One of the groups with which I collaborate sent me a note the other day "Please take our online cybersecurity training." Essentially, this group affords me access to information and data. They are happy to do so but have some concern that I will do something untoward that could expose their network to malicious persecution of some notable effect.
Remember Otter in Animal House (1978) "I think that this situation absolutely requires a really futile and stupid gesture be done on somebody’s part.” Brother Bluto replies solemnly "We're just the guys to do it." It was irreverent and preposterous. It has stuck with many of us for the decades since. The problem with computer security is that the "stupid and futile" occur from time to time, but we perhaps do not think it through and decide to do it nearly as fully as Otter and Bluto.
We all make errors on the computer. Mitch Ratcliff made one of my favorite comments of all time about computers: "A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequila.” Oh, we can make mistakes. Social media merely affords us the opportunity to make it more offensive in the process.
So, I spent a few minutes in the training. I learned that people may send you emails with links in them. The bottom line is do not click links in emails from people you do not know. This remains true even if it is from a prince or potentate, or a relative thereof, who has a billion dollars that you can help them retrieve with just a few minutes of your time, and for which they agree to let you keep half of the money. The same goes for documents attached to emails. The instructor dourly repeated "what type of file is absolutely safe? None, none I tell you" (and then he laughed maniacally). I made that last part up, but the "repeated" and "dourly" are for real.
The latest threat, apparently, is called a social engineering attack. The example is a group standing about smoking a cigarette or two outside (cannot smoke inside anymore). I recently read a piece about how Florida State University has made smoking verboten anywhere on its campus (inside, outside, upside down even). We'll come back to that.
So they stand, smoke, socialize, and commiserate. When some head back into the business, they all seem to move together. What none realize, is that one of them is not really a company employee. She/he has engendered group membership and trust and thus sneaks into the business, sits at a vacant computer, and hacks away. This is only an example. In its broadest sense, social engineering is any process by which someone gains the trust of another to allow a computer attack. Anyone might be a threat against you, your network, and your business. I found this one very interesting as it is something we might see James Bond do.
That recent training was on my mind when a story was published on May 6, 2021, about a Florida high school student who will be tried as an adult. This story is about her downfall and the ridicule to which she is now being subjected. Don't get me wrong, a crime was allegedly committed. I am all for that being investigated and prosecuted if appropriate. But public ridicule?
Some may not realize it, but it used to be an English punishment (and yes, we imported it to America) to publicly shame people by locking them in a pillory and ridiculing them in the town square. Britain stopped using the device in 1837 according to Britannica; Delaware was the last U.S. state to abolish it in 1905. Then Facebook and Twitter brought it back in a more convenient, pervasive, digital format in the 21st Century. Go figure.
The teen essentially is accused of hijacking the election for homecoming queen at a Florida high school last fall. Her mother was employed by the school board in a position of trust. She had access to computer resources and information. The student is accused of using her mother's password to gain access to some student accounts and to vote for herself, and she won the Homecoming Queen title. Not exactly Snidely Whiplash, but an alleged crime nonetheless.
The young lady "has been stripped of her title and will be tried as an adult." This is, as John Mellencamp might say "serious business." A young person now accused of "a really futile and stupid gesture," and a "mother (that) admitted she was negligent." The mother has already faced consequences related to her employment (at least at one point she was suspended from work; the reports do not provide any edification on how long that is to continue, or the next steps).
Thus, the ultimate "social engineering" is when someone gains trust and then accesses information that they should not (what is more trusting than a parent/child relationship?). Some will argue that this is a petty crime, stealing a homecoming election. But the theft is not the crime. Illegal access to a computer network is a crime. There was trust, and it was exploited. Some would say exploited stupidly (breaking news: kids do stupid and impulsive things all the time. Breaking news, adults do also). No hacking involved, no computer expertise involved, no phishing, no click-bait, just good, old-fashioned misuse of someone's password. Who knows your password? How do you know? So, lesson one is to beware of who knows your passwords and with whom you share them.
Let's return to the smoking ban at Florida State for a second. There are a great many people on this planet. We all have to function daily in the midst of each other. our rights may (will) periodically run up against someone else's rights (your right to smoke and my right not to inhale your exhaust). The government will become involved in those points of friction, and courts will make decisions. We must remember in those contexts that there is no perfect solution when rights collide. The government will regulate and we will all be faced with the outcomes. The smoking ban is likely a great illustration of that.
Now, back to the public pillory. Sure, Facebook, Twitter, and more have perfected the "pillory post of social media" (copyright, David Langham, 2021). Post a picture of your meal and prepare for the ridicule to follow ("you eat meat, what about our planet"). Post a picture of yourself in a public place and see who is offended ("You paid money to that company, you know their human rights record?). Express an opinion (oh no, not an opinion), and be prepared to be accused of every social ill since Eve took a bite of the apple and just ruined everything for everyone. But, the virtual pillory of our modern age has not changed public ridicule; it has just made it faster and easier, a parallelism to Mitch Radcliff's "more mistakes faster" is perhaps "more ridicule and disdain faster."
The student in this story, however, made the news not because of online bullying in the pillory. In this story, we learn that the school published a yearbook that included her photo. And, superimposed over her face is a photo of, to put it delicately, the southern end of a northbound horse. Ouch. That is clearly criticism; some may find it humorous as well, but it's not very kind. And, like any picture on the Internet, it will be around forever. The news reports that parents are "outraged." The school is "recalling those yearbooks to fix that problem." But, the photos will not disappear. I wonder if this young person will be at the ten-year high school reunion?
We are in a huge society. We will face the challenges that people around us do things that we do not like, and that potentially even harm our own health, safety, and welfare. We will have our "government of the people, by the people, for the people." And, laws will be made, conduct will be forbidden and criminalized. Those laws will not stop people from stupidly or diabolically impacting us though. We will be threatened, challenged, and inconvenienced.
We must remember that. We must remember that computers will help the ne'er do wells be stupid and diabolical far more rapidly than they can do so in person. The threats are all around us. This December, I will host a session on Cybersecurity at the WCI Conference in Orlando. I will bring a broad overview to the table, and then turn it over to Florida's top experts on cybersecurity from the Center for Cybersecurity at the University of West Florida. I hope you can be there. Whose problem is cybersecurity? You guessed it, it is yours.
How can you do a better job of security against the malicious and the stupid? What are the threats to you and your business? What will it cost you when some employee allows a security breach? How will your customers and your customer's customers impose constraints on your Internet use? How will the law? Come to the program and learn more. Trust me, I will not put your picture on the Facebook pillory. I will even pose with you for selfies afterward so you can inflame your friends and followers by associating with someone who still dares to have "opinions."
