I saw the new James Bond movie Skyfall yesterday (which I really liked, by the way). Is dangerous computer hacking really a potential disaster, or is it just a topic for action thrillers? Should we have emergency plans for this threat?  So here it is: From My Eyes Only – a cyber security naïve, but reasonably technologically competent, blogger’s assessment of the hazard.

Blue Hacker Screen

Government Concerns About Cyber Security

In May 2009, President Obama declared the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cyber security.”

In response, America has a  Comprehensive National Cybersecurity Initiative, a Federal Office of Cybersecurity and Communications, and a United States Computer Emergency Readiness Team (US-CERT- not to be confused with local emergency preparedness CERT programs). We’re building a Community Comprehensive National Cybersecurity Initiative Data Center (known as the Utah Data Center), rumored to cost as much as 4 billion dollars for construction and equipment, and due to open in September 2013. Who knows what all these federal groups are doing, but the money alone makes it clear that cyber security worries people at the highest levels.

What are governments afraid of? Just 2 weeks ago,  the Israeli government reported 44 million hacking attempts on Israeli government websites in just 5 days after beginning the Gaza air strikes – up from a norm of a measly several hundred attacks a day! In October, the White House admitted that China briefly broke into a U.S. network used for nuclear commands. How could this happen? A government employee opened a seemingly trusty email addressed to him, not knowing it had a dangerous attachment – otherwise known as a spear phishing attack. In September, hackers successfully attacked multiple government sites in the Philippines, posting a protest statement on their pages.

Breaches In The Dike

Then there are data breaches – secure information (credit card numbers, medical history, passwords, social security numbers,etc)  which is exposed, disclosed, or lost. Intentional hacking by individuals, organized crime, or dishonest employees makes headlines, but only about 20% of breaches are malicious. The others occur for the same reason things go wrong every day – basic human error. Laptops and data drives with secure information go home with employees, only to be lost or stolen. Employees use unsecured networks at coffee shops or airports. Employees share passwords, use the same passwords for all business and personal sites, or use glaringly obvious passwords like “123456” or “password” (the two most commonly stolen passwords!) Not that you would ever do anything like that, would you?

 

The Cost Of Our Mistakes

According to the Statistic Brain website (based on data from the Consumer Sentinel Network, U.S. Department of Justice), 10 % of Americans have been victims of credit card fraud, and 7% have suffered ATM or debit card fraud. Email or the internet were to blame in 60%. And it’s getting worse. The DataLoss db website reports 720 breaches in 2009. In 2012, there were 1252  in the first 6 months alone. Those numbers don’t sound high, but they translate into 232.4 million identities exposed in 2011. Luckily, most doesn’t end up in the wrong hands.

Computer VirusComputer Infectious Disease

Words like trojans, worms, and viruses, all with variable symptoms.  Transmission with  infection strategies, vectors, and replication. Names like Code Red, MyDoom, and Stuxnet. Sounds like an Infectious Disease textbook to me , so as a physician, shouldn’t I be able to understand it? I guess it’s too far out of my specialty, but here’s my interpretation:

  • Viruses are small, hidden computer programs attached to legitimate programs. Each time you run the real program, you also run the virus, allowing it to spread throughout your computer and make it sick. The infection spreads by sharing infected files, or sending emails with virus attachments (presumably without your consent). It’s the flu of the computer world.
  • Worms replicate themselves on a computer, making hundreds or thousands of copies, then spread to other connected computers, all without any activity by you. Along the way, they can use up all your resources (memory, disk space) and  bring your computer to a halt. Sometimes they turn your computer into a zombie, under the control of the worm author. Will this be the true Zombie Apocalypse?
  • Trojan Horses pretend they are nice, legitimate files, disguised like images, music, or helpful programs.  If you open or download them – surprise! They sneak through your computer in the middle of the night, allowing hackers to steal information, or attack your computer. Greek mythology, anyone?

Computer wormMy Top Secret Analysis

Cyber terrorists breaching government sites and shutting down our power or transportation grids, or firing nuclear missiles, don’t seem likely – at least not yet. I am scared about the more “mundane” level of cyber security issues happening every day, which explains the plethora of websites and companies dealing with these issues. Personally, I’ll be even more careful about only downloading things from reliable sources, and maybe tighten up my passwords (although I’m already a lot better than “123456”). I suspect I will still work on my computer in airports or coffee houses, or you might never get another post from me.

What about you? Hopefully you are not in a position to lose the drive containing “the identity of every agent embedded in terrorist organizations across the globe”, but surely there are some things you could do to be safer in the electronic world. Ideas, anyone?

Stay safe,

Sheila Sund, M.D.

Advertisements
Comments
  1. Brett Popovich says:

    At a recent visit to the International Spy Museum in Washington, D.C., the final exhibit is about cyber-terrorism in the 21st century. They talk about vulnerabilities of our electric grid, and how it could be shut down via computer attacks. Here is the web page: http://www.spymuseum.org/exhibition-experiences/in-the-exhibition/the-21st-century/

    • disasterdoc says:

      I also went to the International Spy Museum (which was really fun, by the way!) over Thanksgiving. The cyber-terrorism exhibit was part of an exhibit on James Bond, focusing on which parts of the movies are (or could be) real, based on input from the intelligence community. Between that exhibit and the Skyfall movie, I have both cyber-security and Bond on the brain – can you tell?

  2. It may not be possible to take your pet with you to a
    temporary evacuation shelter. You can also use the headlight of the ATV as a signaling device.
    Fleece is lightweight and wool can prevent the effect of flame.

    • disasterdoc says:

      Great points. Although US federal guidelines say that provision needs to be made for sheltering pets, that doesn’t mean it is actually available. It is best to ask local sheltering agencies in advance, as well as identifying other possible places that your pet can stay. The ATV idea is a good idea for signaling – just don’t use the lights for too long for fear of draining the battery (or using up gas you may need for later). Wool is interesting – it is flame resistant, but if it truly burns (like in a house fire), it can release cyanide gas – one of the common toxins in smoke inhalation. It’s not unique to wool though – many fabrics have this problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s