• Data Breaches & Modern Consumers

     Retail shopping consumer data security

    Information Security in the Public Eye 

    While IT security specialists have been diligently watching the industry evolve for years now, the average citizen has only recently become aware of the day- to-day risks. Residing in the most popular gaming devices, mobile apps & stores are threats that could compromise users’ personal data. Many times, without a second thought, people supply their information to these systems without thinking of the potential future consequences. 

    Over the course of the last year a number of stories have become almost common knowledge at the household level. Stories involving Edward Snowden, Target and Valve’s Steam gaming platform are making cyber security a regular topic of conversation in coffee shops and business environments where it previously was not a top concern. 

    When Retailers are Compromised, Consumers Pay 

    Payment card information security POS

    Hackers have been breaking into servers to steal consumer data for quite some time; it is not a new headline. However, the effects and public awareness are growing at an increasing rate. Adding to those threats are unscrupulous programmers that are releasing malicious software known as malware into the technology ecosystems of online retailers and physical enterprises that compromises information security as well. Point-of-sale (POS) have become headline making targets in the world of cyber-crime. 

    The Target breach that was announced in December of 2013 affected millions of buyers[1]. It has grabbed headlines across nearly all forms of media and pushed the issue into the collective conscious. The full ramifications of this incident are still being revealed as the story develops. 

    The Neiman Marcus breach affected a far smaller number of people than the previously mentioned one that hit Target buyers [2]. Over one million shoppers appear to have fallen victim to the data loss that hit this high-end retailer. 

    Robert JohnsonLuckily there are solutions available to aid in staying secure to comply with the Payment Card Industry Data Security Standards (PCI-DSS). CimTrak, a cyber security solution that helps to keep enterprise data secure, is developed and marketed by Merrillville, IN based Cimcor, Inc. Cimcor President and CEO Robert E. Johnson, III had the following to say about recent cyber-security threats. “As threats to IT security rapidly multiply, it is simply not enough for organizations to be compliant with standards such as PCI. They simply must go above and beyond, making IT security a key component of their business strategy.” 

    In the wake of the breaches that dominated the 2013 holiday shopping season, the FBI issued a warning to retailers in January of 2014. Some industry professionals expect to see approximately 1 major breach a month[3] 

    Mobile Apps are the Wild West

    New frontiers in the digital environment are smartphones and other mobile devices with apps designed to run natively on a variety of different operating systems. This creates opportunities for hackers to exploit a coding flaw. Recently the ephemeral media and communication app Snapchat suffered a security breach[4]. This particular situation made privacy and security seem to be untenable and equally fleeting as the photos that users shared. 

    A major concern that has evolved with the emergence of smartphones is the security of banking apps. Banks appeared to be ahead of the curve with all of their identity fraud awareness commercials over the last few years. However, mobile is a new frontier that will require additional efforts. Finance is always an appealing target, it seems Hollywood lifts their stories from the news sometimes. Even the crowd-funding startup focused community Kickstarter disclosed a recent breach. Though, at this point it seems as if no sensitive user data was taken. 

    Gaming Section 

    The April 2011 hack of the Sony PlayStation Network, considered the worst gaming data breach ever, involved more than 77 million gamers[5]. The people that were responsible for it gained access to a treasure trove of personal data and credit card information. The group of hackers that were responsible has not yet been discovered and in the meantime other sites such as Steam and Battle.net have suffered similar fates. 

    Towards the end of 2013 a number of new compromises were made public. Perhaps the most extraordinary occurrence happened to The League of Legends (LoL), a popular online game. The service was knocked out of commission for several hours on December 30[6]

    Allegedly, the attack was not malicious, just mischievous. It was also partially aimed at 25-year-old US pro-gamer James Varga, aka “PhantomL0rd.” By following the rest of the saga, it becomes apparent that the group responsible did cross the line. When James Varga shared his views about the attack on the gamer video- streaming platform Twitch.tv with his 367,000 followers, things got nasty. 

    The hackers took to Twitter taking credit for LoL and other game takedowns including Valve’s Steam platform, EA’s Origin network and Blizzard’s Battle. 

    net service (which supports online gaming for popular games such as StarCraft II). Additionally, the group leaked Varga’s personal information including his home address after he observed server issues and opened direct communications with one of the alleged hackers. 

    A phone call lead police to believe hostages were being held at Mr. Varga’s home. He was arrested and handcuffed as over one dozen armed police searched his home. Varga was finally released after the police determined the call was fraudulent[6]

    At this point, nothing seems to indicate that these attacks involved any user data exploitation, other than the personal information displayed on the web about Mr. Varga. However, they do expose the frailty of the gaming networks security standards. 

    What can consumer based companies do? 

    This type of cybersecurity breach can affect information about emails, user names, user data, home addresses, purchase history, credit cards and logins along with passwords. All these examples illustrate that having the strongest information security safeguards in place for consumer level products and services is critical. 

    Citations 

    [1] http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
    [2] http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/
    [3] https://blog.softmart.com/2014/01/29/report-fbi-warns-retailers-of-more-cyber-attacks/

    [4] http://blog.snapchat.com/post/72013106599/find-friends-abuse
    [5] http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html
    [6] http://www.forbes.com/sites/insertcoin/2013/12/31/attack-on-twitch-streamer-shuts-down-riot-and-ea-servers-attracts-police/ 

  • Pursuing an IT Degree

    Going to college for Information Technology has been a daunting and lengthy task for me. However, the experience has prepared me to enter a field that is expanding rapidly. The classes at George Mason University specialize in a wide range of subject matter, such as IT in the Global Economy. That course examined the influence of globalization on information technology trends. Another singular class that followed this example is Computer Crime & Forensics, it took an in depth look at both the human aspects and engineering of these two sub topics. This particular class focused on decryption and analyzing problems rather than basic memorization. This can add a lot to the atmosphere of the classes, and makes the knowledge applicable to working in the field. That is one of the most enjoyable aspects: the engaging, thought provoking conversations. 

    On the other side of the coin are the non-core classes, those not directly related to security but required for a four year degree. The grading methods can be unforgiving in those classes.  The trend seems that classes of this nature are packed with memorization and are set up to weed out students. In some cases, 1% of the final grade is equal to a single question on an exam.  My experience with this type of environment has been hit or miss and depends heavily on the subject matter in question.

    However, studying other subjects has its benefits as well. Classes such as accounting and statistics allow students to better analyze and digest raw data from other sectors of the professional world. This gives students a broader understanding of how decisions are made within a business and an industry. Overall I feel as you go deeper into the curriculum, classes become a more stimulating experience and provide an overall better understanding of information security.