More hackers are defacing websites, but the law lags in addressing cyber security issues.
There has been much recent attention to major cyber attacks on leading companies, involving hackers taking private information on millions of consumers. But a leading cyber security expert says that the most troubling digital risk is not stolen credit card data or identity theft.
In a recent piece for TechCrunch, a U.S. Naval Academy cybersecurity legal expert noted that attacks that spread misinformation via online media sites could be the world’s most dangerous cyber threat. The Navy’s Jeff Kosseff warns that hackers are increasingly defacing websites, apps and other digital media to foster rumors and disrupt economies.
While most cyber security concerns center around the threat to large computerized systems like the national electricity grid or military command operations, Kosseff says that neither the U.S. legal system nor the private sector is well prepared to manage media disruptions.
Such attacks are clearly increasing. A recent survey of more than 300 media executives found that more than 46 percent say that their firms have been subject to such attacks, up from 29 percent last year.
The recent conviction of Matthew Keys, who allegedly gave the hacking group Anonymous the confidential decryption keys to the Chicago Tribune’s website, has shed some light on the issues of website defacement. The Anonymous hack simply added a few words to a news story, and the Tribune company found and deleted the damage within 40 minutes.
Keys has been found guilty of violating the Computer Fraud and Abuse Act (CFAA), and faces up to 25 years in jail, although he is expected to receive a substantially lighter sentence in court this coming January. Keys is also expected to appeal, since violations of the Act must be shown to have caused at least $5,000 in damage, which Keys says is clearly not the case in this incident.
The Keys verdict has been criticized by electronic privacy advocates including Edward Snowden and the Electronic Frontier Foundation, who stated that the decision shows that “the CFAA is broken.” Kosseff agrees that the law needs to be updated to address the latest cybersecurity and privacy issues.