13 July 2016

THE ART OF (CYBER) WAR

BY NEWSWEEK SPECIAL EDITION 
12/27/15 

The newest battleground isn’t on land or by sea—it’s over bandwidth. And everyone is susceptible to attacks. In July, the federal government database was hacked, and 21 million government employees’ information was published. Cyber warfare has emerged as a new threat in a short period of time, with countries such as China, North Korea and Russia emerging as threats to our nation’s cyber security. By 2018, the U.S. Department of Defense plans to roll out a new cyber defense program that includes creating a task force aiming to protect America on all sides from cyber terrorism to intellectual property attacks. by Assistant Editor Alica Kort.

There's no doubt technology has made our lives easier. With one click or touch of a screen, you can buy a Babybjörn, set up an apartment viewing or lock your front door from miles away. But having everything at your fingertips comes with a price: your security.

According to the Identity Theft Center, 641 data breaches happened in 2015 alone, making private information very public. In 2016, these breaches will likely become even more commonplace. Some airing of information is done for the greater good—call it “hacktivism”—but most data leaks are done with malicious intent. Corporations lose billions of dollars as well as the trust of their customers when their security is compromised. Meanwhile, cybercriminals run rampant online, using stolen credit cards to make off with millions of dollars. Most businesses don’t have the means to detect fraud, so they’re turning to cyber security companies in Silicon Valley. "I believe that data breaches are a fact of life, and they’re going to happen," says Jason Tan, CEO of Sift Science. “Ten years from now, my social security number will be floating around on the Internet somewhere. As unfortunate as that is, we need to prepare for that inevitability so that just having someone’s social number is not enough to steal someone's identity."


Tan’s company uses machine-learning to detect and ultimately stop online fraud. These machines analyze thousands of patterns in data to look for warning signs to detect fraud in nanoseconds. “We thought, ‘Why don’t we make this kind of technology that Amazon and Google use internally accessible, so that everyone can benefit from a world-class anti-fraud system built using the latest technologies?’ ” Tan says. “Under the hood, we offer a large-scale, machine-learning system.”

Let’s say a fraudster makes a purchase online with your stolen credit card number on a device in China with a new email address: alex6123@yahoo.com. Sift Science algorithms reveal that email addresses with several numbers are usually fraudulent. This flag, combined with the fact that the website has already associated your credit card info with a different email address, would be enough for Sift Science’s program to decline the sale.

But the machine-learning technology cannot go off of one signal to stop a purchase, or every Internet purchase would be shut down. “It’s never one signal that’s a smoking gun,” Tan says. “The advantage and power of the machine-learning system is that it’s looking at everything in parallel. Just like a good detective would not just make a decision on any one clue, it’s looking at the clue and the context of the big picture.” 

Sift Science uses its machine-learning technology to adapt to each specific business whether it be an airline or a company that sells shoes. They can detect fraud patterns by looking at addresses, the shoe size of the buyer and the device used to purchase it.

As businesses continue to lose money due to cybercrime, law enforcement has an equally vexing problem: how to bring the culprits to justice. Often the perpetrators are in other countries, and, according to Tan, law enforcement is not likely to work with other governments unless billions of dollars have been lost. Hackers and fraudsters chip away hundreds of dollars at a time, so by the time it happens, it’s too late and costly to pursue one perpetrator. But with the government’s announcemed plan to overhaul the United States’ cyber security plan, there soon might be a way to prosecute cyber crime. 

Keeping people protected is moving to a new battlefield in 2016: your smartphone. Mobile is the primary way users access the Internet now, so mobile phones are a target to hackers and fraudsters. Lookout, founded in 2007, protects more than 70 million users from fraud and takeovers. 

Lookout co-founder Kevin Mahaffey makes his predictions for 2016. “A lot of the world will move onto mobile devices like iPads,” he says. “The traditional PC is not going to go away, but it’s going to become less important.” As a result of this migration to mobile, hackers have infiltrated the Apple App Store. A seemingly innocuous app you download to pass the time on a flight could be malicious and capable of distributing all the data, passwords and bank account information you’ve stored in every app on your phone before your plane lands.

Hackers can even target phones distributed to specific companies’ employees. “We believe the bad guys will go directly after iOS devices, because iOS is popular amongst enterprises,” Mahaffey says. Corporate data can command a hefty price on the black market, but so can your information. Lookout protects big businesses and small families in equal measure.

“We have tools that if somebody steals your phone and they enter the wrong password too many times, it’ll snap a picture of them using the front-facing camera and email you a picture,” Mahaffey says. 

Knowing the identity of your phone thief is paramount. If your phone has certain apps—like the one you use to unlock your smarthome or Google Maps, which can tell you how long it’ll take you to drive to your house from any location—the person who stole your phone now has a key that’ll lead them directly to your front door.

As we become more reliant on our phones, our lives will become compromised by them if they fall under the control of the wrong people. As a result, cyber security will boom in 2016, and according to Tan, thousands of jobs will be created in the next few years as Americans become more aware of the need for cyber security. You should be among them.

THREE WAYS TO PROTECT YOURSELF FROM FRAUD 
Password protect your smartphone. If your phone doesn’t have a password, thieves can access all the apps you are logged into and steal your identity. 
Don’t trust everything in your email inbox. Phishing, an attempt to steal information while masquerading as a reputable source, is going to become more prevalent in 2016, Jason Tan predicts. 
Check your credit card statements. Banks usually catch large fraudulent purchases, but fraudsters often attempt to make small purchases to check to see if your card still works.
THE MANY-HEADED SERPENT OF CYBER THREATS

According to Kevin Mahaffey, co-founder and CTO of Lookout, “cyber security is such a hard space because it’s not just one type of person attacking, it’s actually tons of different people.” Here’s a short guide to online threats.
Cyber crime: Private culprits who are after money. Organized criminals are responsible for 70 percent of the world’s cyber crime.
Cyber war: Governments that seek to cause destruction to other governments through the hacking of government databases. Governments can learn about secret operations and employees’ personal information. 
Cyber espionage: Governments that are after some form of information about other governments. 
Cyber terror: Non-state actors that seek to cause destruction by using computer viruses.
Cyber vigilantes: Non-state actors, such as Anonymous and WikiLeaks, that seek notoriety or want to make a social or political point

This article was excerpted from Newsweek's Special Edition, 2016: The Year Ahead, by Issue Editors Tevor Courneen and Alica Kort. For more to come in 2016, pick up a copy today.

No comments: