I will make some more observations about this online world that we find ourselves living in in 2016, as the entire world is going in this direction.
First, you must understand that I have a love\hate relationship with technology. I’m a tech guy and, if I had the money, I would own every little gadget that was ever produced on this great planet, but being on disability still and loaded down with eight kids, I can’t afford much. But still: I’ve got a degree in computer science, have worked in the field for thirty years, read about it all the time and dabble in it as much as I can. Our Church has a project going on, and I am setting up some equipment I’ve never worked with before – along with the software – so the fact that I don’t know what I’m doing has never stopped me, nor will it this time. You just figure it out – that is, if you happen to like this stuff, which I do.
But liking this stuff and having worked with it on a daily basis for years means that I know it up close and personal. Perhaps too up close and too personal. It’s like living with a roommate whom everyone likes but you know where they throw their socks and the odd combinations of food they somehow eat, as well as their belching schedule. They’re great, but you know the inside scoop. And that’s how I am with technology.
One Take
I have many takes on technology but, for the purposes of this particular blog, we will deal with one and perhaps the most egregious: security. The assertion for this blog is this: everything is hackable; some more, some less, but in the final analysis, it can all be cracked. The entire infrastructure we’ve designed is about as secure as leaving your front door thrown wide open, with no cars in the driveway and the lights off. Welcome, Oh Hacker, to my abode!
Ok, something of an exaggeration, but you get the idea.
But how bad is it really? Pretty bad. I read a lot and constantly come across egregious hacks and hacks that you wouldn’t think possible. I will not bore you, but we can consider the following:
-
A 15 year old hacked into NASA and shut down the computers on the International Space Station for 21 days. “Yes, James hacked into NASA’s network and downloaded enough source code to learn how the International Space Station worked. “
- Kevin Poulsen hacked into a radio station using his knowledge of telephone systems and set himself up as the winning caller of a new Porche.
- Criminals in Pittsburgh ATM machines to think they were giving out $1 rather than $20, thus astronomically upping the cash the machine dispensed. They used just the banks keypad to accomplish the hack.
Ok, these are pretty amazing examples, but closer to home it’s possible for students to hack into their school’s grade database when using the computers in the computer lab (Youtube can show you how to do this but I’m not going to include the link, for obvious purposes); the signs on the roadway that admonish us to “Buckle Up” – those signs can be hacked and replaced with your own private message; wireless printer\scanners have been hacked; when you scan a bank document and leave it, the hacker takes control of the device, re-scans it and makes off with your bank information (or whatever you left on the glass.)
You may not be convinced but, surely, a huge corporation with lots of IT guys running around must be safe. Not true. The biggest bank in the world, Chase Manhattan, got hacked in 2014; the hackers were in the system for three months and had deep administrator access to their servers. Target, Home Depot etc. have all been hacked. Sony Pictures have been hacked – very hacked. We can add Premera Blue Cross, Anthem, the US Postal Service, Staples, Kmart, Dairy Queen, P.F. Changs, Government employees, Ebay Users, to name a few.
You can ask: Is anything safe? The answer: no. Some are more difficult to hack, some less, but its all hackable.
The fact of the matter is that security is difficult to fully implement and keep implemented. There are just so many pieces that have to come together to have a secure system, and one of the biggest potential problems is the human being running the computer. Hackers infiltrated Chase Manhattan reportedly through a single server that happened to be left unpatched – one server out of thousands. And another bank in Eastern Europe was hacked when the hackers, in the system for months, figured out how to get the ATM machines to spit out money at certain times and sent a person to collect the cash. How did they get in? By sending fake emails to employees, who opened them and followed links therein – thus infecting the entire bank. What is neat about this hack is that the hackers watched the operators for months, figuring out how the system worked, and ended up stealing millions.
Then there’s Me
I’m a computer guy, and we can ask the question: “Well, Mr. Nerd, how do you do with your own security?” The answer: ok but not so great. Like my passwords: I have about 345,203 passwords to just about every web page ever produced and use LassPass to keep it all organized, lest I lose my mind, but even here: LassPass allows you to create complex passwords for these many websites and you only have to remember one master password. A great idea. Have I created complex passwords for these sites? For a few I have, but mostly not. And why not? Laziness.
And of course when you’re out at DD, you should have a VPN setup – obviously. But here I am, right now, sitting at DD typing without a VPN. Of course I know these hotspots are incredibly insecure, but type away I do on their wireless network.
Online banking is a big issue. You should dedicate one computer to this and this alone, and with my computer expertise I could easily setup a virtual OS and use that for banking, and nothing else. Hey, I wouldn’t incur the cost of dedicated hardware just for that. But I don’t. Even worse, I do my banking on my smartphone.
I should know better, but don’t . Like banking: it’s just too convenient to whip out your cell phone and check your balance or transfer funds. Setting up a VPN is not hard but it’s another thing to do. Hey, I’ll probably be ok. No problems so far, right?
Yes, there’s also been a time when I almost responded to an email that looked like it was from my bank, Chase Manhattan. It looks so like a Chase email, I almost fell for it. I was in a hurry, and it’s too easy just to keep clicking. Then, at the last moment, I noticed the URL was not even remotely similar to Chase’s and stopped, and I’m a computer guy. What chance does the regular user have?
I do better with keeping my systems up to date with Windows Update and Ninite, which updates my applications, and I don’t use Internet Explorer (spawn of the devil), so I’m not totally crazily insecure. I do use an anti-virus but know enough to realize they are not the silver bullet most users think they are. Anything I download I check with an awesome site – www.virustotal.com – that inspects the download and certifies that it’s not infected or filled with stupidware.
Little Old Me: Hacked
A year ago odd charges showed up on our banking statement. Apparently I used a taxi cab in New York City and got a hotel there; also ate out for a fair amount of money. It must have been fun, but I was never there during the time period when the transactions were posted. What was going on?
I called my bank, and all the charges were reversed. Our little bank in Cato, Community Bank, had been hacked and from this we believe my information ended up with someone in New York City, who ended up having a nice time out on my money. When we were getting the charges reversed, the representative from the bank told me, “Oh, it looks like they presented your card when they made the charges.”
“That can’t be,” I said. “I have my card with me.”
“Oh, they can make a copy of your card once they get your numbers.”
“Really!” I said.
“The scary part is that you can buy a machine that does that on the internet. It only costs about $100.”
Would you agree: scary?
Conclusion
None of this would really matter except that we have committed our entire life to this online world and, if we haven’t done that ourselves, major corporations and the government have done it for us. Think of all those government employees whose background checks were stolen by a hacker; they probably just filled out the forms, not knowing that their information was out there for someone to steal. The same goes for the patients at Anthem – who knew the information they gave to the insurance company could be stolen, and the same for customers who gave credit card information to Home Depot when buying items.
All of it’s just out there, ready to be hacked.
What can be done? Not much, I’m afraid. Technology has moved faster than our ability to secure it, and as yet there is no movement to slow it down for something as unsexy as security. But I do think a tipping point will come: that if we want to continue to build an online world, security will have to be a high priority. At some point, all this this gets out of hand, just from a business perspective. But we’re not there yet.
So, keep your operating system patched (Windows Update) and be very careful what you click on and download. There’s a chance you might just be ok.