The Hawthorne Effect

Link: From Dave Winer

There’s a very simple business reason why Google cares if they have your real name. It means it’s possible to cross-relate your account with your buying behavior with their partners, who might be banks, retailers, supermarkets, hospitals, airlines. To connect with your use of cell phones that might be running their mobile operating system. To provide identity in a commerce-ready way. And to give them information about what you do on the Internet, without obfuscation of pseudonyms.

Simply put, a real name is worth more than a fake one.

After Tuesday’s cyber attack on the Pfizer Facebook page, I was curious to see if I could gain more insight into the motivations of the group responsible. I wasn’t sure if such an undertaking would be possible, since they may not respond, but after seeing a comment posted by the group on my posting about the incident, I thought it worth shot.

I contacted The Script Kiddies through Twitter and asked if they would consent to an interview, which they responded that they would, provided it was carried out through Twitter. I posed 8 questions to the group. The unabridged and unedited Q&A is posted below.

1. What is the mission of The Script Kiddies?
Our current mission is to aid in #antisec with exposing government and corporate corruption all over the world.

2. How did the things you accuse Pfizer of come to your attention?
You know what they say; the medium is the message…through media.

3. Can you tell us how you hacked the page?
Paul Dyer. The ignorance of an individual can lead to a security breach of alot more then one may think.

4. Do you see social media as more vulnerable to attack than other forms of digital media?
Social media gets more attention, and tends to be less secure since companies trust individuals to protect and control them.

5. Did you feel you got the results you were looking for?
The results we were hoping for is the public awareness of what Pfizer has done, and the punish the company itself. so yes.

6. Were you concerned at all that you may not have had all the facts before beginning your efforts against Pfizer?
We know just as much now about their corruption as we did before.

7. Given that most drug development risks human life, and not developing certain drugs also carries risks to human life, how can pharma companies better manage in order to avoid coming under future scrutiny from groups like yours?
The ingredients that make up these drugs are nothing knew. The risk could easily be calculated before testing on humans.

8. What would you say to those who feel your methods may be as harmful as those you look to expose?
It isn’t up to me if the media or the people approve of what we do. the result is something we can all approve of (cont.) were not trying to be hero’s. We are well aware hacking is criminal and can be unjustified in most cases (cont.) with groups such as ourselves, lulzsec, and Anonymous; everyday we get closer to a society without corruption and with fair rule.

It should be noted that in my previous post, I assumed that the group hacked into the page through some vulnerability within Facebook. That assumption was incorrect. Instead, it seems access was attained by clues and publicly available data found on the internet left by one of the page administrators.

Update: I assumed when I wrote this post that the group that hacked into the page did so through some vulnerability within Facebook. That assumption was incorrect. Instead, it seems access was attained by clues and publicly available data found on the internet left by one of the page administrators.

Last night, sometime around 8:30pm last night, Pfizer had its Facebook account hacked by a group called ‘The Script Kiddies.’ The group, much like LulzSec and Anonymous before it, is made up of hackers who inflict their own form of retribution (or what they would term as justice) on organizations they disapprove of by breaking through various layers of online security to post images and messages on cooperate owned sites. In this case, Pfizer’s Facebook page.

In an interview with the website studentactivistdiary.co.uk, the group claims that “[Pfizer is] guilty of killing people through harmful drugs and clinical tests. […] We plan to achieve awareness mostly; awareness that the security online is an allusion and also that Pfizer’s crimes are intolerable and we will not deal with them. We will stand up and say, hey, this isn’t right. We will take a stand. Some say that our methods are extreme, but they have to be to achieve our goals. Pfizer is a corrupt giant, so we attacked them. Simple as that.”

Despite several claims of “not being an expert” the representative from ‘The Script Kiddies” felt their actions justified and the results went live for all to see. Pfizer removed the posts and locked it’s Facebook page down shortly after the attack.

Whether or not you believe this kind of armchair activism is justified or not is a debate I will leave for another day. From the vantage point of communications, an attack like this does raise several important questions. Were Pfizer’s security protocols to blame or was Facebook the problem? Will this attack set Pharma’s efforts in social media back? Should Pfizer respond? And if so, how?

If the people managing the Pfizer page were using strong passwords or continuously updating the log-in credentials I can’t say, but one very important issue should not be glossed over here…

Pfizer wan’t hacked, Facebook was.

Yes, these hackers took over the Pfizer page, but that page is housed on Facebook’s servers, and Pfizer can only make the page as secure as Facebook’s user interface will allow. Unfortunate as it was for Pfizer, I’m not sure how much more security could have been applied. The hackers in question may crow all they like about how they supposedly beat Pfizer, but Facebook needs to step up here. Also interesting to note, if these hackers really wanted to put on a show, why not hack the Pfizer.com site instead of the Facebook page? It probably gets far more traffic and therefore would garner far more attention.

This wasn’t a social media problem, it was a technological one, and is one that’s potentially fixable. If a group like this wants to hack your sites, they will find a way to do so, if not on Facebook than somewhere else for sure.

Given the tenuous position it has in social media, its easy to see how those who think pharma should leave social media alone will use this as an opportunity to say “see I told you so.” The truth of the matter is that, like it or not, these types of attacks will continue to happen. And, like with any other media channel, unless it is comfortable, active, and engaged in the space, pharma’s responses to issues like this will continue to be flat-footed and painfully slow.

So what should Pfizer do? I’m a firm believer that you don’t negotiate with terrorists, and that responding directly to an attack like this will bring attention to the hackers, and in all likelihood, provoke more attacks.

What Pfizer shouldn’t do is retreat.

Social media represents a powerful way to create understanding and deepen awareness of issues most likely to affect or benefit users. Pfizer has the opportunity here to lead the way, whether it’s bringing better transparency to its clinical trials and safety programs or by providing customers who are having legitimate issues or have questions about their products answers and support. Leveraging social media to provide help and support will go a long way towards improving the perception of your brand, but it must be done carefully, authentically and with your audience needs in mind.

But make no mistake. There will always be detractors. There will always be haters. Hiding from them won’t make them go away.