Author Bio: Vonetta Logan is a financial news reporter for both tastytrade and dough (tastytrade's sister company). After being hired on to our team, Vonetta wanted to find a way to inform consumers and investors about the consequences/repercussions that current events and trends have on the financial space. 'Nailed It!' is a satirical segment created to do just that.
On this week's episode: Large-Scale Hacking
Sup, losers? I’m Tastyhax, showin' you all of my killer hacks. I’m using a TOR-enabled Linux live system and switching exit nodes every 10 minutes, like a boss. Gonna launch an attack that is straight fire by using metasploit to spawn a shell on their server. I exploited a flaw in the website’s search feature to gain access to their network. Got the user name from this total n00b who works in Accounting, posts all over social meds how he loves the Bears. Brute force password attack, password BearsLover 69... and I’m in.
Cyber security is an unregulated, incestuous marketplace where corporations are using outdated systems to cut costs, security companies are inventing new threats to sell services, and your data is being sold to the highest bidder. Run my theme sequence!
Let’s talk about cyber security. If you have a credit card, your information has been compromised at least once. 50% of Americans had to replace a credit card this year. The twin factors of fear mongering and a constant stream of stories in the media creates an environment where we are freaked out, while at the same time too desensitized to do anything. We’re at peak zeitgeist. How about a laughably bad $80 million dollar Michael Mann film about hackers? Does that scare you?
Oh no! Sell everything! Bury it in the yard. Pa, get my shovel! What if everything that we’re being told about cyber security from the steps companies are taking to protect us, to the threats security companies say are imminent, all the way to the “protection” consumer fraud companies promise us is all false? Error 404: truth not found!
Last year, 552 million people had their identities stolen globally. The cyber security market will be a $155 billion dollar industry by 2019. No one batted an eye when a tiny firm called Hold Security said they had info on the largest hack ever. When Hold Security put out a press release about the attack with no identifying details, they also attached an ad for their $120 yearly service to find out if your site was affected. Yo, that’s some racist shit. Ma’am, what did the hackers look like? Um, I don’t know it was really dark, I think they were Russian? To this day, there has not been a data dump of the 1 billion files. They’re not the only ones peddling fear, check out Wall St darling FireEye.
First of all, if you’re going to call your team "first responders," ya’ll better have a truck that has lights and sirens on it and a friggin' dalmatian or that’s a hell of a disservice. Since their IPO last year, FireEye has been aggressively marketing their security services. The company’s stock went from $100 a share to $30 because lab tests of their products were shown to be about as effective as trying to teach teens abstinence: both allowed back-end breaches. FireEye’s now warning companies that hackers are using stolen data to trade stocks. Pretty sure they’re just pulling security threats from old Jean Claude Van Damme movies. Fear works, because right before the huge Target hack, Target wrote FireEye a $1.6 million check to upgrade their system.
So, your first line of defense is to call India? "I’m sorry, I could not solve your hacking issue today, but how would you rate the quality of the service on this call?" Target’s reactive rather than proactive approach is estimated to have cost Target $100 million dollars. Ousted Target CEO Greg Steinhafel was fired - hooray! - but on the way out, he pimp-walked away with about $61 million in severance and stocks. Companies should have proactive plans in place to test their systems as well as concrete steps to take in the case of an actual attack. Don’t pull a Home Depot.
At the time of the attack, Home Depot was using Microsoft Windows XPe software from 2007 and was probably relying on Clippy to scan their network. ("Would you like to search for virus?") In 2012, they hired an IT security architect. But he was convicted of sabotaging network security at his previous employer and sentenced to four years in prison. Bob DeRode,s who was CIO of Home Depot from 2002 to 2008, retired before the big breach, but using Windows and not having a breach plan was his legacy. But DeRodes is back on the scene for a shiny new job.
Only in America can a guy who screwed up one company get a second chance to screw up another. I know it’s gonna sound like I’m a member of the foil hat club, but check out this sketchy mess. DeRodes belongs to a group called the Research Board. They’re a secretive think tank whose roughly 100 active members are the CIOs of the world's most profitable companies. They meet in secret 3 times a year and quietly plan the future of technology. (Aw, that’s sweet - you thought companies really cared about you!) But it’s not only corporations and security companies that wanna make that paper. Now hackers do too.
Finally, a hacking group with a business plan. Nice to see some entrepreneurship. Threats are coming at us from every angle! We’re at threat level Midnight, people!
Okay, threats to our personal data are real, except when they're not, and companies are doing everything they can, except when they aren’t. Here’s how we fix everything:
1. You can do all the stuff services want to charge you for. Get a free credit report from a site like creditkarma.com to look for shady purchases. (When did I buy a tanning bed? Seems wrong.) Also, check out optoutprescreen.com - get rid of pre-screened credit card mailers. Finally: change your freaking password! Use a password manager. There’s a bunch of good ones. Also, enabling 2-factor authentication on your social accounts and your cell phone is a great way to protect info and those questionable selfies.
2. Corporate competition: Patronize companies that have your interest at heart. Chip and Pin cards are coming by 2015 and while the tech is safer, it's not foolproof. Google's Project Zero identifies security holes and calls out companies that are vulnerable. Good! And the president wants companies to self-report hacks within 30 days - but did you know that by the time hacks are found, intruders have been in the network for an average of over 200 days? Accountability and transparency are steps in the right direction.
When it comes to your personal information, companies literally live by the mantra "If it ain't hacked, don’t fix it." Take an active role in managing your data. Set alerts, be smart and don’t believe everything you read. That’s how you crack the hack. Nailed It!