Essays Tagged "Wall Street Journal"

Page 1 of 2

Sony Made It Easy, but Any of Us Could Get Hacked

A focused, skillful cyber attacker will always get in, warns a security expert.

  • Bruce Schneier
  • The Wall Street Journal
  • December 19, 2014

Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment’s computer systems and began revealing many of the Hollywood studio’s best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama’s presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of …

Syrian Electronic Army: A Brief Look at What Businesses Need to Know

  • Bruce Schneier
  • The Wall Street Journal
  • August 29, 2013

The Syrian Electronic Army attacked again this week, compromising the websites of the New York Times, Twitter, the Huffington Post and others.

Political hacking isn’t new.  Hackers were breaking into systems for political reasons long before commerce and criminals discovered the Internet.  Over the years, we’ve seen U.K. vs. Ireland, Israel vs. Arab states, Russia vs. its former Soviet republics, India vs. Pakistan and U.S. vs. China.

There was a big one in 2007, when the government of Estonia was attacked in cyberspace following a diplomatic incident with Russia. It was hyped as the first cyberwar, but …

The Army in Our Midst

In one Maryland county, SWAT teams were deployed once a day on average in 2009, most often to serve search or arrest warrants.

  • Bruce Schneier
  • The Wall Street Journal
  • August 5, 2013

War as a rhetorical concept is firmly embedded in American culture. Over the past several decades, federal and local law enforcement has been enlisted in a war on crime, a war on drugs and a war on terror. These wars are more than just metaphors designed to rally public support and secure budget appropriations. They change the way we think about what the police do. Wars mean shooting first and asking questions later. Wars require military tactics and weaponry. Wars mean civilian casualties.

Over the decades, the war metaphor has resulted in drastic changes in the way the police operate. At both federal and state levels, the formerly hard line between police and military has blurred. Police are increasingly using military weaponry, employing military tactics and framing their mission using military terminology. Right now, there is a Third Amendment case—that’s the one about quartering soldiers in private homes without consent—making its way through the courts. It involves someone who refused to allow the police to occupy his home in order to gain a “tactical advantage” against the house next-door. The police returned later, broke down his door, forced him to the floor and then arrested him for obstructing an officer. They also shot his dog with pepperball rounds. It’s hard to argue with the premise of this case; police officers are acting so much like soldiers that it can be hard to tell the difference…

Do You Know Where Your Data Are?

  • Bruce Schneier
  • The Wall Street Journal
  • April 28, 2009

Do you know what your data did last night? Almost none of the more than 27 million people who took the RealAge quiz realized that their personal health data was being used by drug companies to develop targeted e-mail marketing campaigns.

There’s a basic consumer protection principle at work here, and it’s the concept of “unfair and deceptive” trade practices. Basically, a company shouldn’t be able to say one thing and do another: sell used goods as new, lie on ingredients lists, advertise prices that aren’t generally available, claim features that don’t exist, and so on…

Who Should Be in Charge of Cybersecurity?

  • Bruce Schneier
  • The Wall Street Journal
  • March 31, 2009

U.S. government cybersecurity is an insecure mess, and fixing it is going to take considerable attention and resources. Trying to make sense of this, President Barack Obama ordered a 60-day review of government cybersecurity initiatives. Meanwhile, the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology is holding hearings on the same topic.

One of the areas of contention is who should be in charge. The FBI, DHS and DoD — specifically, the NSA — all have interests here. Earlier this month, Rod Beckström resigned from his position…

The Kindness of Strangers

  • Bruce Schneier
  • The Wall Street Journal
  • March 12, 2009

When I was growing up, children were commonly taught: “don’t talk to strangers.” Strangers might be bad, we were told, so it’s prudent to steer clear of them.

And yet most people are honest, kind, and generous, especially when someone asks them for help. If a small child is in trouble, the smartest thing he can do is find a nice-looking stranger and talk to him.

These two pieces of advice may seem to contradict each other, but they don’t. The difference is that in the second instance, the child is choosing which stranger to talk to. Given that the overwhelming majority of people will help, the child is likely to get help if he chooses a random stranger. But if a stranger comes up to a child and talks to him or her, it’s not a random choice. It’s more likely, although still unlikely, that the stranger is up to no good…

Thwarting an Internal Hacker

  • Bruce Schneier
  • The Wall Street Journal
  • February 16, 2009

Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On October 24, he was fired. Before he left, he slipped a logic bomb into the organization’s network. The bomb would have “detonated” on January 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything — and then replicate itself on all 4,000 Fannie Mae servers. Court papers claim the damage would have been in the millions of dollars, a number that seems low. Fannie Mae would have been shut down for at least a week…

How to Ensure Police Database Accuracy

  • Bruce Schneier
  • The Wall Street Journal
  • January 27, 2009

Earlier this month, the Supreme Court ruled that evidence gathered as a result of errors in a police database is admissible in court. Their narrow decision is wrong, and will only ensure that police databases remain error-filled in the future.

The specifics of the case are simple. A computer database said there was a felony arrest warrant pending for Bennie Herring when there actually wasn’t. When the police came to arrest him, they searched his home and found illegal drugs and a gun. The Supreme Court was asked to rule whether the police had the right to arrest him for possessing those items, even though there was no legal basis for the search and arrest in the first place…

Why Technology Won't Prevent Identity Theft

  • Bruce Schneier
  • The Wall Street Journal
  • January 9, 2009

Hebrew translation

Impersonation isn’t new. In 1556, a Frenchman was executed for impersonating Martin Guerre and this week hackers impersonated Barack Obama on Twitter. It’s not even unique to humans: mockingbirds, Viceroy butterflies, and the brown octopus all use impersonation as a survival strategy. For people, detecting impersonation is a hard problem for three reasons: we need to verify the identity of people we don’t know, we interact with people through “narrow” communications channels like the telephone and Internet, and we want computerized systems to do the verification for us…

How to Prevent Digital Snooping

  • Bruce Schneier
  • The Wall Street Journal
  • December 9, 2008

As the first digital president, Barack Obama is learning the hard way how difficult it can be to maintain privacy in the information age. Earlier this year, his passport file was snooped by contract workers in the State Department. In October, someone at Immigration and Customs Enforcement leaked information about his aunt’s immigration status. And in November, Verizon employees peeked at his cellphone records.

What these three incidents illustrate is not that computerized databases are vulnerable to hacking – we already knew that, and anyway the perpetrators all had legitimate access to the systems they used – but how important audit is as a security measure…

Sidebar photo of Bruce Schneier by Joe MacInnis.