Janie Slaven: LEFT TO MY OWN DEVICES: Find hope within your gloom

Aug. 10—It can be exhausting, demoralizing even, working in the cybersecurity arena. You research, teach, and write about myriad vulnerabilities and incidents. Seldom does the matter lean positively. It's not that the pessimistic sentiment "If is bleeds, it leads" drives that leaning direction. Simply put, the wins are rare. The business is reactionary, and the action that gets a reaction generally reflects the criminals' breaches, hacks, and abuses. Even solving the mystery, a win to those of us trying to mitigate security risks, doesn't garner high-fives or glowing reports. That's partially because by determining who took what, and when and how, you might shutter that vulnerability going forward, but you'll rarely recover all the way.

This headline from the week's cyber-shenanigans demonstrates how solving a cyber-attack seems positive, overall, but doesn't bring the victims back to wholeness: "Nomad Recovers Nearly $32M After Hackers Drained $200M". Nomad is a cryptocurrency industry player that provides a bridge to users who want to transfer their holdings to a new blockchain platform. Basically, if you have Bitcoin and want to move it into Ethereum, another crypto coin platform, a company like Nomad can help facilitate that. Hackers found a security hole in Nomad's systems and nabbed $200 million. Nomad's proud to have fixed the hole. Law enforcement is involved. Nomad seems somewhat pleased to get one-sixth of their losses back, so far.

I'm not lamenting the negativity of cybersecurity dealings based on Nomad, and frankly haven't researched its hack and the more detailed story behind it. My whining—call it what you will—about being ensconced in the bad news all the time comes from those headlines nonetheless.

The cybercrimes are incessant, relentless, pervasive, and might call on another dozen adjectives that can just bring you down after wading through them all. I have a decent stable of sources for much of what I share in this column. Those serve as frequent inspiration for my research and writing, and many times they also get incorporated into my classrooms. Sometimes I mix it up. I'll scan the enormous amount of government publications on topic. Or, as I did this week, I'll drive through the mazes of online media trying to realize trends or get a lead on something new in information security.

Again, these tend to be mostly negative in theme, and it can be really disheartening to understand how we're all so very vulnerable no matter the amount of education, tools and tricks, warnings, and all the rest that the so-called white hats leverage against the bad guys. Without even going beyond the headlines I can say that your own security is evidently involved in one way or another. That opinion doesn't need to go farther to find its rationale. I'm sharing just a few of those headlines' subjects to illustrate the point that every day, and surely at least weekly, the cyber-criminals are coming for you, or your identity, or surely your money.

Twitter's first. It's a big deal. Twitter may not be part of your social media realm, but when Elon Musk makes months of global news out of his notion to buy the place, it's a big deal in terms of any news. Also, of course it's a big deal because 330 million active users are part of its network; Musk's claims of robot accounts notwithstanding. During the past few days Twitter's been outed as having endured a sizable hack since 5.4 million of its users' accounts were exposed. Your name, Twitter handle, phone number, and email address may be in criminal hands at this moment.

Gmail got hit, too. Still in the same few days of reporting this behemoth of technological powerhouses sustained damages from hackers. Enter, the North Koreans. Numerous security firms concurred that new tools have been developed by the regime's hacking teams, and with relative ease they're able to read Gmail. While the total mass of loss, or count of victims, has yet to be published we learned during these past days that the exploit has been going on for a year.

With Twitter plus Gmail, we're already at the point where hundreds of millions of internet denizens are at risk from just a week's worth of known security incidents. Add LinkedIn, too. LinkedIn is another serious tech player. If you're reading this you may be part of the LinkedIn community, which all is found, organizationally, in Microsoft's cadre of companies. LinkedIn represents over 800 million users. Take that, Twitter!

Then, take LinkedIn, hackers. and they did. Enter again, North Korea. My, they're a busy squad. This time the ploy, now exposed, was not to hack into LinkedIn exactly. Rather, to infiltrate digital asset firms, the North Koreans have been plagiarizing resumes culled from LinkedIn. They're also scraping Indeed's resumes pool. The end game is to get hired, and then start the hacking from within, sending digital currency and other assets back to Pyongyang presumably to fund more crimes, wars, and other harmful aims.

You're unlikely to put Wiseasy into the Twitter-Gmail-LinkedIn set. You are more likely reading that word, Wiseasy, for the first time. Their hack deserves your attention because of what they do. Wiseasy is in the financial technology sector. It makes credit card terminals that you swipe or tap your payment card at when making a purchase. They're in 114 countries, though predominantly in the Asia-Pacific region and are based in Beijing. They opened a U.S. office last year. Also, fun fact, their employees' passwords were uploaded to and then purchased from the dark web. Now, hackers are remotely controlling those payment devices.

Someday, take yourself on the depressing drive through headlines. Convert your gloom into hope as best you can. We hope to continually learn about security. We hope to be vigilant and diligent. We hope that everyone else connected to us via the internet stays secure, too.

Ed Zuger is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.