Jul 16Last Year Data Breaches Cost Almost Half a Billion Dollars with over 800 Million Records Compromised
More than Enough Material to Merit a Special Report, “Defending the Digital Frontier” by the Legendary British Journal, The Economist
If your Economics 101 class was anything like the ones many of us had to endure, just the word, “economist”, is enough to have you racing to the closest Starbucks for a double Venti. Fortunately, The Economist’s report is a lot livelier than that economics class back in the day — likely one of the reasons the publication’s been around since 1843.
Anyway, The Economist’s just released “Defending the Digital Frontier” (You may find the complete report by clicking this link.), which explores everything from possible remedies to the different types of hackers, their motives and modes of operation and why they can be so difficult to track.
Tracing the exact source of an attack can be next to impossible if the assailants want to cover their tracks.
Over the past decade or so various techniques have been developed to mask the location of web users. For example, a technology known as Tor anonymizes internet connections by bouncing data around the globe, encrypting and re-encrypting them until their original sender can no longer be traced.
Conversely, some hackers are only too happy to let the world know what they have been up to. Groups such as Anonymous and LulzSec hack for fun (“lulz” in web jargon) or to draw attention to an issue, typically by defacing websites or launching distributed-denial-of-service (DDoS) attacks… Anonymous also has a track record of leaking e-mails and other material from some of its targets.
Criminal hackers are responsible for by far the largest number of attacks in cyberspace and have become arguably the biggest threat facing companies. Some groups have organized themselves so thoroughly that they resemble mini-multinationals. The police found that [one] group was paying salaries to its staff and had hired a marketing director to tout its software to hackers. It even maintained a customer-support team.
The report also argues that there is a need to provide incentives to improve cybersecurity.
One idea is to encourage internet-service providers (ISPs), or the companies that manage internet connections, to shoulder more responsibility for identifying and helping to clean up computers infected with malicious software (malware). Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.
An additional reason for getting tech companies to give a higher priority to security is that cyberspace is about to undergo another massive change. Over the next few years billions of new devices, from cars to household appliances and medical equipment, will be fitted with tiny computers that connect them to the
web and make them more useful. Dubbed “the Internet of things”, this is already making it possible, for example, to control home appliances using smartphone apps and to monitor medical devices remotely.”
And the report contains a number of fascinating anecdotes.
One night in April a couple in Ohio was [awakened] by the sound of a man shouting, “Wake up, baby!” When the husband went to investigate, he found the noise was coming from a web-connected camera they had set up to monitor their young daughter while she slept. As he entered her bedroom, the camera rotated to face him and a string of obscenities poured forth.
The webcam was made by a company called Foscam, and last year a family in Houston had a similar experience with one of their products. After that episode, Foscam urged users to upgrade the software on their devices and to make sure they had changed the factory-issued password. The couple in Ohio had not done so. The problem arose even though Foscam had taken all the right steps in response to the initial breach, which shows how hard it is to protect devices hooked up to the internet.