The Utopia of Free Internet is a pipe dream. And strong measures will be required to safeguard Internet as a whole.
Even With American congress currently wading through the political details of CISPA, the much maligned, privacy-killing “Cyber Intelligence Sharing and Protection Act” neeeds aa second look. With more and most of our lives being lived out on the internet, it is slowly becoming apparent that the internet can no longer be considered the high-tech playground that everyone once thought it was. The choice is between Privacy friendly anarchy and a disciplined approach to a portal where an amazing amount of our lives is to be lived through.
So, with the danger posed on both sides of the cyber-hacker war, is the internet bearing witness to an internet cyber-détente – the CISPA?
We have all known directly, about the effects of cyber-hackers. They can do anything from changing high school grades, to turning off street lights, to stealing hundreds of thousands of social security numbers from websites. But little did many of us realize just how dangerous these hacking activities could become. An hour on internet with a good Anti-Virus machine pops out 20 or 30 malicious attacks on the machine.
Back in June 2010, it was discovered that a computer worm known as Stuxnet was unleashed upon an Iranian nuclear facility, with the apparent intent of damaging or destroying that facility’s network infrastructure by targeting very specific networked industrial equipment (in this case, Siemens Industrial Programmable Logic Controllers). Apparently the “attack” did what was intended, forcing the Iranian government to seriously consider putting in place additional cyber-protections to prevent further infections. This even led to the government physically disconnecting many of it’s high priority oil well facilities from the internet altogether.
But even with all of the potential physical damage that can be caused by cyber-hackers, there is a virtual world, the internet itself, that is at risk of total annihilation. That’s right — total and complete virtual annihilation.
Imagine for a second, a scenario where groups of cyber-hackers wage all out war online. Using infected code, their targets include companies, then websites, and then eventually servers themselves. Imagine all of the world’s largest servers, those that make up the backbone of the internet as we know it, being laid waste by continuous cyber-attacks, until the internet becomes a virtual wasteland. Don’t think this can happen? The irony is that Hollywood is not that far-fetched.
This brings about the inevitable idea, that with all of the cyber-firepower that exists around the world — viruses, hackers, worms, trojan horses, the list goes on — the internet can easily be presented with a situation where the war becomes a no-win scenario. A cyber-détente, where both sides realize that the outcome will be total destruction, based on an all-or-nothing form of warfare.
It will be interesting to see where CISPA will take the debate on individual privacy-versus-cyber security. One can only hope that the discussion will protect the internet from a virtual brink of destruction, and keep cyberspace safe for everyone.
Privacy issues aside, there always is a maning to the adage when it is said – “If you want peace, prepare for war”.
The data breach at Sony obviously has left the corporation a bit shaken and stirred and on its part Sony has been trying to make good on the losses both on credibility and services. While, Customers will get complimentary downloads and 30 days of free premium services as a make good, it raises fundamental questions on user-data security. A few questions to be answered in transparency by Sony are
1. Even though, the initial analyses saw that Credit card data wasn’t stolen, what kept Sony waiting for 7 days before they made this event public. The ensuing 7 days did not record any fraudulent activities but then the possibility of frauds in these 7 days were the maximum. All that Sony did was to shut down its Playstation network on learning of the crime which stopped further leaks but did not address lost information adequately.
2. Sony probably did not pay enough attention to security when it was developing the software that runs its network. In the rush to get out innovative new products, security can sometimes take a back seat. Also, New software has errors in it. So they expose code with errors in it to large numbers of people, which is a catastrophe in the making. Sony would have to do with explaining the lack of adequate security in guarding sensitive information.
3. Data storage is categorized into sensitive credit card information which is given higher class of access security versus other details such as name, password, age, gender, family details etc. These layers in security may cause larger ripples in terms of individual email based phishing scams and attacks. ALL USER DATA NEEDS TO BE ACCORDED FORTRESS SECURITY SET UP.
4. The second data breach has reportedly happened from a 2007 out-dated database. If that be the case, the question arises how is out-dated data treated and accorded security. Shouldn’t that be well secured as well?
Sony has been more forthcoming on the security breaches given that bulk of attacks on corporate and governmental computer networks go unreported because victims want to avoid the embarrassment and public scrutiny that come with acknowledging that their systems have been hacked. In many cases companies seek to keep the matter quiet by telling individual customers of the problem without issuing a public statement like the one from Sony this week. For example, 85 percent of some 200 companies in electricity-producing industries said that their networks had been hacked, according to a survey released this month by security software maker McAfee Inc and the non-profit Center for Strategic and International Studies. Yet utilities rarely disclose such attacks. In many cases, intrusions go undetected by the victim company, leaving the firm and its customers completely unaware that criminals have access to their sensitive data.
The hacking of Sony Corp’s PlayStation Network,Sony Online entertainment, Qriosity and has earned a place in the annals of Internet crime. It is one of the biggest online data infiltrations ever and is a sign that the industry may face new threats. It also serves a reminder that as we move into the digital world, we put more and more of our digital identity into the cloud, or digital devices … Security is going to be a tremendously important part of what we do. Payments security is evolving along with intelligent devices, like smartphones and contactless cards, and technologies such as NFC. Security standards and their up gradation is a key component to maintaining data privacy and data integrity.
Julian Assange in an interview some time back alleged Facebook to be the “most appalling spying machine” which exposes private information of over 600 million subscribers to law makers and other national security agencies in a breach of fair rules of user privacy. Inside days of Assange’s interview, we heard from Sony Corp, a leading Durable and Gaming brand about 2 counts of security breaches of its online networks. The first attack on Sony’s play-station video game network and Qriosity online music and film service which happened between 17th-19th April exposed names, addresses, passwords and possibly credit card numbers of its 77 million customers. The second attack (which preceded the first one but was discovered later possibly 16th-17th April) had drilled a hole through Sony Online entertainment network and had compromised credit card data relating to 24.6 million of its consumers and debit card data of around 10,700 more customers in Austria, Germany, the Netherlands and Spain. Sony in a statement has said that the main credit card database had not been compromised as it is housed in a safe and secure environment.
What saves the day for Sony corp is that second level security data – The three- and four- digit codes are used as a second source of authentication for many online vendors. The network passwords were also protected by a level of security called hash algorithm in which the word users type in is converted on Sony’s servers to a string of characters entirely unrelated to the original password. With passage of time, the value of this stolen information diminishes greatly as banks and users increase security precautions around such credit card data or altogether cancel it. However, hackers may be trying to hijack e-mail accounts by attempting to access ones provided to Sony, and plugging in PSN passwords to see if they were re-used for both, and spear fishing for data through fraudulent emails that contain enough personal information to persuade the victim to let down their defenses, which can be enough to get them to click on a link that downloads malicious software onto their personal computer.
The financial impact of this security incident for Sony depends on how well the company convinces customers it “will make things right”. The outflow for Sony in terms of credit card fraud, network repair and marketing costs is $50 million. The cost of legal suites would add to that figure in some measure. The impact for Credit card majors could be around $500 million. How about user faith and confidence on Sony? The loss of that (in Mastercards’ tag line) is priceless.