YOU WILL BE
L
Seemingly we’re racing toward a society where our watches pay bills, OPINION
|
NEWS
|
GREEN
|
FEATURE STORY
|
Each year Internet hackers steal millions of people’s credit-card info, Social Security numbers, passwords and more. Why can’t anyone stop them? BY CHRIS PARKER our cars drive themselves and our appliances are connected to the web, yet even today’s relatively simple networks can’t remain secure. What’s going to happen when the number of network access points increases a millionfold? “This is a problem that has been building in magnitude and potential harm for 40 years,” said Julie Ryan, a George Washington University informational security researcher. “It only recently got so tightly coupled and so intertwined in our normal everyday life that it started becoming a problem of enormous significance.” Good luck trying to apply a comprehensive fix. “Up until now, there has been very little incentive for commercial businesses to spend an awful lot of time and money getting into security,” Ryan said. The latest government numbers suggest about 17 million Americans suffered identity theft last year, or about 7 percent of those over age 16—with a total loss at about $25 billion. Fraud has doubled in the United States over the past seven years, and cybercrime has increased across the board. According to a recent PricewaterhouseCoopers report, the
ARTS&CULTURE
|
ART OF THE STATE
|
FOODFINDS
|
FILM
number of detected information security breaches globally has increased by half over the past year. The extent of network security problems has been put into sharper focus over the past 18 months, beginning with Edward Snowden’s revelations on the pervasiveness of state-sponsored spying and cybershenanigans of the sort hinted at by the Stuxnet worm that hit Iran’s nuclear centrifuges. This was followed by 2013’s series of holiday retail thefts at Michaels, Neiman Marcus, Target and other retailers of more than 40 million credit-card numbers, the largest theft until the Home Depot breach in April. The Home Depot and Target hackers found their way onto the retailers’ systems by acquiring a third-party vendor’s credentials—in the case of Target, from a Pennsylvania heating, ventilation and air-conditioning company. Once inside, they were able to use vulnerabilities in Windows to load malware onto the point-of-sale terminals that scan personal cards. Thereafter, every card scan was recorded and secretly published online for the thieves to scoop up. “This is worrisome because this follows a classic route where |
MUSICBEAT
|
NIGHTCLUBS/CASINOS
|
THIS WEEK
open-source researchers see malware that targets the POS terminals that retailers use for swiping cards,” said Richard Stiennon, author of Surviving Cyberwar. “Retailers ignored that information because they weren’t looking for it. They’re just not looking outwards at new threats.” And it’s no longer just big-box retailers facing such threats. In the past several months other POS malware has been discovered at more than a thousand commercial businesses. The cyberthreat is hardly limited to retail. In September 2013, a Russian group started holding personal computers hostage with malware dubbed CryptoLocker. The software freezes the victim’s computer unless the correct key is entered. More than a half-million individuals and companies were struck, including a Massachusetts police station that paid a $750 ransom to remedy the situation before European law enforcement arrested the Russian perpetrators in May. Individuals aren’t the only targets of such cyber-ransoms. In June, Nokia acknowledged that several years earlier, a blackmailer had acquired the encryption key for its Symbian smartphone |
MISCELLANY
|
FEBRUARY 12, 2015
|
RN&R
continued on page 14
‘A problem of enormous significance’
Hacked
“YOU WILL BE HACKED”
ast year didn’t end on a high note for Sony Pictures Entertainment, which was famously hacked recently and had sensitive internal files compromised. Five movies—four of them unreleased—were leaked along with personal data, including executive salaries, release schedules, employee criminal background checks and passwords (kept securely in a directory titled “passwords”). As a result, the company’s entire network was shut down, and employees couldn’t use their computers or laptops for more than a week. While there were some resulting high-profile scandals—embarrassing emails, shocking financial revelations— the most notable consequence, perhaps, was Sony’s initial decision to delay its theatrical release of The Interview, Seth Rogen and James Franco’s “political” comedy about the assassination of North Korean leader Kim Jong-un, amid fears that its system had been infiltrated by North Korean hackers. The irony of the Sony Pictures situation, however, is that its leaky security was exposed three years ago by two Arizona men in concert with LulzSec (Lulz Security) leader-turned-stoolie Sabu, a.k.a. Hector Xavier Monsegur. Then, the group released names, emails and passwords of 75,000 people. Raynaldo Rivera, 20, and Cody Kretsinger, 24, were convicted in 2013, sent to prison for 12 months and ordered to pay $605,663.67 in restitution to cover Sony’s associated costs, including a full security overhaul that doesn’t appear worth the money spent. The Sony Pictures mishap is only the latest in a disquieting trend of highprofile computer incursions, from the Home Depot and Target to JPMorgan Chase & Co. and Apple’s iCloud. Nearly everywhere we turn, our personal information, photos and credit-card information are getting compromised. In September, the Home Depot revealed that a cyber-attack in April had exposed more than 50 million customer credit cards and email addresses. Consumer information never has been more imperiled, and yet very little is getting done to address the issue. In fact, although identity theft runs rampant, fraud seems little more than an entry in the ledger for companies that write it off as a business expense. “Identity theft is kind of like flu deaths,” said Mark Patton, a University of Arizona computer researcher. “We freak about one Ebola death, but just accept the fact that 40,000 people a year die of the flu. We’re just so used to identity theft that we’ve stopped putting out screaming headlines.”
|
13
