Tags: yahoo | hack | cybersecurity | russia | dnc

Will the Yahoo Hack Finally Make Cyber a National Priority?

Will the Yahoo Hack Finally Make Cyber a National Priority?

Yahoo! President and CEO Marissa Mayer delivers a keynote during the Yahoo Mobile Developers Conference on February 18, 2016, at The Masonic in San Francisco, California. (Stephen Lam/Getty Images)

Wednesday, 21 December 2016 01:21 PM Current | Bio | Archive

Yahoo reported two breaches involving user information this year that surpass the number of people who currently use Yahoo — nearly a fifth of the world’s population. That’s right. The raw figure of those affected by the two breaches: 1.5 billion users.

It is likely that there is some user overlap, and also instances of multiple accounts belonging to a single user, but even so it’s a huge number.

With breaches of this magnitude, it is easy to point fingers, and there is no shortage of experts doing just that. Full disclosure, I threw myself on the dog pile just this week.

It was way back in 2008 when experts at Carnegie Mellon took advantage of established government channels to make certain the security community was informed about a serious cyber vulnerability. It had been determined that a cryptographic hash function (think encryption scrambler) called MD5 was no longer safe. You may have heard of the government channel that was used to disseminate this information. It was the Department of Homeland Security, and it said in no uncertain terms, "users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use."

Clear enough, right? Yet Yahoo kept using MD5.

"When business is good, it’s easy to do things like security," Jeremiah Grossman, who worked on Yahoo‘s security team from 1999 to 2001, told Reuters. "When business is bad, you expect to see security get cut."

The thought that more than a billion people were put in a compromised position because of a soft stock price should be placed right up there with the Deepwater Horizon oil spill. In that study of corporate shortsightedness and neglect, 4.9 billion barrels of oil were spilled into pristine marine ecosystems, and 11 people were killed. While it is impossible to know with absolute certainty, both the Yahoo breaches and the Deepwater Horizon spill were, in very different ways, not chiseled into the hard stone of fate, and may even have been avoidable — the byproduct of cost-cutting and maximizing profit.

This all goes to say that we need to be focused on priorities. What do we as a nation value more: security or economy — especially when the latter is tied to the success of the former.

There is a teachable moment in the Yahoo breaches that demands we look at cyber security at the national level.

News of Russia hacking the election is still spiraling around, and the hacks of the DNC were historic. Neither should have been possible, and both represent the cybersecurity equivalent of our crumbling roads and bridges — this is about shoddy infrastructure. Recall also that our federal government was responsible for a far more serious compromise than the Yahoo breaches, one that involved incredibly sensitive data — including information about Top Secret clearance status and forensic background checks for those serving the FBI and CIA.

So, has anything changed?

Back in March, the 2016 State of Cybersecurity from the Federal Cyber Executive Perspective, a report by (ISC)², a non-profit focused on cybersecurity, found that the federal government was not in much better shape than it was back in 2015 when President Obama ordered the 30-day Cybersecurity sprint.

A full 59 percent of the respondents in the (ISC)² survey said that they believed their agency struggles to understand how cyberattackers could potentially breach their systems, while 41 percent didn’t know where the agency’s key assets were located. The most troubling statistic: 65 percent disagreed or strongly disagreed that the federal government as a whole was capable of detecting ongoing cyberattacks.

It should go without saying that we have a tremendous amount of work to do as a nation to survive the coming cyber attacks. I take President-elect Trump at his word. He is going to take on the challenges of our cyber security, and push back at the state-sponsored attacks that have been coming our way for some time now.

There is no more time to talk about the threat in hypothetical terms. We have already been invaded. The war has already begun. It is now time our nation sets down the deliberate road to victory over threats to our cyber security both at home and abroad.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of IDT911 (IDentity Theft 911) and co-founder of Credit.com. Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." Read more of his reports — Go Here Now.

© 2019 Newsmax. All rights reserved.

1Like our page
Yahoo reported two breaches involving user information this year that surpass the number of people who currently use Yahoo — nearly a fifth of the world’s population.
yahoo, hack, cybersecurity, russia, dnc
Wednesday, 21 December 2016 01:21 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved