In 2015, the Federal Communications Commission (FCC) approved a series of regulations that provided guidance to the way internet service providers (ISP’s) could treat all online traffic. The intent of the of the net neutrality regulations was simple: keep the internet fair and open.
The rules were designed to foster a neutral playing field for all internet content, identifying the internet service provider as the key component in the effort. The ISP’s were instructed to treat all online content in the exact same manner. The ISP’s could not intentionally speed up or slow down traffic to and from specific websites, applications, and, they could not position their own content in a more advantageous manner.
I attended an event recently and carried my laptop, which is sadly, very common. I brought the laptop for several reasons, but primarily to keep a work effort moving forward while I traveled. As I ate lunch in a large food court, a young man who sat near me approached. He pointed at the laptop and began a series of questions about the device, most of which seemed rather straightforward and obvious. In fact, he seemed to be winding up to something more pointed. And he was.
He pointed at the top of my laptop screen and simply asked, “And that – what is that?”
His curiosity and gaze were directed to a simple piece of vinyl electrical tape. The one-inch square is positioned over the lens of my laptop’s webcam.
First, what in the world are SOHO devices? Are they artisanal electronics fashioned in lower Manhattan by engineering artists? No. SOHO is an abbreviation for Small Office Home Office. The acronym is used to describe consumer electronics. In essence, SOHO devices are products that most consumers purchase from common electronics stores – think BestBuy, WalMart. The devices could be present in your home or small businesses. Also, some service providers will use SOHO devices for their customers.
The bulletin stated that hundreds of thousands of SOHO devices were compromised by foreign actors. Specifically, indications suggest that a group known as Fancy Bear may have been the originators of the attack. The hacking group is frequently associated with Russia, some suggest that the group is affiliated with the Russian government.
There are many questions about artificial intelligence. Among the questions are various approaches to assessing whether a manmade device is able to reveal intelligent behavior, the Turing Test is a popular approach. Software, well-designed and properly-scripted, can mimic human responses rather easily nowadays. In fact, the notion of impersonating a human via software is so common that we are often unaware that we interact with “smart devices” daily. From where does this artificial intelligence arise? Does the program, the device need to be self-aware, or, does it simply have to be so well-designed that it fools most humans? Do we need another test?
Exploiting the human during a cyberattack is common. In fact, statistically, over seventy percent of the reported attacks in 2017, occurred due to human error. Approximately half of those successful attacks exploited the day-to-day end-user, the remainder were errors by the IT employees.
Attacking the human is successful, in part, because of human nature. Targeting the good nature, curiosity, and, eagerness of a person is simple. We want to help, we want to engage with technology.
Starting June 1, 2018, private and public entities must establish reasonable data security measures and notify those affected negatively when personal data has been compromised. Despite Alabama being last to the data breach notification parade, our law has been described among the most stringent in the nation. From my personal experiences, I agree, Alabama’s law takes into consideration third-party service providers which many states neglect. Alabama’s inclusion of “third-party agents,” that is to say, entities contracted to maintain, store, process, or otherwise permitted to access sensitive personally identifying information in connection with providing services to a covered entity, is outstanding for Alabama’s citizens – there is no hiding, passing of the proverbial buck: if you collect electronic information from your customers, you are responsible for it.
What’s the solution? Regulation? Perhaps. However, I wonder if Facebook were to simply abandon the ad-driven model and go to a paid subscription model, what would happen? The issues with fraudulent accounts would be easier to address, age verification would be simple, and, you could get to what you want: sharing without the debris field of ads and weird news feeds. But, we’ve become accustomed to “free” web content, would the account holder be willing to exchange cash for a cleaner playing field? I don’t know.
Statistically, most cyber security issues originate from end-user activity. In fact, nearly seventy-five percent of all reviewed security breaches began as the result of end-user action.
The statistics do not surprise most security practitioners. After all, currently, end-users are the dominant consumer of electronic resources – people deploy, configure and use the devices. The machines aren’t running everything, yet.
We end-users make mistakes. Those statistics include IT professionals and everyday users. Often IT professionals lack adequate skills and training. Perhaps they exhibited some talent or aptitude and became the “go-to computer person”. Clever use of modern technology is no substitute for proper training. Nearly one-third of all security breaches were the result of poor IT configuration and management, according to an annual IBM cyber security study. Have confidence in your IT resources. If a search engine is your technician’s preferred tool, perhaps looking elsewhere is appropriate.
Facebook Inc. is launching a tool that lets users notify friends and family that they are safe during or after natural disasters.
The tool, called “Safety Check,” will be available worldwide to the social network’s 1.32 billion users on computers and mobile devices. This includes the basic “feature” phones many people still use to access Facebook, especially in developing countries.