The Data Breaches Will Never End

Capital One stores some of its data in the cloud using Amazon Web Services. An AWS employee whose alter-ego was a hacker with the handle “erratic” breached records for 100 million people, through a “misconfigured” firewall,” according to FBI court filings.

Two things emerge here:

1. Our personal data is really fragile, when a single piece of equipment can be misconfigured and let in a person who formed a Meetup group called “Seattle Warez Kiddies.”
2. There will never be an end to data breaches.

I’ve been working with network and data security for nearly three decades. Those hackers known as “script kiddies” are always trying to breach systems, mostly for fun and bragging rights, but many times, to get valuable personal identifiable information (“PII”).

On the dark web, your information can be worth anywhere from $1 for a Social Security Number, to $200 for your PayPal login, or up to $2,000 for your U.S. passport, according to credit bureau Experian.

And that data is only as secure as the weakest link. The weakest link, in this case, was some network engineer who messed up a firewall configuration for data stored on Amazon Web Services. Sometimes the weakest link is a person clicking on a phishing email, or a text message (“smishing”) or a targeted “spear-phishing” attempt, or an email that looks like it’s from the company’s CEO (“whaling”).

Now, digital pirates–who deploy “ransomware” to collect untraceable cryptocurrency payments in return for decrypting a victim’s data–are targeting school districts, as well as municipalities. The City of Atlanta spent $2.6 million to recover from a ransomware attack, for which they paid $52,000. After paying the ransom, every single computer and system needed to be cleansed to ensure another attack wouldn’t follow.

Baltimore got hit twice after failing to properly protect itself after the first ransomware attack.

City computers were infected with the RobinHood ransomware virus, The Baltimore Sun reported. Hackers told city officials that they would unlock the computers in return for payment of three bitcoins per system, or 13 bitcoins for the entire system. Based on the current exchange rate the ransom added up to about US$17,600 per computer or $76,280 for the system.

“Baltimore Held Hostage in 2nd Ransomware Attack,” TechNewsWorld, May 10, 2019

The war against cybercriminals is constant and unending. The latest alphabet soup of standards: NIST 800-53, HITRUST CSF, ISO 27001, and PCI-DSS, take massive resources, dedication and vigilance to implement and maintain. Companies, governments, and individuals must never let our guard down.

Let the reality sink in. Your data will be hacked one day. It will happen–not if–when. When it does, be prepared. Lock your credit file (the companies do not make this easy, despite what they claim). Start the process today.

Change your passwords; do not use the same passwords for banking, email, and social media. Use a password keychain or manager to keep them separate, strong (not using common passwords), and easily changed.

Get a virus checker. Everyone needs one on every computer. Learn about phishing and malware. One wrong click and all of your data could be in the hands of a hacker, script kiddie, or someone trying to breach your company’s security. If you work for the government, you might just be helping the enemy if you don’t take personal cyber security seriously.

When you walk through a bad neighborhood, you naturally have a heightened awareness of what’s around you. The Internet is a bad neighborhood. It’s going to be that way for a very long time.