Cyber Threats in the News
Extra! Extra! Massive Breaches & Cyber Attacks! – What Are Newspapers Teaching Us About Cyber Security?
Cyber incidents are all over the news. ‘Massive data leak revealed’, ‘hackers strike again’…. We’re becoming accustomed to such headlines. But what are we actually learning from them? Is the increasing frequency of cyber incidents a sign that security measures aren’t getting the same attention as the attacks themselves?
All cyber incidents seem to fall under the same category in the news: something to be feared. And fair enough, they’re scary. But that doesn’t mean that all cyber threats are the same in terms of their potential impact and avoidability. Similarly, not all cyber security measures are the same, and not all are overly complex, expensive, or out of reach of ‘normal citizens’ (a.k.a. non techy people). Cyber incidents are to be feared, but they are also to be learned from.
2019 started with one of the biggest data leaks Germany has ever seen – sensitive data belonging to hundreds of German politicians, celebrities and other public figures leaked online. Newspapers were quick to catch up on the news-worthy incident, and soon enough the international media was speculating the who’s, why’s and how’s of a huge cache of documents belonging to almost 1,000 prominent figures – the Prime Minister included- ending up in the hands of someone who thought it appropriate to share them on Twitter throughout the month of December.
The data leak was taken very seriously – Germany’s national cyber-defence agency called an emergency meeting and German intelligence agencies asked the US intelligence for help to investigate the incident. A few days later, The Guardian reported that a 20-years-old man had admitted to police that he was behind the attack. His motivation: annoyance at statements made by the victims.
This incident is remarkable for many reasons, not least of all because it happened so recently and highlights the amount of power hackers can have–a young man alone caused national havoc and made international headlines because he was annoyed. We have to acknowledge: this was a very effective way to cause commotion. However, rather than bringing attention to the motivations behind his actions, he ended up –consciously or not- making a statement about the problems of online vulnerability instead.
A lot of criticism was directed at German authorities for having been so slow to solve the case while the student digitally exposed politicians from his bedroom. The Interior Minister, Horst Seehofer, contested the condemnation with a piece of advice for the victims: stop making it so easy for the hackers. “Bad passwords are one of the reasons he had it so easy. I was shocked at how simple most passwords were: ‘1,2,3, ‘ILoveYou’… a whole array of really simple things,” he stated.
Hoping not to fall under the trap of blaming the victim, what we can learn from this incident is that when it comes to data protection, we must all do better. Malicious hackers, like many criminals, are opportunistic. We must play our part in protecting our information the best we can, which starts from, at the minimum, creating strong passwords and changing them regularly. In fact –and this might sound radical in the age of social media-, perhaps we should become more mindful of not only protecting our information but sharing as little of it as possible online. After all, as Deutsche Welle’s writer Konstantin Klein put it, “the easiest way to start better protecting our data is simply by not creating so much of it.”
This doesn’t mean giving up on trust and being pessimistic. It means reclaiming agency and taking responsibility for our own information and online presence. In fact, increasing our cyber security sensitivity is stubbornly optimistic: it implies we can appreciate what hackers have taught us (the hard way) and use incidents as indicators of where and what must improve.
Taking this cue, the Swiss government is welcoming hackers from all over the world to attempt breaching its electronic voting system this month. Those who manage to break into the Swiss electronic voting system will be rewarded up to 50,000 Swiss Franc for manipulating the vote count without being detected, or invading a voter’s privacy. Last year, the Swiss government launched an initiative to establish online voting as a nation-wide option within the next two years. This penetration test initiative aims at assuring, or improving, the security of the new voting system by finding its vulnerabilities as early as possible.
Protecting ourselves online seems like an overwhelming task. What are the odds of not being amongst the millions of users exposed in the last massive breach that made headlines? Why bother? But not being able to avoid all hacks doesn’t mean we can’t do anything to improve our security. Cyber-related headlines are reminders that we should cultivate the habit of distinguishing between what we must share, what is optional, and what is appropriate online. Digital hygiene and cyber security awareness are a matter of habit –and like any habit, eventually, they become routine… Just like reading the news.
Written by Paula Magal for DACHsec– the DACH region’s exclusive Cyber Security Summit taking place in Munich on May 21st-22nd 2019. Follow DACHsec’s showcase page for event updates and more content like this.