The assurance recently given by Facebook about the future safety of data in its network was scarier than any threat that they could have issued. The risks to personal data and loopholes that Facebook indicated to have now sealed were not even known to exist by its billions of users (Langone, 2018). Most importantly, these loopholes would neither have been realized nor sealed had it not been for a sting operation by investigation journalists aimed at Cambridge Analytica. The entire scenario begs the question of how many other risks and loopholes exist on the internet that ordinary internet users are not even aware of. Over and above the risks and loopholes that have been created by the social networks themselves, there are active risks from hackers and other elements who access internet systems without their operators getting to know about it. The combination of these legal and illegal threats creates a myriad of vagaries to the privacy of internet users. Due to these vagaries, any information that is placed on any online systems is at risk being accessed by third parties and any supposed privacy of that information is lost forever, the moment the information goes online, as this research paper will reveal.
Background
As far as technology is concerned, the internet is among the most recent forms of mainstream technology, yet one that has had a tremendous impact in the society. At the advent of the internet, it was mainly used for formal communication and in a relatively limited manner. In the 21st century, two important advancements brought greats changes to the internet world from the perspective of the instant research paper. The first was the advent of the smartphone that created the modern high proliferation of internet usage (Hooper, 2017). The second, a direct consequence of the first was the advent of social media and the proliferation of the online market. Social media and the online transaction have seen billions of people around the world place private and personal information on internet platforms. The people who place their information online do so with the understanding that the information will be safe from any unauthorized persons (Colesky et al., 2016). Even those who place personal information on social media have the option of limiting who is allowed to see the information and to what extent. Unfortunately, based on four recent events related to hacking, it is clear that no information based on any online systems is ever safe. Further, there is almost no way of telling whether or not information placed on the internet has been breached. The ignorance of internet users about internet breaches is based on several issues including collusion by platform operators, ignorance or negligence by the operators, or an attempt to cover up.
Delegate your assignment to our experts and they will do the rest.
No Internet System is too Safe to Be Hacked
The Event
At the age of 15, Kane Gamble, who has only recently attained the age of majority, elected to test the security of online systems around the world for fun. For several months, Gamble tried to and successfully hacked into some of the most secure systems in the world and with a lot of ease (Dixon, 2017). Most importantly, the operators of many of the secure systems he hacked were not even aware that their systems had been hacked into and to what extent they had been compromised. It was only after Gamble had been apprehended that the narrative about the extent of the hack was realized and from the culprit himself. Further, in case there are aspects of the hack that Gamble did not reveal, there is a possibility that it might never be known. Among the security systems that Gamble hacked include the online accounts of the directors of the FBI and CIA and most specifically the “ US Secretary of Homeland Security and Barack Obama's Director of National Intelligence ” (Dixon, 2017). These are some of the most powerful people in the world, capable of mounting the most advanced online security systems, yet they were all bettered by a 15-year-old, whose only motivation was looking for a challenge. The information obtained by Gamble was then used by terror organizations to blackmail the US government. As part of the blackmail, private, personal and sensitive information about 3,500 government employees related to intelligence agencies was released online (Dixon, 2018). Releasing personal information was not only an embarrassment but also placed the life of those individuals and their families in danger.
Real and Potential Consequences of this Hack
It is clear from the nature and ease of the hack by Gamble, coupled with the fact that the perpetrator had neither major resources, education nor motivation that any system can be hacked with ease. Further, it is also clear that many online systems in the world that have been presumed to be absolutely secure may have been hacked repeatedly and for an elongated duration of time. The only difference between them and the Gamble hack is that the perpetrators have not been kind enough to reveal what they have done. If the leaders of some of the largest intelligence agencies in the world can be hacked repeatedly and never even realize it, then it means that other security systems can also be hacked and the information therein siphoned out. The real consequences of this hack, therefore, are the realization that no online system has any semblance of safety. Whenever private information has been placed online by any system, it becomes available to hackers who are motivated and skilled enough to get it. The potential consequences of this hack are that it revealed how easy hacking into secure systems is, many individuals in the world who believe they can benefit from hacking into secure systems will be motivated by the knowledge that it is not only possible but also easy. Further, it is possible that many hackers who will be arrested in future will refer to the Gamble hack as the primary motivation for their hacking endeavors. Therefore, private information that has been placed online has become increasingly unsafe because of the Gamble hack.
Some Social Networks have been Benefiting from Illegal Hacks
The Event
Facebook, arguably the largest social network in the world with billions of users offers free services to most of its users. Yet, Facebook Inc. is one of the largest companies by market capitalization in the world with its president, Mark Zuckerberg being one of the richest men in the world. This begs the question of how, a company that offers mainly free services, can make so much money. The baffling answer to this question is that among the products that Facebook sells is the private and personal information of its customers. A sting operation against the company Cambridge Analytica led to one of its directors admitting that they have been using private information harvested from Facebook users. A secondary inquiry into Facebook was then launched which revealed that Facebook not only allows but also aids hackers to use it to access private information from Facebook users, for a fee. Further, the number of customers whose private data had been siphoned off from Facebook has been a moving target, beginning with a few million, then a few tens of millions then to 87 million and climbing (Langone, 2018). According to Facebook, they had allowed a researcher to use a specialized application to con Facebook users into giving their personal information through playing some form of online game. The researcher would later sell the information collected in this manner to Cambridge Analytica. A further investigation showed that many of the secondary Apps used by Facebook are a means of harvesting information about Facebook users that the users would not normally expose (Solon, 2018). Facebook has been collecting, analyzing, storing, and also selling this information as part of this core business. Facebook users who only thought they were sharing limited information with their friends never realized how exposed they had been, and how much the giant social network has been benefiting from this exposure.
Real and Potential Consequences of this Hack
An extended definition of a hack is the use of a computerized system to irregularly access private information or a private network. The narrative above does not represent a hack on the Facebook network but rather a hack on the tens of millions if not hundreds of millions of Facebook users. Further, in this scenario, Facebook is not a victim of hacking but rather a perpetrator or at best an abettor of hacking. Among the primary consequences of the hack is anxiety on the part of the billions of Facebook users who are not aware of the extent that their personal information has been exposed. These users may not be in a position to know how many other “researcher” Facebook has been allowing to harvest private information, what information the researchers have harvested and who they have sold it to. Further, Facebook only revealed that it has been selling private information because it had been caught doing so. Online users will also have to wonder what else social networks have been doing with their private information. From the perspective of potential consequences, it is now clear that Facebook and perhaps other social networks have been collecting, analyzing and storing the private information of the customers. Considering that no online system is safe from hacking as revealed by the Gamble hack, users have to wonder whether their information has also been stolen from Facebook or its “researchers” and what it will be used for. The Cambridge Analytica hack has the potential of ruining social media.
Placing Private Information on Online Systems Can Lead to Financial Losses or Even Prison Sentences
The Event
The holy grail of personal and private information in the USA is the trifecta of “ information–Social Security number, birth date and home address ” (Lourosa, 2015). This is what was obtained in the 2017 Equifax Hack. Equifax is a consumer credit rating company that collects personal information and analyzes it to assess their credit rating. In most cases, consumers will willingly enter their information into the Equifax system, including the sensitive tripartite information of security number, date of birth and home address to get a security rating. Unbeknown to most users, Equifax not only received and analyzed the information to get the credit rating but also stored the information. Further, most of the income for Equifax comes from business to business transactions where Equifax sells the credit based information about individuals and segments of the populace to companies such as banks and insurance companies. From the above, it is clear that Equifax holds very sensitive, privileged, personal and private information. In 2017, the Equifax system was hacked into and the information it held relating to approximately 140 million people, most of them Americans was stolen (Fung, 2017). The information, in a multimedia format even included photos of driver’s licenses and Social Security numbers, credit ratings, financial information among others.
Real and Potential Consequences of this Hack
Two primary consequences are possible for the individuals whose information was accessed through the hack with secondary consequences being probable for the wider financial and credit industries. The first possible consequence is financial losses. A social security number can be used to access money and credit facilities in a number of ways, mainly through internet platforms (Khrais, 2015). The credit information accessed through the Equifax hack, therefore, can cost the owners of the information billions of dollars through fraud. Secondly, it is the social security number that operates tax accounts for Americans. The information lost can be used to obtain tax refunds just as it can also be used to undertake tax fraud (Lourosa, 2015). Tax evasion and related fraud are among the criminal activities that the federal government focuses on. In the case a social security number stolen from the hack is used for tax fraud, the owner of the number might end up in jail due to inability to prove innocence. On a wider perspective, credit ratings are important in the financial and allied sectors and the Equifax hack has the potential to discourage individuals from checking their credit ratings. The inability to get credit information will adversely affect banks, insurance companies and their customers. Finally, 140 million people are almost a half of the entire US population, if the social security numbers begin to be used fraudulently en masse , the Equifax hack would have the potential of crushing the US economy.
Companies Entrusted with Private Information Cover up Hacks
The Event
The primary objective of cybersecurity is to stop online systems from being illegally or irregularly accessed and its secondary objective is to mitigate damage as and when any breach happens. The honest reporting of any and every breach with substantiation is critical to the mitigation of the damage done through the breach (Colesky et al., 2016; Martin et al., 2017). It is on this basis that the 2016 Uber hack stands as a poignant example of the vagaries of placing any private information on an online platform. Uber Taxi Company innovatively created an online system that made the taxi industry relational in nature. Through an innovative phone app, customers can be able to easily and efficiently access road transport. By virtue of the app, however, Uber customers would place a lot of personal and private data online. Further, personal information would also become available through the continued usage of Uber Taxis booked and paid for through the online platform. Finally, as with any employer, Uber keeps comprehensive records which includes the personal information of its employees. In 2016, the Uber online platform was hacked into and private information from its customers and employees siphoned off (Bernard, 2017). Instead of declaring the breach to enable the parties involved to take measures to mitigate possible damage, Uber tried to cover up the incident. The extent of cover-up included the reprehensible move to pay the hackers to delete the information that had been siphoned off. US$ 100,000 was paid to the hackers who signed non-disclosure agreements about the hack (Isaac et al., 2017). Further, the Uber developed a ruse that the hack was an academic exercise to test the safety of Uber online platforms. It is only a year later, after a change of management that both the hack and the cover-up were revealed. This begs the question of how many other security breaches in online platforms have been successfully undertaken and covered up pending the abuse of the stolen private information.
Real and Potential Consequences of this Hack
The vagaries of information being stolen have already been canvassed in the examples above but the Uber hack is unique due to the successful cover-up. Further, as indicated by the FBI, what Uber did was pay a part in creating an underground organization of hackers through funding them. As long as crime is seen to pay, criminals will be motivated to perpetuate it. Uber is a US$ 70 billion company with millions of customers across the world. It is, therefore, a company large enough to earn the trust of many (Isaac et al., 2017). Trust is the currency that most people use when they entrust their private information to online systems. The Uber hack revealed that online systems cannot be trusted to keep private information, or even reveal when the said information has been stolen. The real consequences of the Uber hack were the private information of stakeholders being illegally used without their knowledge and at the behest of the company entrusted with it. The secondary consequences of the Uber hack are to protect hackers who steal private information by failing to report the crime and pretend that the hackers are contractors (Bernard, 2017). The vast amount Uber paid to the criminals could also have been used to hire talent and equipment that has been used to commit more heinous hacks. The potential consequences of the Uber hack are to kill any confidence and trust left between internet users and operators of online platforms. It is one thing to fail to protect information of customers but it is another thing entirely to fail to report that failure and even rewards its perpetrator.
Conclusion
The safety and privacy of any private information end the moment it is placed in any online systems due to the vagaries prevalent on the internet. The US government is incapable of protecting the information entrusted to its online platforms as it could not protect its systems from a teenage online hacker. Social networks are not only incapable of protecting their customers’ private information but also playing a role in hacking their customers and getting paid for it. Sensitive information such as bank records and social security numbers are also in danger from hackers and can lead to loss of funds or even conviction and incarceration for tax fraud. Finally, some companies cover up hacks that happen in their system to protect the information making it hard to mitigate the damage caused by hackers. The totality of all these vagaries of placing private information online can only mean that private information is only safe when kept strictly offline.
References
Bernard, Z. (2017). How Uber reportedly tried to keep the lid on the data breach that affected 57 million people. Business Insider . Retrieved 14 April 2018 from www.businessinsider.com/how-uber-covered-up-data-breach-hack-affected-57-million-people-report-2017-11.
Colesky, M., Hoepman, J. & Hillen, C. (2016). A critical analysis of privacy design strategies. Security and Privacy Workshops (SPW). Retrieved 14 April 2018 from http://www.cs.ru.nl/~jhh/publications/iwpe-privacy-strategies.pdf
Dixon, H. (2017). Teen admits bid to hack into CIA Chief's computer from Leicestershire home. The Telegraph . Retrieved 14 April 2018 from www.telegraph.co.uk/news/2017/10/06/teen-admits-bid-hack-cia-chiefs-computer-leicestershire-home/.
Dixon, H. (2018). British 15-Year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears. The Telegraph . Retrieved 14 April 2018 from www.telegraph.co.uk/news/2018/01/19/british-15-year-old-gained-access-intelligence-operations-afghanistan/.
Fung, B. (2018). Equifax's massive 2017 data breach keeps getting worse. The Washington Post , Retrieved 14 April 2018 from www.washingtonpost.com/news/the-switch/wp/2018/03/01/equifax-keeps-finding-millions-more-people-who-were-affected-by-its-massive-data-breach/?utm_term=.03820246ffdd.
Hooper, M. (2017). The history of social media and communication: The Smartphone.” LinkedIn . Retrieved 14 April 2018 from www.linkedin.com/pulse/history-social-media-communication-smartphone-matthew-hooper.
Isaac, M., Benner, K. & Frenkelet, S. (2017). Uber hid 2016 breach, paying hackers to delete stolen data. The New York Times , Retrieved 14 April 2018 from www.nytimes.com/2017/11/21/technology/uber-hack.html.
Khrais, L. (2015). Highlighting the vulnerabilities of online banking system. The Journal of Internet Banking and Commerce 20 , 120.
Langone, A. (2018). What to know about Facebook's Cambridge Analytica problem. Time . Retrieved on 14 April 2018 from time.com/5205314/facebook-cambridge-analytica-breach/.
Lourosa, C. (2015). What you risk when your social security number is hacked. The Wall Street Journal , Dow Jones & Company. Retrieved on 14 April 2018 blogs.wsj.com/experts/2015/03/04/what-you-risk-when-your-social-security-number-is-hacked/.
Martin, K. (2017). Abhishek Borah, and Robert W. Palmatier. Data privacy: Effects on customer and firm performance. Journal of Marketing, 81 (1), 36-58
Solon, O. (2018). Facebook says Cambridge Analytica may have gained 37m more users' data. The Guardian . Retrieved on 14 April 2018 www.theguardian.com/technology/2018/apr/04/facebook-cambridge-analytica-user-data-latest-more-than-thought.
