Cyberphobia: Identity, Trust, Security and the Internet

[John F]

Lance's computer problem last week, which may have been caused by malware, is a reminder that we are more at risk via our computers than most of us think, and that the cost to the unwary can be staggering. Edward Lucas's book, written for lay readers who don't know how computers and cell phones work and don't want to know, is a comprehensive overview of the hazards to each of us and to the nation, and what if anything can be done to keep us safe.

For example, a cell phone can be extremely vulnerable to hacks in ways you probably can't imagine - I certainly didn't. Lucas writes, "It can be a way of infecting any computer you are close to. It does not even matter if you switch off your phone, so long as you do not remove the battery." But not all cell phones are equal. iPhones are the most secure, since only apps already approved by Apple can be installed in them; phones using the Android system are designed to accept apps written by just about anyone, and are something like leaving the front door unlocked or the keys in the car.

Here's a review:

September 28, 2015 12:18 am
‘Cyberphobia’, by Edward Lucas
Review by Gina Chon

No one — not governments, companies or the average person with a credit card — is safe from cyber attacks . And in the past year the breaches appear to have grown more frequent and more sophisticated. The problem is so big and so complex that it is hard for even the sharpest cyber experts to get their head around it.

In Cyberphobia Edward Lucas, a senior editor at the Economist, breaks down this scary picture into easily digested chapters. For a non-techie trying to understand this relatively new world, he provides an overview of the threats we face — and what can, and cannot, be done.

An ordinary fictional couple named Chip and Pin Hakhett (get it?) are used to illustrate everyday cyber threats. These include phishing campaigns — fake emails to get a recipient to click a link or download an attachment that installs malware, or malicious software. He notes how Chip and Pin take greater precautions in the real world than in cyber space, even though the latter could produce more devastating effects. Once a hacker is in your system, it is fairly easy for them to move around and gather other information, amplifying the attack.

Lucas also provides an eye-opening look at how easy it is for attackers to gather intel using only data publicly available on Facebook, LinkedIn or other resources. Many “free” sites sell users’ data to advertisers and others — which means a hacker does not have to work that hard to fashion a phishing email that looks like it is from someone Chip or Pin knows.

“A central point of this book is that the fictional Hakhetts, and millions of their real-life counterparts, are getting a poor deal,” Lucas writes. “In exchange for giving up a greater amount of detail of our lives, we are not getting things that would make us safer.”

The book is best for cyber novices. Lucas goes through basics such as botnets and denial of service attacks, slowing the pace for readers already familiar with them. But, whether you are an IT whiz or a technophobe, there is one issue he is right to highlight: there are simple things people can do to protect themselves — but they do not, because doing so is dull.

Chip, for example, declines to install “patches” to plug gaps in the software; it is a scenario to which many of us can relate. “Sometimes his elderly computer cannot install them, and sits there frozen, with a message telling him to wait,” writes Lucas. “So he ignores them all: he has a business to run . . .  Yet unpatched (out-of-date) software is a gift for attackers.”

Lucas suggests simpler safety measures, such as using search engines other than Google. He points to government-issued electronic IDs issued by Estonia, which are used for online banking. This, he acknowledges, would be hard to transfer to a much larger country such as the US — yet it provides insight into how different countries are dealing with the cyber world.

The narrative would benefit from more first-person interviews and additional details of some of the attacks he describes using primary sources. For example, Lucas cites the GameOver Zeus botnet, which infected up to 1 million computers and resulted in financial losses of more than $100 million, according to the US justice department. In 2014, a 14-count indictment against alleged Zeus administrator Evgeniy Mikhailovich Bogachev was unsealed. The documents released by the authorities provide fascinating clues of how the scheme was conducted.

“On multiple occasions the operators of GOZ specifically targeted US hospitals due to their large payroll payments,” an FBI agent said in a declaration that was part of the Zeus case. “The operators would change the payroll beneficiaries from legitimate hospital employees, such as doctors and nurses, to ‘money mules’. These co-opted transactions have been for substantial amounts; the stolen hospital payrolls were typically in the hundreds of thousands of dollars.”

Readers in search of a deeper dive on a particular topic might want to explore books such as Cybersecurity and Cyberwar: What Everyone Needs to Know by PW Singer and Allan Friedman. But if you are looking for an introduction to cyber attacks, and why it is so difficult to stop them, Cyberphobia is a useful place to start.

http://www.ft.com/cms/s/0/7644d014-57a9 ... b37f2.html

[Lance]

Many thanks, John - and very interesting. Looks like we are all vulnerable. Get one fix to protect us and the hackers figure out and it goes in circles.