TMCnet News

Fighting back against hackers [Ashland Daily Tidings, Ore.]
[September 30, 2014]

Fighting back against hackers [Ashland Daily Tidings, Ore.]


(Ashland Daily Tidings, The (OR) Via Acquire Media NewsEdge) Sept. 30--Southern Oregon University Professor Lynn Ackler hates to see students swiping their debit and credit cards for small purchases around town without a second thought.

"Every time I see that, I just cringe," said Ackler, who tries to use cash instead of debit and credit cards or checks whenever possible.

"I'm not paranoid," he contends.

Decades of working for companies handling computer security and teaching classes at SOU have taught Ackler that threats are all too real.

More and more Americans may also be realizing activities they take for granted are fraught with danger.

Home Depot's payment data systems were breached by malware, or malicious software, from April into September -- putting information from 56 million cards at risk, the company said.

The company announced on Sept. 18 it had eliminated the malware and finished a major project to enhance encryption in its point-of-sale devices.

Point-of-sale devices are the small boxes through which customers swipe their debit and credit cards.

During the 2013 holiday shopping season, malware was used to steal personal data off payment cards at Target through point-of-sale devices, affecting tens of millions of shoppers.

When a card is swiped and data enters a point-of-sale device, there is a window of time before it is encrypted when thieves can steal the sensitive information, Ackler explained.

Stolen data ends up on the black market, where people can buy bundles of information, he said.

SOU software engineering student Marvin Hinkley, who is taking one of Ackler's computer security classes, said he has learned about life-threatening security issues.

For example, a hacker could theoretically force a diabetic's insulin pump to delivers a fatal dose of insulin, Hinkley said.

The federal Food and Drug Administration has issued warnings about the risk of breaches of medical devices, including pacemakers that help regulate heart beats.

Ackler said many power plants, transmission lines, dams, water treatment plants and other facilities can be operated via remote control, putting systems and people at risk.

"They're all there for the asking," he said.

SOU student Topher Timzen recently returned from a summer internship in Maryland with the U.S. Department of Defense, where he split his time between classroom learning and computer security projects. Among other work, he learned about techniques for protecting facilities and the department's role in safeguarding the nation from cyber attacks.



"The program was super cool," Timzen said.

Students who learn computer security can help keep the world safe from attacks, Ackler said.


And the pay isn't bad either. Ackler said computer security graduates can land well-paying jobs. Most of his former students quickly begin earning more than he is making now in the public sector working for SOU.

At the same time, computer security skills can be used for good or evil.

"What you are going to learn is 'dual use,'" Ackler told a class of students on Monday, the first day of Computer Security I. "You can use it for good stuff and you can use it for bad stuff. You will know how to get passwords. You will know how to tap into a network so no one knows you're there." He cautioned students to always think about the ethics and legality of what they are doing, whether they're in an SOU computer lab, at home on their laptops, or at work being told by a supervisor to do something questionable.

One of the constant challenges they will face is training workers on security protocols, like not opening email attachments from people they don't know, Ackler said.

"We've been trying to train the user since the 1960s," he said.

Ackler said some security issues have changed over time. He recalled a colleague who came into his office in the 1980s and disclosed he was gay. Ackler knew the young man would have to undergo a battery of security tests.

"I said, 'I need you. I will back you up if you're willing to go through it.' That poor kid got put through the wringer," Ackler said. "Then they told me I had to have a lifestyle polygraph. Was I gay?" New security threats sound like the stuff of spy novels.

Hackers can track someone else's keyboard typing and see what the person wrote. Even more alarming, a mere audio recording of someone typing can be used to decipher what the person wrote with 80 to 90 percent accuracy, Ackler said.

People can buy kits that allow them to take down power grids, he noted.

Ackler said there is a nationwide push to train more students in computer security to deal with chronic shortages.

"It's important for SOU, the community, the state and the nation. The whole world relies on computer software and networking. Like virology, it's one of the more important disciplines in the world right now," he said.

Reach reporter Vickie Aldous at 541-776-4486 or by email at [email protected].

___ (c)2014 The Ashland Daily Tidings (Ashland, Ore.) Visit The Ashland Daily Tidings (Ashland, Ore.) at www.dailytidings.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]