With the public disclosure that hackers gained access to 1 billion Yahoo user accounts and increasing evidence of Russia’s involvement in hacking aspects of the U.S. election, the public has heightened concerns that cybercrime is undermining public safety and national security. The real problem, however, is much closer to home.
On a per capita basis, Miami leads the nation with 340 identity theft complaints per 100,000 residents. Identity thieves use this information to hack corporate and government systems as well as to submit false tax refund requests. As a consequence, South Florida has 46 times the number of falsified tax returns as the national average.
The South Florida ties of the president-elect may serve to increase Florida’s high incidence of cybercrime. Federal investigators believe a Florida election-system contractor was hacked by Russians, potentially exposing the personal data of Florida voters. Similar attacks occurred in Illinois and Arizona.
It is unclear whether the hacks of state election systems were designed to shut down systems, to alter electronic records of the ballots, to steal voter information, or to conduct other forms of theft and sabotage. In all likelihood, the goal was a combination.
The Florida connection also extends to the earlier attack against the Democratic National Committee. That attack targeted emails by South Florida Congresswoman Debbie Wasserman Schultz. The disclosure of Wasserman Schultz’s emails led to a DNC internal scandal forcing her to resign as DNC chairperson.
The attacks are also reminiscent of the March cyber attack aimed at Florida’s American Institutes for Research, the private vendor responsible for aspects of the Florida Standards Assessments tests. In that case, a cyber attack triggered over 29,000 computers and devices to bombard the testing service in a distributed denial of service attack designed to shut down the administration of the state standardized tests. The state investigation into that attack has failed to identify its source and no arrests have been made. Neither have there been any arrests regarding the DNC attacks or the election tampering.
These attacks highlight the close relationship between attacks on private companies and governmental agencies. Theft of private information from vulnerable corporate systems provide thieves the credentials to then access additional secure data systems. Once a hacker gains access to the private data, the hacker can pose as the government employee or corporate executive to gain greater access to the system.
Both state officials and private entities must do much more to thwart these attacks. Using frequently updated, unique usernames and passwords on each system helps, but it is insufficient. Once a hacker can monitor an account, the hacker can track these changes. Significant additional steps are required to disrupt the infrastructure of cybercrime and identity theft in South Florida.
Florida must recognize its role as the home of U.S. cybercrime and initiate a public-private partnership to thwart these attacks. The first step is to bring law enforcement agencies, banking organizations, governmental departments, and cybersecurity experts together with a goal to undermine the revenue model fueling much of the criminal activity. While this does not immediately address the broader political hacking, it reduces the ease with which state hackers can gain access to Florida personal and corporate accounts.
By creating a comprehensive partnership, Florida can turn its lead as the victim of cybercrime into being a leader in cybercrime response.