Saturday, October 4, 2014

Hackers and the Potential for Really Big Hacks


I seem to be vulnerable to hackers.

Target

Last year, my credit card information was compromised when hackers spent three weeks foraging through Target's security system.  The first reports indicated that the information on 40 million payment card accounts had been seized.  A few weeks later, it was reported that perhaps another 70 million additional cards were compromised.

I was assured my account was protected and issued a new credit card.

Home Depot

Early this fall, my credit card information was compromised again.  Home Depot reported that hackers, probably operating outside the U.S., had worked their way into the company's credit card system.  Later reports said the hacking had been under way for five months, and that the most vulnerable transactions were those made through the company's self-checkout lines.

I had been to Home Depot once during that period, and, yes, I used the self-checkout line.  (Do you like waiting in line to pay an  indifferent Home Depot clerk?)

So I got another credit card in the mail.

JP Morgan Chase

Last week, another credit hacking was reporting, this one affecting 36 million families with banking relationships at JP Morgan Chase, where I have a checking account and credit card, and where our family has several other accounts.

The hack appears to have been linked to state-sponsored Russian hackers, according to Bloomberg, and to have affected several European banks.  The FBI is said to be investigating whether it was a response to American sanctions on Russia following its Ukrainian adventure.

Chase says the hackers only got names, addresses and email addresses.  Even if that's the limit of the damage -- and, really, are we sure about this? -- there are now some Russian malefactors who know who I am, where I live and my email address.  Great, I think.

I probably should be glad that I don't use debit cards.  Apparently hackers have been able on some occasions to figure out debit PINs.  According to a security company, one bank lost $300,000 within two hours just from the Home Depot breach.

And I'm happy I don't bank online. While banks are believed to have pretty good barriers to illegal entry, most people's personal computers are much less secure and therefore more vulnerable.

But the potential for damage goes well beyond the personal.


What Really Is at Risk

Several years ago a computer worm called Stuxnet, probably launched by Israel and the U.S., disabled 20 percent of Iran's nuclear centrifuges. If Stuxnet could do that, why couldn't another program cancel all American interbank transfers, crashing our economy? Why couldn't a program shut down our dangerously outmoded air traffic control system?  Couldn't a program interfere with rail transit schedules or short out the electrical grid, piece by piece?

After Stuxnet, Business Insider raised similar questions and quoted this from an article in Foreign Policy:

        "The sober reality is that at a global scale, pretty much every single industrial or
        military facility that uses industrial control systems at some scale is dependent
        on its network of contractors, which may be very good at narrowly defined
        engineering tasks, but lousy at cybersecurity."

 If banks and stores and credit card companies cannot control our payment card information, how certain can we be that other, even more essential and interlinked systems are not vulnerable to those who wish us harm?


No comments:

Post a Comment