Archive for the ‘Personal Security’ Category


Sony hack threatens freedom of speech

Sony Pictures Entertainment logoWhen employees of Sony Pictures Entertainment saw their computer screens go as black as their morning coffee in mid-keystroke last month, nobody imagined the impact would have global implications.

Yet, another darkness descended with the shutdown and may persist for months if the “Sony hack” as many are calling it turns into the cyberterror devastation the alleged hackers claim will come.

Even if nothing much else results, the Sony hack likely will change the way corporations handle digital data. Otherwise, our most basic freedom is at risk.

The latest clarion call to improve digital security came early on the Monday before Thanksgiving when Sony employees were shut out of their computer network without warning. The blackout lasted days. Important files either vanished or were inaccessible. Sony Pictures, the American subsidiary of media conglomerate Sony Corp., soon learned that hackers calling themselves Guardians of Peace had sifted through and copied vast volumes of employee records and company correspondence. The hackers published some of the emails as proof — emails that revealed privileged discussions and compromised relationships within the company.

The attack was tied to the planned wide release on Christmas Day of the feature film “The Interview,” a political farce depicting the assassination of North Korean leader Kim Jong-un. The hackers called it a form of terrorism and promised to retaliate against cinemas that showed the movie. Cinema owners everywhere cancelled showings, prompting Sony to pull the movie from distribution.

Hollywoodites and government howled at Sony’s decision, with a long line of celebrities stretching from George Clooney to President Barack Obama saying Sony risked undermining free speech and freedom of expression by giving in. But Sony Pictures Chairman and CEO Michael Lynton insisted he had no choice once the cinemas backed out. The company now says it will opt for other means of distribution and a limited release.

Perhaps a bigger concern to Lynton and Sony is the huge hole this hack punches into the company’s reputation. Tens of thousands of personnel records wound up in the hackers’ hands in November — and this just 10 months after another security breach by a different hacker compromised individual records belonging to almost 48,000 Sony website visitors in Germany. If Sony employees’ bank accounts, health records, and credit histories are compromised en masse, and Sony customers can blame their own financial woes on the company, the cumulative legal redress heaped on Sony could easily exceed the $44 million it cost to make “The Interview.”

So, two things now appear certain. First, the high-profile blowback from Sony’s security breach serves as incentive for corporations who say they’ll get around to improving cybersecurity but keep putting it off.

Second, Sony’s apparent capitulation to the Guardians of Peace moves cyberterror out front as a proven tool for controlling the media marketplace. Lynton insisted his company’s actions were defensible and blamed misinformation for fueling public outrage. Meanwhile, free-speech advocates filled the gap between Sony’s actions and Lynton’s logic with shrill outcry, or in some cases overt silence. that Sony will find almost impossible to overcome even after agreeing to a smaller distribution.

Hacking predates the Web, goes on everywhere, and is evolving. In the first two weeks of December alone, more than two dozen attacks considered to be on the level of cybercrime or espionage were recorded against major financial institutions, governments agencies, news organizations, sports teams, and universities. Each revealed nagging flaws in the way we store our digital data, however none received the media attention they deserved because they lacked the PR firepower of Hollywood’s glitterati.

Sony showed that media companies can be bullied into acting against the public’s best interests, that everyone from individuals on up to conglomerates needs to take better care of securing our digital data, and that our basic freedoms are doomed if we don’t.

Wi-Fi can be hazardous to your health

Image courtesy of iStockphotoFear is an excellent deterrent. It saps our confidence, curtails our energy and tempers our judgment. It forces us to change our direction and our thinking.

Rarely though do we let it change our behavior. The consequences of fear must be palpable, looming, for that to happen.

A recent article by Maurtis Martijn for the Dutch crowdfunded site De Correspondent reminds us however that even when a threat is real, our response to it can be irrational.

Martijn wrote at length this month about the danger we face when joining unsecured public wi-fi networks — those that do not require a password to join. To demonstrate that danger, he strolled through central Amsterdam with self-described “ethical hacker” Wouter Slotboom — not the snooper’s real name — looking for cafés that provide free wi-fi.

At each location, Martijn and Slotboom sat at any table. Then Slotboom pulled from his backpack a small black device that he placed on the table and obscured with a menu. He then linked to the device with his laptop and in moments discovered the identities of every other laptop, smartphone and tablet used by every customer in the café.

Moments later, Slotboom obtained the network identity of those customers and with that was able to discover personal information about each.

“All you need is 70 euros (for the device), an average IQ, and a little patience,” Slotboom told Martijn.

The marketplace affords Slotboom and shady sorts of his ilk plenty of potential. More than half the U.S. population of 316 million owns a smartphone or laptop, and the number of tablet owners is catching up to both. All of those devices have connected to an open wi-fi network at least once, often without a device owner’s knowledge (the default on mobile devices is set to discover available networks).

And as the mobile market grows, more doors open for hackers. The threat intelligence firm Risk Based Security, Inc. estimates nearly 1 billion records — credit card information, medical records, passwords, social security numbers, etc. — were breached in 2013, with 65 percent of the activity occurring in the United States.

Risk Based Security says we’re on a pace to suffer well over 1 billion breaches this year.

The numbers are new but the rationale for them is not; stories about wi-fi security predate the advent of public hotspots. Yet many of us disregard the threat or expect strangers to respect our personal security. We choose convenience over caution. We invest trust where none was earned.

Such behavior today borders on irresponsible; lax personal security compromises the security of others if their information is on our devices. And the threat is not looming or imminent — it’s here, happening now, via unsecured wi-fi networks across the country.

It may even be happening to you now while you sip your latte.

So, curtail the risk and subdue your paranoia by taking these small, simple steps:

Choose the correct network — During Slotboom’s staged “man-in-the-middle” attacks, he created fictitious wi-fi networks on his computer for café customers to join, and dozens did. This simplified the task of discovering passwords and account numbers; people typed them directly into his network thinking it was legitimate. Slotboom often named the networks after real businesses to make them appear authentic. He urges users of free wi-fi to verify the network, either by asking the proprietor or checking the address on signs that promote the service, to avoid joining rogue networks by mistake.

If the option exists to pay for access to a secure network, take it. A little fee trumps a big headache.

Choose ‘htpps’ — That “s” extension after the “http” at the beginning of a Web address indicates the connection is secure and the connection to the Web server is authentic. Not all websites have this; still others provide both. Even so, only certain amounts of traffic are encrypted, not all of it. Regular users of unsecured networks help themselves by doing homework on whether the sites they visit have this layer of security before surfing in public, and they should never, ever, shop or do anything online involving a credit card while using unsecured wi-fi.

On some sites, you can add the “s” yourself. The Electronic Frontier Foundation distributes a browser extension called HTTPS Everywhere that encrypts communications between major websites and is available for Windows, Mac and Linux.

Use ‘two-step’ authentication — Many email providers and commercial websites have the option of a second login, where users receive a texted code they must type after their initial login to gain access. Two-step or two-factor authentication reduces the chance a hacker can gain access to an account with just the password.

Use a password manager — Sometimes we feel as though there is only enough RAM in our heads to get us through the day. This leads us to concoct simple or repeated passwords for the many websites we use that require a login. A password manager program generates unique and complex passwords for each site and keeps them locked up with one master password. Password managers also guard against keylogging — the surreptitious recording of keystrokes by hackers — by automatically filling in a site’s password field.

Turn off sharing; turn on firewalls — The sharing feature allows mobile devices to connect with other devices and networks. Free wi-fi users should disable this feature when not in need of sharing. (The instructions are different for Windows and Mac.) At the same time, make sure the device’s firewall (Windows/Mac) is active and working.

Invest in a VPN — A virtual private network, or VPN, encrypts traffic between devices and designated VPN servers, thus creating a private network across a public network. VPNs run shared data through a point-to-point connection that shields the data from unwanted interference much like an umbrella shields you from the rain. Many businesses employ VPNs to let employees access company networks remotely.

The best VPNs cost a small fee for full protection. VPNs also slow down page-load speeds somewhat. Still, they add an element of confidence in an uncertain environment.

Update all software — Finally, make sure your antivirus and anti-malware programs are up to date, and install all the latest operating system upgrades. These upgrades not only enhance overall performance, they also contain patches and fixes that help hold back the most recent security threats lurking across the Web — or across the room.

Connect

Twitter Facebook Google Plus RSS Instagram Pinterest Pinterest LinkedIn


© Society of Professional Journalists. All rights reserved. Legal

Society of Professional Journalists
Eugene S. Pulliam National Journalism Center, 3909 N. Meridian St., Indianapolis, IN 46208
317/927-8000 | Fax: 317/920-4789 | Contact SPJ Headquarters | Employment Opportunities | Advertise with SPJ