Wow, We are So Tech-Vulnerable!

New York  I’m going to keep saying it over and over again. I’m not paranoid. Never have been. I am definitely NOT paranoid. And, that’s always been true, but recently I’m saying it over and over again, I guess, hoping that I believe it.

You know how these things work. First a small seed or association gets planted in your mind where it can grow in the dark corners and jump out and surprise you later. For me that was an article I read in the magazine, Wired, about how hackers, likely state-supported from Russia, were messing with Ukraine full-time and big-time. The last two winters in the throes of December, they have proven that they can sneak in and turn the electrical power grid there upside down and twelve ways from Sunday. The detail in the piece was the upset in the Ukraine, but the bottom line warning was that Ukraine was a practice field for the main contest, and that was hitting the main grids that power Europe and the United States.

In New Orleans last week, Entergy, the multi-state electrical and nuclear power conglomerate that provides service, sent out a message that the entire Central Business District would be without power for some hours in the middle of the day. As a public company they had to provide some minimal details, and so they did. They claimed there had been vandalism to one of their substations in the CBD.

Damn, I wanted to believe that, even as odd as it sounds. Having read the Wired story though, I was worried. They ended up claiming that someone had stolen 50 pounds of copper welding wire. Case solved, they said. I’m still scratching my head though. How would the theft of some copper wire force the company to shut the city’s throbbing commercial heart down for hours?

And, then at about 1:30 PM one afternoon last week I couldn’t send an email out or access our server. I was getting ready to text our server guy to complain, but stopped when everyone in the office said Cox Cable, our internet provider had gone down citywide. Cox is a private company. They were saying nothing at all. Word was that they would be down until 8:00 PM that night, but they came back on about 5:30 or so. Cox never provided an explanation. I absolutely know they were hacked!

Nothing much it seems we can do, but it does make you realize how much we depend on these common utilities like electricity and internet, and how totally vulnerable we – and all of the systems we depend on – really are. We feel like sitting ducks!

Then we read about all of these computer bugs lifted from our own National Security Agency that are being used for billions of dollars of so-called ransomware attacks, where you have to pay someone, somewhere to unlock your own computer. I’m flying within hours to Budapest to do some workshops for activists and organizers, because Hungary is undergoing an undemocratic assault on nonprofits, activists, and any government opponents. Do I dare use my computer without connecting to a VPN or virtual something network? Would I be risking surveillance and attacks on our organizations and members?

Is this the way we are all going to have to live and work? One eye over our shoulder, tapping away on our essential work and communications devices and wondering any minute whether they could go rogue?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

How Does Anyone Protect themselves from Hacking

Little Rock   If we asked the question plainly: is there any way that we can be protected from hacking? The answer is likely either, “No,” or maybe more optimistically, “not completely.”

At some level this is a problem for everyone. Or at least everyone with access to the internet or perhaps a car or mobile phone or any number of other devices from household appliances to alarm systems to washing machines. Two consultants told a morbid joke among hackers that went like this: what is a self-driving car? Answer: a computer that can go 100 miles per hour. Working for various automobile companies they were fairly easily able to hack a car’s computer system and take over braking, steering and other functions.

The recent worldwide ransomware crisis that may have originated in North Korea, though no one seems positively sure, hit countries, businesses, and others, both high and low, for a potential take that, if fully paid, would have been close to half-a-billion dollars. The US and France have both identified hackers connected with Russia that have penetrated voting systems, though there is still no evidence that they actually tampered with voting. A brief period of inattention where you open a random email might introduce a virus that takes over your computer and compromises your email as we found in the trove of emails hacked from the Clinton campaign and then dumped into the middle of the political process.

Activists and organizers working in autocratic countries with fewer controls on the state are hugely at risk. In Egypt according to a report by The Economist, “nearly 100…hacking attempts” have been made “to gain information from some of the country’s most prominent NGOs and journalists.” There is a lucrative cottage industry of computer companies that sell spying and hacking services to Middle Eastern countries and others without robust local capacity. The Italian company, Hacking Team, was itself hacked in 2015, and it turned out they had contracts with Morocco, the United Arab Emirates, and Egypt. NGOs and others have tracked Fin-Fisher, a German outfit, to Egypt, Saudi Arabia, and Turkey. Netsweeper, a Canadian company, won a $1.2 million contract from Bahrain that was disguised as a website solution contract, but seems to have been used to spy on dissidents. Citizen Lab, a renowned Canadian research institute that tracks these matters followed up on a UAE text message to a human-rights advocate there at his request and discovered the link was from NSO, an Israeli company in the spyware sales business with governments. Citizen Lab found software flaws that allowed NSO to turn an iPhone into a cyberweapon that may have cost as much as $1 million.

Meanwhile the ransomware crisis was the result of a hacked NSA tool, and NSA is now hoping for reauthorization of its phone spying, metadata operation in the USA. When the government is doing it, there’s no way to get governments to crackdown on the abuses. When techies are willing to sell back doors to anyone, locking the front door hardly matters.

For now, Moxie Marlinspike and face-to-face conversations seem like the only sure things out there, and the only one with a 100% guarantee is face-to-face. No sense in being paranoid, but you sure can’t be too careful. Oh, and speaking for the techno-peasants among us, do what I say, not what I do!

Facebooktwittergoogle_plusredditpinterestlinkedinmail