Daily Archives: June 7, 2012

Social Networking Sites: Worth the Risk?

I know I’m starting to lose it in my dotage. But I’m starting to fret that the greatest threat to our personal privacy and freedom — and our economy and national security — is the ability of some nation, criminal organization or terrorist group to unleash a Lisbeth Salander who can hack away at our computer systems and turn the Internet and our lives into mush.

What happens when everyone’s checking account flashes zero? Just a thought.

And I guess I’m not the only one yelling fire in a crowded movie theater about this. Here’s from the NYT, “Expert Issues A Cyberwar Warning“:

MOSCOW — When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.

“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called the CeBIT conference, last month in Sydney, Australia. While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.

Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Mr. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard. But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.

A growing array of nations and other entities are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments.

Uh, gulp.

So is this a case where we should just follow the advice of the great American philosopher Bobby McFerrin who opined: “Don’t Worry, Be Happy“?

Probably not.

Here’s an excerpt from a NYT op-ed by Preet Bharara, the United States attorney in Manhattan, “Asleep at the Laptop“:

THE alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States. With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat.

Some cybercrime is aimed directly at our national security, imperiling our infrastructure, government secrets and public safety. But as the recent wave of attacks by the hacker collective Anonymous demonstrates, it also targets private industry, threatening the security of our markets, our exchanges, our bank accounts, our trade secrets and our personal privacy.

With all the attention paid to the so-called fiscal cliff approaching at year’s end, it is equally important to ask whether collective inaction has us simultaneously barreling toward a cybercliff of equal or greater height.

As the United States attorney in Manhattan, I have come to worry about few things as much as the gathering cyberthreat. Law enforcement is racing to respond, filling its ranks and fortifying its defenses against cyber-malefactors. Businesses should worry, too. But my experience suggests that they are not doing nearly enough to protect themselves, their customers and their shareholders.

Recently I met two executives from major companies who did not even know whom in law enforcement to contact in the event of a hack or intrusion. A few weeks ago, after a speech I gave about cybercrime, a board member of a significant Internet-based company took me aside and admitted, with some horror, that his company’s board had not spent a single minute discussing cybersecurity.

Hmm. Why Worry, Be Happy.

Well, I started thinking about this yesterday when I received a slew of emails from LinkedIn telling me to change my password. Oh boy. A nap-interrupting wild goose chase. And I don’t use LinkedIn for anything — but amazingly, I joined several years ago disclosing a password (which I can’t remember now) and most likely other personal information.

Here’s the reason, from PCWorld, for the sudden interest in my LinkedIn account:

LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts.

Vicente Silveira, Director at LinkedIn, confirmed the hack on the company’s blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid.

Silveira added that owners of compromised accounts will receive an email from LinkedIn with instructions on how to reset their passwords. These owners then will get a second email from LinkedIn customer support that explains the situation at greater length.

Silveira also apologized to those affected, saying LinkedIn takes the security of members very seriously.

The fact is that these sites apparently can’t protect our personal information or privacy. So I’m going to try to figure out a way to delete as much personal information as possible. Not worth the risk.

And since I’m sure that won’t be easy, in the meantime, I’m sitting here singing along with Bob Marley and hoping that Ohio enacts a medical marijuana law to cover illnesses and neuroses associated with blogging.