A year ago, a coordinated cyberattack sabotaged massive parts of the American and European Internet. The Mirai Botnet turned our Internet-connected devices against us. Millions of webcams, VCRs, baby monitors and telnet services were seized and used to take down Twitter, major news outlets and commercial infrastructure. Web access was cut off, electronic systems stopped working, and we couldn’t get news about what was happening.
It wasn’t a team of sophisticated hackers behind the attack, but one angry gamer — reportedly a man with a grudge against the PlayStation network. The truth is that someone with minimal technical knowledge can set up a node of the Mirai Botnet in less than 15 minutes.
One would think that members of Congress would lie awake at night at the thought of a malicious botnet whose next target could be military and financial institutions. And yet, no major federal initiatives were launched in the aftermath of Mirai. Rather, the security of vital infrastructure was left for private industry to solve.
Rep. Marsha Blackburn (R-Tenn.) did appear on CNN to comment about the Mirai botnet. But instead of announcing plans to force recalls of the hijacked devices, Blackburn blamed the attack on software piracy — an utterly unrelated subject. (It’s like watching your house burn down and declaring it’s time to buy a new car.)
This lack of understanding might be less concerning if Blackburn were just one of the 435 voices in Congress. But she serves on the House Communications and Technology subcommittee, where just 15 votes determine the fate of much of the legislation related to technology, including cybersecurity, communication and privacy. She used her cable news interview to plug legislation that would allow law enforcement to shut down websites based on copyright allegations, widely seen as a giveaway to corporate interests — which makes sense given that two of Blackburn’s top campaign contributors are telecom interests AT&T and Verizon. When the main voices giving you perspective on privacy and cybersecurity are powerful business interests that make money from the status quo, the American people are going to lose more than we win.
When it comes to cybersecurity, Americans remain extremely vulnerable, and our representatives seem ill-prepared to do anything about it. Earlier this month, it was revealed that Equifax disregarded warnings of security vulnerability and was hacked by a relatively simple exploit; we can expect to suffer years of identity theft and credit fraud thanks to the worst theft of private information in history.
Biotech giant Merck was hit with a ransomware attack in June that halted manufacturing. We’re only now beginning to understand the scope of Russian attempts to influence the 2016 election, but we know it included attempts to hack local election offices. And just last week, the SEC said it had been hacked last year and that the information stolen could have been used to make Wall Street trades.
Although states such as Massachusetts are suing Equifax for recklessness, and President Trump has started to move some government systems to the cloud, there is no credible national plan for securing American electronic infrastructure. The issues go further than cybersecurity. In 2014 and 2015, I was one of the primary targets of the Internet harassment campaign known as Gamergate, where women in the game industry were subjected to death threats, rape threats and malicious exposure of personal information in attempts to professionally discredit them. We found that law enforcement was utterly unprepared to prosecute crimes when they happened online.
Answers to all of these problems exist, but federal officials seem unable to implement them. Unlike so many issues that cause gridlock in Congress, the axis of conflict on technology isn’t right versus left — it’s informed versus uninformed. A prime example is Congress’ effort to criminalize strong encryption in the aftermath of the deadly San Bernardino, Calif., mass shooting. After a terrorist attack on a government training event, the FBI sought access to the perpetrator’s smartphone. Apple refused, and the FBI brought the tech giant to court to force it to engineer a backdoor to smartphone email, text messages and contact information.
Proving that no political party has a monopoly on bad technology ideas, President Obama warned tech leaders in a speech at SXSW last year that if they didn’t give government a secret backdoor to encrypted data, Congress would force them to. The tech industry was nearly unanimous in its horror at the idea. Is this because technologists are unconcerned about terrorism? No, it’s because people with a deep understanding of cryptography know there is no such thing as a backdoor that only the government can use. Aside from ideas of protecting civil liberties, this was simply a matter of understanding the reality of encryption.
The Washington Post
