Why PRISM is Being Overblown

IMG_5430A cheap laptop and a connection to the Internet are all the components needed to be a hacker. The level of damage a given hacker could potentially carry out is limitless. Take Terry for example, a completely hypothetical person. Terry wants to watch the new season of Gossip Girl on Netflix, but after much asking around, comes to the realization that none of his friends have a Netflix account he can borrow. The Batushanskys, Terry’s neighbors, do have a Netflix account, but ever since Terry urinated on their lawn, are no longer on speaking terms. Terry does know a bit of hacking, and decides to steal the Batushansky’s password. Terry spends awhile stalking members of the Batushanskys on Facebook, Twitter, Instagram, and other social networking sites, gathering bits of information, before composing a phishing email to each of them. A phishing email usually appears to come from a fraud department of company or website, usually asking the recipient to fill out a form, verify information, or read an article. Whatever the content may be, the goal of a phishing email is to get the recipient to click on the included attachment. Matt Batushansky is a producer at Sony Pictures, and has been helping out his friend John Bauer edit a rock climbing video. Terry knows this, as Matt and John have been have been discussing it in Facebook posts and comments. When Matt receives an email Friday morning from Jonathan Bauer titled “Hey Matt, check out the latest footage”, he has nothing to be suspicious about. Matt clicks on the link, and a blank page opens. Thinking nothing of it, Matt closes the page, and head to work. If Matt would have been paying more attention, however, he would have noticed that the email was from “Jonathan” instead of “John”. He didn’t however, and by clicking on the link, a piece of malware is installed on his computer. This malware acts as a RAT (Remote Access Tool), and the hacker, Terry, now has access to Matt’s computer. This means he can turn on the computer’s microphone and camera, keep the computer’s fan running, and most importantly, steal the Batushansky’s Netflix password. Normally, hackers want things like credit card information or routing numbers, but the point is that once on a computer, they can do whatever they want.

In January of 2010, Google announced that it had suffered a cyberattack, and were fairly confident the Chinese government was behind the attack. Google’s chief legal officer David Drummond, wrote that “we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human-rights activists.” In October of 2012, Leon Panetta, who at the time was Secretary of Defense, warned that “an agressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals”, essentially causing a “cyber Pearl Harbor.” Privacy advocates blasted Panetta for engaging in scare tactics, but Panetta was simply attempting to emphasize the potential danger of a cyber attack. Roll back to 2006. George Bush, who wasn’t in a position to discuss another nations’s nuclear ambitions after humiliating himself in Iraq, was trying to figure out how to deal with Natanz, an Iranian underground site enriching uranium. Running out of options, he decided to engage in cyber warfare with the base. The goal was to gain access to the plant’s computer controls, which then could be used to destroy the base’s centrifuges. First a “beacon” was sent into Natanz to map the plant’s electronic infrastructure. From this data, the U.S., working with Israel, designed a computer worm that would replicate inside the Natanz system. This worm, presumably introduced to the Natanz system via a flash drive, dealt no major damage while Bush was in office. Before leaving office, however, Bush advised soon-to-be-President Barak Obama to continue with this cyber program (known as Olympic Games). Obama did just that, but was faced with obstacles off the bat. The code spread to an Natanz engineer’s personal computer, and once he left the base (which was cutoff from the Internet), the worm spread throughout the world. Because the code was harmless to computers outside the base, however, Obama let to program go forward, and within a week, destroyed 1,000 centrifuges. Iran now knew where these attacks were coming from, and Gholamreza Jalali, president of Iran’s Passive Defense Organization, announced that Iran’s military was prepared to “to fight our enemies” in “cyberspace and Internet warfare.”

Over the past week the news has been filled with stories about PRISM. PRISM, which stands for “Planning Tool for Resource Integration, Synchronization, and Management”, is essentially a graphical user interface (GUI) that allows an analyst to monitor user data provided to the National Security Agency (NSA) from Internet giants like Google, Facebook, and Apple. This has created quite a stir, with people accusing Obama of reading their emails, browsing their Facebooks, and knowing everything about them. James Clapper, director of the NSA, released a statement on June 8th saying that  “PRISM is not an undisclosed collection or data mining program”, but rather an actual computer program that is used to analyze data legally requested by the NSA and divulged by these companies. Clapper stressed that PRISM “cannot be used to intentionally target any U.S. citizen”. He didn’t mentioned that the NSA only needs to be 51% sure their suspect is a foreigner. While it’s completely understandable for people to be up and arms about this, I think they are not looking at the bigger picture. Internet security has traditionally been about playing defense. Firewalls and updating algorithms that detect suspicious behavior work well when the attacks are random but when the attacks are specifically targeted, like phishing emails sent from individuals like Terry, this type of defensive security doesn’t work. For people to be worried about the government looking at their Facebook profile is ridiculous. Obama could care less about your “Girls night out!!!!!!” photo album. For many, social media sites have become an extension of their existence, and are angry that the government has the potential to spy on them. For starters, people shouldn’t be put anything on Facebook or Twitter that is deemed “personal.” The Internet, even with passwords, is not a tangible thing like a safe, so therefore shouldn’t be deemed as completely secure. Furthermore, the Obama Administration and the NSA have the potential to collect this information to prevent a cyber attack from a country like Iran, not to browse your Twitter feed. People should be more worried about individuals like Terry, hacking into your computer and stealing Netflix passwords than the United States taking an intertest in your Internet persona.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s