Search This Blog

Monday, June 15, 2015

What You Ignore Can Hurt You

In the news this past week we learned that hackers — reportedly, Chinese hackers — gained personal information on all federal employees. The government document known as Standard Form 86 is submitted to intelligence and military personnel for security clearances. On those forms you might discover personal information about past arrests, financial trouble, mental illnesses, and drug abuse.

The names of relatives and other contacts are also listed. But a vital piece of data on the form is the Social Security number. Both the applicant and the “cohabitant” numbers are now on the market—somewhere. We believe at least one of our relatives may have had their information stolen.

This was the second security breach announced within two weeks. An earlier hack included federal personnel data. That one dates back to 2013.

Hackers can come in two flavors — good and evil. We hear frequently about the evil ones. Are there “good hackers”? Apparently so.

Check out HackerOne. They hope to persuade other hackers to cough up security flaws and get paid for their discoveries. The founders already have a proven track record.

A few years ago, young 20-ish hackers Michiel Prins and Jobert Abma made a list called the Hack 100. This was a target list of 100 high tech companies on which they would test their skills. Big name companies like Google, Microsoft, Apple, Facebook, etc. They found plenty of vulnerabilities and alerted the companies.

Interestingly, about a third of those companies ignored them. Another third, as reported in the New York Times, “thanked them curtly, but never fixed the flaws, while the rest raced to solve their issues.” No one got in touch with law enforcement!

Now, these two “gifted” hackers have found two others to form HackerOne. The firm intends to be the intermediary between companies that are vulnerable and the hackers who discover those vulnerabilities. As you can figure, the hacker then gets paid. HackerOne is getting LOTS of interested parties to their party. Call them the “good guys in the white hack.”

This reminds me of the movie from 2002, Catch Me If You Can. It is the true story of Frank Abagnale. Before he was even 19, he had conned millions of dollars by posing in various roles — including an airline pilot! His particular “gifting” was check fraud.

After a long pursuit from the FBI, Frank eventually turns himself in and goes to prison. And while there, he gets an offer to work for the FBI bank fraud department catching others in this game. He accepts, and that’s how he fulfills the remainder of his sentence!

Hackers catching hackers. Thieves catching thieves. Spy versus spy.

The lesson to be derived from my sharing this today is to be found in the “warnings” given when the two young Dutch hackers started their endeavor. Note that two thirds of the companies they contacted to warn of security flaws ... did nothing. Ignorance may seem like bliss, but ignoring what are clear warnings may be closer to stupidity. Or, said more nicely, foolishness.

The book of Proverbs offers much wisdom on the subject of the fool. In Proverbs 28:26 we’re told, “Whoever trusts in his own mind is a fool, but he who walks in wisdom will be delivered.” And Proverbs 14:16 states, “One who is wise is cautious and turns away from evil, but a fool is reckless and careless.” (Both verses from the ESV)

One more bit of advice from Proverbs, Chapter 14, verses 7-8: “If you are looking for advice, stay away from fools. The wise man looks ahead. The fool attempts to fool himself and won’t face facts.”

The Bible also tells us Jesus will return like a “thief in the night.” Unexpectedly to most. And the advice to the wise is simply, “Be prepared.”

Any questions?

That’s The Way WE Work. Click on the link to the right to connect via Facebook.

Catch “Let’s Talk with Mark Elfstrand" weekday afternoons from 4-6pm on AM 1160 Hope for Your Life. To listen to the live broadcast or a podcast of previous shows click here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.