You are here

If the NSA can be hacked, is anything safe?

By McClatchy Washington Bureau (TNS) - Aug 28,2016 - Last updated at Aug 28,2016

Photo courtesy of thinkprogress.org

 

WASHINGTON — Slowly but surely, the Internet is becoming a hostile place.

As wondrous as the Internet is — with its 3 billion global users — increasingly, danger lurks. Armies of hackers maraud for personal data. Unknown forces invade privacy, installing hidden bugs. Nations engage in low-grade versions of cyber warfare.

Those who believe that some sort of disaster may be in the offing have coined the phrases “Cyber 9/11” and “Digital Pearl Harbour” to suggest a surprise attack that might change our world. Maybe it’ll be terrorists threatening to bring down the power grid. Or hackers monkeying with November election results.

Are the fears warranted? Some experts say they’re overblown. Yet, the issue reflects how the Internet has become the world’s superstructure, knitting the citizenry together. The “Internet of things” is swiftly evolving: the thermostat, the smart TV, the toaster, the locks on doors, all interconnected. Then there are cars. An estimated 70 per cent of automobiles will be connected to the Internet by the end of the decade.

If cybersecurity is not fortified, experts say, aggression and hostility could steadily overtake the Web. The “Internet of things” may morph, as one recent study forecasts, into the “weaponisation of everything”. Imagine elevators going haywire, or pacemakers under the control of extortionists.

Other scenarios are possible, of course. The Internet is in its infancy. Like other technologies, simple but firm steps may make it safer.

The development of the automotive industry, in fact, could provide a map forward.

“People were driving cars on the road for 100 years before the first seat belt law was introduced in 1968. After that law, the number of crashes that ended in fatalities dropped sharply,” said Jeremy N. Galloway, a cybersecurity expert with Atlassian, an Australian software firm. “The Internet is very similar.”

“We haven’t invented the cyber version of the seat belt yet, so we have many more painful accidents to come. We are progressing incrementally, getting better security every day, but fundamentally, the Internet is a place where you need to be cautious, careful and sceptical.”

For many users, the risks appear remote when weighed with the benefits.

“The equation is still clear. For every one of us, the advantages of the Internet are much bigger than the potential risk,” said Amichai Shulman, co-founder of Imperva, a data security company with headquarters in Redwood Shores, California.

Yet, the power of cyberattacks to hurt companies — and even governments — is already apparent. Israel and the United States are believed to have been behind the sophisticated Stuxnet virus that took down key components of Iran’s nuclear weapons programme.

When the film studio Sony Pictures Entertainment was hacked in 2014, US intelligence officials within a month blamed North Korea.

Hackers in mid-2015 carried off the greatest theft of personal data in history, stealing vast troves from the Office of Personnel Management on some 21 million current and former federal employees, their relatives and contractors.

The Kremlin has been blamed in the news media for the theft of some 20,000 e-mails from the Democratic National Committee that first came to light in June, forcing Rep. Debbie Wasserman Schultz from the chair of the DNC and leading to fears of Russian meddling in US elections. House Minority Leader Nancy Pelosi, D-California, called the hack an “electronic Watergate”, evoking the legendary break-in that eventually led former president Richard Nixon to resign in 1974.

Barely a day goes by now without reports of an attack. This month, cybercriminals breached cash register software offered by computer giant Oracle, and other hackers stole credit card data from guests at 20 hotels in 10 states, including Hyatt, Sheraton, Marriott, Westin and others.

Even hardened targets get hit amid signs of global cyber conflict. The nation’s top-secret National Security Agency (NSA) suffered an apparent breach, and the alleged hackers last weekend published some of its most secret cyber tools and weapons on the Internet, a major embarrassment. In Moscow, the government-financed RT television network, once known as Russia Today, said it had faced “massive attacks” this week in sustained digital assaults intended to overwhelm its computer networks.

Concerned about ever bigger cyberattacks, Microsoft in June called for establishment of a global UN-type body of technical experts from governments, the private sector, academics and civil society to ascertain who is behind major cyberattacks.

Those paid to track cyber intrusions and hack attacks say that the hostility that pervades the Internet is vast. Despite the problems, they say it is not yet beyond repair.

“We can combat the bad stuff. We can defend the resources we have. We can adapt where needed. We can’t, however, do nothing. If we give up on protecting resources, data and people on the Internet, then we will end up with an irreparable, and ultimately historical, Internet,” said Tim Erlin, senior director for security and risk strategy at Tripwire, a Portland, Ore.-based company that provides threat protection software tools.

Some see the Web as reaching an inflection point at which concerted action must be taken by individuals, private companies and governments around the world.

“The Internet has tremendous potential, but that potential’s dark side is just starting to rear its ugly head. We need to act now,” the former Homeland Security secretary, Michael Chertoff, wrote in a blog post on the website of the Council on Foreign Relations this month.

Lior Div, a former member of the Israeli military’s elite cybersecurity Unit 8200, knows a thing or two about cyber’s dark side. Let your imagination run wild, and Div says it’s already a reality.

“What I don’t like to do is spread fear,” cautioned Div, who is the chief executive of Cybereason, a Boston-based company that offers military-grade cyber detection. Div spoke on the sidelines of the Black Hat hackers’ convention in Las Vegas earlier this month.

Div said hostile actions are rampant on the Internet but noted that large-scale attacks — ones designed to blow out power grids or carry out major disruptions that could leave hundreds of fatalities — haven’t occurred.

 

“People are thinking of cyber as an atomic bomb. … The thing about cyber is you can be much more precise and exact,” he said.

up
67 users have voted.


Newsletter

Get top stories and blog posts emailed to you each day.

PDF