Issue link: http://tcnj.uberflip.com/i/1126054
26 The College of New Jersey Magazine individual user. Spear phishing is the most common attack we see right now. It's not that sophisticated; it's usually an email that appears to come from a legitimate person. Often, the sender will want you to click on a link or open an attachment. That may lead to a phony place that asks you to enter login credentials. Credentials are the most valuable commodity in cybercrime; they are the keys to the kingdom. Those links and attachments may also contain malicious code — malware — that may implant itself on a device or on a system, then steal information or destroy data. We've seen malware infil- trate the computer systems of hydroelectric dams to actually blow them up. We had that happen in New York state in 2013 — it was stopped before it damaged the dam. Hospitals have been shut down by ransomware attacks, where malware encrypted all files and they had to pay a ransom to gain access to electronic medical records to be able to perform surgeries — to just function. In the global NotPetya malware attack, launched in 2017, the Russian government used a Windows exploit, a worm called EternalBlue that had been stolen from the National Security Agency that could attack any computer connected to a local network through a Windows vulnerability. And it spread across the globe in a matter of hours. It took down Merck. And Maersk. the particular counties, the particular precincts. They ran disinformation campaigns. It's another form of the weaponization of the internet, where you're hacking not just computers — you're hacking the minds of individuals. You're influencing their thinking by what they see, read, and hear online. We hear a lot about the Internet of Things — internet-based devices that control the temperature in your home or let you see who's ringing the doorbell. And then there's Alexa. Should we be worried that by bringing devices into our homes, we're giving up our privacy and inviting hackers? Yes. This is the double-edged sword of technology. It makes our lives easier. It provides greater convenience, more fun. It's cool. At the same time, there's a trade-off. You are ceding control of your information. The technology comes on so fast and is adopted on such a wide scale, that there's no way to go back and add in privacy and security protections that should have been there from the beginning. How do people protect themselves, then? I think it's really up to every individual to have a digital privacy plan. It's thinking through all the ways that you interact with technology, thinking about what you're getting and what you're giving up, and whether you're willing to make that bargain. When you buy something at a store, do you sign up for their loyalty program so you can get that little discount? Do they track every purchase? When you wear an Apple Watch, do you consent to them getting information about how fast your heart beats throughout the day? As I talk to my own children about this, they'll say, "I don't care if they have that one bit of data about me for this time that I went to this restaurant." But they have every bit of data about every single thing you've done. They have your thoughts: your search queries, the websites you visit, what appeals to you, what scares you. They have all of this information, and it's the greatest asset for sale in the United States and around [Teenagers] found a digital candy store — they were able to move freely through some of the largest companies in the world. " " And we see different threat actors with different objectives: Whereas the Chinese might focus primarily on stealing intellectual property, the Iranians are more focused on how they can destroy things. North Korea uses ransom- ware attacks to generate money for the regime. The U.S. government has acknowledged that there's basically an ongoing cyberwar with multiple nation-state actors. I can't imagine you're too optimistic about the 2020 elections being free of interference. I'm not. I think the election infrastructure is illustrative of the issues that we see all over the cyberthreat landscape. The infrastructure is controlled by the states, counties, local election boards. No one entity controls it so you can't just hack the whole thing. But you don't have to hack the whole thing to swing an election. The Russians in 2016, according to our intelligence agencies, targeted not just the particular states that were key, but