least Symantec could follow the trail they had left behind.

The rerouting of communication made it possible to obtain an overview of the countries in which the virus was active. According to that analysis, Stuxnet had infected about 100,000 computers worldwide, including more than 60,000 in Iran, more than 10,000 in Indonesia and more than 5,000 in India. The inventors programmed Stuxnet so that the virus, as a first step, tells the two command-and-control servers if the infected computer is running Step 7, an industrial software program developed by the German engineering company Siemens. Step 7 is used to run the centrifuges at Iran’s Natanz facility.

The plant near Natanz, located in the desert 250 kilometers (156 miles) south of Tehran, is protected with military-level security. The aluminum centrifuges, which are housed in bunkers, are 1.8 meters (5 foot 10 inches) tall and 10 centimeters (four inches) in diameter. Their purpose is to gradually increase the proportion of uranium-235, the fissile isotope of uranium. There is a rotor inside the centrifuges that rotates at a speed of 1,000 times per second. In the process, uranium hexafluoride gas is centrifuged, so that uranium-235 accumulates in the center. The process is controlled by a Siemens system that runs on the Microsoft Windows operating system.

Vanity Fair: Enter the Cyber-dragon

Author: Michael Joseph Gross

Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. Michael Joseph Gross gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and explains why Washington has been slow to fight back.

Lying there in the junk-mail folder, in the spammy mess of mortgage offers and erectile-dysfunction drug ads, an e-mail from an associate with a subject line that looked legitimate caught the man’s eye. The subject line said “2011 Recruitment Plan.” It was late winter of 2011. The man clicked on the message, downloaded the attached Excel spreadsheet file, and unwittingly set in motion a chain of events allowing hackers to raid the computer networks of his employer, RSA. RSA is the security division of the high-tech company EMC. Its products protect computer networks at the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon, the Department of Homeland Security, most top defense contractors, and a majority of Fortune 500 corporations.

The parent company disclosed the breach on March 17 in a filing with the Securities and Exchange Commission. The hack gravely undermined the reputation of RSA’s popular SecurID security service. As spring gave way to summer, bloggers and computer-security experts found evidence that the attack on RSA had come from China. They also linked the RSA attack to the penetration of computer networks at some of RSA’s most powerful defense-contractor clients—among them, Lockheed Martin, Northrop Grumman, and L-3 Communications. Few details of these episodes have been made public.

Full Text of Document

The War on Web Anonymity

By Marcel Rosenbach and Hilmar Schmundt

The Internet has always been a refuge of anonymity. Anyone could hide behind the cloak of namelessness and express the most offensive views. Now politicians and companies — including Google and Facebook — want to change that.

The Avenue de l’Opéra in Paris is a respectable address, surrounded by banks, boutiques and cafés. The tenants listed on door plaques include a language school and an airline. But the name of the building’s most famous tenant is not listed: Google. The global corporation values privacy — its own privacy, at least.

“We take data protection seriously,” says Peter Fleischer, Google’s Global Privacy Counsel. “We don’t know our users by name,” he insists. “We just store anonymous identifiers, but no personal data.” This is an important distinction for Fleischer, who says that Google’s primary goal is to improve the accuracy of targeted advertising. According to Fleischer, the identities of the people behind the numbers are irrelevant. “We don’t even want to know the names of users,” he says.

These statements were made only three years ago, and yet they seem to be from a different era. In the past, the Internet was a sea of anonymity dotted with username islands, but now the relationship is being reversed. Anonymity is being declared the exception — and a problem.

In June, Google launched a frontal attack on competitor Facebook and began testing its own social network: Google+. Suddenly Google is asking for precisely what Fleischer so vehemently declared was of no interest to the company in 2008 — real names.

The company has repeatedly blocked the accounts of users who refuse to provide their real names instead of a pseudonym, because this is a violation of its “community standards.” Those rules stipulate the following: “To help fight spam and prevent fake profiles, use the name your friends, family or co-workers usually call you.”

Free Speech vs. Attribution

Today Google is no longer satisfied with pseudonyms, and it isn’t alone. Politicians and law enforcement agencies have also declared war on anonymity, a fundamental characteristic of the Internet.

For some, anonymity is among one of the biggest strengths of the Internet, a guarantee of free speech and privacy. Others voice concerns over the “attribution problem” and see it as a key issue in the digital world that must be eliminated.

Particularly in the wake of attacks in Oslo and on Utøya Island , there is growing interest in tearing the masks off the faces of those who author radical right-wing hate blogs . Critics are calling for stronger online surveillance, an alarm button for reporting dangerous content and the reintroduction of data retention. But what use are surveillance and warning mechanisms if the authors of violent messages cannot ultimately be identified?

Last week the anti-Islamic treatises by the blogger “Fjordman,” whom the Norwegian killer Anders Behring Breivik has described as his “favorite writer,” made international headlines. But of course he isn’t the only one hiding behind a pseudonym. Jihadist forums using crude code names seek to incite hatred and violence against “infidels,” while right-wing extremists use the protection of anonymity to publish the names and addresses of members of the Antifa, or anti-fascist movement, who employ the same tactic.

Feelings of public outrage run high when it comes to issues like cyber-bullying, hate mail and insults, as was recently the case with iShareGossip, a German site where students could anonymously insult their fellow students. Some time ago, a site called Rotten Neighbor triggered similar feelings of outrage. It enabled people to take their neighborhood disputes online. Of course, those who unloaded their vicious remarks on the site remained anonymous, while the victims of their abusive language were clearly identified.

Limiting Anonymity

Last autumn Axel Fischer, a member of Germany’s conservative Christian Democratic Union (CDU) and the chairman of the parliamentary commission on “Internet and Digital Society,” called for a “ban on disguises” in the virtual world, at least for forums with political voting options, as he clarified after a storm of protest from the online community. Then Interior Minister Thomas de Maizière (CDU) also addressed the issue several times, saying that “limitless anonymity” should not exist on the Internet, where the authorities must be able to identity people who break the law.

De Maizière also launched two projects intended to facilitate secure identification on the Internet — albeit on a voluntary basis at first — the supposedly tamper-proof digital mail system “De-Mail” and the new identity card.

But in the anarchic world of the Internet is it even possible to implement a large-scale, binding identification requirement? A look at events in South Korea offers some answers to this question.

Ironically, this journey has led to more surveillance in the Asian country, where the Internet euphoria is among the most rampant in the world. In 2008, the 39-year-old Korean actress Choi Jin-sil was bombarded with hateful tirades online. No longer able to bear the attacks, she hung herself.

The nation was shocked. The conservative government reacted with the broader application of a law originally created only for election campaigns. Under the “Real Name Verification Law” anyone who wishes to post comments or videos online must identify themselves with their “resident registration number,” a 13-digit unique identifier issued by the government.

A Civilizing Effect

Currently the law applies only to websites with more than 100,000 users per day. Some website operators are probably quite pleased with the regulation, because the real names of customers are extremely valuable in the advertising industry.

Media researcher Daegon Cho of the US-based Carnegie Mellon University wanted to know what lessons could be learned from the Korean experiment. Does the constraint of having to reveal one’s true identity online have a moderating effect on the Internet community?

It does, as Cho discovered. The Identification Law has a civilizing effect on the Internet’s verbal offenders — though only in moderation. Those who rarely post comments online were especially likely to temper their emotions. In this group, the number of comments containing “swear words and anti-normative expressions” fell from 27 to 20 percent. Nevertheless, the majority of troublemakers continued to swear without restraint under their real names. Besides, instructions for circumventing identification requirements have been available online for some time, and when in doubt, troublemakers can always use foreign servers.

Instead of an identification requirement, the online community is placing its faith in the self-regulating forces of the Internet. Twenty years of experience with the World Wide Web have shown that it does not necessarily lead to moral decline. In fact, the figures from South Korea suggest that the Internet even civilizes some users with time. Experienced contributors to forums write offensive comments about six times less frequently than those who rarely write comments.

The discussion culture is often tended with sophisticated filter mechanisms and evaluation systems, and many administrators act as blog monitors, taking action against rude comments. Reputation systems reward popular discussion participants, whether or not they are anonymous. The content is what counts.

But what about extremists and criminals who use anonymity to evade law enforcement?

No Match For Law Enforcement

It appears that if there is sufficient pressure from investigators, the much-touted principle of anonymity quickly evaporates. The arrests of many presumed members of the hacker groups “Anonymous,” “LulzSec” and Germany’s “No-Name Crew” prove this.

The “unmasking” of about 20 “Anonymous” activists speaks volumes. Apparently neither masks nor virtual precautions could protect the net anarchists from being apprehended. Ironically, both the real names and, in some cases, the photos of these previously faceless net activists are now publicly available.

In a chat with SPIEGEL, German hacker “Darkhammer,” accused of having hacked into and disclosed customs data, boasted that he wasn’t afraid of the authorities, and that only stupid people let themselves be caught. He was arrested a few days later.

There is also ample evidence to suggest that political pressure isn’t necessary to force the use of real names online because users will take that step on their own. Nothing has accelerated the trend more than the success of social networking sites like Facebook, where users voluntarily reveal not only their names, but often photos, birthdays and sometimes even intimate details of their lives.

These services have turned into something resembling a digital civil registration office — the antithesis of anonymity. This is slowly undermining a quality that also has many proven advantages, particularly for dissidents in countries with oppressive regimes. A report by the respected American Association for the Advancement of Science even concludes: “Anonymous communication should be regarded as a strong human right.”

The example of media education shows what a double-edged sword the call for identification on the Internet can be, though. In one respect, Germany’s Ministry of Consumer Protection, parents and data privacy advocates are in rare agreement. To protect themselves against fraud, stalking and abuse, young people should never use their real names online, they say.

It isn’t easy to explain why this valuable anonymity suddenly becomes a problem after their 18th birthday.