By Bill Murray
With Andy Thibault
Ask subscribers to the strategic security firm Stratfor, enlightened social media users or any of the major credit card companies that were hacked in 2011.
Data storage on the cloud is so dangerous because different servers can share processing, disk space and memory.
Vendors who accept credit cards are not supposed to store that data. Rather, they are required to maintain firewalls to protect it during transactions.
What could go wrong?
Without the control of having your own server, you never know if the data you deleted is really deleted. If you delete an email, is it still around? The answer is: We don’t know. It depends on the server.
Nowadays, vendors even offer hosting for legal case data. If that hosting is less than secure, legal privilege is at risk.
Web search companies routinely sell statistical data to third parties. They keep an index of users’ search data. This can be a useful tool for law enforcement as such information is rarely suppressed in criminal cases.
Many social media users spend less time reading their on-line user agreements than they do credit card contracts. Thus, they are shocked to learn they have lost ownership of their writing, photos and other potential copyright-related data. The unaware users of social media can cause more security problems than the websites or services they engage. Only under duress — from a combination of user outcry and threatened government intervention — do companies change their policies.
In the Stratfor case, news reports speculated the cyber attack was in response to the U.S. military’s prosecution of suspected WikiLeaks source Bradley Manning. Stratfor, often referred to as the ‘Shadow CIA,’ is a popular news source for media, law enforcement, corporations and the military. It also has a wide following among various professionals.
Stratfor subscriber Harry Shearer, the actor and filmmaker, told the New Orleans newspaper Gambit his credit card was compromised and he canceled it.
Human error is also a factor in such hacking incidents. Security technicians at data centers have to be asleep at the switch to miss all the traffic generated by hackers and then fail to block it.
Clearly, the so-called credit card system is totally vulnerable. Magnetic strips are old and should go. Instead, companies should use smart cards with data encryption.
Bill Murray is president of eDocMasters LLC, a company that takes the mystery out of e-documentation for the legal industry. Andy Thibault, author of books including Law & Justice In Everyday Life, blogs at The Cool Justice Report, http://cooljustice.blogspot.com/
Published in Register Citizen 01/01/2011