Com­puter in­se­cu­rity af­fects us all

The Expositor (Brantford) - - NEWS - TIM PHILP Tim Philp has en­joyed science since he was old enough to read. Hav­ing worked in tech­ni­cal fields all his life, he shares his love of science with read­ers weekly. He can be reached by email at: tphilp@bfree.on.ca or via snail mail c/o The Ex­posit

We de­pend on com­put­ers to run our world but our cur­rent in­fra­struc­ture for link­ing our machines is poorly de­signed and lacks ba­sic pro­tec­tions.

This comes down to three things: • The phys­i­cal ‘stuff ’ that makes up the in­ter­net, in­clud­ing com­put­ers, WiFi equip­ment and all the bits and pieces that your data pass through to get to their des­ti­na­tion; • The soft­ware that runs the in­ter­net; • And, fi­nally, the pro­ce­dures com­pa­nies use to han­dle your in­for­ma­tion.

All three lack ba­sic pro­tec­tions and there seems to be no in­cen­tive to im­prove the sit­u­a­tion.

It all goes back to the orig­i­nal de­sign of the in­ter­net, whose pur­pose was to fa­cil­i­tate com­mu­ni­ca­tions be­tween com­put­ers. At first, se­cu­rity took a sec­ond place to get­ting it to work. I re­mem­ber when it seemed like a mir­a­cle that your com­puter could com­mu­ni­cate one across the coun­try. Those days are long gone but the lack of se­cu­rity re­mains.

We have tech­nol­ogy to track a packet of in­for­ma­tion from its source to its des­ti­na­tion and to iden­tify the ori­gin of the pack­ets. Too of­ten these days, we get in­for­ma­tion from com­put­ers that pre­tend to be some­where they are not. Hack­ers ex­ploit this lack of trans­parency.

As well, we have tech­nol­ogy to en­crypt data across a net­work with strong, se­cure, mil­i­tary-grade cryp­tog­ra­phy that scram­bles our in­for­ma­tion so that it can­not be read by eaves­drop­pers. Yet, stan­dard com­mu­ni­ca­tions goes un­scram­bled across the In­ter­net.

Why? The main rea­son, as far as I can see, is that govern­ments like to eaves­drop on their own cit­i­zens un­der the pre­text of fight­ing ter­ror­ism. The rev­e­la­tions by Ed­ward Snow­den showed that the gov­ern­ment pro­gram of covert surveillance in the United States is per­va­sive. You can be cer­tain that al­most every tele­phone call, e-mail or tweet is recorded in a gov­ern­ment com­puter. The sit­u­a­tion is not much dif­fer­ent in Canada. If the in­ter­net was en­crypted, govern­ments would lose this rich source of com­mu­ni­ca­tions.

A larger threat is the vul­ner­a­bil­ity of the sys­tems to at­tack by hack­ers seek­ing to steal in­for­ma­tion or hold the data for ran­som. The re­cent hack of Equifax, a large credit re­port­ing agency, ex­posed the per­sonal de­tails of mil­lions of peo­ple. Sony Pic­tures had many em­bar­rass­ing e-mails re­vealed, as did Hillary Clin­ton’s elec­tion cam­paign.

We are not even safe when we com­put­er­ize our homes. Your ther­mo­stat, se­cu­rity cam­eras and even door locks can be routes for hack­ers to ac­cess your sys­tem. A U.S. casino re­cently was hacked through an in­ter­net-con­nected de­vice to mon­i­tor the tem­pera- ture of a fish tank.

And com­pa­nies are be­ing care­less with in­ter­net se­cu­rity to the point where there is a real dan­ger that in­for­ma­tion could be at risk.

How many times have you been asked to sup­ply a se­cu­rity ques­tion, such as: “What is your mother’s maiden name?” or “What is the name of the first school you at­tended?” Answers to such ques­tions are pub­lic record. Do a lit­tle re­search on some­one and you can prob­a­bly find the an­swer to such ques­tions and then be able to gain ac­cess to their per­sonal data.

Now, some ju­ris­dic­tions are al­low­ing peo­ple to vote through the in­ter­net. If banks al­low in­ter­net fi­nan­cial trans­ac­tions, surely on­line vot­ing is as se­cure and sim­ple. But banks lose lots of money through fraud­u­lent trans­ac­tions. They bear this cost be­cause the sav­ings from in­ter­net bank­ing are greater than the losses. Not ex­actly the cal­cu­la­tion that should be made when it comes to de­cid­ing who our lead­ers will be.

It is past the time that govern­ments and pri­vate com­pa­nies were held ac­count­able for data breaches that are caused by their lack of se­cu­rity. Mas­sive fines, fir­ings and even jail terms, should be the penal­ties for not tak­ing se­ri­ously dig­i­tal se­cu­rity. Un­for­tu­nately, too many peo­ple de­cide that it is cheaper to deal with a data breach than to spend the money to har­den the sys­tems. A first step is to change the pro­to­cols used on the in­ter­net to re­quire strong en­cryp­tion and the trace­abil­ity of data pack­ets so hack­ers can be tracked back to their lairs.

Un­til we take com­puter se­cu­rity se­ri­ously, we are all at risk.

Colum­nist Tim Philp says that much needs to be done to im­prove in­ter­net se­cu­rity.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.