What would happen if hackers edited major news websites around the world to falsely report the recent Paris attack? Even if the websites managed to remove the false news within minutes, millions or even billions of people would have reposted, shared, and retweeted the news.
This ‘simple’ misinformation would likely lead to global panic, misinformed families, late response, traffic accidents, more victims, and other unimaginable impacts.
What Makes Cybersecurity Threats So Serious?
Recently this month, Variety released their survey on cyberattacks over media companies. Out of 319 media executives, 146 of them (46%) reported that they received at least one cyberattack in 2014. This number is higher from the same period last year, which was only 29%.
The attack is high. No one is completely safe from cyberattacks, not even companies with huge cybersecurity budget. However, even so, we tend to focus few subjects when it comes to cybersecurity, like how those attacks may bring physical damage to our electric grids and identity theft. It seems we choose to forget that there are so many other aspects of cybersecurity. We tend to forget that those hackers out there bring a very real cybersecurity threat. They can easily deface any website on earth to bring false information. Not even mobile apps and devices can escape these attacks. Still, we chose to ‘ignore’ these threats. We choose to continue on the ‘minor’ attacks and ignore the ‘most imminent one.’
We used to keep defacement out of our head. It only began to grab our attention when Matthew Keys, a journalist, become the first suspect in website defacing case. Under the Computer Fraud and Abuse Act, Keys was convicted to giving access to hacking group, Anonymous, to the world’s renowned news website, the Los Angeles Times. While the hackers didn’t actually deface the whole website, they successfully changed a news by adding some nonsensical words to it, bringing confusion among its readers.
Forty minutes later, the company realized the issue and removed the news immediately. That’s too long, even for a US major news website. Before it was removed, the story had been shared, re-tweeted, like, commented, and re-posted by at least thousands of people. Lucky for everyone, it didn’t turn to national chaos. The company managed to avoid what the hackers expected to have.
For everything that happened during that 40 minutes, Keys was charged with 25 years in prison. At least, from his advocates, this wasn’t fair. The verdicts were illogical and unfair. Keys might have allowed the hackers to deface the content, but does it worth 25 years in jail?
What do you think about this convict? Is it fair enough? Do you think Keys deserve those years in jail?
Upon reading the convict, the Electronic Frontier Foundation, spoke. From their side, the convict reveals the true mask behind CFAA. CFAA is broken and they are not the only one who believe that. Edward Snowden, via his Twitter, also criticized the maximum sentence.
For a serious conviction, Keys need some solid evidences that will free him from the charges. He must be able to prove that the hack did not cause $5,000 in damage or anywhere near it. The real problem here is, the government will never agree with it. From what we see, this case is not merely a defacement case. It’s actually the government’s effort to make reasons for them to spy on our activities. They are trying to show us that the internet is not a safe place, unless we give every access to the government to ‘make it safe.’
Here is what I can tell you about the CFAA. It doesn’t accommodate today’s cybersecurity threats. The only thing it fits is the government goal. Passed in 1986, this statue does not cover the true threats of modern cybersecurity. That includes website defacement.
The question is, so why Keys was charged under CFAA from the beginning?
Well, I told you. Things the government is doing with Keys is not law. It’s their effort to make you believe they are the only one who can make you safe and secure on the web. In Keys’ case, they are just making the whole case. Can you even find a reason to charge Keys under the “transmission of a program, information, code, or command” that makes him deserve for 25 years in jail?
That’s why we should make our own safety and security on the web. Trusting the government is not solution at all. If the government really thinks they are responsible for our online safety, they should make laws that are are more precisely and directly address our real challenges. They should think more efficiently over today’s cybersecurity. Today’s cybersecurity threats are too destructive, large, and complicated than what the current CFAA can do. Let me show you an example. In the past few years, a Syrian hacking group, the Syrian Electronic Army has defaced so many websites and social media accounts. For what? For their lovely Syrian President, Hafez al Assad.
So, what does this tell us? First, it is so easy to deface any website. Second, you don’t need a bomb to create a public panic. All you need today is deface a website like posting a nuclear bomb in Paris, shootings in Chicago, or a plane hijack over the UK airspace. That would create a mass chaos.
If the government is serious about providing online security, they should begin with how to address today’s problems with effective and precise tools. If they want to protect us, then they need to understand our problems. They need to be always one step further from all hackers out there. Is that impossible? No, I don’t think that’s impossible. The most important thing is, they should never sacrifice our privacy in the name of ‘national security.’ If they want us to believe them with everything they do, they must make us trust them first. Now, tell me. Can you trust someone who steals your privacy and pretends it’s for your own good?
The law can protect us, but it is only half of the solution. It can’t protect us unless we have the another half. Law can make us feel safe, but the real safety comes from our side. If you want to stay safe online, then make sure you have the best security measures on your side. No one knows what can happen to you in the future. Even right now, there might be someone watching over your back, keeping your browsing activities, logging your passwords, or even stealing your money. If you still believe law itself can protect you, then better prepare yourself to lose everything in your life.
VPN Asia, Your Reliable Cybersecurity Solution
We give you another half of your cybersecurity solution. We care about your online safety. You deserve that. We can’t let someone stealing your information, dropping you charges over things you do on the web just because they believe you did it wrong. We care about how to make the web the real heaven for your privacy.
Feel curious about what we can do for you? Then, check this article.
And one more thing, prepare yourself for the surprises 🙂