Published October 02, 2012
The cyberattacks never stop. The White House recently acknowledged that one of its own networks was the target of hackers and very nearly breached. Consumers regularly receive notices that their passwords "may have been" stolen. There's even an animated map of current attacks underway around the world -- it's like watching live footage of crimes being committed.
No wonder a lot of people are spooked about being online.
According to a survey of U.S. consumers released this week by the National Cyber Security Alliance (NCSA) roughly 90 percent of people admit that they feel vulnerable to hackers and malware online. The report, which coincides with October, or National Cyber Security Awareness month, notes that about 25 percent or one in four users have received warnings from businesses such as banks and stores warning them that their personal information was stolen. That includes passwords, credit card numbers, and social security numbers -- all the information a criminal would need to make your life hell.
So where do these attacks originate? Massive hacks usually occur at a company's servers. However, on an individual basis, many come in the form of phishing e-mails that trick users into clicking on a link or looking at a site. The recent White House attempt arrived as an e-mail that contained personal details about the recipient -- so-called spear phishing -- that made it even more convincing.
Indeed, e-mail makes us so vulnerable that some leaders have publicly said they no longer rely on it. The very person in charge of keeping online activities safe from terrorists, Janet Napolitano, Secretary of the Department of Homeland Security, admitted last week that she does not use e-mail. Napolitano doesn't avoid e-mail because she's a Luddite. She avoids it for security and privacy reasons. Her predecessor, Michael Chertoff, also eschewed e-mail while he was in charge.
What do they know that they're not telling us?
E-mail can be the source of much evil digital spawn. Fake e-mails from banks contain malicious code. Notices about errant UPS packages and airline charges try to trick consumers into invisibly installing malicious software. And then there's the flood of spam, which while not up to the levels of a few years ago, continues unabated. All the king’s programmers and all the king's software can't seem to put our e-mail back together again. One of my ISPs is now blocking legitimate regular e-mail I receive as "known spam." Methinks they don't know what spam is.
This may be another reason why people are texting more often. Even schools and emergency services are using texts to keep us safe and informed. So should we abandon e-mail once and for all in favor of text messages and posts on social networking sites?
No, said Kurt Baumgartner, senior security researcher at Kaspersky Lab. "If everyone switched from e-mail to another means of robust, useful communication, our adversaries would simply switch their large volume targeted attack methods to that means of communication."
In other words, criminals will go where the most potential victims are, whether it's on the Web, Facebook, or Twitter.
Adam Wosotowsky, a senior anti-spam research analyst at McAfee agrees with Baumgartner, adding that there are many other ways hackers attack consumers. "Most malware is actually delivered over the web nowadays, though e-mail can often provide a link to the malware," Wosotowsky noted. A simple search for “Honey Boo Boo” can turn up malicious, virus-infested sites, causing more infections.
Undeniably, e-mail is a necessary hassle for many of us. All the documents and spreadsheets and threaded business discussions and countless other ways we use e-mail mean it is now a part of our economic and social fabric. I'll never be able to follow every Facebook friend's postings -- unless I'm notified via e-mail. Besides, there are plenty of other risky online habits that should be avoided more than e-mail.
To wit, a major television ad from a leading bank boasts about how a female customer can do her finances and economic planning online in an airport waiting lounge. Do not ever do that. Ever.
Using a wireless network opens you to a variety of sniffing and hacker exploits, leaving critical personal information vulnerable. You might just as well leave your wallet open on an empty seat and walk away. But apparently, plenty of people do just that online: The NCSA survey revealed that nearly 20 percent of Americans carelessly surf the Net without any protection.
There are also new exploits being developed every day for other devices. Researchers at the Naval Surface Warfare Center in Indiana and at Indiana University just demonstrated a program called PlaceRaider that hijacks a person's cellphone camera and then uses it to make a 3D map of the owner's home. It's burglary, Mission: Impossible style (yeah, there's an app for that).
So what are we to do, throw up our mice and give up?
Both Wosotowsky and Baumgartner say we all need to keep our software up to date and install all those pesky updates. Most attacks target holes in the software that are one to three years old. They also say we should be more skeptical and cautious about clicking on links. (And probably not waste our time searching for pics of celebs.)
"Lawnmowers and chainsaws can also be dangerous," says McAfee's Wosotowsky, "but with knowledge and caution their benefits far outweigh the risks."