When it comes to online security, being paranoid is no longer enough
You just wanted to see the photos your friend shared. Or buy a pair of shoes. Or read that story.
Now your email account’s been hacked, your credit card number’s been stolen, and your computer for some reason is mining bitcoin.
Welcome to the Internet of Today. The Internet of Tomorrow is shaping up to be a lot worse.
But this is not the story of hijacked wireless security cameras crashing the internet, ransomware locking up England’s NHS, or a teddy bear that exposes you to hackers. Rather, this is about how securely navigating the internet for simple day-to-day tasks is becoming harder and harder while at the same time our dependency on successfully doing so is only increasing.
If things continue as they are now, soon not even maintaining a healthy paranoia — a prerequisite today for online life — will be enough to keep your data secure. A new approach is called for as we barrel blindly toward our shared dark online destiny.
The old tricks aren’t working
A look at two common pieces of advice for safely traversing the internet wilds, and how quickly they have become outdated, helps to put things into perspective.
Let’s start with something as non-controversial as the old recommendation to use two-factor authentication (2FA). Two-factor authentication safeguards your online accounts with a second layer of protection, and is an absolute must these days. In its most common form, 2FA is a random number texted to your phone when you try to log into an online account. You need that number, plus your password, to get access.
Pretty neat, right? There’s just one problem: 2FA in its most common form is now completely busted. There’s a known exploit in telephone signaling protocols that lets hackers redirect SMS messages to any phone they want. This is not just theoretical. As previously reported by the International Business Times, a group of hackers recently took advantage of this exploit to hijack 2FA text messages and drain individual bank accounts across Europe.
Sure, there are other forms of 2FA that don’t use SMS (and you definitely should use those), but the speed at which an accepted security best practice was turned to trash is astonishing. And it’s not the only one.
Virtual private networks (VPN) work by encrypting your online data and running it through their own server before sending it out to the world. This, in theory, is great because it prevents would-be hackers from seeing what you’re doing.
Good stuff, right? Well, yeah, except for the fact that a lot of companies offering VPN services are actually all kinds of shady. Basically, if you’re not careful, using a VPN might actually make you less secure. To make things even crazier, it’s incredibly hard to tell which VPN is legit and which is not.
In other words, you might be better off not even trying.
Another blow to online privacy.
What to do?
Clearly, navigating the internet securely is no easy task — even if you’re paying attention. A sophisticated Google Doc phishing scam that hit a slew of journalists in May made it clear that even the professionally skeptical are not immune to a well-crafted attack.
So where does that leave the rest of us? What happens when our online paranoia and fear of every unknown email, link, and update isn’t enough to keep us safe? Because that’s clearly where we’re heading. And anyway, as the old saying goes: Just because you’re paranoid doesn’t mean they aren’t actually out to get you.
As larger portions of our lives migrate online, it becomes correspondingly more important that we are able to protect that space. A new form of digital literacy is called for — one that is less about learning to use Microsoft Excel and more about knowing how to lock down every aspect of our digital selves.
Sound depressing? Maybe, but so is getting your bank account drained by unknown hackers — something the Internet of Tomorrow will be all too happy to assist with.