Despite efforts to boost security, the same thing happened again in 2012, explained Joel Brenner, former head of U.S. Counterintelligence for the Director of National Intelligence and former senior counsel and inspector general for the National Security Agency.
"We're being taken to the cleaners, and it's happening for same set of technical and cultural reasons," Brenner said.
Brenner said when the Internet was first invented, it was intended as a way for a small group of researchers to be able to share information with each other. Until 1992, it was actually against the law to use the Internet for commerce.
"They did think about building a substantial security element into it, but they didn't because they thought why make more difficult. It was designed for small groups of people who knew each other."
Now we have developed into a culture where people have almost a compulsion to share information over the Internet, he said. And that has opened the door to a tremendous amount of cyberespionage. Some of that is done by organized crime, but some is also done by nation states like China.
"In the last 10 years it's gone from being a retail business to a wholesale business," he said "You can walk out with a thumb drive with all of the information for a company."
Theft of personal data, such as what happened with the Target stores breach, gets all the headlines, he said, but even more harmful is the theft of technical data that cost billions of dollars to develop.
Our critical infrastructure systems are also vulnerable, said John Zepper, director of computing and network services at Sandia National Laboratories in Albuquerque. A cyber attack on the electric grid in South America knocked out power for an entire country, he said. Less than two months ago, a substation in California was attacked and taken down.
"Can you imagine knocking out power to a hospital in the middle of an operation," Zepper said.
He said the "cyber bad guys" have become much more sophisticated. One new scam involves inserting a reader into an ATM that allows the thief to get the data and pass codes of anyone who uses that same machine later.
At the same time, efforts to combat espionage are getting more sophisticated as well. One of the things being worked on is a password system that recognizes the fingerprints of the user, Zepper said.
For now, he advised computer users to take advantage of all available patches. And Brenner said people should avoid common and simple passwords and change passwords often, especially for things like bank accounts.
©2014 the Las Cruces Sun-News (Las Cruces, N.M.)
