WHY YOU SHOULD CARE
Because if millions of people have had their credit card and Social Security numbers stolen, what makes you think you’re safe?
By Farah Halime
When Scott Shaff was contracted by the U.S. Army to work on a military intelligence surveillance project in Afghanistan in 2013, he knew he needed to keep his country’s secrets carefully protected. But he says the Army didn’t use an exactly high-tech fix to ensure pictures couldn’t be taken by his laptop and later leaked. Rather, officials physically yanked the camera from his company-issued Dell. No bother. “The enemy is watching, and if there’s GPS data embedded in every image, every picture you take could get you in trouble,” says Shaff, who says he also had the camera in his smartphone’s camera disabled.
It isn’t just the James Bonds of the world who are seeing government or military agencies crack down on the use of cameras, computers and other digital devices in the workplace. The CEO of a well-known New York-based tech company recently hired a specialist to pull out the cameras in all his laptops and phones, according to an employee there. Then there was one of the biggest hacking scandals in years, which led Sony to shut down all its computers and left employees using just pen and paper for days. Other firms are now using white lists to vet email and IP addresses, while smartphone manufacturers and carmakers like BlackBerry and GM ban certain gadgets with recording features from areas where new prototypes or products are being developed. M1, a phone carrier in Singapore, went even further when it released a camera-free phone.
Data breaches swelled 62 percent in 2013, exposing more than 552 million records.
— Matt McCormick, a former Microsoft software developer
These efforts go well beyond the ongoing debate over anti-stress regulations, in which countries like Germany are considering banning employers from contacting workers via email after hours and already refrain from communicating with those who are on vacation. Part of today’s defensive moves are aimed at thwarting corporate or government spies who might want access to certain trade or federal secrets. There’s also a growing effort to keep online identities secure against cybercriminals and so-called hacktivists by hiring companies that specialize in “un-digitizing” services. In 2013 alone, the number of data breaches swelled 62 percent, exposing more than 552 million records, according to Symantec’s 2014 Internet Security Threat Report. We’re talking about people’s names, birthdates and ID info like Social Security numbers — not to mention all those digital thefts of photos featuring A-list celebs in their birthday suits along with millions of stolen debit and credit card numbers from Target, Home Depot and JPMorgan Chase, to name just a few.
Some of this, naturally, is being driven by a bit of industry fearmongering. Some experts say companies are better off using an alternative like an outright ban or a limit on phone and laptop use in certain areas. Other companies are now using what’s called geofencing software to disable certain devices that employees bring into an office but that can still be used outside a business or at home. Is it enough, though, for protection?
“No software is going to be 100 percent secure.”
Listen to some techies, and it seems like trying to shield yourself from hackers is a hopeless exercise. Usernames and passwords can’t always stand up to a determined team of hackers, while firewalls and anti-virus software can quickly become archaic. It’s not enough to even have the camera carved out of your phone, some say, because hackers can get to you in other ways — through your device’s microphone, for instance. “It’s also ineffective given that cameras can be in anything and anywhere and can be quite inexpensive,” says John Girard, vice president at the research firm Gartner. He proposes “leaving [gadgets] behind in certain situations.”
It doesn’t help that the average home now holds between five and 10 Internet-connected devices, such as a laptop, a Roku streaming media player and a PlayStation or Xbox — both of which had their online services hacked and disabled on Christmas Day. “No software is going to be 100 percent secure,” says Matt McCormick, a former Microsoft software developer who now runs Jet City Devices, a cellphone repair company.
This is a world all too familiar to Elias Ladopoulos, who is more commonly known by his pseudonym, Acid Phreak. Widely recognized as one of the first computer hackers from the 1980s and ’90s, Ladopoulos now runs Supermassive Corp., a hacker-driven incubation studio and boutique security firm with a team of 25 that tries to protect companies and individuals against, well, people like him. So what does one of the world’s most tech-savvy experts think about folks who want to physically remove a camera to keep a device safe? “It seems silly to do that,” he says. “Everyone I know just uses tape to cover the lens. Even I just use painter’s tape.”