UPDATED 11:49 EDT / JULY 28 2015

NEWS

Hack Anarchy: Time for a Hail Mary

Let’s take a look at our current cyber security situation:

HACK ANARCHY

Four of the most devastating hacks of the past couple of months – the hacks of Adult FriendFinder (AFF), Cougar Life, Established Men (FriendFinder Networks Inc.) and Ashley Madison (Avid Life Media Inc.) – are hacks that are not financially motivated but designed to embarrass, disrupt or to hurt the general populace – in a big way. This is a new and unanticipated notion. If you consider the evolution of the world’s hacking problems, we have reached a point where anything is possible – an absolute free for all.

The current massive wave really started with LulzSec, a group of six teenagers who did things for fun it seemed, including the 2011 Sony Pictures hack.  Then there is Anonymous who has done the multitude of hacks that they have done for political or social causes.  Then the cybercriminal organizations went after retailers, the Chinese came after the U.S. government, the U.S. government went after the American people, and now we have hacks against sites that hold people’s darkest secrets – OPM, Ashley Madison, AFF, Medical and Insurance companies, etc. Automobiles are even hacked.

It’s Hack Anarchy. The security game is being lost – it’s the late 4th quarter, down by 20 and we don’t even have the ball.

catheader-mcafee_1024

How did we get here?

In two easy steps, is the answer.

Step One

Step one was the universal acceptance of smart phones and other mobile devices, without questioning their global impact.  Smart phones are used almost universally by corporate employees to access some part of their corporate data – either their email, or a report that was left unfinished during the week, or an important communication from their boss or co-worker, etc.  Part of this access requires a password ort other critical information required to gain access to their corporate environment.

It might surprise you to know that somewhere between 100 million and 150 million smart phones and tablets, most of which are owned by people with jobs, have been infected by completely undetectable spyware.  This spyware, in almost all cases, reports and sends, to someone, every keystroke, every email, ever text message, every photograph, every phone call, and, believe it or not, every word that you, and anyone within the microphone’s range speak. In addition the camera on the device can be turned on at any time and still photos or videos can be made and sent to the person or persons who are interested in your life.

In my numbers, I’m not including the spying done by government and law enforcement agencies.  God knows how much of this is happening, all we know is that it is happening. I’m talking about illegal, nefarious spying for purposes ranging from monetary gain to corporate espionage.

The scariest thing is that this spyware, in almost all cases, does not require physical access to the unsuspecting person’s phone or tablet.  It is remotely inserted into the device.  Can’t happen, you say? Wake up.  This ad from Award Logger, one of the most popular such software suppliers says it all:

adlogger

Adlogger

Where did I arrive at the 100 million plus estimate?  Let’s start with Mspy (Mspy, Inc.), one of the popular mobile spy applications.  Ironically, Mspy was itself hacked in May of this year. The hackers, in the Dark Web, claimed that the Mspy database contained in excess of seven million tapped phones.  On their website Mspy claims merely, millions of installations.

Mspy is only one of over 2,000 mobile platform spy manufacturers.  A Google search of “Android Spy Software” (include the quotes) returns 364,000 pages.  The same search for “IOS Spy Software” returns 62,500 pages. A programmed analysis of the results will identify over 2,000 unique software manufacturers. If you include the Dark Web, the number doubles.

If you add up the claimed installations of the top 25 of these companies, you already have over 100 million tapped phones.  Allowing for exaggerated claims (I assumed that only ten percent of the numbers were real), then the 2,000 plus companies have installed software on almost 150 million mobile devices.

For the first time in history, there are more mobile devices than the number of humans in the world – 7.2 billion mobile devices . If my conservative numbers are correct, then nearly 2 percent of the world population is carrying a device which spies on them and nearly everything that they do.

This means that Walmart (Wal-Mart Stores, Inc.), America’s largest employer, with a workforce of 2.2 million people, has over 44,000 employees who use mobile devices that contain spyware.  Many of these employees, more than likely, use these devices, at least occasionally, to access some aspect of corporate data.

How secure do you think Walmart’s data is?

Step Two

The corporate world has blindly accepted an ancient (by cyberworld standards) security technology to protect themselves from cyber attacks. At first, this truth mystified me. Then came clarity. The men and women in charge of corporate data security have generally worked themselves up the corporate ladder over many years. At some point, ambition overrides the urge to keep up with the rapidly changing landscape of cyber security.  These people, like myself, are tired and getting old. The day-to-day demands of their jobs have outweighed their need to understand the new environment in which we find ourselves.

Hackers are winning. No one can doubt this. On Reddit, the popular website for the young and in-the-know crowd, hacking is an extraordinarily popular topic. In one recent post, a user asks the other members to advise them on how they can do the most hacking damage on the smallest budget. It garnered 4,687 replies:

reddit

This is the world we are dealing with. And we will continue to deal with this world until we come to our senses. Technology exists to put an end to all of this nonsense.  For smartphones and mobile devices, D-Vasive , which is a security app to protect against spying, provided by FutureTense Secure Systems, Inc., the company I founded,  or some similar application will end the open gate created by mobile devices.  On the corporate side, the business world must accept the fact that only closed systems with dynamic encryption (systems in which encryption keys and algorithms change every second or so) will be able to protect them.  The cost of doing this, in terms of time and money, is enormous and requires managers with courage and conviction to implement.  Until this happens, I will continue to write about the uncountable hacks to come.

Photo credit: Christopher Dombres

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU