The revelation that at least 500 million user accounts were hacked at Yahoo is spawning more concern over cyber security failures by the U.S. government and corporate America, and a leading cyber expert says we’re still not serious about a problem that is much worse than most people realize.
The stunning admission that more than half a billion user account credentials were stolen by the breach at Yahoo, including users’ email addresses, birth dates, passwords and some security questions. Even more troubling to some experts is how long the hack played out.
“Whoever it was was lurking around in their system since 2014, which is an inordinately long period of time. Usually someone is in about 201 days and there start to be indications that they’re in there. In this case, Yahoo didn’t even find out until they were notified by somebody else,” said IDT911 Founder and Chairman Adam Levin.
“That is distressing, but it also shows that regardless of how big companies are and how technologically sophisticated they are, we’re living where breaches are the third certainty in life, that cyber war has replaced the Cold War and that you’ve got very sophisticated, creative and persistent people that are getting into systems all over the world and are becoming more and more difficult to ferret out,” said Levin.
Levin says the scope of hacking right now is far beyond what most people realize.
“Business and government are being breached at an insane pace. Up to about a year ago, over a billion files had been improperly accessed by people that had no right to be there. They projected that in 2016, before they were thinking about Yahoo, we could have as many as one billion files that were improperly accessed through breaches,” said Levin.
He also says Americans must scrap the mentality that hackers want nothing to do with normal, everyday people.
“A lot of people say, ‘Why does anybody want to breach me. I’m nobody. What they have to understand is – both our companies and government and each and every one of us – we are all Kim Kardashian. We are all celebrities,” said Levin.
“They want to get what we’ve got because there’s money at the end of the rainbow based on the information they can get from us, that they can exploit, that they can use to create a mosaic of our lives. They can commit identity theft or steal intellectual property and trade secrets,” said Levin.
The nature of identity theft is also evolving and getting more elaborate.
“When you talk about identity theft, we’re way beyond people opening accounts in people’s names. We’re talking about medical identity theft, where you could die on a stretcher because of a wrong blood type. You could end up on a no fly list. You could be arrested because you’re pulled over for a busted tail light and there are warrants for your arrest. There could be tax fraud, child identity theft. We’re living in serious times,” said Levin.
However, he says the government is still not taking the threat as seriously as it should be.
“When you have a Congress that can’t agree on the day of the week, when you have administrations that have to fight for every penny in order to harden cyber defenses, where you have a two million person projected gap in cyber security professionals. We’ve got a lot of work to do. This should be a front burner issue,” said Levin.
The issue was raised in Monday’s presidential debate. Levin says we’re going to need a lot more from our next president on this issue than what we saw on that stage.
“It’s more than just making strong statements or talking about expertise by one’s child. We’ve got to get deadly serious about this,” said Levin.
After noting that breaches are inevitable, Levin advises individuals to minimize their risk, monitor their situation and manage the damage.
When it comes to reducing your digital exposure, Levin says consumers need to be much better about protecting their information.
“If someone contacts you online, or in person or telephonically, and asks you to authenticate yourself, you hang up, you delete, you walk away. It’s one thing if you’re in control of the interaction and they need information to confirm you’re you. It’s another if they’re in control of the conversation, because they should know your credit card number or your security code or your Social Security number,” said Levin.
He also recommends never carrying your Social Security card on you, choosing strong passwords and never sharing your passwords with anyone over email or social media. Levin also encourages people to monitor their credit scores, since major drops indicate a breach. And he suggests taking advantage of free services that banks, insurance companies and corporations often have to clean up the damage.