Share
Facebook
Twitter
LinkedIn
Pinterest
Reddit
Digg
Tumblr
Email
Eric Winsborrow, a Silicon Valley cyber-security veteran of 20 years, warns us that cyber war is beneath the surface. It will not be fought with bombs and bullets but with bits and bytes, he says.
It is a threat to businesses and other organisations right here in Whanganui. Cybercriminals or your competitors hacking your computer system and stealing your trade secrets, as well as your customer database, could devastate your business.
Consider the confidential information that would be exposed through a hack at the local courthouse, District Health Board or even the Whanganui District Council — sensitive information about your life.
Unlikely to happen? In 2010, Operation Night Dragon, conducted by a group of Chinese hackers, stole sensitive information from energy companies worldwide for up to four years before it was discovered.
Bradley Manning, a US Army intelligence analyst, stole over 250,000 sensitive government cables and posted them on WikiLeaks. He did this while using software called SharePoint, a program that even the Whanganui District Council uses, and he was able to exploit it because the US Army had not fully secured SharePoint and was not monitoring it.
Sneaker ware was the very first computer virus ever created in the 1980s. It was written onto a floppy disk video game and inserted into Apple computers. Someone had to physically walk from computer to computer to do this, hence the name Sneakerware.
In 1999, David L. Smith, of Aberdeen, USA, launched the world’s first email-borne virus when he posted an infected MS Word document to the alt.sex Usenet newsgroup. When people opened the file, thinking it held pornographic pictures, the virus then sent emails from the infected computer to other email addresses on file. It was called Melissa, evidently after his favourite stripper. Smith was eventually tracked down and sentenced to 20 months in a Federal prison.
In 2001, Code Red, a complex viral threat, went around the world in three days. In 2010, Stuxnet was first discovered. It was a malicious computer worm, evidently developed by the USA and Israeli intelligence services, and designed to attack Iran’s nuclear plant.
And now, the big threat is Ransomware. If your computer becomes infected, you will be held to ransom and forced to pay cyber criminals for an encryption code to unlock your computer. I personally know of an Auckland business that has been attacked in this way, as have many.
Cybersecurity is an important issue. We all have to defend ourselves, and we cannot rely on the government to do that for us. However, the government has invested over $22 million over four years to set up a national Computer Emergency Response Team (CERT), which is headed by the GCSB and has been rolling out malware detection services to strategic government agencies.
The Prime Ministers of New Zealand and Australia have also undertaken to run joint cybersecurity exercises to ensure they can respond to incidents that affect both nations. Just recently, NATO Secretary-General Jens Stoltenberg announced that NATO will now treat cybersecurity as a military responsibility.
Interestingly enough, from a local perspective, a quick scan of the Whanganui District Council’s website, using penetration testing software, found a few potential vulnerabilities. A simple request validation highlighted that requests to the website could possibly contain a malicious payload and cross-site scripting (XSS) vulnerabilities.
It also showed that excessive information about the server and frameworks in the website headers, and that the website may potentially be vulnerable to a POODLE attack (which is a man-in-the-middle attack) that allows an intruder to inject malicious JavaScript into the victim’s browser through an SSL 3 protocol vulnerability.
The biggest risk most organisations leave themselves open to is having a computer system that is unpatched. Keeping your system up to date and installing all patches your software/system providers send you is extremely important. Changing passwords regularly is another important activity and can easily be actioned by using password vault software that easily updates all your passwords and is extremely secure.
Backing up your data on a secure external hard drive and or to a secure online data backup service may also save you when you turn up tomorrow morning and find your computer with a ransomware request.
Securing your handheld mobile device, which has access to your network, is a security issue often overlooked. Even the most secure system on earth is weak if you leave an unsecured mobile device that has access to your network at the local cafe, or if you download valuable documents to an unsecured USB drive. The most important issue to remember with cybersecurity is that it is not a set-and-forget exercise. Cybersecurity changes rapidly, and continuous monitoring is vital to success.
Published in the Whanganui Chronicle, 30th January 2018.
Steve Baron is a New Zealand-based political commentator and author. He holds a BA with a double major in Economics and Political Science from the University of Waikato and an Honours Degree in Political Science from Victoria University of Wellington. A former businessman in the advertising industry, he founded the political lobby group Better Democracy NZ. https://stevebaron.co.nz