If you think of your smartphone as just a phone, rather than a very powerful mini-computer that happens to make phone calls, you may be cruising for a world of pain.
That’s because the amount of sensitive data many of us store on our phones is truly staggering. A smartphone provides us direct access to our savings and checking accounts. It may store our passwords to Facebook, Twitter, Pinterest, even our email accounts. The phone numbers and email addresses of all our friends and colleagues are easy to find in our contacts directory.
A funny thing happened on my way from Los Angeles to Washington, D.C., this week, I found myself on a flight without Wi-Fi. The prospect of being unplugged for more than four hours on a flying machine without the ability to communicate with (or distract) colleagues, with zero information from the outside world — let’s just say I almost lost it.
I had two newspapers and a book by my favorite fiction writer, Vince Flynn, but I was not connected. And somehow, the thought of being alone (even though I was on a full flight) for a large chunk of time was daunting. And, let’s face it, the fact that we’ve all become so co-dependent — with freaking MACHINES — is kind of pathetic. But here we are.
In 2013, we’ll have to make a choice: Either we acknowledge we’re at war and push back hard, or we keep pretending nothing’s wrong⎯and get snuffed.
In the coming weeks, as we’ve seen every year for the past six, there will be endless reports detailing the digital dangers and identity threats lurking in every corner of our highly networked universe. But allow me to ask a heretical question: To what end?
Here’s a fun fact: Hackers, just like bankers, real estate agents and collectors of Star Trek memorabilia, attend conferences. Even better: they play games at the conferences. One of the games they play has attendees aggressively competing to access any device in the hall, thereby demonstrating prowess in obtaining sensitive information. The goal is to exploit any vulnerability, or crack that which is perceived to be impenetrable, and share details for both educational purposes and bragging rights. This is the kind of thing you’d expect at a Black Hat hacker conference and why people with sensitive information on computers probably shouldn’t bring them to the party. Especially employees of the Securities and Exchange Commission Trading and Markets division. And they really shouldn’t have brought their computers with them. Except they did. Yes. This really happened.
Computers owned by the Securities and Exchange Commission Trading and Markets division were brought by SEC staffers to a hacker convention. They contained unencrypted, step-by-step instructions to shut down our financial trading system. Essentially: A Hacker’s Guide to our Financial Universe.
Like millions of Americans, I was hammered by Hurricane Sandy. The home that I own on the New Jersey shore was obliterated by the storm. It is nothing but a pile of rubble. Gone. While I have 30 years of memories, there is nothing left but the memories. It is incredibly painful.
I saw it coming and did the best I could to prepare for it, and yet I could never be fully prepared. I said to myself, “It could be really bad, but it can’t really be that bad. It will never happen to me.” Deep down, I didn’t buy it. I didn’t want to believe. After all, we all know that the media can take a snarly spring shower and turn it into the storm of the century.
If you’re someone who cares about your privacy, these are indeed strange times. When everything from your iPhone to your iPad (and every derivation in between) is secretly tracking your every move from behind its colorful screen, when advertisers gather enough information about you to know you’re pregnant even before your parents do, it’s clear that we are living in a twilight zone. What we think we know about staying safe, and what we actually know, may be two entirely different things.
The recent kerfluffle over Apple device identification numbers is the perfect case in point. Last week the hacking group AntiSec announced that it had succeeded in stealing 12 million Apple device IDs from a laptop belonging to an FBI agent. To prove it, AntiSec released a million of the IDs (which they encrypted) on a publicly-available website. The group even posted a Tweet taunting Christopher Stangl, the FBI agent alleged to be the victim of the hack, thanking him for the vast cache of data.
Then things got really weird.
When you hear a number like “94 million” in the news, it’s usually because somebody won the lottery. This time around, no such luck. This 94 million is the number of Americans’ files in which personal information has been exposed, since 2009, to potential identity theft through data breaches at government agencies. Go ahead, count the zeroes: 94,000,000. That’s like releasing the personal data of every man, woman and child in California, Texas, New York, and Ohio.
Believe it or not, this number — which was just revealed in the latest report from tech security firm Rapid7 — is only the most conservative estimate. When you take into account the difference between reported data breaches, which is what this report measures, and actual incidents, you are talking about a much, much bigger number. As bad as the numbers are, it gets worse. Much worse. Indeed, the biggest threat doesn’t come from smart hackers — it comes from dumb politicians and bureaucrats.
Was it excessive exuberance? Was it judgmental deficiency? Was it the thrill of hearing a barn burner by the President of the World? Well, whatever it was, it was a dangerous mistake.
Last night at the Democratic National Convention, during a particularly rousing segment of President Clinton’s forceful and unabashed dissection of the Republican depiction of Obamacare as a destroyer of Medicare, an enthusiastic Democratic Delegate waved her Medicare card in front of a national news pool camera. The problem is that anyone sharing the moment either online or on television, or researching a replay of that moment, had or will have the opportunity take a long, slow look at a cornucopia of her personal identifying information and be in a position to use it for nefarious purposes.
At the very least, the video offers would-be thieves the opportunity to retrieve her name and her Medicare identification, which also happens to be her Social Security Number. While that may well be enough to begin the identity theft process, they need only go to a variety of other sources to acquire additional personal information to have a more complete picture of the victim.
By Adam Levin
It started out as a data breach like many others. The hackers penetrated the computer network of a small medical practice in a wealthy suburb of northern Illinois, The Surgeons of Lake County, and broke into a server containing email and electronic medical records. But instead of sneaking out undetected and selling the stolen data on the black market, they took a novel tack – encrypting the data and posting a message demanding a ransom payment in exchange for the password.
The move from fraud to extortion in cases of data compromise is frightening for several reasons. First, it suggests that the criminals knew exactly what they were doing, and that they deliberately targeted digital medical records as part of a well articulated strategy – an approach that we can expect to see employed more frequently as the digitization of records and broadening of access become the norm in the health care industry. Secondly, this M.O. implies a tremendous confidence in the criminals’ power to disrupt – and a calculation that the illicit ROI from blackmail would exceed the price that the data would command on the black market.
All of this is ultimately made possible by the digitization of medical records and the placement of those records on networks – often unprotected ones. It gets you thinking…
The Olympics are supposed to celebrate the best in human nature, bridging divides of culture and nation through sportsmanship and fair competition. Inevitably, however, the Olympic Games also can become a stage for failure, for people so blinded by ego and the will to win that they compromise all the noble principles for which they supposedly stand. From Tonya Harding’s role in the attack on her figure skating rival Nancy Kerrigan in the lead-up to the 1994 Olympics to Tyler Hamilton’s recent admission that he used performance-enhancing drugs, which led the International Olympic Committee to strip him of his 2004 gold medal, some athletes knowingly supplant truth and hard work with “the ends justify the means” philosophy and subvert the foundation of the games.