The American Citizen Education About Online Security (and Hacking)

Last week in the Senate Intelligence Committee hearing there was a discussion about Senator Rubio’s campaign, or the individuals that remain from that campaign, had an effort to hack their computers from an IP in Russia.  Essentially this was the information available:

http://www.usatoday.com/story/news/politics/2017/03/30/marco-rubio-says-russian-hackers-targeted-his-presidential-campaign-staff-twice/99845720/

Then, “in July of 2016, shortly after I announced that I would seek re-election to the United States Senate, former members of my presidential campaign team who had access to the internal information of my presidential campaign were targeted by IP addresses with an unknown location within Russia,” Rubio said at Thursday’s Intelligence hearing. “That effort was unsuccessful.”

The Florida senator went on to say that at 10:45 a.m. Wednesday, a second attempt to hack those former presidential campaign staffers was also made.

“That effort was also unsuccessful,” he told the committee.

Now, we don’t know what the incursion effort was, or how they were specifically targeted, or whether it was an effort to access web server or email server or a financial payment gateway or what – details are not provided, and I’m not saying they should be.  BUT I am here to say that depending on what Rubio was referencing, it isn’t rare.

In fact, if you run WordFence on your WordPress site, you no doubt see traffic from Russia… and Ukraine, and Pakistan, and France, and other places as well.  And much of that traffic isn’t looking for your web content, but specific files, files that indicate a vulnerability.  And if they find that file, they sometimes look for another file, for an associated vulnerability. And so on.  It doesn’t just happen on WordPress sites or Wordfence sites – this is going on everywhere.

And you see traffic that tests logins and passwords for the most obvious types of patterns.

The point is, this is a growing bot and hack activity time, and it is time that the American people are educated about the issues.  Companies like the provider of Wordfence, and Sucuri, do what they can to get the word out, but they have a limited audience – essentially, you have to know about the issues to find out about the issues.   Your server provider may send you alerts of what they are doing to protect where your website is hosted.  Your email provider may do the same.  Your phone software may even do so.  But it is all fragmented, and very rarely is it about using “secure practices” as a
citizen using the Internet – whether that be having a web site, using email, browsing social media from their phone, etc.

What America – what the world needs – at this point is a public information campaign about that.

The challenge is that this public information campaign needs to be directed to the least and/or laziest technologically savvy amongst us that are using the Internet – because they are the ones at greatest risk of the dangers of hacking.  They are the ones emailing their credit card information.  They are the ones having a WordPress site set up 6 years ago and not doing anything much since to make sure that software is current and security efforts are being taken.   They are the ones using public wifi to access secure sites.  They are the ones always 3 steps behind the curve on security, while hackers and miscreants
are 2 steps ahead of the curve.

Online security can no longer be graded on a curve.

We are getting to the time where a big money campaign has to be created for the purpose of educating the entire population about online security standards.  We have had these for drunk driving, and for various health issues, and so on.  It is time that a coalition of the largest Internet companies get going on this, with the understanding that it has to be targeted to the most vulnerable, which is the least knowledgeable.  That means the targeting can occur on the Internet, but not only the Internet – there has to be media buys on television and radio and wherever else these people can be reached.

This doesn’t mean getting bogged down into picking winners and losers of technology in this campaign.  That makes it too political, that makes it too fragmented.  It means the kinds of things that Google and Amazon and Apple and Microsoft and Big ISPs and big content providers and government and other shareholders can agree on in terms of what the average internet user ought to do, and not do, to keep themselves and the rest of the internet citizenry safer from hackers and attacks.

The wisdom of THE BASICS of how to be secure online has to be shared robustly.  The health of online activity requires a minimal knowledge base of all users.  And very soon.