What’s Really Necessary for Cybersecurity?

SOPA explained: What it is and why it matters

http://money.cnn.com/2012/01/17/technology/sopa_explained/index.htm?iid=EL

What’s the controversial site Megaupload.com all about?

http://www.cnn.com/2012/01/20/tech/web/what-is-megaupload/index.html?iref=allsearch

There was an ongoing massive debate between Hollywood and Silicon Valley about the proposed bills, Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), to combat piracy.  However, more than a week ago these bills were shelved because of recent events which consisted of online and offline protests and the shutdown of a large file-sharing website, Megaupload.com.  These events have brought a few concerns regarding cybersecurity and privacy.

SOPA and PIPA wanted to cut off “rogue” websites from search engines and other services in order to prevent the public from accessing any pirated content hosted on those sites.  Tech companies such as Google and Facebook, were against these bills because the bills would have introduced undefined liabilities and would require for these sites to continuously inspect websites.  As a response Wikipedia and Google, along with several other websites, initiated a “black-out” of their services on January 18 to inform the public of how the bills would affect their digital lives.  Back in the real-world, people went to the streets of major cities such as Washington D.C., NYC, San Fransisco, and Seattle to verbally express their concerns.

One day later, the U.S. government succeeded in shutting down one of the most well-known sites for hosting pirated content, Megaupload.com.  With the help from international governments, they were able to charge seven people with copyright infringement and acquire about $50 million in assets.  The next day, January 20, SOPA and PIPA were officially “postponed” indefinitely.  There is a slight chance that they could come back but only if the bills are drastically revised with a better strategy to combat piracy.

Why does the government or Hollywood need additional laws to fight websites hosting pirated content if they can do so without them?  SOPA and PIPA seemed like they wanted to implement a “legal” denial-of-service attack where rather than making the intended target malfunction or offline, they would just remove the target from search engines.  How would that have succeeded?  The public could have easily bookmarked or remembered the site’s address and return to it even after it has been removed from the search engines.

How does this relate to cybersecurity?  If these laws were passed, then sites like Google would have been forced to monitor our content in order to make sure that they would not be liable if we uploaded copyrighted material.  That would be an intrusion on our privacy because then there would be a huge database of collected data from users who wanted to share with the public.  Even though most of everything that we do gets recorded digitally in today’s society, does that mean that we want the government to know what we are sharing with our family, friends, or anyone else for that matter?  I believe not.

Therefore, the concern still remains:  What is a good balance between keeping our privacy and having security?  How much is the public willing to give up from their lives  to the government for enforcing laws?

Cyber “Warfare”

A recent article published by the New York Times titled “2 Israeli web sites crippled as cyberwar escalate” describes several recent attacks placed against the Israeli (Tel Aviv) stock exchange and El Al (the national airline). These attacks were perpetrated by a single pro-Palestinian cyber criminal known as oxOmar. Furthermore, this is not the first type of attack against the Israeli people as this same hacker had previously posted credit information of more than twenty thousand Israeli citizens.

This got me to think a little more about our current standing in the world and how such attacks could be potentially more harmful and easier to orchestrate than standard warfare or terror attacks. Currently there are hundreds of cyber attacks against the U.S. government and large U.S. companies and corporations that occur on a daily basis. Most of the attacks are simply to gather very specific information or to exploit very specific vulnerabilities. In addition, the most serious of these attacks are typically only executed by a very small amount of people.

Briefly consider the potential consequences of a full-on attack backed by complete government funding and hundreds of hackers/attackers. The potential damage that could be done would be enough to cause serious problems to how both the government, and the economy function. The problem isn’t how secure our systems are but rather when will there will be a force with strong motivation to do harm and the funding to back it.

http://www.nytimes.com/2012/01/17/world/middleeast/cyber-attacks-temporarily-cripple-2-israeli-web-sites.html?_r=1

The Criminal Mindset, or, “I Think I Can”

Theories abound as to the motivation of someone who decides to sink below the letter of the law (or rise above it, depending), from the far out to the mundane.  Quite interestingly, it may be nearly impossible to ever retrieve a scientifically accurate representation of this data – criminals, much like wild animals, are rarely academically observed in the wild, only in the zoo of the prison system, where they will invariably act much different toward their prospective observers.

Speaking candidly as someone who has stolen from, emotionally harmed, and otherwise caused detriment to others in a distant past, I would offer the opinion that more often than not, a psychologically healthy criminal has one mindset, which boils down to, simply, “I can get away with this.”

Mind you, I have never committed a violent crime against another, nor would I; nor am I what you would call a “hardened criminal,” though I have spent an aggregate of roughly 24 hours in various jails across the country – so take the rest as you will.

Objectively, I could stand by an argument that in some felonies, a certain amount of very rudimentary “cost-benefit analysis” takes place.  Though deranged as it may be, a young person with no positive influences in their world could certainly value the kinship at stake in murdering an unknown person in order to gain favor in a gang over that stranger’s life.  Alternately, it may even be subjectively worth it to defraud hundreds or thousands of people out of millions or billions of dollars, depending on your personal morals.

For some, it can be deduced that trading a downtrodden life of poverty and loneliness for wealth and companionship could transcend any artificial, manmade consequences.

However, in the commission of most, if not all crimes, there must exist a certain measure of confidence in one’s ability to reap the reward without said consequence.  Whether it’s the aforementioned murderer, or a speeder on the interstate, or even or a child trying to play video games with the sound off after bedtime, the action can only even enter the mind after successfully spurning previous boundaries.

I realize this must sound paradoxical, but as toddlers, we absorb the world around us in very unique ways.  We are constantly pushing boundaries, both ours and those of others, and customarily, we are restrained.  It is only upon the absence of such restraint do we find the behaviors that we find what we are capable of outside of the limits of “regulations,” whether they be household rules, or manmade laws.

By building upon the selfish character of our human nature as we age, we eventually grow to learn that sometimes, there are rules that can be broken, and we discover the methodologies to do so.  Expanding on this, we can arrive at the logical mindset of what, socially and ethically, we can call “a criminal.”

In short, as long as there are humans, there will be opportunists, and as long as there are opportunists, there will continue to be those who are willing to subvert the laws put forth before them.

Citations:
http://bit.ly/xzTgpl – “The Overly Confident Mentality of Criminals”
http://bit.ly/zQyFhu – “Criminal Mindset”

Another Major Online Retailer Hacked

Zappos hacked, 24 million accounts accessed

 

 

http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htm

 

Once again 24 million customers of an online store have had their personal information compromised.  Zappo recognized that there was an illegal and unauthorized access to account information.  Unfortunately along with customer information being stolen passwords were also taken and the company is requesting that you change your password not only for Zappos for any other site you may have used the same username/password combination for.

                Zappos has ensured their customers that all password data is encoded and that attackers would not be able to decode or want to take the time.    6PM.com is a daughter company of Zappos and their customers were also affected. The sad truth is that the Zappos attack still pales in comparison to the Sony attack that affected 77 million customers or the Citigroup attack which stole 2.7 million from people accounts.  Data Breaches have cost corporations 130.1 Billion last year.  This includes the amount of 39 Billion actually stolen.

What Is

As many may know, there have been sophisticated attacks on many major world companies in the world over the last decade or so. Now most of these are reputed with a fair bit of backup proof to come from one source, but that is not the topic of discussion of this post. My point is why it can happen and continue to happen.

Our information’s systems are a massive, complicated, system stretching over and connected to even more networks around the world. Connections are made, broken, and remade in the blink of an eye, loads of information transferred around the world with no true origination port or destination. Information, unlike any other commodity or possession, can be copied or stolen without actually removing it from the source, leaving detection to the forensics specialists, if they even know to look. People can go into a system, move through it gleaning what they might, and continue onto another system.

That very interconnectivity, while maybe wonderful for research and other legitimate operations leaves us open to many sorts of attacks, and once they enter the system, they might flow to any other connected system with little to no other interference. Not only are the systems interconnected to nigh everything, they very infrastructure is antiquated, as the financial burden would be impossible for a country to bear. A person or organization with the right motivation and equipment could shut the country down and mess with our infrastructure to the point of destruction.

http://www.bloomberg.com/news/2011-12-13/china-based-hacking-of-760-companies-reflects-undeclared-global-cyber-war.html