From: Arab Times

By Dana Winner

THE first time I was hacked was October 31st 1989. I was the system administrator for a MicroVAX-VMS system at NASA Headquarters in Washington, DC. When I powered up my system the morning of Nov 1, 1989, I receive a message: “Worms Against Nuclear Killers”, “Your System Has Been Officially WANKed”, and “You talk of times of peace for all, and then prepare for war.” It was very exciting as well as embarrassing. We were suspicious that the worm exploit might have been the work of an East German hacker gang. It turned out that Julian Assange and his mates down-under had dialed-in to the Internet to deliver their message to us. That was the beginning of Julian Assange’s “hacktivist” career.

Being hacked by Assange and his gang inspired me to learn more about cybersecurity, just as the Internet was becoming commercially viable. Consequently, I was well-prepared to deal with the high number of Internet attacks hitting the Air Force Systems Command systems during the Gulf War in 1990-91. Despite the intensity of the cyber-attacks during the Gulf War, the attacks of those days were as nothing compared to the cybersecurity exploits of today.

The intensity of cyber-espionage, cyber-theft and cyber-destruction is threatening the economic benefits of the Internet. For example, the recent cyber-exploit perpetrated against Bank of Muscat and National Bank of Ras Al Khaimah, organized out of New York City via a Costa Rican money laundering operation, Liberty Reserve, cost $45 million in direct losses plus the cost of an international law enforcement operation. That exploit probably appears to be a clearly illegal and unethical crime to most people. What about those costly exploits by “hacktivists” like Julian Assange and his followers? Does the end justify the means? Who should pay for the costs of their exploits?

Assange acolyte, Edward Snowden is an example of someone claiming to be a “hacktivist”, rather than being motivated by fame or money. As a former system administrator with the US National Security Administration (NSA), he used his trusted position and his Internet skills to steal valuable classified information. It must be acknowledge that he stole information that might be worth quite a lot of money to some of American’s enemies, so we cannot be certain of his motivations. The international scandal caused by Edward Snowden has been top of the news since early June. Even as I write, the Bolivian President’s plane was denied access to French and Portuguese airspace due to the suspicion that Snowden was on board the plane flying out of Moscow. Snowden is casting himself as a hero by revealing what he claims are illegal activities by the US Government (USG).

Some people see him as a thief and a traitor. For others it is all too complex and confusing. To better understand Snowden and his accusations against the USG and what it means to us if anything, the first question we should ask ourselves, “What is NSA doing that upset Snowden so much that he would risk his entire future?” And then we can ask, “How does cyber-surveillance and cybersecurity affects us and what do we need to do about it?”

Snowden claims that the US Government (USG) is illegally collecting information about US citizens’ private communications through a program named PRISM. PRISM was started by president George W. Bush and continued by President B. Obama for the purpose of detecting terrorist attack planning by surveillance of communications patterns. Snowden’s accusations are upsetting to Americans, who are committed to their Constitutional right to privacy as described in the Bill or Rights Fourth Amendment.

At both the Federal and State level of USG, subsequent laws have been developed over the years to define the details of implementing this legal principle. During the US-Soviet Union Cold War, and then again after the Sept 11, 2001 attack on US, the balance of security and privacy leaned in the direction of security., Despite having relatively good communications and information freedom and privacy, Americans are committed to keeping the highest possible level of privacy while continuing to rely on their government to keep them secure from attack. So, the USG must balance security and privacy.

In response to the allegations about PRISM, the USG is assuring people in America that the Constitutional guarantee of communication and information privacy is being honored under the PRISM Program. They claim that 50 planned terrorist attacks were averted during 2001-2013 Worldwide, of which only 10 were intended to be attacks on US. In other words, 40 of those terror attacks were planned to be carried out somewhere else in the world — maybe in your home area. The main purpose of the PRISM program is to detect people who are planning terror attacks. Those people should be very fearful of PRISM. Do they have a right to privacy?

We all are faced with the question of whether we think that the security benefits of communications surveillance outweigh the loss in privacy. People should be aware that all governments around the world are conducting communications surveillance and probably invading everyone’s privacy, insofar as they have the technical and financial resources to do so. What can we do to help improve cybersecurity thereby reducing the need for invasive security procedures?

Cybersecurity may sound daunting. We are tempted to say “Why should we care about cybersecurity?” There are three reasons we must give a little thought to cybersecurity: (1) potential loss of our data (2) posing a threat to others by passing malware to them (3) the potential of becoming part of a global problem. I will give you a quick explanation of each of these reasons and then some easy preventive tasks that we all should implement.

The first thing that you must do is to buy anti-malware software and implement it on your computer. Be sure you buy a reputable product and keep it updated to handle new exploits. Second, you should make sure that your passwords are complex enough to not be broken. One way to do this is to think of a sentence and then make your password from the first letter of each word in the sentence. Make sure it is something you can remember without writing it down where it can be stolen. Be very careful when you enter your account name and password online to ensure that you never enter this critical information into an illegitimate website where it will be collected and used for illegal purposes.

The third very important action you can take to protect yourself is to always keep up-to-date backups of your data and keep those backups offline. And, finally, the fourth thing you can do to avoid a cyber-exploit is to not open emails from unknown persons and not download unlicensed files from the internet. Even emails from known people should be handled with care: don’t click on any links embedded in the email or attachments to the email until you are sure they are legitimately from a trusted sender. If the email message seems too good to be true — it probably is! Those Nigerian princes with billions to share probably aren’t.

While these actions won’t guarantee that you will never suffer a cyber-attack, it will reduce your vulnerability to a low level that can be managed by the anti-virus software. And for that small percentage of exploits that cannot be managed any other way, your backups will allow you to rebuild your system. I hope that with these tips you can avoid being part of the burgeoning cybersecurity problem.

Security and privacy on the Internet will probably determine whether this grand experiment in creating a global information infrastructure can be successfully sustained. If you enjoy using the Internet, please join in keeping the Internet “clean”. Everyone who is polluting the Internet with cyber-exploits, cyber-crime, cyber-espionage and cyber-destruction is threatening the future of Cyberspace.