experience matters

Lindsay Lewis | Critical Mass Chicago

The electro-bass voided, the rock and roll of the high-tide faded, the scene of holiday boaters and people dancing on boats for the sake of a three day weekend blurred into a distant background and suddenly my ears fell numb to all but the words “Finding these vulnerabilities, you can train a monkey to do it… But at the same time, hacking is about the path of least resistance. There’s no need to overly complicate things if a simple sequel injection can work.”

Those chilling words, spoken by Patrick Stoey, a key contributor to the Biggest Cyber Crime in History, were recanted in the June 10th issue of Rolling Stone. Albert Gonzalez, commonly hailed the “Capone” of Cyber Crime, enlisted Stoey and dozens of other hackers to execute some of the most sophisticated hacking heists of all time- targeting hundreds of high-profile companies like TJ Maxx, Barnes & Noble, and 7-11. The most pervasive of them all pirated the credit card numbers of over 130 million Heartland Payment Systems customers.

I put the magazine down for a minute to digest what I’d just read. As sympathetic for the victims as I naturally wanted to feel, my rationale classified both parties as naive. If a monkey had the brains to make off with hundreds of millions of credit cards and check out with millions in cash from a series of hacks that impacted an unquantifiable number of people, then “farming” money from 400 App Store Users seems like no-brainer to me.

Catching both stories simultaneously put a lens on the state of my own information security, pin-pointing it’s gaping holes and flimsy insulation and the more I sought to isolate my vulnerabilities, the more of myself the lens began to reveal. In a World boasting ease of access, we can quickly and efficiently maneuver into, out of, and between windows. So easily in fact, that we’ve begun treating them like the ones on our homes, leaving them open for a cool draft of cyber crime to circulate within and swiftly cash out. As the evolution of Web 2.0 has begun shaping the way we work, it has blindsidedly begun to shape the way we are.

Our everyday social behavior on Web 2.0 and mobile applications, can tell us a lot about our vulnerability to cyber crime because web applications and related technologies accounted for 82% of all security vulnerabilities on the web last year, according to a report released by Cenzic, a leader in web application security. More sobering than that, are the vulnerabilities themselves- Cyber Criminals not only capture our private data but our behavior as well. The top ten vulnerabilities on the web today fit seamlessly into the little things we do online everyday, living on the profiles of those we “add as a friend” but vaguely know at all, yet we trust to share our play-by-plays with and trust the info they share too. They patiently wade in the background of sidebar widgets on websites we trust enough to visit everyday. They hang out behind the buttons we so love… I mean “Like.” They dress themselves up as character limit-friendly little links and do all of the things we do on the websites we visit most

Using a scenario we commonly run into on Facebook as an example, the Flow Chart below demonstrates the ease of access a hacker has to execute the top ten types of attack mechanisms on the web today in one fell swoop.

This is the scenario to which we go through in interacting with applications all over the web; granting them access to our identities, then authorizing them to use and share it. Because these applications are being accessed through the social networking sites, web and mobile apps that we know and trust, we naturally assume they’re safe to use. But by simply injecting a malicious code into a web or mobile application authorized continuous, two-way communication with us like the action demoed in the flow chart, the hacker is positioned, depending upon the complexity of his code, to execute all top ten attack mechanisms on the web today at the push of a button…

And all because you wanted to play a little game.

While I hate to play the role of devil’s advocate, I think the saying goes “you get what you give” and our social behavior seems to indicate that for every identity stolen, there’s one given away and a filthy rich monkey saying “damn, that was easy.”

So now you’re probably wondering how you can protect yourself from Web 2.0 Cyber Crime; I found these tips, from a Web 2.0 Hacker himself, infuriatingly helpful.

Lindsay is a Community Moderator for the Nissan Altima and the Nissan Quest, working from the CM Chicago office.