Sunday, March 17, 2013

Hackers are having their way with us …

There appears to be little respect given to who is being hacked these days but the escalation of hacking cannot be denied. How long will it be before serious misadventure befalls NonStop and how prepared are we to would off would be hackers?

Springtime is almost upon us. That is, for those of us living in the northern hemisphere, with the coming of spring vendors begin the webinar season in earnest. I am already on the hook to provide a webinar late in March, and this morning I received another email reminder from comForte about an upcoming webinar to be given by my good friend and former colleague, Brad Poole.

This Wednesday, March 20, Brad will address the subject, Do you know who's doing what on your HP NonStop?  Please follow this link to register for the US session. The main discussion point will be on why SafeGuard isn’t enough and will include coverage of some of the latest comForte security products, including SafePoint/KSL (Key Stroke Logging) as well as SecurData/Audit. It is a very timely subject after all that we have read over the past couple of days.

By now, we have all seen the headlines about the hacking of the First Lady of the United States (FLOTUS), Michelle Obama. For the last couple of days there has been a lot of coverage over what exactly happened and who the likely candidate perpetrators were - for many involved, it was hard to dismiss what happened as some kind of publicity stunt. According to the March 13 article in The Huffington Post, Michelle Obama Hacked: First Lady, Celebrities Reportedly Fall Victim To 'Doxxing' the journalist wrote that “First Lady, Michelle Obama, is reportedly being counted among the victims in a string of recent high-profile personal security breaches. Financial and personal information, including social security numbers, bank accounts, mortgage information and credit card details, were "doxxed" (posted online) to a website ...”
In a separate article the following day, March 14, in International Business Times, according to quotes given to Associated Press, “LAPD police are also investigating the hack and described the process of posting information online of celebrities and public figures as “creepy,” before adding “The information posted online is illegal and possibly taken from a secure information database.”

In an unrelated story, financial television station CNBC reported, also on March 13, with the headline A 12-Year-Old Could Hack Most Companies: Expert. “As the White House meets with CEOs on the topic of cybersecurity, one expert said that even young amateurs pose risks to corporate computer systems and the U.S. economy. According to the report James Lewis, senior fellow at the Center for Strategic and International Studies, who advises Congress and the Obama administration on cybersecurity told all gathered for the meeting, "It's so easy to get into corporate networks that a determined 12-year-old with good Internet access could download the tools. Ninety percent of the successful attacks require only the most basic techniques. It's time to grow up and admit that the Internet is not a safe neighborhood and we have to do different things than just sort of go on assuming that it's blissfully safe."
If the timing of this article wasn’t strange enough, it was only the day before, March 12, that my own post to the blog ATMmarketplace You don’t have to get to the 6th grade to know that EMV is the smart thing to do!  was posted. In that post I reported from a recent event for the ATM industry, writing that “‘the good news is IT solutions are more sophisticated. The bad news is they're also more complicated.’ After attending the ATM Industry Association US 2013 conference in Scottsdale, Ariz., I could so easily add, ‘And the really bad news is that the bad guys understand all of this a lot better than we do!’ I may no longer be able to keep up with a 5th grader, but that doesn't mean I want their friends to be able to take my money from me!”

So we know bad guys are at work here. We suspect it may be the Russians this time who, along with others supposedly from China (but just as easily could come from any other former soviet satellite country), are turning hacking into a thriving industry. However, we also know that essentially it is a child’s play to crack most of today’s security deployments. In scenes reminiscent of Les Misérables has the time come when, with greater diligence, we should all be racing to man the barricades? All the while, we continue to read in commentaries and posts that for the most part, the NonStop community seems immune to what’s really going on.

To paraphrase American bank robber, Willie Sutton, who was reported to have said, “Why did I rob banks? Because that’s where the money is!” comForte marketing head, Thomas Gloerfeld, suggests something very similar. “When talking to our NonStop customers about security the driver for changing something almost always comes from outside the group of people that look after the NonStop. Times are changing in that, in the past, the NonStop systems were not the focus of security audits and the like but going forward nobody is going to get away with doing nothing or very little about security. Hackers will eventually realize what a (card data) goldmine sits on NonStop systems and that’s when security initiatives on NonStop systems and application will move forward.”

In two earlier posts to comForte Lounge, I quoted comForte CTO, Thomas Burg, who made similar observations. In the March 6, 2013, post
My NonStop system is hack-proof? He said “Unfortunately, the bad guys out there have all the time in the world and your data is virtual money to them.” A month earlier, in the February 27, 2013, post, How safe is your JukeBox? Burg had said,
“It will likely be internal agencies within a company that encourage and indeed fund more systemic approaches to security and we are seeing such changes already.”

Bad guys are out there. It will likely be others that encourage NonStop staff to look more closely at security. When it is the White House telling CEOs that it’s child’s play to break into their data centres and to take off with customer information, then I expect many data centre managers will be hearing directives from folks they had hoped wouldn’t become involved. Yet, it’s inevitable. NonStop users simply have taken charge and begin protecting themselves. They are out there, the bad guys, and unfortunately, as NonStop systems are most definitely where much of the (virtual) money is, they are coming soon!

No comments:

Post a Comment