Editorial: Cyberspace is ever more dangerous
No back alley in Sherlock Holmes’s London had more pickpockets and thieves than the internet, as countless computer users have learned. These include Don Brueggeman, owner of The Works Bakery Cafe on Main Street, who discovered that credit card information belonging to his wife was stolen. An unknown number of the seven-store chain’s customers may have had information stolen as well.
As more and more of life is conducted online, it’s easy to become complacent about internet security. Brueggeman’s experience should remind everyone in business, large or small, and all computer users that, in the words of an FBI expert who spoke in Nashua last month, “If you are online, you are being probed.” Someone, somewhere, is trying to collect information about you or your business, often with larceny in mind. Their attacks are waged with computer codes, phalanxes of ones and zeros that speed down cables or fly through the air, that steal credit card numbers, birth dates, Social Security numbers, trade secrets and other information. The attacks are launched by petty criminals who purchase “how-to” kits online and by the governments of foreign nations.
Because they tend to take fewer precautions than large enterprises, small businesses are a favorite cyber-criminal target. But major corporations and government agencies are also frequent victims. In the same week that The Works discovered it had been hit, The New York Times revealed it had been subjected to a four-month attack by hackers in China who appear to be linked to that nation’s military. Also last week, the FBI, U.S. Department of Justice and New York’s U.S. attorney unsealed the indictments of three men who successfully infected more than a million computers across the world and gained bank information that allowed them to steal tens of millions of dollars. The men, a Russian, a Latvian and a Romanian, were all in their 20s.
Last Thursday, Homeland Security Secretary Janet Napolitano told members of a Washington think tank that a major cyber attack on the electric grid and other infrastructure systems could occur at any moment. She wants Congress to give government the ability to share information with and require information from private-sector businesses whose operations are critical to the infrastructure and set cyber security standards. That task will require a delicate balancing of the right of business to be free of needless government regulation and protection of public security. In an ideal world, business would meet tough cyber security standards voluntarily. We hope not, but with national security and perhaps thousands of lives at stake, government intervention may be called for.
The hackers targeting small businesses like The Works, or who use spam, phony contests and other means to surreptitiously install spy-ware on personal computers, may not be as sophisticated as the ones who attack banks and government agencies, but they are relentless and ubiquitous. The only way to thwart them with certainty is to avoid banking, shopping and other such activities online and to pay with cash instead of credit cards. Most people would find that impractical, so computer security experts suggest ways too numerous to fit in this space to reduce one’s odds of becoming a victim. Many of them, like making passwords long and complicated and changing them frequently, are things most computer users already know. The trick is to do them. So this week, read up on how to go online without losing your wallet and tighten up security. We plan to.