02 Jan

Looking back on the year of the hack

It may be all you need to know about 2014 that the year’s most talked-about movie was a Seth Rogen buddy comedy.

On that principle, the nation’s deep thinkers might spend 2015 talking about Adam Sandler.

Of course, the news value of “The Interview” – maybe the most prominent movie about journalists since “All The President’s Men” – was not artistic, but about some undeclared critic responding to the movie by breaking into Sony’s computer system and releasing massive numbers of internal emails. People are still working through the data dump, but the news so far seems to be that Hollywood studio executives aren’t always entirely sincere.

But the real message of 2014, nationally and in Oregon, is that anything on-line is virtually a public announcement. We saw repeated examples of how hackers can break into all kinds of protected systems.

It doesn’t even seem to require the most advanced technological skills. According to most suspicions, and quiet confirmation by the U.S. government, the Sony break-in seems to come from North Korea, which has never been confused with Cal Tech.

(Admittedly, North Korea has nuclear weapons and Cal Tech doesn’t, but Cal Tech could probably have a bomb if it wanted one, dramatically changing the power politics of Pasadena.)

Just before 2014 started, Target revealed a hacking that compromised 40 million credit card accounts; just this month, a Minnesota federal court ruled that banks could sue Target for damages for negligent protection. By the time the year was over, there were even larger break-ins at eBay and the J.P. Morgan investment bank, as well as break-ins at Nieman-Marcus and Home Depot.

In August, the image-sharing web site 4chan began posting about 200 nude pictures of celebrities, apparently hacked from personal accounts, which actress Jennifer Lawrence described as a “sex crime.” Apparently, sexting is not limiting to teenagers, and delivery is not limited to intended recipients.

In a holiday note, last week a group of hackers calling itself the Lizard cooperative shut down the Playstation and Xbox interactive systems, diabolically forcing millions of Americans to talk to their relatives on Christmas.

“The year 2014,” Vincent Weafer, senior vice-president at McAfee Labs, part of Intel Security, told the Ottawa Citizen, “will be remembered as ‘The Year of Shaken Trust.’”

Oregonians, even beyond those dealing with (and possibly changing their credit card numbers after dealing with) Target and Home Depot, had reason in 2014 to testify to that.

In February, the Oregon Secretary of State’s office revealed that its business registry and campaign finance reporting system had been hacked into by what it eventually concluded was a foreign source, possibly from China or North Korea. (Maybe the North Koreans had heard about “The Interview,” and were practicing.) Alex Pettit, new chief information officer for the secretary of state, told OPB, “We’ve moved from people looking to steal identities or to steal credit card information for financial gain or whatever to really organizations that are engaging in asymmetrical warfare. Folks that don’t like us.”

But that intrusion was dwarfed by an October announcement that hackers had gotten into the Oregon Employment Department’s job seeker web site, getting access to information on more than 850,000 people, including Social Security numbers. The break-in was large enough to be ranked #9 on iDigitaltimes’ list of the top hacking events of 2014.

(The Sony break-in, perhaps the biggest hacking news story of the year, was only #33.)

At least the Oregon Employment Department information escape didn’t involve any nude photos.
So far, it seems, none of the hacking break-ins, at the national or Oregon levels, have had the massive disastrous effects that could have happened. Defenders are developing responses, such as computer chips in credit cards, intended to provide more protection.

But in the hacking arms race – or more precisely, fingers race – hackers appear to keep finding ways around defenses. The multiple examples provided during 2014 argue that we’re still in a frontier time, finding our way across a Wild, Wild Web.

We are, it’s universally said, in an information economy, and more than a decade of news from Washington supports the idea that we’re living in a security state. But as all of 2014 argued, we’re having some trouble perfecting an information security system.

It’s particularly unnerving if, as Sony and the Oregon secretary of state’s office testify, the intrusions are increasingly coming from foreign sources and likely governments.

The situation leaves us with one major New Year’s resolution for 2015:

Carefully check your credit card receipts for nuclear weapons purchases.

NOTE: This column appeared in The Oregonian, 12/31/14.