You shouldn’t be surprised when a website gets hacked
In the midst of the latest huge hack and subsequent leak of private information, it’s hard not to wonder why people are still shocked when these stories break. The hard truth is that no website, server, or data center is 100% safe, and we can expect to see these types of incidents occur as long as people have a reason to protect sensitive information.
In the last year we’ve seen a ton of big internet attacks, hacks, and leaks. This interactive chart ranks the biggest breaches we’ve seen, and allows you to sort the information based on organization type. Besides the ones that have made national news, there have been dozens of smaller breaches, adding up to a sea of hacks that stretches as far as the eye can see. With all of this data in front of us, we can clearly see that nothing you put online is really ever safe. There are a few key problems that will have to be addressed if we are ever to lessen these attacks.
The problem with internet security
The major issue we face today is that much of the internet is still built on decades-old technology. Add to that the fact that most upgrades amount to spot-fixes to repair security holes or prevent attacks from happening after the fact, and what you have is not an infrastructure so much as a really, really large tangle of string that no one can undo all the way.
For most ISPs and data center operators, it’s just not cost-effective to upgrade security to a point where an attacker wouldn’t waste their time. Those who are willing to spend the money are still faced with attacks, and even companies built on the idea of providing safety from attacks still have to face huge opposition. This makes for a pretty bleak outlook on the state of the internet today, but it’s important to know the score.
Most people don’t know (or care) how the internet works
Your ISP, data center, server, or website can be the strongest in the world, but every sysadmin knows that the weakest point in any system is the end user. From ridiculously easy to crack passwords to algorithms designed to crack sophisticated passwords, the login information of an end user is usually the go-to for the would-be hacker. This is complicated by the fact that those end users don’t want to memorize a random 64-character string (and I can’t blame them) to use as a secure password, as well as the fact that most people just don’t understand that even secure passwords like that 64-character string can be breached if the website is vulnerable to other types of attacks.
There are just too many variables to account for. Time after time, we see websites and servers which store incredibly personal or sensitive information breached, and in most cases it’s due to someone being lazy or a company not wanting to spend the money to secure their network properly. Besides money, this is often due to the people who run these companies just not understanding the nature of the internet and how vulnerable they really are.
Besides lazy end users and CEOs, we also have politicians who don’t understand the internet to account for. There is virtually no regulation at present for how secure a network or website needs to be. This means that when a site like Ashley Madison gets hacked and tons of personal data is leaked, the people responsible for keeping that data safe will likely face no legal ramifications for running a vulnerable website.
So, what are we to do?
Ultimately, the person most responsible for keeping your data safe is you. Don’t want your nude photos leaked? Don’t put them on the internet, even if you have a 256-character password and the website you’re storing them on uses two-factor authentication. There are likely holes in that website’s security that the people who created it don’t even understand, and which won’t be noticed until the breach has already occurred.
This goes for other information and data beyond nudes as well. You have to make a choice. On one hand, you accept the risks involved with putting your information online, knowing that there is no such thing as a 100% secure, hack-proof website or network. On the other hand, you choose to be careful about what information is stored online, knowing that while it may not affect you personally, the next big hack is still on the horizon.
This isn’t an “abstinence only” policy. No one is telling you not to use the internet, or not to put personal information online. But much like getting behind the wheel of a car or smoking a cigarette, you should be aware of the dangers you are facing, and come to terms with them if you decide to use a service or website. Beyond that, we should be pushing for regulation on how secure networks need to be, as well as consequences for websites or networks which don’t take all possible measures to avoid sensitive information to be easily attained by attackers.