The past few years have been bursting with disclosures and leaks regarding internet security flaws, cyberattacks and global cyber terrorism. Recent current events, specifically the wide-spread WannaCry attack, WikiLeaks disclosures and the 2016 elections, have thrown into question the security of the internet of things that has become a way of life for much of the developed world. The global internet crisis requires us to collectively direct our resources towards viable solutions to the internet security problem rather than allowing certain groups to hoard internet exploits for their own personal gain. The public disclosure of the inner workings of cyber terrorism is the first step in countering this cyberwarfare.
In the months leading up to the election, the public was bombarded with stories involving internet hackers and cyberattack scenarios. Some independent cyber groups managed to hack into voter registration files in several states, and recently a DHS official confirmed that at least 21 states were targeted. The worrisome hack-ability of electronic voting booths are comparable to the 2001 hanging chads disaster in Florida, and there is no doubt that the vulnerability will need to be addressed before the next major election.
On top of cries about a ‘rigged election’ and hacked voting booths, independent cyber experts gained access to the private emails of several DNC members and exposed the contents online. The most recent attack was so massive that it shut down 65 hospitals in the United Kingdom and caused one Los Angeles hospital to dish out over $17,000 to regain control of their systems. Hospitals, healthcare systems and voter registration information have been the main targets for cyber criminals this year, but the threat does not end there. As WikiLeaks and other independent news sources have exposed, even our vehicles can be electronically taken over. In our modern age of the internet of things, every device that can connect to the internet can potentially be hacked.
One of the most disastrous aspects about the ransomware was revealed when cybersecurity experts announced that the WannaCry attacks exploited a vulnerability that was originally discovered and well-documented by the United States National Security Agency. Instead of disclosing the vulnerabilities to Microsoft so a solution could be found, the NSA decided to utilize the security flaw for their own investigative purposes. In April of 2017, an online group of hacktivists labeled ‘ShadowBrokers’ gained access to sensitive NSA documents, leaked them online and gave cyber-criminals open access to some of the NSA’s most powerful hacking tools. This specific international attack was the result of a security exploit dubbed ‘EternalBlue’, and it is only one of hundreds of vulnerabilities that have been leaked online in recent months.
Adam Meyers, CrowdStrike’s vice president, explains that WannaCry is “a weapon of mass destruction, a WMD of ransomware.” The specific exploit is far from the only cyber-WMD waiting to be launched by hacktivists, cyber-criminals, terrorist organizations, intelligence agencies or other groups, so the real issue requiring our focus is how to protect our country’s internet security in today’s era of cyber warfare. Free information activists, such as WikiLeaks, argue that the complexity of cyber security necessitates a free flow of information.
Cyber security experts, criminal hackers and software developers are constantly discovering new security flaws. When one group hoards information, then the entire network becomes vulnerable to a cyberattack. Intelligence agencies like the CIA and NSA have failed to cooperate with tech-giants leaving major software developers in the dark about the serious security issues within their own software. The move ultimately caused various international intelligence agencies to lose control of their own hacking tools, and major tech companies still do not even realize they are vulnerable yet. WikiLeaks has been gradually releasing an extensive number of documents regarding a cache of CIA cyber weapons in hopes that leading tech-companies will identify and fix the problems.
Recent events have led many major tech-companies, like Twitter, to shift course and align in favor of free information. Judge Yvonne Rogers recently ruled in favor of Twitter in an on-going lawsuit against the Department of Justice, saying that current government policies hinder Twitter’s “ability [to] communicate truthful information to users of the online information platform, and potentially chill those users’ speech.” Twitter requested that the DOJ come forward with proof that disclosing surveillance protocols would threaten national security, but Judge Rogers felt the government failed to provide the evidence.
All the recent revelations exposing the fact that some of the most advanced intelligence agencies in the world are struggling to safeguard our nation’s cybersecurity should be an indicator to take extra precautions online. Every internet user needs to protect themselves by being overly cautious providing information online, never clicking unknown links in emails or social media posts and downloading malware and virus protection software. Another very important component to browsing safely is keeping your software up-to-date. The recent WannaCry attack infected Windows 7 and Windows XP devices, but that security flaw had already been patched with Windows 10. The problem was that most people never updated to the newest software, and remained unknowingly vulnerable.
Such crippling cyberwarfare is only expected to increase as technology continues to maintain a strong presence in our modern-day lives. Simon Crosby, co-founder of Bromium, agrees that as a whole “we are massively vulnerable to this, and every government ought to be freaking out about it because it’s the equivalent of nukes being in the hands of terrorists.” As a nation, we need to create a more open and honest way for cyber experts to inform large tech companies of potential vulnerabilities. As individuals, we need to take greater precautions with our online activity.
