Well, the ball dropped, the clock moved, and the earth started another rotation around the sun: it’s 2017. During the last week of the year, the cyber news kept rolling in. Here’s a look at some of the top cyber news stories to come in before the year rolled out.
It was a year-end about weakest links: as in the point at which a chain breaks. From money-making data stolen, to the IoT (Internet of Things) and social media accounts: here’s a look back at the chains that broke at the end of 2016.
Hacking the Lawyers
When it comes to mergers, an announcement of an impending transaction is generally a good thing for existing shareholders: shares often get purchased for more than their market price. If you have “insider data,” and act on an upcoming merger, you break the law. That’s what Martha Stewart was convicted of way back in 2004, but she’s not alone. Insider trading often means a prison sentence, so employees are trained in what the rules are and how to avoid wearing an orange jumpsuit.
Merger lawyers also become privy to insider information, and are also bound by similar regulations.
For hackers looking for insider data, the question becomes one of testing the fence for the weakest link. The businesses involved would need to be known, to target them directly. Attempted hacks on banks happen all of the time, but they might not know of data in advance and are notoriously difficult to breach.
Then come the merger lawyers: email correspondence, electronic files and merger documents might all reveal insider information.
That’s the case making headlines in New York: three Chinese hackers reportedly made $4 million trading insider information obtained by hacking two New York law firms.
The three men (Iat Hong, Bo Zheng and Chin Hung) apparently attempted to hack seven New York law firms. After successfully obtaining emails of partners working on mergers at two of them, they bought shares of companies and sold them after the deals were announced.
What’s more, federal authorities have been warning law firms for years: their access to the confidential client information of “big fish” or corporations is a veritable playground for a black hat hacker.
So here’s a great New Year’s resolution for merger law firms: stiffen cyber security.
Hacking Your House
2016 will likely go on cyber record as the year of the robot: as in the robot army responsible for massive DDoS (distributed denial of service) attacks, such as the one that “shut down the internet” in October.
Experts are predicting that was just a taste of things to come. James Lyne, global head of security research at the U.K.-based cybersecurity company Sophos, described the situation this way; “The sharks have smelled the blood in the water and they’re now circling to use your IoT device for further attacks…Chances are right now if you’re buying an Internet of things device, you’re more likely to be buying something insecure than secure.”
Some top tips for a more secure household include:
• Don’t buy a device that connects to the internet, if you do not really need it, until such devices are made more secure. Do you really need to be able to turn on your household lights from your smartphone?
• Complain to manufacturers, if appropriate, or let them know why you purchased a more secure device than their product. Steps like these light the fire under corporations to make cybersecurity a priority.
• Do buy devices that let you change manufacturer settings, such as creating your own device name and password. Without that level of control, your standard router name or your default dvd-player password may make your device more likely to join the robot army.
• Turn off or even unplug devices when not in use. You may save more than just electricity.
With consumer education and pressure, we may turn the tide against the sharks.
The lines between white and black hat hacking can get crossed in the cyberverse. Hacking in the name of help is 1—Unverifiable (how can anyone know that you didn’t also have ulterior motives?) and 2—Still not legal. Unless you were hired to test a security network, hacking heroics such as, “Just wanted you to know your system is insecure” aren’t necessarily going to earn a warm welcome.
Yet it happens all the time.
Recently, social media accounts seem to be the weakest link in the security chain. Hackers have breached Twitter, LinkedIn and Facebook accounts for high-profile individuals and corporations, sometimes with hilarious results (like this TJ Maxx newsfeed).
Recently, Netflix experienced a similar “helping hand” from OurMine, the self-named white hat hacking company known for such hacks as the Pinterest account of Mark Zuckerberg (Facebook CEO) and the Quora account of Sundar Pichai (Google CEO).
Tweeting from the official Netflix account they said, “Hey, it’s OurMine, Don’t worry we are just testing your security, contact us to tell you more about that.”
The hacks have since been removed.
So the question is, do such hacks draw attention to cybersecurity in such a way as to translate to a more secure internet? Perhaps.
We’ll see how that how plays out in the coming year.