TODAY'S PAPER
53° Good Evening
53° Good Evening
NewsNew York

No end in sight as major hack attacks alarm companies and NYers

amny

amny Photo Credit: amNY Photo Illustration

Ryan Field, 23, of Astoria, owns a PlayStation 3, so after the Sony network was downed by hackers a few months ago, he's been vigilantly keeping tabs on his bank accounts.

"It's a big deal," he said of the hacking threat. "If you're gonna have such a big network like Sony or like a bank, you should probably put as much effort into protecting it as possible."

When it comes to security, it seems the Internet just can’t hack it. Indeed, however secure a system is built, experts say this is an unending cat-and-mouse battle — a computer system is, after all, only as strong as the weakest human operating it.

"There's an old saying hackers have," said Steve Winterfeld, co-author of "Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners.” “You can't patch stupid."

Just yesterday morning, followers of the Fox News politics Twitter account were alarmed by hackers who posted that President Barack Obama had been assassinated.

None of us, it seems, are safe against the malevolent keyboard lurkers such as the recently disbanded LulzSec, and Anonymous, which announced Sunday it hacked passwords and usernames from Apple.

An inevitable (and avoidable) crisis

Experts say that the seemingly endless string of data breaches was long overdue, since major companies simply don't invest enough resources in security to defend against these exact attacks.

Generally, there are three types of hackings: for-profit, criminal hacking; nation-state sponsored attacks; and hacktivism attacks, which is the type we've seen recently.

But for the more high-profile hackers of late, the jig may be is up.

Unplugging the hackers

LulzSec said they disbanded because of boredom, but it's likely that they felt the heat from the authorities.

Interestingly, the volume of attacks over the past decade or so has remained relatively constant. There seem to be more because legislation is forcing companies to disclose when they've been victimized.

Only some states have such disclosure regulations — New York itself does — though federal bills are being discussed.

Mark Bower, vice president of product management at Voltage Security, said that the high-profile attacks may accelerate broader, federal legislation.

"The scale and sheer cost to fix these things up is such a big deal that it can really grease the skids of legislation," Bower said. "It's time for government to step up."

Still, given the attention that the recent attacks have received — and the embarrassment of victimized companies — fundamental security changes in the industry are already under way.

"To be honest, you will see more real change from events such as we're seeing right now than we'll ever see from legislation," said Michael Sutton, a security researcher for Zscaler Cloud Security.

These are "situations where your reputation is being destroyed, and so you're going to take that very seriously."

 

***

Though every Internet user is susceptible to hacking, experts say there are a few simple things users can do to protect themselves:

— Have strong, alphanumeric passwords that use lower-case and capital letters and other symbols
— Use different passwords for every account, particularly email, bank accounts and other financial services
— Set up a firewall on your computer and make sure you have anti-virus and spyware-detecting software
— Closely monitor bank accounts for abnormal activity
— If an email looks suspicious, verify with the sender that he or she actually sent it
— Download the latest patches and updates for your operating system

Comments

We're revamping our Comments section. Learn more and share your input.

More news