By Greg Mills
CitiBank has just admitted it had 200,000 credit card accounts breeched early in May. It took them a long time to admit it and even now, they are keeping details about exactly what was compromised a secret.
Confirming what was stolen is a problem for the pubic relations reputation of the company, and it confirms to the hackers exactly what they got. Citi has admitted they got account numbers, names, and contact information.
With that information it is possible to charge against those accounts to the full extent of the credit lines. Those accounts can now be sold to unscrupulous individuals who will do just that.
What is going on here? The list of hacked computer systems lately is like a who’s who of American business and government. CitiBank, Google’s GMail, Sony PlayStation and even the US Government have all been hacked recently. Insecure data storage is actually often because of lapses in the computer systems of contracting companies that provide data storage and management of accounts for multiple companies.
The data storage company at fault in the CitiBank case is called EMC. That company provides the server farm that houses the secure data for millions of CitiBank accounts and numerous other companies as well. They compartmentalize data and monitor the information to detect breeches. They are not only the ones at fault, but also the ones who discovered the breech.
Banks consider breaches and losses from those hacks as part of the cost of doing business. When you have a leaky bucket but can still carry a lot of water, you don’t throw the bucket away and buy a new one until the leak is really a gusher. So it is with data insecurity. There is an expectation of data leaks. How Microsoft of them. There should be a no tolerance policy on breeches instead of acceptance.
Suspicions and some proof are available to indicate that a number of the most serous breeches in the last few years have come from China. The Chinese military has for some years now taken to hacking as a weapon of war. The vulnerability of the US to hacking our computer infrastructure is well known but far from being secured.
All this is going on around the world simultaneously Apple is launching the iCloud data storage and device sync product. Security of the data of all iPhones, iPad, and Macs will be in the hands of Apple very soon. In the old days hacking was commonly just getting into one computer. These days server farms are the target.
Securing data goes beyond the servers and operating systems that are hacked to include bad habits of consumers and a giddy false sense of security that has to be sobered up to change anything. One woman in today’s news was checking her estranged husband’s FaceBook account and discovered a plot he had been working on to kill her. Beyond not conspiring to kill someone, he ought not to have written his password down where it could be found.
Insecurity of Windows PCs has become a growth industry because of the business plan of Microsoft to launch insecure operating systems and programs to save money. Finding and fixing the all insecurities of the software in house, before it is launched costs money and results in delays in the return on investment. So Redmond throws half baked software out the door and then patches it as users discover the holes. That is sort of like a boat company selling leaky boats that come with patch kits, bilge pumps, and buckets. The notion that all software is insecure is a PC myth that was never acceptable at Apple.
Apple has a much better reputation than Microsoft on the security of its operating system, and it’s programs. Syncing pictures, music and books isn’t as much a security issue as email and documents. The density of valuable information on a server system is directly proportional to its priority to hackers. Why spend time getting into an on line music server when you could spend that time getting into a bank’s credit card files?
Will Apple get hacked when the iCloud fully comes on-line? Time will tell, but the hackers of the world work in shifts and tend to move faster than the security teams who fight to hold them off. Just this week, the US Military publicly proclaimed that attacking its computer infrastructure was enough to warrant a retaliation with real bombs. There is little doubt this warning was to our friends in China who also own more US Treasury notes than any other country in the world.
To some extent, the giant investment in the economy of the US by China will protect us from harm. If the Chinese crash the US economy who is going to buy all the consumer goods China is pumping out? Trillions of dollars of US Treasury notes become simply wallpaper. All this makes our situation in cyberspace very complicated indeed.
As the idiot who planned a murder on his Facebook account found out, insecure data can be a problem. I expect Apple to secure its shinny new server farm with the industrial strength security we have come to expect from them.
That’s Greg’s Bite.
(Greg Mills is currently a graphic and Faux Wall Artist in Kansas City. Formerly a new product R&D man for the paint sundry market, he holds 11 US patents. Greg is an Extra Class Ham Radio Operator, AB6SF, iOS developer and web site designer. He’s also working on a solar energy startup using a patent pending process for turning waste dual pane glass window units into thermal solar panels used to heat water see: www.CottageIndustrySolar.com Married, with one daughter, Greg writes for intellectual property web sites and on Mac/Tech related issues. See Greg’s art web site at http://www.gregmills.info He can be emailed at email@example.com )