Hacking Into a New Year

There have only been 21 days of 2014 and already four major corporations — Snapchat, Target, Skype and Yahoo! — have been subject to data breaches. Recently, passwords of Yahoo! users, Skype’s social media accounts as well the credit card numbers of  Target consumers have fallen victim to hackings. In past years other companies such as Google, Visa and Barnes & Noble have been anonymously hacked. Members of the East community have been affected specifically by the Snapchat and Target hackings.

According to a Forrester Research survey of more than 2,000 security professionals, these hacking incidents serve as a lesson to be learned, with 46 percent of companies expecting to increase network security spending in 2014.

However, Danny Perkins, a computer security analyst for FishNet Security in Overland Park, believes the over-sharing habits of high school age students cause greater issues for online privacy and therefore an increase in security spending would do little to remedy the problem.

“I definitely think that those in the younger generation share way too much personal information online,” Penkins said. “Take Facebook for example, where you can add your email address, phone number, street address and date of birth to your profile. All of this information can be used and duplicated for identity theft.”

Penkins is among many security experts who expect the Snapchat and Target hacks to bring privacy issues among the younger generation to light and, hopefully, cause high schoolers to be more careful with their information online.

A recent report conducted by Pew Research Center found that high schoolers are the largest demographic of cell phone owners that use the Snapchat mobile application and therefore would be most susceptible to their information being stolen.

The Snapchat hackers published names and phone numbers of more than 4.6 million of the mobile app’s users. On his blog, the CEO of Snapchat explained that the hackers could theoretically upload a database of Snapchat users’ phone numbers and match usernames that way.

In a statement to technology blog TechCrunch, the hackers said that their motivation was simply “to raise the public awareness” about cybersecurity so that Snapchat would reevaluate the flaws in their system’s design. These types of hackers have been called “white hat hackers,” meaning they only hurt websites to make them stronger.

Freshman Caroline Heitmann deleted the application upon hearing about the Snapchat hacking. She says the urge to share via technology is unstoppable now.

“I didn’t use [Snapchat] that often to begin with, so the hacking was just another reason to delete the app,” Heitmann said. “In a way we don’t think twice about giving our information out on the internet because we’ve grown up being comfortable with doing that.”

Heitmann’s friends had mixed reactions when they heard the possibility of their Snapchat information no longer being private. Heitmann said her friends who use the application most frequently tended to ignore the news, whereas Heitmann and other friends who used the app less frequently felt that Snapchat should be more secure and learn from the hacking.

In addition to those who hacked Snapchat, criminals manipulated Target’s Point of Sale systems without raising any red flags in the midst of last years’ holiday shopping season. In contrast to the Snapchat hackers, the Target criminals are termed “black hat hackers.” These hackers break into a system in order to cause damage or for their own financial gain.

Seventy million customers and counting who shopped at Target between Nov. 27 and Dec. 15 have had information such as their name, address, phone number and email address hacked in the breach. Now Target customers’ credit card numbers that were compromised are for sale on underground forums.

East psychology teacher and athletic director Kelli Kurle was one of these customers whose private information was stolen because of the Target hacking.

“Target deals with such a mass quantity of accounts so their transactions are probably a lot more vulnerable,” Kurle said. “My identity was stolen in college so I’ve gotten super vigilant about keeping my information private, but there honestly wasn’t anything I could’ve done differently to prevent this particular hack.”

Kurle says she shopped both online and in-store at Target. When her debit card was declined while paying for gas, she realized something was wrong with her account. She heard about the hackings the following day and realized what had happened to her.

Someone located in Alabama with an untraceable email address emptied Kurle’s account by shopping at Best Buy. The problem with her account has been mostly remedied since then, but she still has a few bounced transactions that she is waiting to get refunded fees on.

“I have different passwords for each site that are different so I thought I was safer,” Kurle said. “All of my friends my age have fallen victim to having accounts hacked at some point. It’s just annoying.”

A recent article in U.S. News & World Report says that certain legislators have begun to take action in regards to national cyber security. According to Senator Patrick Leahy of Vermont, these recent hackings could be a wake-up call about privacy.

On Jan. 8 he reintroduced a new version of the “Personal Data Privacy and Security Act.” Changes in the act will increase the maximum sentence for a first-time hacking offender from 10 years to 20 in hopes of decreasing cyber crime. This bill will apply to all types of hackers involved in data breaches, cyber fraud activities, identity theft as well as criminals not hacking for financial benefits.

Leahy wrote in a statement that “The Personal Data Privacy and Security Act will help to meet this challenge [of recent hacks], by better protecting Americans from the growing threats of data breaches and identity theft.”

As a computer security analyst, Penkins agrees that Leahy’s legislative measures are a good start. However, he believes the problem will not be eradicated without people receiving better education and awareness of the dangers of operating online and how technology works in our everyday lives.

“I think people don’t really understand the risks of being connected,” Penkins said. “Everyone can be a target, but there are definitely ways to minimize the risk of exposure with proper education and training.”