Sunday, March 4, 2012

The Pwn Plug


I heard about the Pwn Plug on Google+, and ars technica described it as a little white box that can hack your network. I am certain that in information and computing technology, and perhaps espionage in particular, this unassuming little device is not at all a breakthrough creation.

A practice of subterfuge 

I know it’s common practice for a company to test its procedures and systems surreptitiously. Retail outfits will engage "mystery shoppers," for example, to come into their stores, buy stuff to check how their staff serve customers, and report back to management. So it’s no surprise that a bank will test its security by having a faux technician like Jayson Street come in, and their staff, apparently trained to be friendly and accommodating, welcome him with open arms. I gather that his client has been duly informed and advised on his findings.

You get the picture. Surreptitious efforts like these are a test, above all, of the people who implement those procedures and manage those systems. If the staff have been properly trained, sufficiently reminded, and clearly held accountable for what they have to do on the job, and they fall down from such a test, then they can be reprimanded accordingly.

Still, let’s keep this in mind. Even the smartest, most capable and conscientious staff will fall down on the job. Why? Because like everyone else, they’re only human and they’re prone to mistakes. Also, when you have someone like Street deliberately offering a sham reason to get into your building, and he installs a device that looks very familiar to many Americans, I ask, Who among us haven’t been fooled at least once?


The Pwn Plug even comes with “stealthy decal stickers” that say “fressh,” as its maker Pwnie Express shows on its website (above).  So it literally masquerades as a plug-in air freshener (below). Frankly it’s about subterfuge, and unfortunately all kinds of people have been subjected to such.

(image credit)

A question of ethics

My point in all of this?

 There may in fact be legal grounds for the maker of Pwn Plug to keep making such devices. There may in fact be legal grounds as well for companies to keep doing these kinds of tests on their procedures and systems, and on their people, too.  But I question the ethics of such business practices. 

The fact that Pwn Plug can easily hack into your networks is a serious issue, of course. Privacy is already a growing concern for ordinary denizens on the internet, like me, and I can only imagine how extraordinarily more complicated it is for major companies. There are people out there, who are intent on doing evil and inflicting harm. The livelihoods of people working for those companies depend on proper measures of safety and security. Resorting to subterfuge, however, is at best questionable ethics.

You see, ours is indeed a brave new world. While the tools and tricks of the trade are age-old, there is so much more at stake now. So many more opportunities and such growing wealth of data for people to ply their type of trade. Just as we have to institute real practical measures, we ought to stop, even for a moment, to question the ethics of all of this, and act accordingly.

Thank you for reading, and let me know what you think!

Ron Villejo, PhD

No comments:

Post a Comment