Some are calling last year’s hack of United States’ Office of Personnel Management a “cyber Pearl Harbor,” which is hyperbole. But it’s definitely a disaster.
The penetration of OPM’s computer networks gives someone — maybe China? — access to the private data of millions of U.S. government employees, including clearance forms that may include details of these employee’s most sensitive mental, physical and financial problems.
And the worst part is the government’s excuse for who’s to blame for the hack.
“I don’t believe anyone is personally responsible,” Office of Personnel Management director Katherine Archuleta said at a Senate hearing. “We have legacy systems that are very old.”
The U.S. government has been systematically starved of information technology advancements since the Office of Technology Assessment was shut down in the budget battle of 1995. So someone is definitely responsible if this was the result of the kind of systemic failure that the OPM’s Inspector General has been warning about for years.
But using old technology isn’t unique to governments, though the U.S. government seems to specialize in it.
Watch this video about a recent Wi-Fi experiment we conducted with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute:
Most of us follow the basics of security. We keep our system and security software updated. Our passwords are strong and stored safely. Hopefully you even use separate browsers for financial transactions and basic surfing/networking.
But how many of us — including the UK politicians in this video — assume we’re secure on public Wi-Fi without taking security precautions.
The hacks depicted in this experiment only took 3 hours to set up and once the equipment was in place, tablets and mobile phones could be hacked in less than 30 minutes. Sometimes as quickly as 5.
The information that can be obtained this way isn’t as damaging as the OPM attack but it’s not negligible either. It includes:
• Detailed browsing history
• Internet phone calls – Voice Over Internet Protocol – recorded calls
• Email accounts
• All email history and contacts
• Online financial services
• Social media accounts
• All social media data
How could this affect the victim of a hack? If you’re politician, profoundly.
“So if someone hacked it and put out messages that were detrimental, horrible or whatever, it would be a very bad thing for me in my job,” Mary Honeyball, a Labour MEP for London, said. “I think that the possibility that someone could put out an unauthorised communication before an election who just wants to cause trouble is really unacceptable.”
Getting fired for something you’ve said is bad. Losing your office or job for something you didn’t say would be infinitely worse.
There’s also the possibility of private information being used for extortion, which has been suggested as a potential worse case scenario consequence of the OPM hack.
Cybercrime is a numbers game and the numbers when it comes to Wi-Fi are astounding. The Wi-Fi Alliance suggests that 1 out of 4 homes globally run a Wi-Fi network. According to Strategy Analytics, some 800 million households worldwide will have adopted Wi-Fi by 2016. In your home you can take steps to secure your network with a WPA2 password. But there hundreds of millions of public Wi-Fi hotspots around the world. And most of them are not properly secured.
What can you do about it?
“People shouldn’t be afraid to use public Wi-Fi – it’s a fantastic service,” our Security Advisor Sean Sullivan said. “But they must understand that there are risks and it is their responsibility to protect themselves. This is simply done using a piece of software called a Virtual Private Network (or VPN). For phones and tablets, these are available as an app. Our Freedome VPN will encrypt all data travelling from the device to the network, meaning that the hacker will steal nothing of use. Simply turning it on gives you the best protection you can possibly have to stay safe over public Wi-Fi, so you can focus on what you’re doing instead of worrying about staying safe.”
To find out more about this hack, check out this podcast:
And you can also watch our first hack experiment on the dangers of public Wi-Fi.
[Image by Johan Viirok | Flickr]
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018
The absence of regulation is what has resulted in the innovation of software we see today.…
September 13, 2017