The seemingly inpenetrable National Security Agency was hacked recently. So was the Democratial National Committee, and voter registration offices in Illinois and Arizona.
Hackers also stole customer data from some of the nation’s top hoteliers, including Hyatt and Marriott.
It’s been a summer of escalating cyberattacks — a trend that government officials say could lead to a “cyber Pearl Harbor.”
Think of power grids being knocked offline, and banks suddenly seeing their assets go poof!
So where’s the public outrage?
People have mostly shrugged off the attacks, even though social media icons like Facebook’s Mark Zuckerberg have been shown placing tape over the webcams on their computers to thwart hackers.
Has the public simply accepted cyberattacks as part of life?
Not quite. Cybersecurity experts say people aren’t crying for protection because the attacks, for the most part, have yet to hurt them personally. There’s also lots of confusion about the nature of cybercrime, and little sense of how to fight it.
Oh, and the topic is boring.
“Cyber just isn’t sexy,” said Ashton Mozano, one of the professors the University of San Diego recently added to its new Master’s degree program in cybersecurity.
“If I were to sit down with 50 people and start talking about hacking, maybe five would zoom in. The rest would yawn.”
That’s because people have yet to feel the attacks financially, says Mark Heckman, who also teaches cybersecurity at USD.
“If someone hacks your credit card and uses it the most you’re going to have to pay is $50, and most of the time that fee is waived. Consumers are shielded against the charges, so they don’t fear them.”
The fall-out, for most people, involves a little inconvenience at the check-out counters. Banks and financial services companies have introduced chip-based credit cards that take a few seconds longer to use than strip-enhanced cards.
Consumers don’t like it. But they accept it in order to get through the checkout line as quickly as a possible — a mind-set that pervades society.
“I’ve had dozens of engineeers working for me,” says Mozano, who runs a security firm. “When I try to instill some secure coding practices in them, people say, ‘Hey, I appreciate that. But I just want to click a button on my computer and have it work. I want to see pretty pictures.”
David Mayhew, a third USD cybersecurity professor, said, “The reality is that the regular person can’t do anything about hackers. It’s not going to matter until their actual bank account gets hacked.”
Cybercriminals have already shown that they can access and move bank assets.
Earlier this year, hackers broke into a bank in Bangladesh and transferred millions of dollars to New York, according to the Society for Worldwide Interbank Financial Telecommunication, or SWIFT.
“The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts,” SWIFT CEO Gottfried Leibbrandt told CNN Money.
Hackers also have shown that they can plunge the public into darkness.
Late last year, cybercrimials struck the power grid in the Ukraine, fully or partially knocking out electricity to nearly 300 cities. Authorities said the attack appeared to be launched by Russian hackers. But, as is so often the case, the true identity and motive of the criminals isn’t known.
Hackers also have raised great concerns about one of the hottest topics in the current U.S. Presidential election — national security.
A group calling itself Shadow Brokers recently announced that it had hacked the super-secret National Security Agency and stole some of the cyber-tools that the U.S. uses against other countries, notably China and Russia. The hackers placed the code on websites, apparently to taunt and humiliate the agency.
U.S. government and political officials have been saying for years that the country has to do a better job of fighting such incursions.
In late 2012, Leon Panetta, who was then Secretary of Defense, sounded a clarion call, saying that the country could experience a “cyber-Pearl Harbor …
“A cyber attack perpetrated by nation states (and) violent extremists groups could be as destructive as the terrorist attack on 9/11. Such a destructive cyber-terrorist attack could virtually paralyze the nation.”
Defense analysts have been especially vocal about perceived threats and vulnerabilities. For example, they say cyber-terrorists could attack the mechancial, navigational and communications systems of warships, including those homeported in San Diego.
The Navy went so far as to admit that the San Diego-based littoral combat ship Freedom was found to have “cyber vulnerabilities” before it deployed to Singapore in 2013.
An attack on a warship — or the electrical grid, or assets of a bank — would have a deep impact on the American psyche, says Martin Libicki, a cybersecurity expert at the U.S. Naval Academy in Annapolis, Maryland.
“If power went out across the US, people would pay attention,” Libicki said. “The same thing would happen if you could no longer trust the numbers in your bank account, or if the election system was hacked and it made a difference.
“How probable are any of these things? I don’t know.”
USD’s Mayhew doesn’t know, either. But he’s sure of this: “State-sponsored groups are the only ones with the wherewithal to invest in these big attacks. They don’t really want to come in and destroy our computers because we could do the same to theirs.”
Mayhew adds a note that should chill any consumer who hasn’t been paying attention to the attacks: “I don’t think any system is securable.”
Neither does Pradeep Khosla, chancellor of UC San Diego and an expert in cybersecurity.
“There may be a perception that if only government or companies paid more attention these attacks could be thwarted,” Khosla said. “In my mind, this perception is both incorrect and dangerous as it provides a false sense of security. I believe there is no notion of (a) 100-percent cybersecure system.”