Ransomware is terrifying for businesses, entire companies could fall without access to important corporate files. It’s no picnic for individuals either; dependence on smart devices and cloud storage make a lot of us easy targets for cyber-criminals.
The amount of risk people take, using their devices, often seems manageable: we install anti-virus, use encryption, and more concerned users can even surf the web using a virtual-private-network (VPN) to keep their information safe. There seems to be a never-ending supply of products and services to keep you secure online, and businesses have entire departments dedicated to the security of their company.
Still, we lose
Despite the billions of dollars developers and governments spend trying to keep our data safe the criminals appear to have the upper hand.
Why they are in control, however, might not be for the reasons you think. According to Cyberghost CEO and co-founder Robert Knapp:
These people they don’t have to work hard, the tech isn’t rocket science anymore. As an attacker you don’t need a lot of funding to set this up, you just do it. The previous attacks, the attack today, they are because of exploits, the hackers use back-doors that are left by the developers’ mistakes or discovered by groups like the NSA and never reported.
It turns out he was right, NotPetya could have easily been prevented five years ago.
The massive ransomware attacks throughout Europe, Russia, and the US have that have the tech world on-edge today, represent a developing theme for 2017. This is the age of the virtual kidnapping; and it’s just going to get worse. The WannaCry attacks, Netflix’s Orange Is The New Black ransom, and NotPetya are all examples of security being exploited by non-hackers through easy-to-access exploits.
How they do it is only one of the important questions. Another one is: what can we do about it right now?
You can use encryption on everything. Like WhatsApp has encryption built-in. The problem is that Facebook is an American company so you don’t know if they have a back-door built in, there’s been evidence that agencies like the NSA for example, they have the resources to discover exploits and it is in their interest not to notify the developers. When this happens, there is nothing you can do.
His statements are bold, and there’s no doubt he feels passionately about the problem, but he isn’t dreaming up a conspiracy theory here. In Germany they passed a law that allows the government to take the WhatsApp messenger service and exploit it, thus going around the encryption, using a back-door.
This type of legislation is what Knapp is talking about when he says we should be blaming the governments of countries like the US and Germany where there is a real fear that our systems are full of exploits. We know the NSA finds these exploits and fails to report them.
There’s no way for the average consumer to have any assurance that they won’t suddenly find all of their banking information online. There’s more to be worried about than just dollars though – many of us don’t realize the extent to which we exist online. Knapp had this to say:
Online is just a digital extension of ourselves. Everything we do is building a profile of who we are. The right to privacy is important for any free democracy. Now all of our data, our medical information, or maybe psychiatric history, everything about us could be made public at any moment.
Keeping in mind that Knapp is the CEO of a company that offers VPN access, he isn’t telling us to abandon all hope. His position is that we don’t know who is behind the security software we use.
He pointed out that some VPN sites don’t show the faces of the people behind the products, “you don’t see who the founders are on the website, most don’t have transparency concerning the data behind their products.”
He makes a valid point, but even when we do know who is behind a product or service there’s not much room for optimism. We trust Microsoft developers to keep our systems secure, when they get exploited we extend that trust and expect them to fix the problem. That only gets us so far, especially when you know that some of these ransomware attacks are simple back-door attacks.
The way forward, according to Knapp, is through legislation:
We can’t stop the ransomware unless laws get passed that help create a legal standard that encrypts everything. The hackers can exploit back-doors as well, so there really shouldn’t be laws allowing governments to use them. Until then we have to assume that everything we do is public, until further notice there is no more private. Maybe until quantum networking. Currently there is no way to guarantee you have privacy.