Tag Archives: cybersecurity

SYNDICATED COLUMN: Security Is Ruining the Internet

Image result for no radio sign car

Another major cyberattack, another wave of articles telling you how to protect your data has me thinking about European ruins. Those medieval fortresses and castles had walls ten feet thick made of solid stone; they were guarded by mean, heavily armored, men. The barbarians got in anyway.

At the time, those invasions felt like the end of the world. But life goes on. Today’s Europeans live in houses and apartment buildings that, compared to castles of the Middle Ages, have no security at all. Yet: no raping, no pillaging. People are fine.

Security is overrated.

The ransomware attack that crippled targets as diverse as FedEx and British hospitals reminds me of something that we rarely talk about even though it’s useful wisdom: A possession that is so valuable that you have to spend a lot of money and psychic bandwidth to protect it often feels like more of a burden than a boon.

You hear it all the time: Change your passwords often. Use different passwords for different accounts. Install File Vault. Use encrypted communications apps. At what point do we throw up our hands, change all our passwords to “password” and tell malicious hackers to come on in, do your worst?

I owned a brand-new car once. I loved the look and the smell but hated the anxiety. What if some jerk dented it? Sure enough, within a week and the odometer reading in the low three digits, another motorist scratched the bumper while pulling out of a parallel parking space. I was so determined to restore the newness that I paid $800 for a new bumper. Which got scratched too. That was 13 years, 200,000 miles and a lot of dings ago. Still drive the same car. I don’t care about dents.

I’m liberated.

The Buddha taught that material attachments bring misery. He was right. During the 1980s crack epidemic addicts stole car stereos to finance their fixes. To avoid smashed windows, New Yorkers took to posting “No Radio” signs on their cars. But the really smart drivers’ signs read “Door unlocked, no radio.” It worked.

Hackers, we’re told, are ruining the Internet. I say our reaction to hack attacks has ruined it. It’s like 9/11. Three thousand people died. But attacking Afghanistan and Iraq killed more than a million. We should have sucked it up instead.

Security often destroys the very thing it’s supposed to protect. Take the TSA — please! Increased airport security measures after 9/11 have made flying so unpleasant that Americans are driving more instead. Meanwhile, “civil aviation” flights out of small airports — which have no or minimal security screenings — are increasingly popular. So are trains — no X-ray machines at the train station, either. Get rid of TSA checkpoints at the airport, let people walk their loved ones to the gate so they can wave goodbye, and I bet more people would fly in spite of the risk.

It’s not just government. Individuals obsess over security to the point that it makes the thing they’re protecting useless.

For my 12th birthday my dad gave me a 10-speed road bicycle. I still have that Azuki. It weighs a ton but it runs great. It’s worth maybe $20.

Bike theft is rife in Berkeley and Manhattan, but I tooled around both places on that banana yellow relic of the Ford Administration without fear of anything but the shame of absorbing insults from kids on the street. I often didn’t bother to lock up my beater. Never had a problem.

In my early 40s and feeling flush, I dropped $2400 on a royal blue Greg LeMond racing bike. Terrified that my prize possession might get stolen, I only ride it to destinations I deem ridiculously safe or where I’ll only have to leave it outside for a few minutes. So I hardly use it.

I’m an idiot.

Nice things are, well, nice to have. But they’re also a pain in the ass. In college one of my girlfriends (who I am not suggesting was a “thing,” obviously, and whom equally obviously I never thought I “had” in any ownership-y sense) had dazzling big blue eyes and golden blonde hair down to her waist and was so striking that guys literally walked into lampposts while gawking at her. Being seen with her was great for my ego. But every outing entailed a risk of violence as dudes catcalled and wolf-whistled; chivalry (and my girlfriend) dictated that I couldn’t ignore all of them. I sometimes suggested the 1980s equivalent of “Netflix and chill” (Channel J and wine coolers?) rather than deal with the stress. (We broke up for other reasons.)

So back to the big ransomware attack. What should you do if your ‘puter locks you out of your files unless you fork over $300? Wipe your hard drive and move on.

Back up regularly, Internet experts say, and this threat is one reason why. With a recent backup you can usually wipe your hard drive and restore your files from a backed-up version that predates the virus. Take that, villains! But no one does.

Meanwhile, our online lives are becoming as hobbled by excessive security as the airlines. Like the countless locks on Gabe Kaplan’s Brooklyn apartment door in “Welcome Back Kotter,” two-step authentication helps — but at what cost? You have to enter your password, wait for a text — if you’re traveling overseas, you have to pay a dollar or more to receive it — and enter it before accessing a site. Tech companies force us to choose a new password each time we forget the old one. Studies show that makes things worse: most users choose simpler passwords because they’re easier to remember.

The only thing to fear, FDR told us, is fear itself. What if we liberated ourselves from the threat of cyberattack — and a ton of work maintaining online security — by not having anything on our Internet-connected devices that we care about?

This would require a mental shift.

First, we should have fewer things online. When you think about it, many devices are connected to the Internet for a tiny bit of convenience but at significant risk to security. Using an app to warm up your house before you come home is nifty, but online thermostats are hardly worth the exposure to hackers who could drive up your utility bills, start a fire or even cause a brownout. Driverless cars could be remotely ordered to kill you — no thanks! I laugh at the Iranian nuclear scientists who set back their nation’s top-secret research program for years because their desire to cybercommute opened their system to the Stuxnet attack. Go to the office, lazybones!

The Internet of Things needs to be seriously rethought — and resisted.

As for your old-fashioned electronic devices — smartphones, tablets and laptops — it might be time to start thinking like a New Yorker during the 1980s. Leave the door unlocked. Just don’t leave anything in your glove compartment, or on your hard drive, that you would mind losing.

(Ted Rall (Twitter: @tedrall) is author of “Trump: A Graphic Biography,” an examination of the life of the Republican presidential nominee in comics form. You can support Ted’s hard-hitting political cartoons and columns and see his work first by sponsoring his work on Patreon.)

Share on FacebookTweet about this on TwitterShare on Google+Share on RedditDigg thisShare on StumbleUponEmail this to someone

Never Satisfied: Why Russian Hackers Want to Steal Your Eye

Originally published by ANewDomain.net:

Russian hackers, and also hackers from former Soviet republics that are not Russia whom we lump with their Russian counterparts partly for convenience and mostly out of geographic ignorance, are trying to hack into your stuff.

No one knows why. What’s in it for them? What are they going to do? Steal your negative bank balance? Bring it on, fuckers!

I mean, for some reason, we are supposed to be really upset and scared when Target, or Bank of America, or the U.S. government, or whatever gets hacked and our precious “data” gets taken. Even though, if someone uses your credit card, nothing happens. You call them. They take off the charges. (If they’re total jerks, they can charge you a whopping $50 per card. Whatevs.)

Yeah, you have to call them, but hey, while you’re on the phone with them anyway, maybe you can give them a hard time about the 25.24 percent “penalty charge” interest rate they’re charging you despite the fact that this ain’t Weimar Germany.

I say, screw it: Give your credit card number out to random bums! Tell them not to use it in any stores with cameras, though — which there aren’t any. Never mind.

russian-hackers-want-to-steal-your-eyeAnyway, the latest development/fad on the trying-to-keep-Russian-hackers-out-of-your-personal-crap front is biometric identification: using your fingerprints (like on the iPhone), iris scans (like in creepy dystopian movies and at passport control at American airports) and voice recognition in lieu of a password.

Pretty smart! Fingerprints are pretty much unique, except for evil identical twins. (Don’t bother, evil fraternal twins.) Ditto for iris scans — not the flower, stupid — and voice recognition. If it’s your face, or fingerprint, or eye, then that’s you and not some Russian hacker. Right?

Maybe not.

It’s not impossible to imagine some mash-up of the 1997 movie “Face/Off,” in which John Travolta and some other guy who looks like Nick Cage get their faces switched and stuff happens, and the even older TV show “Mission Impossible,” which constantly deployed form-fitting face masks, as a way to foil biometric face ID technology. Take that, NSA with your real-time tracking of our heads via ubiquitous street surveillance cameras!

On the eye front, what if the Russians take a cue from the 1980s street gang the Westies, who controlled the Hell’s Kitchen neighborhood in Manhattan? Guys kept getting killed, and the prints on the murder weapons always suggested the same suspect — biggest gangster serial killer ever! Turned out the fingerprints belonged to a dude who’d been killed himself.

A clever boss kept the dead guy’s arm in the freezer and used it to apply his fingerprints to any gun used by his crew.

What if a Russian hacker stole your eye? Or hacked into your computer camera —yes,  they can do that — and created a 3-D scan of your orb on a 3-D printer?

Fingerprints, it turns out, are actually an incredibly shitty form of security. “Hackers have already made dummy fingerprints — using pictures of people’s hands available online — to swipe into the iPhone 6 scanner,” reports NPR.

Tech investor David Cowan says: “Either a password or a biometric can be stolen. But only the password can be changed. Once your fingerprint is stolen, it’s stolen forever, and you’re stuck.”

Well, not exactly. You could cancel that fingerprint, and use one of your other nine. But we take Cowan’s point: Best to stick with the classic “123456″ and “PASSWORD” passwords.

Share on FacebookTweet about this on TwitterShare on Google+Share on RedditDigg thisShare on StumbleUponEmail this to someone