Social Networking Sites: Worth the Risk?

I know I’m starting to lose it in my dotage. But I’m starting to fret that the greatest threat to our personal privacy and freedom — and our economy and national security — is the ability of some nation, criminal organization or terrorist group to unleash a Lisbeth Salander who can hack away at our computer systems and turn the Internet and our lives into mush.

What happens when everyone’s checking account flashes zero? Just a thought.

And I guess I’m not the only one yelling fire in a crowded movie theater about this. Here’s from the NYT, “Expert Issues A Cyberwar Warning“:

MOSCOW — When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.

“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called the CeBIT conference, last month in Sydney, Australia. While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.

Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Mr. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard. But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.

A growing array of nations and other entities are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments.

Uh, gulp.

So is this a case where we should just follow the advice of the great American philosopher Bobby McFerrin who opined: “Don’t Worry, Be Happy“?

Probably not.

Here’s an excerpt from a NYT op-ed by Preet Bharara, the United States attorney in Manhattan, “Asleep at the Laptop“:

THE alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States. With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat.

Some cybercrime is aimed directly at our national security, imperiling our infrastructure, government secrets and public safety. But as the recent wave of attacks by the hacker collective Anonymous demonstrates, it also targets private industry, threatening the security of our markets, our exchanges, our bank accounts, our trade secrets and our personal privacy.

With all the attention paid to the so-called fiscal cliff approaching at year’s end, it is equally important to ask whether collective inaction has us simultaneously barreling toward a cybercliff of equal or greater height.

As the United States attorney in Manhattan, I have come to worry about few things as much as the gathering cyberthreat. Law enforcement is racing to respond, filling its ranks and fortifying its defenses against cyber-malefactors. Businesses should worry, too. But my experience suggests that they are not doing nearly enough to protect themselves, their customers and their shareholders.

Recently I met two executives from major companies who did not even know whom in law enforcement to contact in the event of a hack or intrusion. A few weeks ago, after a speech I gave about cybercrime, a board member of a significant Internet-based company took me aside and admitted, with some horror, that his company’s board had not spent a single minute discussing cybersecurity.

Hmm. Why Worry, Be Happy.

Well, I started thinking about this yesterday when I received a slew of emails from LinkedIn telling me to change my password. Oh boy. A nap-interrupting wild goose chase. And I don’t use LinkedIn for anything — but amazingly, I joined several years ago disclosing a password (which I can’t remember now) and most likely other personal information.

Here’s the reason, from PCWorld, for the sudden interest in my LinkedIn account:

LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts.

Vicente Silveira, Director at LinkedIn, confirmed the hack on the company’s blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid.

Silveira added that owners of compromised accounts will receive an email from LinkedIn with instructions on how to reset their passwords. These owners then will get a second email from LinkedIn customer support that explains the situation at greater length.

Silveira also apologized to those affected, saying LinkedIn takes the security of members very seriously.

The fact is that these sites apparently can’t protect our personal information or privacy. So I’m going to try to figure out a way to delete as much personal information as possible. Not worth the risk.

And since I’m sure that won’t be easy, in the meantime, I’m sitting here singing along with Bob Marley and hoping that Ohio enacts a medical marijuana law to cover illnesses and neuroses associated with blogging.

 

 

Cyber Attacks, Journalism and National Security

Somebody — or something — hacked my Twitter account over the weekend. That seems like kind of a silly waste of time and technology since I rarely even look at Twitter these days other than to keep an eye on a few national journalists. And I expect that most of my Tweets end up in the equivalent of a Twitter junk mail queue in any event.

So for me this is mostly embarrassing to the extent that I really don’t want people to think I am sending messages saying something like — “must be you in this photo” — with the accompanying photo I imagine not something you want to circulate widely unless you’re a celebrity or elected government official. And I most likely would never have even known about this cyber attack except that a real-life friend sent me an e-mail about it.

But hacking is very much in the news these days. And it’s not a trivial matter.

Rupert Murdoch, family and friends will be grilled in Parliament today over the unethical and most likely criminal activities involving News Corporation and its merry gang of scribblers and Talking Heads. And yesterday, Lulz Security, described by the NYT as “the hacking group,” attacked some of the Murdoch media properties and website. Here’s from the story “Lulz Security Says It Hacked News Corporation Sites“:

The hacking group Lulz Security claimed responsibility for a string of attacks on Web sites belonging  to the News Corporation on Monday. Among the attacks, the hacking group planted a fake article about the death of Rupert Murdoch, the chairman of the News Corporation, on one of the company’s newspaper sites.

The fake article appeared on a page at new-times.co.uk, which had apparently been used to inform readers about a new design for the site of The Times of London. It said Mr. Murdoch had died from a drug overdose.

Mr. Murdoch’s company is facing a sweeping scandal in Britain, set off by revelations that journalists at his newspapers hacked into voice-mail accounts in search of news.

After posting the fake article, LulzSec apparently altered the Web site of The Sun, another Murdoch paper, so that it sent site visitors to the article. Soon after, the Sun site instead forwarded visitors to the LulzSec Twitter page.

LulzSec also claimed it had changed the DNS addresses for all of News International’s Web sites, making them completely inaccessible to the public. DNS refers to the Domain Name System, which is a directory that connects Web site names to numerical Internet addresses.

When News International, the British newspaper division of the News Corporation, posted what appeared to be a statement about the hacking of The Sun’s site on its corporate site, those who tried to read the statement were also sent to the Twitter page. The sites of News International, The Sun and The Times were all unreachable later in the evening.

LulzSec said last month that it was closing up shop and would discontinue a hacking spree, but the group seems to have reorganized and is now active again.

The group has claimed responsibility for hacking a number of sites over the last two months, including those of PBS, the United States Senate, the Arizona Department of Public Safety and the Web site of a company associated with the Federal Bureau of Investigation.

Not that funny, folks. The entire situation involving News Corporation is a black eye for ethical and responsible journalism. But the ability of individuals and groups to hack personal accounts and websites — and launch cyber attacks against organizations and governments — represents a real threat to our economy and national security.

During his recent confirmation hearing to become the head sled at the Department of Defense, then CIA chief Leon Panetta warned that a “cyber attack could be the next Pearl Harbor.”

CIA director Leon Panetta has warned that a large-scale cyber attack that could take down power, finance, security and governmental systems is a ‘real possibility’.

Appearing before Congress in a confirmation hearing for his appointment as secretary of defense, Mr Panetta said that the U.S. could face cyber warfare.

‘The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems,’ said Mr Panetta.

‘This is a real possibility in today’s world,’ he told the Senate Armed Services Committee.

‘As a result, I think we have to aggressively be able to counter that. It is going to take both defensive measures as well as aggressive measures to deal with it.’

Mr Panetta is due to take over from Robert Gates as secretary of defense at the end of the month.

His comments came after the Pentagon said that the U.S. could treat cyber attacks originating from foreign countries to be the equivalent to acts of war.

The International Monetary Fund became the latest high-profile institution to admit that it had been targeted by sophisticated cyber attackers.

I’m convinced that it won’t be too long before the Lisbeth Salanders of the world emerge as the most feared economic and political terrorists. And maybe they are getting their start by hacking the Twitter accounts of pajama-clad citizen journalists.