Tuesday, September 19, 2017

Hacked off *still*. You should be, too.

So. The passage of several days has done nothing to alleviate my pique. At what? That the "Equifax security breach leaks personal info of 143 million US consumers: Criminals snagged info including names, social security numbers and more." If anything, as the details emerge, I've gotten angrier.

What details?
The upshot? Million of people scrambling to obtain and review -- and often, to freeze -- their credit reports. Millions of people unable even to take such proactive steps, because Equifax's switchboard and website are totally overwhelmed. Thousands, at least, of retailers (who issue, for example, auto loans and private-label credit cards) and other financial institutions confronting a major hit to their businesses from consumers' prospective identity thefts and credit-report freezes.

And continuing with today's cyber (in)security story line, had you noticed ...

The NotPetya Ransomware May Actually Be A Devastating Cyberweapon. The apparent coercion seems intended to distract people while the nastyware proceeds with its attack on infected hard drives. And about those attacks ...

According to Kaspersky Labs, around 60% of the infected machines are located in Ukraine. Many other infected systems belong to international corporations that do business in Ukraine ... The NotPetya attacks also began on June 27th, the day before Constitution Day in Ukraine. 

Hmm, who could be the real target? Who the attacker? Gosh, those are puzzlers. 

Bringing us to today's final item: deterring cyber chaos. I'll note -- skeptically -- that UK defence secretary threatens military strikes against hackers. His warning applies only, one assumes, to state actors -- and seems an empty threat. I don't foresee the UK  bombing or invading, for example, Russia over even the most egregious cyber attack. And efforts to hack national electoral systems and to otherwise influence elections -- notably in the US 2016 elections -- have yet to elicit a reaction beyond a mild tsk.

IMO, until victimized nations stop limiting their cyber reactions to defense -- and until they start taking defense seriously, as in sending executives to jail for their organizations' cyber negligence -- egregious cyber attacks will continue. (Note that I indicated organization, and not company, executives. The Office of Personnel Management hack disclosed in 2015, exposing the security-clearance forms of 20+ millions of federal workers and contractors, was as horrifying as the recent Equifax incident.)

One fed-up person's opinion ...

No comments: