On Thursday, October 29, the School of Diplomacy and International Relations held an event entitled, Cybersecurity: Highest U.S. and International Threats and the Election, which focused on techniques and tactics that bad actors use to violate security. Adam Nielson, a cybersecurity specialist, provided numerous examples of cyber tactics used in both retail and political spaces. Nielson began his career in the Army and served two tours in Iraq. He specialized in intelligence and worked on the evolving threats of cybersecurity.
Nielson explained the ways in which bad practices and industry flaws can lead to security breaches. The technology industry is reactive instead of proactive, according to Nielson. The lack of progress in learning from previous security concerns has impacted retail giants such as Target and Home Depot, as well as political campaigns. “It still takes me back that there are a lot of organizations that aren’t as forward thinking as they should be when it comes to their patching and updating,” Nielson explained.
Nielson went on to describe how simple passwords have led to breaches in the Democratic Party in the U.S. He explained that with the use of phishing and other more social attacks, users were able to gain access to the accounts of Hillary Clinton’s campaign organizer, John Podesta. The technology used in this attack was an older software available to anyone for purchase online. All across the political spectrum bugs and flaws in campaign apps, as recent as September 2020, have plagued campaigns.
According to Nielson, general cyberwarfare has doubled in a single year. The landscape of the internet in general has changed rapidly, creating more flaws. Nielson mentioned that recent attacks have exploited the opportunistic attitude of early tech adoption. New smart devices such as refrigerators and lights are being infected and used in attacks. Botnet attacks and Direct Denial of Service attacks utilize many people’s lowered guards towards these devices.
The technology gap is not limited to non-experts. Tech leaders like Mark Zuckerberg have fallen victim to simple exploits such as weak passwords. An attack on Target utilized the same software and tactics that were used on Home Depot some years earlier. A lack of proper security software and basic security hygiene caused millions of credit cards to be leaked.
Nielson also mentioned the struggles of metadata management and security. Metadata is data given when using websites and apps. It is often used in attacks and breaches. An example of this would be voter registration information. Campaigns have been looted for this kind of sensitive data, which is then used to create profiles on individuals. Even new ransomware attacks, which focused on holding data hostage until a payment is made, has shifted to target individuals. According to Nielson, one compromised individual can compromise an entire organization if proper security steps are not taken.
Nielson went on to explain how many countries are beginning to increasingly use cyber-attacks. The rising number of attacks from nations such as Iran, Russia, and China are becoming bigger and more sophisticated. Even states like North Korea have begun large-scale attacks. Nielson mentioned the need for a more offensive stance towards cybersecurity with things like encryptions and security measures.
Nielson ended the presentation with a call for people to be more secure with their technology. He explained that he keeps his passwords secure by using “a password manager.” Nielson further added that using a unique password for every website and keeping tabs on breaches is vital for your own security.