Mo’ data mo’ problems: information vulnerability in a new age of technology
October 30, 2018
Save password? Yes please. One less thing to remember in a rapidly moving world—right? But that password, saved in a browser and likely used across multiple sites, could be the entrance needed by a hacker. Duplicate passwords represent a major pitfall of online activity, as hacked passwords allow access to entire profiles and are more likely to be compromised if they are used more than once. The reality of this vulnerability is highlighted in ongoing security issues with social media giant Facebook.
Facebook may not be at the forefront of social media for teenagers, but lately it has been at the center of revelations about data security and privacy.
Most recently, 50 million Facebook users’ information were breached, with the potential of 40 million more being affected, according to Mashable.com. Alex Humphreys of Mashable assessed the data breach as more disastrous than the earlier fiasco involving Cambridge Analytica, in which millions of Facebook users had private information compromised.
“It’s a larger hack, on every conceivable scale,” Humphreys said. “It’s not just your Facebook account, but also the apps you use to log into Facebook.”
Although Facebook has seen a decline among younger users, the implications of the recent data breach extend to all internet users, highlighting the risks of our day-to-day online activities and the vulnerability of our information.
Information security specialist Ward Spangenberg, father of senior Grayson, points to the recycling of passwords as a probable cause of such leaks.
“How do you think they popped them? People use the same passwords,” Spangenberg said.
According to Spangenberg, online users leave themselves open to hacking by using predictable passwords, or the same passwords for multiple accounts. Although this may simplify users’ lives, it increases the likelihood of their passwords being breached—and the ramifications of such breaches are significant.
Spangenberg, who has been working in information security since 9/11, has seen drastic changes in both the type and amount of information collected since beginning his career in the field.
“In terms of what I’m protecting from 10 years ago to today, there’s so much more information that has to be protected. Techniques and controls have made it harder in some cases to get information, but at the same time we store more information [online],” Spangenberg said.
Case in point is the student database of the Tamalpais Union High School District (TUHSD), which houses student records. Spangenberg says that teenagers are an appealing target for hackers, as student records include detailed information including social security numbers and physical addresses which can be used for malicious purposes such as opening bank accounts.
Rose Chavira, the Senior Director of IT for TUHSD, is well aware of the sensitivity of student records, as well as the possibility of inside hacks.
“All of the student record data is encrypted on our servers here, and we have multiple layers of firewalls that protect from outside hackers, and also from inside hackers,” Chavira said. “We have an interesting situation as an IT department in a school district, because we have a lot of very curious end users out there, and they’re constantly seeing what they can explore and get into. So we have to protect from outside and inside.”
Spangenberg deals with a similar approach to protecting data, as the aspects of his job involve both preventing data loss and analyzing hacks which have already occurred.
“I’m there to help prevent data breaches and loss of information. Or, I’m there when a data breach has happened to help companies figure out how they were exposed, and in some cases actually track down who has stolen the information,” Spangenberg said.
Similarly, the TUHSD’s IT department, which consists of nine staff members, works to assess predicted threats and address attacks on students and staff.
“It’s an ongoing, ever-changing battle. The threats are constantly evolving, and with a small IT department like ours, we’re on the constant lookout for things,” Chavira said. “It changes day by day, hour by hour. So we’re watching the news, talking to security vendors, trying to stay as informed as possible.”
According to Spangenberg, students themselves play a role in protecting their own privacy, and although he says there is more awareness about data privacy among teenagers than older generations, they also take greater risks in their online behavior. A common misconception is that pictures taken on apps like Snapchat will “disappear” when they expire. However, Spangenberg refutes this, saying that multiple records are still in existence.
“The moment you digitize something, it isn’t going to disappear. There’s a record of it on your phone; there’s a record of it as it’s transmitted across the wire. If you’re using cloud storage services, there’s a copy of the picture saved there,” Spangenberg said.
Additionally, Spangenberg highlights the risk of personal information being appropriated by visiting unsecured or unverified sites.
“It used to be I could buy your credit card. Now, I can buy your entire life. Imagine what I can do with a stolen identity—I can open everything from bank accounts to debit cards, all kinds of fake accounts. By stealing all that information, there is no end to what I can get away with,” Spangenberg said.
Protecting such a large scope of information is a developing challenge for those who work to secure information. The balance between restricting access to potentially dangerous sites or software must be balanced with freedom to browse, according to Chavira.
“Spam and attacks like that are an inexact science, and so we’re trying to find the sweet spot between too secure, where legitimate messages are trapped in the quarantine, and not secure enough, where we’re letting the bad stuff through,” Chavira said. “It’s an ongoing adjustment that has to be made.”
Social media platforms such as Facebook and Snapchat are responsible for protecting their users, but according to Chavira, users themselves must employ a great deal of caution.
“I don’t think any user of technology can be blamed for having a platform’s data breached. But I think we all as consumers of social media especially have to be cautious. It’s sad that we have to be that suspicious, but we have to tread carefully,” Chavira said. “Don’t post any personal information and be as suspicious of online people approaching you as you would be of face-to-face.”
Spangenberg echoed this concern, highlighting the enormous amount of information that people give out, often without realizing the implications, and the possibility for a hacker to gain broad, near-complete knowledge of a person’s life.
“If I’m any good at research I could have a complete perspective on you in an hour. It’s scary is what it is,” Spangenberg said.