Saturday, December 07, 2013

Open Sesame: Keylogging & Password Discipline

This week it's been reported that hackers have stolen almost two million Facebook, Twitter, Google, and Yahoo accounts among others. Cyber security firm, Trustwave, reports a major breach of a number of computers around the world via keylogging software unknowingly installed on the computers. Trustwave has so far tracked this hack to a proxy server in the Netherlands, which has compromised the credentials of over 90,000 websites since the end of October. Since the cyber-security firm could only trace this breach to a proxy, this hacking campaign may still be ongoing.

Yes, the brunt of this particular hack seems to have targeted social media and personal accounts, however keylogging has much bigger implications than inconveniencing your latest tweet or status update. The potentially troubling reality of keylogging can have disastrous effects outside of social media forums that the general public does not seem to recognize. Keylogging is just one facet of humanity's newest threat--cyber warfare--that can take down critical infrastructure. It is more than just stealing a password, infiltrating code can endanger any unit or control system connected to the Internet. We are in an age where an IP address is now a vulnerability.

For this particular case, the virus is basically hidden; it runs in the background of your computer, so finding out if you are a victim might not be enough. Just in case, experts suggest updating your antivirus software and to download the latest patches of your browser, Adobe, Java, etc. On top of that, change your passwords! For passwords to be the key to individual privacy in many cases, not much ingenuity is put into their creation, which ultimately makes them more susceptible.

While highlighting this most recent publicized attack, it is important to state these hacks are not new. What is more important is how to better safeguard yourself, while experts concern themselves about protecting the nation's infrastructure. In fact, as one op-ed piece suggests from the Christian Science Monitor, computer security now falls under parental responsibility. In such a technology driven culture, it is a lesson that should be no different than looking both ways before you cross the street. However, password discipline is not something just the younger generation lacks, it is a weakness across all age groups.

Even so, complicated and/or unique passwords may not be enough, and many sites, like Google, are moving to a two-step verification process. While responses like this from sites is all fine and dandy, when will it end? How many steps will this verification rise to? Is the switch to all biometric validation in the near future? After all Apple seems to have introduced the idea with its' new iPhone 5s. It does remove the daunting task of having to remember the myriad of passwords an individual may accumulate over time. Cyber is the future, and only time will tell.

No comments: