Why We Can Stop Missiles But Not Hackers
Hackers present both the public and private sector with some very unique challenges. Unlike traditional threats, which are often presented in very black and white terms, hackers are notoriously adaptable to new security measures and tend to discover vulnerabilities as fast as developers can fix them.
Their tools vary; sometimes hackers author malware to commandeer a victim’s system or computer, while other times they brute force their way in by guessing passwords or stealing account information. Other times they exploit users’ trust with phishing; failure to update software is another major cause of a security breach.
Stories about the mock pentagon hacks leave us with the burning question: just how vulnerable are we to hackers?
Large corporations and small businesses frequently have good door security; they know who’s going in and out of their building and there is usually some kind of monitoring, be it live or recorded.
Private surveillance has made it considerably easier for law enforcement because physical evidence of a crime on tape is subject to less bias and provides a solid narrative of what happened. The threat of surveillance is also a great deterrent to would-be criminals. In other words, it is considerably more difficult to dispute a criminal charge when one is caught on tape.
But digitally speaking, things are very different. Major data breaches, such as with Seagate and LinkedIn, show us that hackers are undeterred by the private sector’s security advances. They demonstrate that our businesses haven’t made much progress since the Target or Yahoo breaches, that hackers are still finding their way into servers and stealing customer information.
Much of this has to do with human error. Some of the largest hacks, including the iCloud celebrity photo “leaks” of 2014 [note 1] and the Seagate breach of 2016 stem from very basic phishing scams. Thus far, security services offer little in the way of handling scams, focusing mainly on encryption and malware elimination.
That’s not to say that said services aren’t useful; they just can’t stop everything. More often than not, businesses fall victim to internal sabotage or basic scams because that may be the only way for hackers to get in.
Thus far, damage from hackers in the public sector appears to be minimal; no bombs have been dropped, no missiles launched, and no secret operations (that we’ve been told about) foiled. But the government has been hacked—and not just once.
no bombs have been dropped, no missiles launched, but the government has been hacked—and not just once.
In 2016, both the Internal Revenue Service and the Federal Bureau of Investigation were hit by hacks, with the former exposing the Social Security numbers and personal information of hundreds of thousands of private parties, and the latter information about public agents in the Department of Homeland Security and the FBI. [Note 2]
While not all details of the hacks have been made public, it is suspected that information gained by hacking private sector businesses led to the IRS hack. Yet these hacks may be the least of our concerns in the public sector.
Between 2015 and 2016, the US government accused both China and later Russia of hacking into public systems. These demonstrations of cyberespionage are evidence that foreign intrusions are evolving into something beyond moving around warships, staging blockades, or declaring no-fly zones. In some ways, they are much more akin to Cold War tactics.
More importantly, these sorts of hacks are unprecedented. Concerns that Russia may have interfered in the US elections give concerns as to just how safe our public systems really are and if they can be relied upon for accuracy.
You and I
Back at home, individual users face new problems from the hacker menace because our devices carry increasingly valuable information and are often far less secure than larger companies or databases.
Practically speaking, there are a few basic things you can do to keep yourself safe from intrusions. Protecting yourself is valuable both to you and to any companies you associate with, as a single unsafe device can have a cascading effect as companies move towards BYOD (Bring Your Own Device) models.
The standard anti-malware service is a given on any device, mobile or otherwise. What’s less commonly utilized but equally valuable is a Virtual Private Network (VPN) service. It works as a form of private encryption, protecting your internet connection and securing you from hackers, particularly while on public networks. For entry level users, I recommend this guide by Secure Thoughts to learn about the details and if a VPN suits your needs.
Change your passwords every six months to ensure continued security
Other useful apps and software include password management services and backup programs. The former can aid in managing the large number of passwords we as private users are required to juggle each day, while the latter can help recover from losses.
Hackers also have a particular affinity for outdated services, so just make sure anything you have installed is running on the most recent version. Old versions often contain security loopholes or bugs that hackers can exploit. It’s one other reason to beware of older programs that are no longer supported by their respective authors.
Hackers are a serious threat, both public and private, that aren’t likely to go away anytime soon. They may not be as devastating as a single bomb or missile, but they’re considerably more difficult to stop and much more tenacious.
Chances are you or someone you know has already been hacked as a result of so many breaches and may not even know about it. This is the era of eternal vigilance, and if we’re going to keep up with hackers, that means remaining on alert and monitoring our accounts. Keep an eye out for suspicious activity; it’s one of the best ways to prevent damage from getting out of control. And if you don’t, who will?
About the Author: Cassie is a writer and blogger who focuses on internet security and technology. The constant stream of identity theft and public data breaches keeps her very busy writing about how individuals and businesses can be better prepared for future incursions.
[note 1: Jay Leiderman worked on one of these cases but he did not write this post]
[Note 2: Likewise, Jay Leiderman represents a defendant charged in some of these cases]