The recent hacker attacks against The New York Times and Twitter are a reminder that the Internet has become a battleground for global conflict with businesses and consumers as collateral damage. It doesn’t matter whether the “Syrian Electronic Army,” which took credit for the attacks, has anything against those organizations. If its goal is to have maximum impact and get lots of attention, than going after a major media company or a highly popular social networking platform is certainly an effective tactic.
No one died in these attacks and, for the most part, there is little risk of loss of life from hack attacks as long as they’re are aimed at websites or social networks. But the millions of people who depend on those services for news, information or, in some cases, their livelihoods were impacted. And it brings up worries about possible cyberattacks on our physical infrastructure, such as power or water treatment plants, hospitals, transportation systems and emergency services as well as possible disruption of banking and financial services. Security researchers have even demonstrated how it’s possible for attackers to break into home security systems or — worse — attack implanted medical devices such as pacemakers and insulin pumps, so its not out of the realm of possibility for cyberattacks to be deadly.
It also reminds us about how our world continues to shrink. Like anyone who keeps up with the news, I’m of course aware of the fighting in Syria. But Damascus is nearly 7,400 miles from where I live, and as concerned as I am about the tragic loss of life in that country, the chemical weapons, bullets and bombs in Syria don’t affect me directly. Yet, the inability to access The New York Times or Twitter — however inconsequential as that might be compared to the loss of life and property suffered by people in Syria — is still something that impacts us directly. And that’s precisely why a party to that conflict might want to go after these highly visible targets that are used by millions of people around the world.
The motivation for going after The New York Times is pretty obvious. It’s not only a very popular website, but also a symbolic target as “the paper of record” here in the United States. An attack on that or any other major news outlet is certain to be noticed not only by those who can’t access that site, but by other news organizations as well as policymakers.
Twitter is not only popular, but has become an important breaking news source for millions of people and an essential megaphone for politicians, governments, influential pundits, businesses and news organizations. In some ways, it’s like those old Associated Press and United Press International terminals in newsrooms where bells would go off when a major story broke. But instead of just reaching journalists, Twitter reaches millions of people directly and instantaneously.
When AP’s Twitter account was hacked in April with a fake report on President Barack Obama being injured in explosions at the White House, the reaction was swift and profound, including an immediate 100 point drop in the Dow Jones industrial average, which quickly recovered after it was revealed to be a hack and a hoax. No one was physically harmed by that attack, but for people and institutions that sold stocks on the news and bought them back later at a higher price, the financial damage was real.
The day after the Times was attacked, a friend who works for one of the major Internet security companies said that the attack on news organizations reminded her of the early days of her industry, when computer security companies like McAfee, Symantec and Trend Micro were mostly combating computer viruses designed to disrupt and get attention. Today, she reminded me, most online attacks are financial crimes designed to steal people’s money or identity. To be most effective, those attacks are stealthy and quiet to attract as little attention as possible. The attacks on the news organizations and Twitter were just the opposite.
The take-away from all this is that media companies, social networking services and everyone else need to do all they can to shore up security.
I’m sure that the IT staff at The New York Times and other large site operators are huddling to figure out what they can do to prevent future attacks and I know that Twitter has recently beefed up its security by offering users the choice of employing two-factor authentication that makes it a lot harder for unauthorized people to sign-in to their accounts.
What you can do
The rest of us can do our part by making sure our passwords are secure and by being careful about falling for phishing attacks and other schemes to trick us into revealing our login credentials and personal information. None of that will eliminate risk, which is part of every aspect of life. But, like wearing seat belts and driving carefully, exercising caution with our use of technology will reduce chances of something bad happening.
This post adapted from Larry’s San Jose Mercury News column