HACKED OFF

October 2, 2017


Portions of this post are taken from an article by Rob Spiegel of Design News Daily.

You can now anonymously hire a cybercriminal online for as little as six to ten dollars ($6 to $10) per hour, says Rodney Joffe, senior vice president at Neustar, a cybersecurity company. As it becomes easier to engineer such attacks, with costs falling, more businesses are getting targeted. About thirty-two (32) percent of information technology professionals surveyed said DDoS attacks cost their companies $100,000 an hour or more. That percentage is up from thirty (30) percent reported in 2014, according to Neustar’s survey of over 500 high-level IT professionals. The data was released Monday.

Hackers are costing consumers and companies between $375 and $575 billion, annually, according to a study published this past Monday, a number only expected to grow as online information stealing expands with increased Internet use.  This number blows my mind.   I actually had no idea the costs were so great.  Great and increasing.

Online crime is estimated at 0.8 percent of worldwide GDP, with developed countries in regions including North America and Europe losing more than countries in Latin American or Africa, according to the new study published by the Center for Strategic and International Studies and funded by cybersecurity firm McAfee.

That amount rivals the amount of worldwide GDP – 0.9 percent – that is spent on managing the narcotics trade. This difference in costs for developed nations may be due to better accounting or transparency in developed nations, as the cost of online crime can be difficult to measure and some companies do not do disclose when they are hacked for fear of damage to their reputations, the report said.

Cyber attacks have changed in recent years. Gone are the days when relatively benign bedroom hackers entered organizations to show off their skills.  No longer is it a guy in the basement of his or her mom’s home eating Doritos.  Attackers now are often sophisticated criminals who target employees who have access to the organization’s jewels. Instead of using blunt force, these savvy criminals use age-old human fallibility to con unwitting employees into handing over the keys to the vault.  Professional criminals like the crime opportunities they’ve found on the internet. It’s far less dangerous than slinging guns. Cybersecurity is getting worse. Criminal gangs have discovered they can carry out crime more effectively over the internet, and there’s less chance of getting caught.   Hacking individual employees is often the easiest way into a company.  One of the cheapest and most effective ways to target an organization is to target its people. Attackers use psychological tricks that have been used throughout mankind.   Using the internet, con tricks can be carried out on a large scale. The criminals do reconnaissance to find out about targets over email. Then they effectively take advantage of key human traits.

One common attack comes as an email impersonating a CEO or supplier. The email looks like it came from your boss or a regular supplier, but it’s actually targeted to a specific professional in the organization.   The email might say, ‘We’ve acquire a new organization. We need to pay them. We need the company’s bank details, and we need to keep this quiet so it won’t affect our stock price.’ The email will go on to say, ‘We only trust you, and you need to do this immediately.’ The email comes from a criminal, using triggers like flattery, saying, ‘You’re the most trusted individual in the organization.’ The criminals play on authority and create the panic of time pressure. Believe it or not, my consulting company has gotten these messages. The most recent being a hack from Experian.

Even long-term attacks can be launched by using this tactic of a CEO message. “A company in Malaysia received kits purporting to come from the CEO.  The users were told the kit needed to be installed. It took months before the company found out it didn’t come from the CEO at all.

Instead of increased technology, some of the new hackers are deploying the classic con moves, playing against personal foibles. They are taking advantage of those base aspects of human nature and how we’re taught to behave.   We have to make sure we have better awareness. For cybersecurity to be engaging, you have to have an impact.

As well as entering the email stream, hackers are identifying the personal interests of victims on social media. Every kind of media is used for attacks. Social media is used to carry out reconnaissance, to identify targets and learn about them.  Users need to see what attackers can find out about them on Twitter or Facebook. The trick hackers use is to pretend they know the target. Then the get closes through personal interaction on social media. You can look at an organization on Twitter and see who works in finance. Then they take a good look across social platform to find those individuals on social media to see if they go to a class each week or if they traveled to Iceland in 1996.  You can put together a spear-phishing program where you say, Hey I went on this trip with you.

CONCLUSIONS:

The counter-action to personal hacking is education and awareness. The company can identify potential weaknesses and potential targets and then change the vulnerable aspects of the corporate environment.  We have to look at the culture of the organization. Those who are under pressure are targets. They don’t have time to study each email they get. We also have to discourage reliance on email.   Hackers also exploit the culture of fear, where people are punished for their mistakes. Those are the people most in danger. We need to create a culture where if someone makes a mistake, they can immediately come forward. The quicker someone comes forward, the quicker we can deal with it.


The island of Puerto Rico has a remarkably long road ahead relative to rebuilding after Maria and Irma.

After Puerto Rico was pummeled by Hurricane Maria two weeks ago, a Category 4 hurricane with 150 mph winds, the island has been left in shambles. After suffering widespread power outages thanks to Irma, one million Puerto Ricans have been left without electricity. Sixty thousand (60,000) still had not gotten power when Maria brought a total, island-wide power outage and severe shortages in food, water, and other supplies.

As of today, October 2, 2017 there is still no power on the island except for a handful of generators powering high-priority buildings like select hospitals.   The island most likely will not return to full power for another six to nine months. This also means that there are close to zero working cell phone towers and no reception anywhere on the island.  Communication is the life-blood of any rebuilding and humanitarian effort and without landlines and cell phones, that effort will become incredibly long and frustrating. The following digital picture will indicate the great lack of communication.

Fuel for generators is running out (though authorities in Puerto Rico insist that it’s a distribution problem, not a shortage). Puerto Ricans are waiting in six-hour lines for fuel, while many stations have run completely dry.

In most of Puerto Rico there is no water – that means no showers, no flushable toilets, and no drinkable water that’s not out of a bottle. In some of the more remote parts of the island, rescue workers are just beginning to arrive.

To indicate just how dire the situation is:  “According to the US Department of Health and Public Services, a superfund site is “any land in the United States that has been contaminated by hazardous waste and identified by the EPA as a candidate for cleanup because it poses a risk to human health and/or the environment.” These sites are put on the National Priorities List (NPL), a list of the most dire cases of environmental contamination in the US and its territories. These are places where a person can’t even walk on the ground and breathe the air without seriously endangering their health.”  That is exactly where PR is at this time.

Puerto Rico’s fallout from Maria and Irma will result in a long, long road to recovery. Even though the island is home to 3.5 million US citizens, help has definitely been delayed compared to response in the US.    The island’s pre-existing poverty and environmentally dangerous Superfund Sites will make rebuilding a tricky and toxic business, costing in the billions of dollars.

We may get better idea at the devastation by looking at the digital satellite pictures below.

A much more dramatic depiction may be seen below.

CONCLUSIONS:

As recently as 2016, the island suffered a three-day, island-wide blackout as a result of a fire. A private energy consultant noted then that the Puerto Rico Electric Power Authority “appears to be running on fumes, and … desperately requires an infusion of capital — monetary, human and intellectual — to restore a functional utility.” Puerto Ricans in early 2016 were suffering power outages at rates four to five times higher than average U.S. customers, said the report from the Massachusetts-based Synapse Energy Economics.  What was a very sad situation even before Maria and Irma, is now a complete disaster.  As I mentioned above—a very long road of recovery for the island.

 

%d bloggers like this: