Hacking security

Hacking security is the invasion of an individuals privacy through a technological medium. The definition of hacking security is derived from the definition of hacking, referring to the unauthorized intrusion into a computer or a network, and the definition of security, the state of being defined as a state free from danger or threat.^[1][2] This invasion can expose important information about an individual's identity including financial, health, personal data. Alessandro Acquisti, Professor of Information Technology and Public Policy at Carnegie Mellon University, mentions that there are no longer secrets as people are constantly exposed online. Because of this, hacking security has become easier as technology advances despite it's unethical tendencies. The information that can be exposed may be detrimental to one’s personal and professional or academic lifestyles. This is constantly affecting people personally across the globe.

History

Hacking originated at MIT in 1960. The original hackers coded profusely and had a constant quest for knowledge and information. They obtained this knowledge through computer programming. Back then, hackers did not have the negative connotation that they do today. When the cyberspace emerged in the early 1980's, some hackers provided a dangerous threat. ^[3] Once hackers were more prominently known for "hacking" into unauthorized sites is when Hacking Security emerged. With the intelligence and skill that hackers possess, they are able to retrieve information from many sites in cyberspace, no matter the protection on the site.

Types of Attacks

There are a number of different types of attacks which hackers can use to meddle with networks, systems, and servers. These attacks can allow hackers to get onto networks and obtain the personal information of individuals. Some types of these attacks include sql injection, cross-site scripting, malware, man-in-the-middle, phishing, doxxing, and zero-day exploit. They are described below:

SQL Injection: Hackers use SQL injections in order to take advantage of systems with unsecure databases which use SQL as their framework. By using the search bar or login bar on sites with poor security, hackers can type in SQL code into the search bar which is then executed on the system. The systems will interpret what should be data as code and will execute it within their framework. Hackers can thus use this tactic to retrieve all of the information within a database which they should not have access to. Malware: Examples of malware include software, spyware, viruses, bugs, worms, and ransomware. Malware is often able to permeate a network through links or email attachments that sometimes install dangerous software without the user’s knowledge. Malware can block access to the network, install additional software, transfer and send out secure data from the hard drive, and fry the system. Malware can also often duplicate itself in order to further spread the malicious software and make it more difficult to remove from a users computer or network. Man-in-the-Middle (MitM): These cyberattacks are categorized by a hacker sneaking into seemingly-two-party transactions. This type of attack relies on the user believing that they are connecting to their intended party, when in reality the information is going to the "man-in-the middle" and then to the final destination. Attackers are essentially eavesdropping in an effort to steal information. Advanced hackers can use man-in-the-middle attacks in order to change the information sent between two parties and redirect users to a potentially malicious site. Common points of entry for these types of cyberattacks are public Wi-Fi networks that are not secure, and after malware has gotten into a network. Phishing: Phishing usually happens through email when a hacker sends a fraudulent message that seems to be from a legitimate source but is not. It generally uses "click-bait" titles in order to get users to visit the malicious site due to their curiosity. Usually, the goal is to get credit card information or website login credentials or to have them open a file or link that will install malware on their computer. Doxxing: When a user researches or obtains someone's private information and posts it publicly online. Information can be harvested using malware, publicly available social media, or online metedata such as an IP address. Zero-Day Exploit: When a network’s vulnerability is announced publicly allowing for attackers to find an exploit. Hackers using this method launch an attack before the owner of the network has the chance to create a solution or fix whatever created the vulnerability.

Targets and Attacks

Government Services

In 2018, sixty million users were affected due to the unsubstantial security measures on the USPS website. This security vulnerability exposed the USPS database that consisted of emails to phone numbers, mailing campaign data, social security numbers, possible credit card numbers, access to street addresses, and access to personal data of everyone who lived in the same household as who logged onto the site through the main user's account. This vulnerability also allowed requests to be made by the user's to change other user's account information such as email addresses and phone numbers. Although these issues were known, the organization took a year to resolve this data breach.^[4]

Safety Ethics

High vulnerability should not be expected from certain government informational systems, considering that USPS has access to personal data points which can lead to identity theft. This leads to concerns in ethics regarding safety in governmental measures within other branches of the government because it is possible for “hackers” to gain access to other branches of the government that may have a similar vulnerability. Most people wouldn’t have considered this being a potential situation as sending and retrieving mail is such a common day to day task. With USPS the most common concern would be worrying about important packages or mail sent to the wrong address and one will open that information. However, this rarely occurs and it's taken seriously as its a federal offense to open someone’s mail or packages as it’s a matter of privacy. In other words, it was least expected that this situation would occur and the lack of timing and care for handling this situation. Contrasty, using USPS alone is a higher security threat, since it is possible for security hackers to break in and retrieve personal information from the database.

Healthcare

Healthcare companies are easy targets for hacking because its maximized vulnerability stemming from a lack of IT investment and training is information systems and the value of the data. Since companies only spend 3% of their IT budget on security and a majority of security breaches come from internal organization intrusion, it can easily take weeks or months before an organization realizes there is a data breach although there are security measures that are put in place to alleviate the effects of internal threats. This gives hackers a large time frame to access as much information as they want or need. The type of information contained in medical documents, such as a PHI or PII, is highly accurate and valuable data containing social security numbers and dates of birth which can be sold on the black market for upwards of $20,000.^[5]

One would assume that healthcare companies would contribute more funds towards security as there is so much prevalent information that both medical professionals and clients receive and share. It makes one wonder why these companies are still vulnerable and not respecting idea of anonymity and keeping information discreet. Most people wouldn’t want their medical conditions or health-related information exposed the public as they may be embarrassed or are hiding it for professional or personal reasons. Example, one may not want their job to know they are battling cancer in fear of losing their job and not having financial security for the medical treatments.

It’s best for people to be aware and concerned that healthcare companies are easy targets. So many people rely on healthcare regardless if services are obtained at a clinic or hospitals or local medical centers, these attract a large population especially in United States. People are vulnerable and not only will their medical information be exposed it is also their unpaid or extensive healthcare bills may be shown as well. This can look bad on the person financially in terms of current or potential employment.

Ethical Issues

Anonymity

Anonymity, defined as inability to coordinate some known trait(s) with other traits of the the individual such that the person can’t be identified. Many people in the US do not have the flexibility of online anonymity. Many of the cyber attacks are examples that reflect that people are no longer anonymous or have a minimum amount of other individuals who can gain access to their personal information. Because of the lack of, or limited security measures across many organizations and companies, this has led to the vulnerability and exposure of personal information more prevalent.

It is clear based on data breaches that occurred for the US Postal Services and Healthcare companies reflect how rare anonymity is. Exposure of social security numbers will potentially lead to many identity thefts which often take a long time to recover from. Due to the exposure from the data breach, it’s possible that more than one person will have that identity which makes it that much harder to track down the person who actually “stole” one’s identity.

Privacy

Alessandro Acquisti shares how there is no such thing as hiding your secrets or being anonymous because of our online era ^[6].The truth is; from having an image of a person using facial recognition, finding a name and publicly information about that name and person can form into non-publicly available information even the more sensitive information. Example, using one’s image found on their Facebook account or an app that uses phone’s internal camera taking images of user and the information shared on Facebook led to more help for determining their social security number. With these tools, there is a 27% chance of determining their first five SSN digits within four attempts. This is just one of his many experiments in regards to anonymous and how to gather information to uncover their information.

Evidently, this tool is clever and innovative yet alarming. This is something that should concern many people as it allows people to use simplified information to their advantage. This is beyond unethical and one would think that people would spend more time and effort into improving online security. One may wonder should people not post anything at all whereas others wonder what is even allowed to post online. Some may wonder if social security numbering policy may need to change so there is barely any “margin” to guess its number after multiple tries. It may need to get more complicated by having a combination of numbers, letters, and characters to limit these unethical issues.

Based on Acquisti’s claims in regards to how it’s becoming easier to discover more personal information about people. However, these data breaches don’t help considering we are already vulnerable to these security concerns. These data breaches along with the online presence of people makes it that much harder for people to remain anonymous or limit their anonymity from the least amount of people as possible. One can only hope that online security will improve so that people remain anonymous if any at all.

Conclusion

Overall, one can suggest that it's prevalent for companies to become more serious in terms of online security as one will have personal information that can potentially not be retrieved once its been exposed. It’s necessary that companies maximize their budget and efforts to ensure the safety of their online users to avoid or limit the number of data breaches if this is possible. This would be useful as people are already sharing minimal information online with the lack of awareness that no one is truly anonymous and there is a small chance of one finding more personal information about them.

References

1. ↑ https://www.techopedia.com/definition/26361/hacking
2. ↑ https://www.google.com/search?q=security+definition&oq=security+def&aqs=chrome.1.69i57j0l5.2981j1j4&sourceid=chrome&ie=UTF-8
3. ↑ https://www.cybersecuritymastersdegree.org/a-brief-history-of-hacker-culture/ A Brief History of Hacker Culture, Cyber Security
4. ↑ "https://www.theverge.com/2018/11/22/18107945/usps-postal-service-data-vulnerability-security-patch-60-million-users
5. ↑ https://www.darkreading.com/endpoint/why-hackers-love-healthcare/a/d-id/1331537
6. ↑ " https://www.ted.com/talks/alessandro_acquisti_why_privacy_matters/up-next"