There is a massive risk that the United States faces in the area of cybersecurity.
Whether it’s the internet, banking, or warfare, ransomware attacks and security breaches have threatened the everyday lives of unsuspecting individuals. Not only are enterprises and governments targeted, but in the nation’s ever-growing dependence on technology, there may be no entity in the future that will be safe from hackers, even you and your family. Students at Georgia Tech are also receiving phishing emails that appear to be sent from other students. However, many of these assaults can be mediated and even prevented. For these reasons, it is vital to examine cybersecurity pandemics that have occurred in the past, identify vulnerabilities that remain unresolved today, and implement preventative means to protect private individuals, companies, and the government.
Types of Cybercrime
Cybercrime can take place in several forms. Ransomware, when accidentally downloaded by the user from an email or website pop-up, encrypts the user’s data and threatens to delete it unless a sum of money is paid. The most infamous case of ransomware is the WannaCry attack of 2017, which infected hundreds of thousands of Windows machines worldwide. While ransomware promises to release the data after the ransom is made, it is sometimes unrealistic for exoneration. After the WannaCry pandemic took hold in the personal computers of many, a payment was requested in the form of Bitcoin. However, due to the large influx of individuals making the payment expecting to have their files returned, the hackers could not effectively remove the encryption for everyone, and many were left scammed.
Identity theft is more prevalent than more people are willing to realize. Many citizens believe that he or she is not high-profile or monetarily worth enough to warrant someone wanting to steal his or her identity. However, the U.S. Bureau of Justice Statistics reported that in 2014, 17.6 million Americans were victims of identity theft, and in 2018 that number grew to 23 million, 9% of United States residents over the age of 16. These statistics have not been updated for 2020. Notably, half of all identity theft occurs in small amounts of less than $300, but collectively totaling to billions stolen every year. In 2018, this number was $15.1 billion.
This is likely attributed to criminals withdrawing everyday amounts of money over prolonged periods of time to avoid being detected. When the victim realizes charges on a credit card he or she did not make, it can be too late to contest the authorizations with some companies. Often, only half of all financial and credit problems related to identity theft are resolved in one day or less. According to consumer.gov, someone with your name and information can also open new credit cards in your name, begin phone, electricity, and gas accounts, steal tax refunds, get medical care, and pretend to be you if they are arrested.
The stability of the nation is at stake when it comes to cyberterrorism and cyberwarfare. Melissa Higgins and Michael Regan are contributors to the book Cybersecurity which analyzes how the history of technology is related to international cyber threats and political turmoil:
Two significant cyberattacks took place in 2013. In May, the U.S. Department of Defense reported hackers from China accessed plans for advanced U.S. weapons systems, including the Patriot missile and F-35 Joint Strike Fighter. Also in May, hackers, with support from the Iranian government, targeted U.S. oil and gas companies. In November 2014, the hacking of Sony Pictures led to the theft of employee information, emails, and thousands of documents. Following an investigation, the FBI linked the attack to North Korea.
These attacks can be traced to be in conjunction with the tension between undemocratic nations and the strongarm of the democratic United States. At the time, sanctions were being placed on Iran due to the Iran Nuclear Crisis, and their oil competed with increased fracking in the United States. Sony Pictures produced The Interview, which mocked North Korea’s communist government and leader.
Cybercrime Techniques
Criminals can employ a multitude of techniques to commit a cybercrime. One’s identity, for example, can be stolen by searching through a victim’s trash or by taking mail, a wallet, or a purse. Nevertheless, there is a multitude of ways to steal personal information, including reading posts you've made online to find answers to popular security questions such as:
What is your mother's maiden name? (Simply search for family pictures and tags)
What is the name of your favorite pet? (For heaven's sake, some people have this tattooed on their arm)
What was the name of your first Boyfriend/Girlfriend? (Unless you've blocked them, this also can be easy, checking photos from school dances)
What was the make of your first car? (Remember that photo your mother posted of you and your new driver's license?)
What high school did you attend? (Come on, man!)
The truth is, these questions were once perfect for adults when first going online 15 years ago (Facebook was founded in 2003) when this data was much harder to delineate. Now, with more and more young people documenting their entire lives online, these questions pose a much greater risk.
Unfortunately, as technology develops, new advanced and deceiving avenues for theft are created. A popular technique is phishing: a malicious link sent in an email or a web pop-up can be disguised as a banking or vendor's website and trick users to 'confirm an account' that, when clicked, secretly downloads a trojan horse program, or to 'log in,' in which case the hacker has the user's bank account password. These traps can result in severe losses for a private citizen or even the company they work for. An employee in the finance department of a large corporation may receive an email from 'Rick from I.T.' that requests him to update Google Chrome by clicking the attached pdf document. Instead, a hacker can install a keylogger software that tracks log-in credentials to the company's payout database and begin making withdraws.
At Georgia Tech, phishing has become increasingly prevalent in students' emails. The message often appears to be sent from another student or professor offering a too-good-to-be-true job opportunity or from OIT that the mailbox is full. As students get better at identifying these phishing emails, they will inevitably become more clever and tricky to spot. The best litmus test is by checking the email header. Unsophisticated phishing emails may have been sent to multiple recipients. Checking the email of the sender may also raise red flags. It's always best to verify the email's integrity or to report suspected phishing by forwarding the email as an attachment to phishing@gatech.edu.
Prevention
Perhaps the most challenging aspect of battling cybercrime is achieving international cooperation. Jurisdiction is questioned when the criminal works overseas and the crime occurs on the other side of a border. Authorities struggle to pinpoint these criminals' locations, and foreign privacy laws can prevent investigative forces from obtaining incriminating details. To properly crush these attacks, international treaties must be agreed upon that encourage international cooperation.
Private companies may require employees to complete some degree of cybersecurity training, hire a third-party cybersecurity as a service firm, or even institute internal departments for combatting cyber threats. These teams are tasked with implementing solutions that will protect the employees from harm without compromising the user's efficiency by making the technology slow or inconvenient.
An overwhelming amount of cybersecurity vulnerabilities can be prevented by personal means. Simple practices such as shredding and electronic transfer of bank statements can deter dumpster rummaging and mail theft. Personal data can be backed-up on separate hard drives to lessen the impact of a ransomware attack. Antivirus software is often qualified as a small investment with a significant return. Additionally, users should use good judgment when using the internet and always check for legitimacy before opening unusual links.
Strong passwords that are unique and unintelligible most effectively protect user data. The best form of password security is using a password manager that generates different and complex passwords. However, if you use several devices or shared computers, it may be a hassle to look up a password every time you log in. Instead, try employing a simple trick to make strong and memorable passwords. Take any phrase you would use as a password and determine how it could be scrambled in a human-readable way. Letters can be substituted for symbols, numbers, and other letters. For example, an easily guessable, weak password such as SmithFamily08 can become $m!ThF@m1LeeOh8 for improved security. Passwords with various upper and lower case letters, special characters, and numbers better withstand brute-force hacking techniques.
Remember those security questions from earlier? Try to choose the more challenging questions like these:
What is the name of your oldest cousin?
Where were you when you had your first kiss?
What was the name of your favorite stuffed animal?
In what city did your parents meet?
Who was your favorite teacher senior year?
These questions are improbable to be answered using your online footprint while also having static responses, meaning that your answer will not change over time. BeyondTrust.com suggests these additional tips: when choosing from a list of security questions on a new account, try using questions you haven't used elsewhere. When answering them, consider writing them in a password format and not in plain English. For instance, if your parents met in Nashville, Tennessee, you could write the response as "N@$hv!1le, T3nne$see", which would be much more difficult for a hacker with this information to solve.
And yes, this article wouldn't be complete without plugging multi-factor authentication (MFA or 2FA). As Georgia Tech students, the Duo authenticator application has become ubiquitous in our day-to-day lives. While annoying to grant access from your phone every seven days to log in to the Gatech single-sign-on server, this may be one of the most simple and effective means of security today. MFA apps such as Duo can also be set up for social media, banking, email, Google, and many more online accounts that may store your sensitive information. If using an app is cumbersome, even setting up texting a one-time password (OTP) to your phone will do the trick. If you begin receiving unsolicited MFA or OTP notifications, you know which passwords have been compromised and need to be changed. Because you didn't approve the request, the hacker cannot access your account.
Cybersecurity will continue to be a major concern of individuals, companies, and the government.
Every year, more and more components of everyday life become reliant on technology and therefore are vulnerable to attack. Losses can be large, but attacks can be prevented by individual means of protection and discretion.
Companies can ensure protection by emphasizing cybersecurity for employees and in the budget. Internationally, peace must be ensured between rivaling governments to fight cybercrime to protect national databases and private citizens. //
Nathaniel Greve
Author's Note: After completing this article, I have realized that it may have been better to have released it in parts, as there are so many important aspects to cover about this issue, especially how it has recently affected students. Nonetheless, if there is something I missed, please send me a message through the contact page.
Did I make an impression? Did I leave anything out? Voice your opinion by sending a letter to the editor or submitting a counter-point as an article on our Contact page! I look forward to hearing what you have to say. Let's make political discourse civil again.