Social Networking Sites: Worth the Risk?

I know I’m starting to lose it in my dotage. But I’m starting to fret that the greatest threat to our personal privacy and freedom — and our economy and national security — is the ability of some nation, criminal organization or terrorist group to unleash a Lisbeth Salander who can hack away at our computer systems and turn the Internet and our lives into mush.

What happens when everyone’s checking account flashes zero? Just a thought.

And I guess I’m not the only one yelling fire in a crowded movie theater about this. Here’s from the NYT, “Expert Issues A Cyberwar Warning“:

MOSCOW — When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.

“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called the CeBIT conference, last month in Sydney, Australia. While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.

Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Mr. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard. But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.

A growing array of nations and other entities are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments.

Uh, gulp.

So is this a case where we should just follow the advice of the great American philosopher Bobby McFerrin who opined: “Don’t Worry, Be Happy“?

Probably not.

Here’s an excerpt from a NYT op-ed by Preet Bharara, the United States attorney in Manhattan, “Asleep at the Laptop“:

THE alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States. With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat.

Some cybercrime is aimed directly at our national security, imperiling our infrastructure, government secrets and public safety. But as the recent wave of attacks by the hacker collective Anonymous demonstrates, it also targets private industry, threatening the security of our markets, our exchanges, our bank accounts, our trade secrets and our personal privacy.

With all the attention paid to the so-called fiscal cliff approaching at year’s end, it is equally important to ask whether collective inaction has us simultaneously barreling toward a cybercliff of equal or greater height.

As the United States attorney in Manhattan, I have come to worry about few things as much as the gathering cyberthreat. Law enforcement is racing to respond, filling its ranks and fortifying its defenses against cyber-malefactors. Businesses should worry, too. But my experience suggests that they are not doing nearly enough to protect themselves, their customers and their shareholders.

Recently I met two executives from major companies who did not even know whom in law enforcement to contact in the event of a hack or intrusion. A few weeks ago, after a speech I gave about cybercrime, a board member of a significant Internet-based company took me aside and admitted, with some horror, that his company’s board had not spent a single minute discussing cybersecurity.

Hmm. Why Worry, Be Happy.

Well, I started thinking about this yesterday when I received a slew of emails from LinkedIn telling me to change my password. Oh boy. A nap-interrupting wild goose chase. And I don’t use LinkedIn for anything — but amazingly, I joined several years ago disclosing a password (which I can’t remember now) and most likely other personal information.

Here’s the reason, from PCWorld, for the sudden interest in my LinkedIn account:

LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts.

Vicente Silveira, Director at LinkedIn, confirmed the hack on the company’s blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid.

Silveira added that owners of compromised accounts will receive an email from LinkedIn with instructions on how to reset their passwords. These owners then will get a second email from LinkedIn customer support that explains the situation at greater length.

Silveira also apologized to those affected, saying LinkedIn takes the security of members very seriously.

The fact is that these sites apparently can’t protect our personal information or privacy. So I’m going to try to figure out a way to delete as much personal information as possible. Not worth the risk.

And since I’m sure that won’t be easy, in the meantime, I’m sitting here singing along with Bob Marley and hoping that Ohio enacts a medical marijuana law to cover illnesses and neuroses associated with blogging.

 

 

Lisbeth Salander: Did China Strike Again?

I guess it’s OK to let women and children back on the streets in DC. Members of Congress are heading for the hills — without approving an extension of the payroll tax cut or forcing Prez O to say yes or no to the proposed energy pipeline from Canada to the Gulf Coast.

Ho-hum.

Here’s a much more interesting story coming from Inside the Beltway this morning.

The Wall Street Journal is reporting this morning that hackers in China gained access to the computer systems and networks at the U.S. Chamber of Commerce — the primary lobbying group for businesses in this country. Here’s from the WSJ story, “Chinese Hackers Hit U.S. Chamber“:

A group of hackers in China breached the computer defenses of America’s top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 Internet addresses, was discovered and quietly shut down in May 2010.

It isn’t clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber’s internal investigation.

One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government. The Chamber learned of the break-in when the Federal Bureau of Investigation told the group that servers in China were stealing its information, this person said. The FBI declined to comment on the matter.

A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China “lacks proof and evidence and is irresponsible,” adding that the hacking issue shouldn’t be “politicized.”

And more:

When sophisticated cyberspies have access to a network for many months, they often take measures to cover their tracks and to conceal what they have stolen.

To beef up security, the Chamber installed more sophisticated detection equipment and barred employees from taking the portable devices they use every day to certain countries, including China, where the risk of infiltration is considered high. Instead, Chamber employees are issued different equipment before their trips—equipment that is checked thoroughly upon their return.

Chamber officials say they haven’t been able to keep intruders completely out of their system, but now can detect and isolate attacks quickly.

The Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.

“It’s nearly impossible to keep people out. The best thing you can do is have something that tells you when they get in,” said Mr. Chavern, the chief operating officer. “It’s the new normal. I expect this to continue for the foreseeable future. I expect to be surprised again.”

The ability of rogue nations like China and Russia, criminals and other miscreants to easily gain personal information, security documents and so on represents a serious risk to our economy and national security. Here’s an interesting article in Time, “Hackers Are the New Mob: White House Gets Serious on Cybercrime.”

When I read the story this morning about the US Chamber I kind of chuckled. Not because it’s funny. It’s not. But because opening this week in theaters around the country is the flick “The Girl with the Dragon Tattoo.”

It’s based on one of the books in Stieg Larsson’s popular trilogy “Milennium” series.

And the main character is Lisbeth Salander — who among other things has the ability to essentially hack her way into any computer or access any organization’s entire network.

I read the three books in the series, and it strikes me that what Lisbeth was doing in the world of fiction is, ah, doable in the real world.

And that’s scary.

Maybe the nation that has access to the most Lisbeth Salanders will win.

Think about it.