The revelation that at least 500 million user accounts were hacked at Yahoo is spawning more concern over cyber security failures by the U.S. government and corporate America, and a leading cyber expert says America is still not getting serious about a problem that’s much worse than most people realize.
The stunning admission revealed more than half-a-billion user account credentials were stolen by the breach at Yahoo, including users’ email addresses, birth dates, passwords and some security questions. Even more troubling to some experts is how long the hack played out.
“Whoever it was was lurking around in their system since 2014, which is an inordinately long period of time, usually someone is in about 201 days and there start to be indications that they’re in there. In this case, Yahoo didn’t even find out until they were notified by somebody else,” said IDT911 Founder and Chairman Adam Levin.
“That is distressing, but it also shows that, regardless of how big companies are and how technologically sophisticated they are, we’re living where breaches are the third certainty in life, that cyber war has replaced the Cold War and that you’ve got very sophisticated, creative and persistent people who are getting into systems all over the world and are becoming more and more difficult to ferret out,” Levin told WND and Radio America.
He said the scope of hacking right now is far beyond what most people realize.
“Business and government are being breached at an insane pace,” Levin said. “Up to about a year ago, over a billion files had been improperly accessed by people who had no right to be there. They projected that in 2016, before they were thinking about Yahoo, we could have as many as one billion files that were improperly accessed through breaches.”
He also said Americans must scrap the mentality that hackers want nothing to do with normal, everyday people.
“A lot of people say, ‘Why does anybody want to breach me? I’m nobody. What they have to understand is – both our companies and government and each and every one of us – we are all Kim Kardashian. We are all celebrities,” Levin said.
Listen to the WND/Radio America interview with Adam Levin:
“They want to get what we’ve got because there’s money at the end of the rainbow, based on the information they can get from us, that they can exploit, that they can use to create a mosaic of our lives. They can commit identity theft or steal intellectual property and trade secrets,” he explained.
The nature of identity theft is also evolving and getting more elaborate.
“When you talk about identity theft, we’re way beyond people opening accounts in people’s names,” Levin said. “We’re talking about medical identity theft, where you could die on a stretcher because of a wrong blood type. You could end up on a no-fly list. You could be arrested because you’re pulled over for a busted tail light and there are warrants for your arrest. There could be tax fraud, child identity theft. We’re living in serious times.”
However, he said the government is still not taking the threat as seriously as it should be.
“When you have a Congress that can’t agree on the day of the week, when you have administrations that have to fight for every penny in order to harden cyber defenses, where you have a two-million person projected gap in cyber security professionals, we’ve got a lot of work to do. This should be a front-burner issue,” Levin said.
The issue was raised in Monday’s presidential debate. Levin says Americans are going to need a lot more from their next president on this issue than what they saw on that stage.
“It’s more than just making strong statements or talking about expertise by one’s child. We’ve got to get deadly serious about this,” Levin said.
After noting that breaches are inevitable, Levin advises individuals to minimize their risk, monitor their situation and manage the damage.
When it comes to reducing digital exposure, Levin said consumers need to be much better about protecting their information.
“If someone contacts you online, or in person or telephonically, and asks you to authenticate yourself, you hang up, you delete, you walk away,” he said. “It’s one thing if you’re in control of the interaction and they need information to confirm you’re you. It’s another if they’re in control of the conversation, because they should know your credit card number or your security code or your Social Security number.”
He also said Americans should never carry their Social Security card with them. He recommends choosing strong passwords and never sharing passwords with anyone over email or social media. Levin also encourages people to monitor their credit scores, since major drops indicate a breach. And he suggests taking advantage of free services that banks, insurance companies and corporations often have to clean up the damage.