Their opinion: The risk of ignoring cybercrime


The Times Record of Brunswick (Maine), April 16, 2014

We as a nation are more wired than ever. That's not necessarily a good thing, but it is our reality. We conduct a great deal of business electronically -- everything from paying the electric bill, to ordinary banking, to checking our retirement accounts, to submitting our tax returns, to applying for student aid, to buying books and clothing, to renewing our driver's licenses.

In short, we're doing everything we can possibly do to say to the average computer hacker, "Please, take my identity. And while you're at it, please clean out my bank account and cash my tax refund check."

Case in point is the newest national nightmare, the Heartbleed bug, which affects the OpenSSL software.

OpenSSL is software that encrypts your data when you are doing something like ordering rose bushes online. Under normal conditions, your name and credit card number are protected from view, even by the person who is fulfilling your order. But the Heartbleed bug allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software, compromising the secret keys used to identify the service providers.

If a hacker has the key to a server used by an Internet merchant you are buying from, he has your credit card number and your secure number. And you may never know until you are wiped out, because the hacker can email you with comforting letters, as your merchant.

There are new fixed versions of OpenSSL, and service providers are slowly updating their servers.

Many consumers, however, are already at risk.

As servers change over to the "protected" version of OpenSSL, you will notice the Internet slowing to a crawl. The fix can't be rushed.

We've said before that Internet security may be the most serious problem we will face, fiscally, in this century. The real problem with Internet security is that it isn't, and has never been, secure. The Internet is a system based on trust more than security.

Many of us are still using outdated operating systems, too, which won't be supported anymore. And yet we're more plugged into the 'Net than at any time in our history, on multiple devices, any one of which could harbor a bug that could cheerfully deliver our identities and financial accounts to criminals who can deconstruct any virtual roadblock placed in their way almost before they can be erected.

That may not change how we do business, but it should serve as a wakeup call for us. As we traverse the digital landscape, we must be hypervigilant of the footprints we leave in our wakes ... footprints that may lead to our bank's doors.

If you use online banking, change your passwords regularly. Try to do as much business as possible in person, rather than online. Don't trust online communications; insist that your bank send you paper statements, as inconvenient as they are.

If you use online merchants regularly, consider purchasing gift cards for those merchants in cash. That way, if you get wiped out, it will only be to the extent of the amount on the gift card.

Do regular shopping and pay bills with cash or personal checks, rather than a credit or debit card.

It may be hard to go back to what will certainly seem like a poky way of taking care of business. But it's essential that we understand the risks we are running if we ignore cybercrime.


If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.

Powered by Creative Circle Media Solutions