Why Some Jerk Hacking Free Internet Chess is Actually a Big Deal
Free Internet Chess Server was taken down shortly after a hacker gained access to an administrator account and unleashed havoc on July 18. For eight days players had to wait, or reluctantly join FICS' chief rival, the pay-to-play Internet Chess Club, in order to get an online game. The story ends well, as administrators were able to take time off their real lives to restore service on Saturday and Sunday. Pretty fine work for a site that hosts nearly 30 million games each year with only donations and a couple obscure sponsors.
As far as cyber-crime goes, this pales in comparison to recent cases of stolen credit card numbers, or leaks about alleged government corruption and abuse. Here, a hacker damaged the work and property of several volunteers who devoted chunks of their lives to the idea that anyone should be able to play games of chess with other people online for free. Normally, hackers focus on government targets, or ones with more commercial value. Whereas the FBI would swoop in to investigate such a crime against a bank, multinational corporation, or government agency, it seems as though no such action was taken here.
Perhaps it should have been. This was not a routine hijacking of your email account, a celebrity's Twitter feed, or even a British royal's voicemail. This hacker potentially obtained the private information of thousands people around the world in one hack, information that could be handed over to our enemies. FICS only asks for a full name and email address to attach to your username, but it's conceivable that this information, in the wrong hands, could still put online chess players at risk.
Since 2008, all FICS games are tracked by a "game bot." Anyone can look up your username and know when you are playing, how often you've played, and may be able to predict when in the future you might be playing. They can also determine how good you are at chess, which may be an indicator of your intelligence and determination. To some degree, these qualities can correlate with your salary and accumulated wealth.
When a highly ranked user plays on a routine schedule, this could attract interest from criminals when the player seems to stop playing every year, say for the first couple weeks of August. If hackers made all user email addresses available, it's not hard for thieves to then tie a particular user's email address to a physical address. We all know not to post vacation plans to our Facebook friends, but the same information could come from mining the meta-data relating to your FICS activity, or frequent use of other online services.
If user passwords were accessed during last week's hack of FICS, this presents another element of danger. Armed with a list of passwords that people use on free chess sites and the like, instead of randomly guessed passwords, odds are better that identity thieves will gain faster access to online credit accounts.
While the government acts in very high profile cases, it's up to you to protect yourself. Even if you are a member of FICS, you may not even know this hacking incident even occurred. Use unique passwords on all sites you register with, no matter how little information you provide. Change your passwords frequently. Delete all adware and spyware from your PC. Be paranoid — even if you don't object to government scrutiny of your activities, since you don't do anything wrong, still realize that your private information can be used against you by criminals. With record-breaking numbers of government officials being found guilty of major corruption, a little skepticism about government snooping wouldn't be entirely unfounded.