Journalist Kurt Eichenwald has epilepsy. So, when he received a tweet with a GIF of an active strobe light in it, he suffered a seizure and subsequent health challenges. The incident led to an FBI investigation and an arrest. According to The New York Times, 29-year-old Rayne Rivello has been charged with criminal cyberstalking with the intent to kill or cause bodily harm. If found guilty, he could spend up to a decade in prison.
James Stanger, senior director of products for CompTIA, said that as more people share personal information online and as criminals become more sophisticated about their attacks, we can only expect to see more cases like this one.
“We are all exposing an enormous amount of information onto social media and the web,” he said in an email interview. “As a result, it is much easier for people to create directed attacks that are designed to steal information, compromise essential accounts (e.g., banking and work), as well as wage actual harm.”
As cybersecurity experts consider how and what information is exposed for public consumption in a world that increasingly uses social media for business, a new question being asked is: is yesterday’s mail bomb tomorrow’s tweet?
Hacking as a Service
Because this current case tests the legal definition of terrorism in the digital world, the verdict will ultimately offer insights into how best to prepare for virtual assaults that carry physical consequences. While many online attacks have resulted in very real effects over the years (like interfering with air traffic control or a city’s electrical grid), this case makes the attack more personal and – at worst case – could result in death.
Stanger said there’s been a notably rise in new and evolving forms of cyberwarfare in recent years. Issues like Distributed Denial of Service (DDoS) and ransomware attacks have become headline news.
According to John Dvorak, who until recently worked for the FBI, ransomware-based attacks have become a $1 billion dollar a year business.
“Many organized crime groups offer ‘hacking as a service’ these days,” Stanger, said. “To wage an attack, it is no longer necessary to become a technical security whiz.”
Prevention as the First Line of Defense
The threats will teach us more about how we all want to be interconnected but don’t want to deal with the ramifications. We all want the right to be connected, but few people want to take responsibility for doing so in a safe way.
Because cybercrime is a readily available avenue to anyone with a grudge, more people and companies are likely to be targeted. It begs the question to about what can realistically be done to prevent attacks. How can IT pros prevent the average online troll from becoming a cyberterrorist?
“Clearly, we need to adopt different ways to solve this problem,” Stanger admitted. “The answer is twofold. First, we need to educate everyone on how to properly use today’s technology. Second, we need to equip people with the right tools and techniques to keep data private and to keep themselves secure.”
For example, the ability to perform context-based filtering of any active content received online will likely be an important tool. If someone has a problem with a strobing app, for example, then the device will be able to block it before it can do damage.
“End-user education is a major part of this issue,” Stanger added. “The other is making sure that our essential systems (i.e., internet backbones, storage, web servers and cloud services) are properly resilient.”
Going Beyond Password Protection
To properly secure their systems, IT pros should consider the following:
- Have you implemented proper backup and storage that can help against a ransomware attack?
- What kind of network and ISP redundancy do you have in place that can help make a network resilient toward a DDoS attack?
- How much do you know about multifactor authentication and encryption that can help thwart the most obvious attacks?
Beyond simply passwords, applications using fingerprints and encryption can help protect data from being exploited.
“You can’t have privacy without understanding security, including authentication, encryption and backups,” Stanger said. “The threats will teach us more about how we all want to be interconnected but don’t want to deal with the ramifications. We all want the right to be connected, but few people want to take responsibility for doing so in a safe way.”
Stand Up to Cybercriminals
Stanger said reporting attacks, like cyberstalking, is also important.
“Criminal issues involving child pornography, body shaming and any form of bullying should be reported to law enforcement,” he said. “Responding to an attack by trying to conduct a counter-attack or resorting to social media is a huge mistake. Even if you’ve been attacked, if you act unwisely, you can yourself be accused – justly – of conducting an illegal attack.”
On a larger scale, many governments and corporate entities are sharing their experiences. The concept of information sharing has been around for years, of course, but major companies (from Microsoft to Cisco) are using it to create better overall security protocol.
“This past year at the RSA Conference in San Francisco, these organizations told the 40,000-plus attendees that they’re serious about information sharing,” Stanger said. “The idea is that as everyone starts telling each other about attacks, we can all learn and respond better.”
Natalie Hope McDonald is a writer and editor based in Philadelphia. She can be reached at www.nataliehopemcdonald.com.