Everyday People Make an Easy Target for Hackers

Photo by Matylda Czarnecka (Flickr).

Editor’s Note: This article is the third in a three-part series on legal issues surrounding computer hacking and cyberspying. You can read Part One and Part Two here.

Protecting ourselves from theft of personal information requires constant vigilance, not only through our individual practices, but also through the anti-hacking practices of websites and companies we use everyday.  It became very evident how little control we consumers have over the protection of our personal information when retail giant Target had approximately forty million credit card numbers and seventy million addresses and phone numbers of customers stolen in November and December 2013.  It was the biggest retail hack in American history.

Ironically, Target was prepared to detect and prevent such an attack, having installed a new $1.6 million malware detection system engineered by FireEye, a computer security firm.  The malware detection system performed as designed, alerting Target’s security operations center multiple times of malware present on its system.  However, Target ignored the alerts, and it’s customers’ credit card numbers were sent to servers in Russia over the course of two weeks as a result.

In direct response to situations such as the one in which Target found itself, banks and store chains are likely to transition from cards with magnetic strips to more secure cards equipped with embedded chips.  Cards containing the embedded chips are commonly found in Europe.  Target executives have vowed to help lead this transition.

In addition, internet users’ vulnerabilities have become increasingly more difficult to combat.  It is a constant struggle for developers to provide more secure measures to protect the privacy of internet users’ information as web-based technology grows exponentially more sophisticated.  Websites and services we use the most are the biggest targets for hackers, since they provide the potential for the biggest gain.  Apple, Amazon, and eBay are a few of the “bigger names” to be targeted recently.

Encryption technologies like Secure Sockets Layer, or SSL, are commonly used by websites to protect overall privacy of internet users performing everyday tasks such as making purchases or sending emails.  SSL is often recognized as the little lock located next to the URL when a user is on a secure site.  Additionally, SSL encryption is used by nearly all secure sites on the internet, yet several vulnerabilities have been discovered in widely used SSL software.

Perhaps the most concerning of these vulnerabilities is the Heartbleed Bug.  This “bug” reveals gaping holes in vulnerable versions of the OpenSSL software, which is the most common SSL software used on the internet.  The bug allows attackers to “eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”  The Heartbleed Bug exposes millions of internet users’ emails, passwords, and more from vulnerable web servers while leaving little trace from hackers.  This flaw will remain until Fixed OpenSSL is adopted and installed by vendors, service providers, and users.

So, how do we protect ourselves?  For starters, users must make it difficult for someone to access and use their passwords.  It is best if internet users change their passwords at least monthly, make each password different from one another, and make each password have some level of sophistication.  Moreover, password managers can help you keep track of all of the new passwords you have to change.  Another piece of advice to users is to limit what information you put on the internet. Another step that is often overlooked is backing up your computer’s documents, history, pictures, and the like.  This step is relatively easy, and is worth the minimal effort it takes to complete.  Finally, it is suggested that users delete their accounts for services they no longer use.  This final guidepost may help to eliminate extraneous information a user has on the open internet.

New security measures will undoubtedly need to be developed, especially in light of the transition toward cloud-based systems for data sharing and storage.  While it will never be possible to completely eliminate hackers or their ability to steal information, learning from past mistakes and taking the proper precautions can help to minimize the risks involved.