You would think, wouldn't you...

  Forum Editor 17:59 08 Aug 2017
Locked
Answered

that nowadays, with all the technological expertise at our disposal we ought to be able to stop this sort of thing from happening?

Shows like Game of Thrones cost huge amounts of money to produce, and advertising revenues alone are considerable, to say nothing of foreign sales of the output. It's worth spending some serious money to protect the scripts and other sensitive data from being hacked.

That said, it's a TV show - not as important as our banking systems, where fraud is increasing consistently as the banks seek to save money by encouraging us all to use their online apps so they can close more branches.

All this, in the 21st century, as the rate of technological advance continues to accelerate - year on year - and no sign of it slowing. Surely the software and hardware industries should be able to come up with a solution to the decades-old process whereby hackers find ways around our defences as rapidly as we raise them?

Or is it all just inevitable, this constant drip, drip, drip of data terrorism that makes nervous wrecks of those who operate online network servers?

  qwbos 01:25 09 Aug 2017

If you look back across history you'll quickly come to the conclusion that every defensive structure or system has been seen as a challenge and sooner or later overcome.

The same process can be seen at a microbiological level, resulting in antibiotics becoming less effective.

So just accept the inevitable. Anything man made can be man broken. Anybody who thinks otherwise is either extremely arrogant, or so wealthy that they can firewall themselves from the rest of us.

  Forum Editor 09:42 09 Aug 2017
Answer

qwbos

"The same process can be seen at a microbiological level, resulting in antibiotics becoming less effective."

It's not the same process at all. Bacteria adapt to changes in their environment, in the same way that all other living organisms do. They develop a resistance to antibiotics as we develop a resistance to environmental changes over time.

Cyber security is a different thing entirely, and there's no valid argument for advocating that we should just accept the inevitable - that's a defeatist attitude. Any realist knows that there will always be people who try to exploit chinks in society's armour for gain, but that doesn't mean we have to shrug and say 'that's life' when organised criminals carry out major attacks on servers.

Personal and corporate data security has become a huge problem, and it's getting worse - hardly a week goes by without a report of yet another data breach somewhere. My view is that we shouldn't just accept this as inevitable - there are ways of fighting back.

We can start with education. All children should be taught how to protect their personal data from an early age - as soon as they start to have an online life.

In the course of my working life I come across a degree of ignorance about cyber security that shocks me, and not just in an individual context - many business owners and operators are surprisingly relaxed when it comes to safeguarding important data. Lots of them are that way because they don't realise how real the threat is, or if they do, they have little idea about how to combat it.

How we go about fixing all that is another matter altogether, but fix it we must. We will never eliminate the risk, as you point out, but we can certainly reduce it very considerably if we try hard enough.

  Fruit Bat /\0/\ 11:08 09 Aug 2017

An inside job?

  Forum Editor 11:12 09 Aug 2017

*Fruit Bat /\0/*

You can never rule out the possibility, but the case in point bears all the hallmarks of a hacker attack.

  oresome 12:08 09 Aug 2017

I don't have a lot of sympathy for companies. They know the value of their product and data and should appreciate the risks of not securing it adequately.

I'm more concerned for the individual who suffers fraud and the increasingly hard line taken by banks and other institutions who believe their systems to be secure and that therefore it must be the customer who is at fault by giving away their details.

I'm sure some customers are either reckless, ignorant or unwittingly duped and a few may be fraudsters themselves, but some will be the victims of scams and weaknesses in the systems that have yet to be discovered or at least admitted.

  Forum Editor 12:50 09 Aug 2017

oresome

"I'm more concerned for the individual who suffers fraud and the increasingly hard line taken by banks and other institutions who believe their systems to be secure and that therefore it must be the customer who is at fault by giving away their details."

I have some sympathy for some of the people who are victims of online banking fraud, but also some for the financial institutions that are taking a harder line with their customers.

There can be few people who do their banking online who are not well aware of the dangers - which are given wide publicity- and yet many of them still succumb. The banks believe that this is because of a widespread feeling of complacency, the idea that there's no need to worry because 'the bank will pay if money goes from my account'.

The bank should pay if it can be demonstrated that it was the bank's fault, but it is increasingly the case that this isn't necessarily the case - very often the customer has been careless, and hasn't taken the advice that the bank, and the media have provided.

  oresome 14:08 09 Aug 2017

The bank should pay if it can be demonstrated that it was the bank's fault

Now there's the rub.

How can a customer demonstrate that the bank has an as yet unknown, certainly to the general public, flaw in it's security systems?

  Forum Editor 16:08 09 Aug 2017

oresome

"How can a customer demonstrate that the bank has an as yet unknown, certainly to the general public, flaw in it's security systems?"

That isn't how it works - the bank has to demonstrate that it was the customer's fault, and in lots of cases it turns out that customers have provided details in response to phishing emails or phone calls.

What the banks are saying, and I agree with them, is that customers must stop automatically assuming that banks will reimburse them for the consequences of their own negligence - we all have a responsibility to safeguard our own data, rather than relying exclusively on others to do it for us.

If a bank's data store is hacked, and my personal account details (including my login information) fall into the hands of a fraudster, the bank must pay me for any consequential loss. if I click on a link in an email and enter those details on a fake form, the bank should not be expected to foot the bill.

  john bunyan 18:44 09 Aug 2017

Whilst I was out today my wife had a phone message allegedly from my bank's fraud team to say there was odd activity on my account. I went to my local branch and called the genuine fraud team who confirmed it was not them. I used an undisclosed number to call the number left on my home phone and a message said " This is the fraud team of xx bank, please enter your phone no associated with your account." I did not continue, but await their next call. My bank says that they have several people in every day with similar stories, some of whom have been duped.

  qwbos 01:45 11 Aug 2017

FE

"It's not the same process at all. Bacteria adapt to changes in their environment, in the same way that all other living organisms do. They develop a resistance to antibiotics as we develop a resistance to environmental changes over time."

Not strictly accurate. Bacteria mutate all the time as do all organisms. That's the basis of evolution. So there are broadly two ways bacteria defeat antibiotics. One by building up tolerance due to long term low level exposure to the antibiotic. The other by resistant mutations developing.

Malware producers, hackers and other such miscreants are following the same process. They change their approach based on the defences put up to thwart them. Others will find chinks and a way to exploit them that nobody had considered before.

Accepting the inevitable that any protection will be broken isn't admitting defeat. It's the very opposite. It's being realistic.

You speak about corporate security. The company I worked for was of critical national importance, to the point of having armed MOD police patrolling outside the high security fence. Yet there was nothing to stop anybody loading whatever they wanted onto the company network. Why are DVD and USB drives left wide open? Uncontrolled internet access in the workplace also seems bizarre.

The security community needs to be many jumps ahead to provide meaningful protection. Can that be done? Damned if I know but it certainly hasn't been done yet.

The complexity of modern software doesn't help. Maybe we have to sacrifice some of the whistles and bells to reduce the size and associated exploitable flaws. My first office type software was First Framework. If I remember correctly, it came on two 720K 3.5" floppies. Not too many places to hide anything there!

I can remember watching a program featuring the then Microsoft number two. He was being asked about the number of fixes being issued for XP and why it wasn't fully corrected prior to release. His answer was to the effect that if XP had been tested until Microsoft could guarantee that there were absolutely no issues that needed fixing, then it would never have been released.

People now seem to have computer connections for everything from email to "speaking" to their fridge, yet they appear to be more ignorant and casual than ever about security.

Education is the answer for some but not all. You can lead a horse to water .......

So who's going to build a self protecting computer operating system that will detect and eradicate all threats, both inward and outbound?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Pokémon Let's Go, Pikachu! and Eevee! review

How map doodles inspired Eric Chase Anderson's illustrations for a Wes Anderson classic

Mac mini 2018 review

Les meilleures tablettes tactiles (2018)