Hacked

Hacked

    We've all been there, reading all the warnings to change your passwords frequently, usually to a new password so complex that only a computer itself could remember it; the reason being, of course, that a hacker might break into your computer and thus access many if not all of your accounts stored there, from your banking transactions to your email address lists (and thus more potential computers to hack).  But if you're like me, you've gone to so many doctors and dentists and banks and what-have-you, each of which has asked for your Social Security number (until recently, that number would appear on any driver's license issued here in the U.S.), that you've somewhat thrown up your hands and fallen back on some sort of software program to more or less "protect" you.  This is not a new subject, indeed I first wrote about this several years ago when some of the major stores were being hacked, that being the era of pre-chip cards (many companies now require you to have a chip card --vs. the old magnetic stripe card-- by the end of this month), something that was and is an expensive transition for stores such as Target and Home Depot.  But that was all back then...it's gotten worse.

    For my wife and I, qualifying for speedier passage through security at the airport meant passing several screening processes, from the FBI taking our fingerprints to our info being double-checked by Interpol and other agencies (we passed).  All of this went into their secure databanks, our work and educational history, our Social Security numbers, our birthdates and names of relatives and their addresses, etc....and all of it got hacked.  When we first received our notice that we were among the "lucky" 21.5 million records that were hacked from the government's Office of Personnel Management site, we were admittedly a bit puzzled until we read a bit further.  We were lucky because we were not among the nearly 6 million or so who not only had all of their records hacked, but also their fingerprints.  And indeed, our paltry 21+ million group represented just 20% of the total number of people's records hacked last year (43% of businesses interviewed said that their company records had been hacked in 2014).

    Hacking is appearing to become so commonplace that the consumer is almost growing nonchalant about it.  Free credit monitoring for a year or two sounds great but hackers are very patient and will sit on stolen information for years, often three or more, before trying to access and steal the data.  Even one of the all-in-one secure storage sites has been hacked (services such as LifeLock still remain secure but a similar storage system, this one a holder of passwords, was hacked and some insurance and banking info and passwords were accessed before the breach was closed).  The most recent hack occurred only a few months ago and happened to the large credit record company, Experian (15 million Social Security numbers were stolen before the hack was noticed).  The health insurer Anthem had close to 79 million of its records hacked, while in September of last year, Excellus BlueCross BlueShield had 10 million of its records hacked, including "Social Security numbers, member ID numbers, financial account information (and) other data," according to data acquired in a Money article.  All in all, major corporate hacking has increased nearly 30% since 2014.

    So what can be done?  Change your passwords?  Uh, not very effective as shown in this video where a hacker accesses a somewhat complicated password within seconds (a simple password such as LastName543 takes a hacker an average of 3 seconds to crack).  Much of this happens when using a public WiFi access point, say in a hotel room or at an airport.  Indeed, six years ago, TedX Talks showed what hacker Pablos Holman created, a robotic "roamer" to grab such information, from bank transfers to remotely controlling your television (or to watch what you are watching or searching, be it charging your room balance to bidding on something on EBay to finding an escort service).  And again, that was technology from six years ago.  Says an article by Esther Shein in Inc.: Passwords aren’t enough: Your cloud provider should use encryption or two-factor authentication--whatever technologies “are culturally acceptable that can be used to keep out criminals,’’ advises Mike West, formerly an analyst at Saugatuck Technology.  Passwords, he says, “are a joke.  You cannot design a password that’s not breakable by a kid.”  And it's little wonder that consumers are feeling a bit on the frustrated side when sites such as United Airlines, Turbo Tax and even the Internal Revenue Service have been accessed with stolen passwords and other data. Since 2005, hackers have broken into Facebook (6 million users' data), Adobe Systems (152 million users' data), JP Morgan (83 million users' data) and EBay (145 million users' data), among others.  In an ad by cyber-security firm Norton, the primary targets for hackers are now WiFi users (68%), parents of children 8-17 (65%), mobile device users (63%) and social network users (63%).  And Verizon's 2014 analysis showed that 49% of cyber espionage comes from East Asia with another 21% coming from Eastern Europe...78% of gaining access to a computer's data came from people opening unknown email attachments.

    All of this pales when compared to the Web few of us know exists, the Dark Web.  Estimated to be 500 times as large as the Internet most of us use today, the Dark Web can even limit what Google can see, according to a summary posted in Popular Science.  In the piece adapted from his book Future Crimes, author Marc Goodman writes: According to a study published in Nature, Google indexes no more than 16 percent of the surface Web and misses all of the Deep Web.  Any given search turns up just 0.03 percent of the information that exists online (one in 3,000 pages)...Welcome to the Dark Web, sometimes called the Darknet, a vast digital underground where hackers, gangsters, terrorists, and pedophiles come to ply their trade. 

    None of this bothers Nico Sell, "CEO of Wickr, which makes what the company says is an all-but-unhackable mobile messaging app."  In a story by Inc.'s editor Will Bourne, he writes: There's a lot you won't learn about Nico Sell in the course of this story.  You won't learn how to follow her on Twitter or Instagram or Vine.  You won't learn her age, or where she lives, exactly, or the year she graduated from Dartmouth.  You won't find out the names of her two girls or her husband's name or whether hers is Nico Sell at all.  You won't even really see her face (she is prone to fedoras and dark glasses when there's a camera around).  The woman is careful, or "properly paranoid," as she puts it.  "You give people 10 data points about you and they can steal your identity," she says.  "It's really pretty simple."

In this graph from the Inc. article, Wickr's encryption data is stored outside of a central server...




    Says editor Bourne in the piece: ...Sell is not naive enough to think she can get the kind of traction she'll need to replace Skype by relying just on kids to find her app in the App Store.  She may have built Wickr to be consumer facing, but she is also attacking the problem at the topmost level.  Essentially, she plans to incorporate Wickr tech into servers, routers, phones--wherever it can add value.  "We want to be running all the financial transactions in the world," she says, as an example of the scale of her ambition..."I am under many NDAs," (non-disclosure agreements) Sell cautions later, via Wickr. But she goes on to confirm that "we have signed one of the largest gaming companies and one of the largest financial companies in the world.  We are negotiating terms with at least one carrier now.  That is all I can say." ...When a technology like Wickr "¨becomes embedded in hardware, "¨everything changes.  When a huge telecommunications company can guarantee its users anonymous and secure communication, why would anyone sign on with a carrier that didn't offer it?  Given a choice between a secure alternative to email (Wickr's next objective) and email from Google that comes with both advertising and the risk of NSA eavesdropping, who would opt for the latter?

    But there's another side to this, and that is using hacking to one's advantage as Eben Upton has done, becoming "an icon of DIY culture," says Popular Science.  He created Rasberry Pi, "the cheapest hackable computer on the planet," says the piece by Michael Nunez.  His computer sells for $20 to $35...and he's sold 5 million of them (so far).  Nunez: You keep coming out with cheaper computers.  Is your business plan just a race to the bottom?  Upton: You can do two things with Moore’s law: You can keep the price constant and add features, or you can keep the feature set constant and lower the price.  Companies always like to do the former--they don’t want to have their revenues decline year after year.  What we feel we’re doing is using Moore’s law to save people money.  We’re going to make computing available to an entire swath of people who don’t feel they can justify spending a few hundred dollars on a PC and don’t need that level of performance anyway...We wanted to build something affordable and programmable and fun and robust that kids would want to have in their lives.  You know, it sucks being a kid.  You have no power.  You basically do what other people tell you to do for 18 years.  The nice thing about computer programming is you have this venue in which you have power.  You have agency.  You have the ability to take charge, be in control, and build the thing you want to build.  And kids like that maybe their parents don’t understand it.  The new Raspberry Pi 2 is the size of credit card, has quad-core processing, 1GB of RAM, and will carry Windows 10...the new price?  Same as the old...$35.

    So back to the question of what can be done, an answer which is likely summed up in Upton's phrase, "...parents don't understand it."  Certainly, sites give you the five or six basic precautions such as keeping your updates current, or buying the latest cyber-security software, or not opening email attachments if you don't recognize the sender (banks, the IRS and most other companies almost never ask you to resend them your password information), or falling for phishing scams, etc.  But for the legitimate companies where you are initially setting up an account --say a health care provider or a new savings account-- there's actually little you can do on your end (https everywhere is one good place to start however, a simple app that adds an additional layer of encryption...any and all financial or important websites you deal with should always start with www.https and not just www.http...the app, unfortunately, is not available for Internet Explorer users).

    This is a cautious and opportunistic world we are now living in, and anonymity and deep sea phishing are the new sports of many in the shadows.  Common sense might be your best defense, that and perhaps paying a tiny bit more to stay with the current cloud software.  But it's a cat & mouse game for many companies and governments (a much more detailed story comes from an extensive look at the Sony Pictures hack, written by Peter Elkind in Fortune), and they are far more frustrated and spending far more money than you or I...and as you're now aware, have still been hacked.



   

Comments

Post a Comment

What do YOU think? Good, bad or indifferent, this blog is happy to hear your thoughts...criticisms, corrections and suggestions always welcome.

Popular posts from this blog

Dashing Through the S̶n̶o̶w̶...Hope

Image
   There was a piece in Esquire that seemed to override much of the violent news of the past few weeks, that of people wondering what the heck happened to their beliefs, to their ideals, and to their country.  But more than that, what had happened to their lives?  Wrote teacher Matt Breen in a piece titled 300 Job Applications Later: And now for me, the consequences aren’t so physical.  If I get evicted or I can’t pay my rent, I’m not gonna be homeless.  I’m just gonna have to pack my shit up and move back in with my family.  But for me, that’s not what the issue is.  The issue is that for someone trying to make it, it feels like I just totally failed at it, you know?  The rational part of my brain is like, ‘Well, you didn’t create the coronavirus or have your boss lay you off.’  But at the same time, we live in a capitalist society, where if you cannot produce any kind of work product, like, what’s your purpose then?  I feel aimless, I guess.  I was building a life for myself here, a
Read more

Vape...Or

  To begin, I am not nor have ever been a cigarette smoker, fate perhaps stepping in when I was just a lad of eleven or so and having my friend and I discover a discarded half-used cigarette in a back alley somewhere.   As kids are wont to do we felt that we had found an illicit treasure as enticing as if we had snuck into a peep show, because there was something to this smoking thing that we as kids didn't understand.  After all, sample packs of cigarettes were being given away everywhere...at the movies, at shopping centers, even at the fairs; and all the movie stars and adults we saw seemed to smoke, and smoked everywhere be it at work or when jetting around the world (luckily, my parents never did smoke cigarettes although my step-father was the tried and true MacArthur image of a pipe-smoker).  So, the half-used prized possession in hand, we somehow cornered a book of matches and excitedly lit the darn thing, that cigarette, taking a big drag as we'd seen in the pictures,
Read more

Alaska, Part IV -- KInd of a Drag

Image
     There are several ways I know when I am not up to par, or to be honest about it, when I am sick.  My taste for coffee in the morning or maybe a beer in the evening, and my urge to both read and to write, doesn't just  fade into the sunset but sinks as quickly as the Titanic.  I had gone to bed saying that I felt my throat was a bit scratchy, and by the morning I was sick.  The bug had hit, and not the bug known in Fairbanks and Denali as the mosquito (and trust me, mosquitoes are big, as in large in size, up here); nay this was a knock-out of a bug that came out of nowhere.  One moment I was fine but by the next morning, I was out, totally zonked.  I could barely get out of bed.  As with all such flu-like bugs, my urge was only to sleep.  Drink plenty of liquids (which I knew to do), out the window.  Hot tea or something as simple as a cup of soup or a hot chocolate?  Not a prayer.  Which begged the question, where did it come from?  Who knows?  Buffet utensils and serving sp
Read more