Consumers Warned on Hacking of Personal Computers

Andrew Jay Schwartzman

Several experts in information technology and consumer protection are jousting over whether the average person can create effective protections against computer hackers.

The enlightening debate between New York Times and Wired Magazine columnists is excerpted below. Media watchdog Andrew Jay Schwartzman, at left, a prominent advocate for consumers before regulatory agencies in the nation’s capital, wrote about it Nov. 16 in his Daily Item column, We're doomed. A Times columnist wrote, How to Devise Passwords That Drive Hackers Away. One from Wired responded, The New York Times Is Wrong: Strong Passwords Can't Save Us

The debate provides several useful practical tips, even if the bottom line is that we all remain vulnerable to any hackers who are determined to exploit our vulnerabilities.One such tip: Do not provide truthful answers to password security questions, even the name of your pet dog. That’s because hackers can reconstruct our lives, put the specifics into a dossier, and then use the information to extract our data.

I was reminded of the scope of the problem this month in a somewhat embarrassing way after a dating service targeted some of my old friends. Zoosk, an app on Facebook, in effect hijacked my address book and began sending unauthorized invitations at random — supposedly from me. Zoosk apparently builds customer base by uploading address books extracted from those who undertake exploratory clicks to learn what its app does. I sometimes start a registration process, as here, upon receiving an invitation to connect. But any app should provide an easy opt-out before it hijacks data, and should have a transparent complaint process.

The invitations encouraged addressees to click on their service to see “my” photos. If someone did so then his or her address book apparently was hijacked in the same way. The process expands the database of Zoosk ad infinitum in spirit of chain mail. Partly as a result, Zoosk now boasts that it is the world leader in its field.

In this way, one of “my” invitations went to the wife of my first boss, whom I met a few times at our office in the mid-1970s when I worked at the Hartford Courant. My former boss, who  used his wife’s email a few years ago to send several of us an email, wrote me last week in response to the Zoosk “invitation” that I should use his email for communications to the family.  That’s for sure, especially for a message via a dating service!

Zoosk executives such as Co-founder and Co-CEO Shayan Zadeh have been extremely unresponsive to my letters of inquiry and complaint. My follow ups include my threat to take the matter to the Federal Trade Commission, whose headquarters are across the street from the Justice Integrity Project office in Washington, DC.

Like victims everywhere, therefore, I was in the right frame of mind to read the recent columns surveying protections available to consumers against the wide array of scams, inconveniences, and other cyber-threats that confront any heavy user of Internet services.

Schwartzman, the former leader of the Media Access Project, provides a brief overview, We’re doomed. His column focuses on hacking attacks even more aggressive and otherwise sinister than Zoosk-style methods. He cited a New York Times column by Nichole Perlroth, How to Devise Passwords That Drive Hackers Away.  Also cited was Wired columnist Mat Honan, who wrote, The New York Times Is Wrong: Strong Passwords Can’t Save Us.

As for Zoosk, my column here is part of my apology to my friends or colleagues who were distracted — and perhaps victimized — by the company and its business practices.

In a footnote to that tale, one of my “invitations” went to Deborah, my girlfriend in college more than four decades ago. She opened it, no doubt to laugh with her husband that I was apparently still trying to get a date. But her clicks hijacked her address book — and sent out many similar invitations to her list, supposedly on her behalf. Some of her contacts accepted “her” invitation. Thus, the huckster promotion continues.

With any luck, however, the last laugh may be on the masterminds at Zoosk, who hide all their own and other employee emails — doubtless from fear of hackers and irate members of the public.

Deborah, as it happens, is a retired career attorney at the Federal Trade Commission and Department of Justice. She no longer with any official power, but is fully familiar with the regulatory system. She wrote Zoosk’s public relations firm that their dating service operation deserves to be investigated and denounced.

And who better than the management of an unscrupulous dating service to deserve a little tough love?

 

Contact the author Andrew Kreig or comment
 

 

Related News Coverage

Daily Item, We're doomed, Andrew Jay Schwartzman, Nov. 16, 2012. The New York Times ran an article last week about passwords, making the situation seem pretty hopeless. Wired has a long article in the new issue saying that it is worse than that. In this blog post, its author criticizes the Times for offering impractical solutions, and then offers only slightly less impractical suggestions.

Wired, The New York Times Is Wrong: Strong Passwords Can't Save Us, Mat Honan, Nov. 15, 2012. On Nov. 7, The New York Times ran a story called "How to Devise Passwords That Drive Hackers Away." Written by Silicon Valley correspondent Nicole Perlroth, the piece reigned over the paper's Most Emailed List for a full week, and for a good reason: It's properly freaked out about just how vulnerable we all are to hackers. But by focusing on the password, it tries to prop up the unsustainable heart of our moldering security system — and it implicitly blames the victim for problems that big corporations let fester for selfish reasons. As I argue in my new cover story for Wired, the only solution is to kill the password entirely. Much of the advice the Times offers up is quite good. No, you should not re-use passwords or use dictionary words as passwords. And, yes, your passwords should be long and complicated. Pass phrases are great! And security questions? You should never answer them honestly. (Just ask David Pogue.) But the Times goes much further, advocating methods that no consumer should reasonably be expected to follow.

New York Times, How to Devise Passwords That Drive Hackers Away, Nichole Perlroth, Nov. 7, 2012. Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It's hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data. Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer's Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.

CNET, Leahy scuttles his warrantless e-mail surveillance bill, Declan McCullagh, Nov. 20, 2012. After public criticism of proposal that lets government agencies warrantlessly access Americans' e-mail, Sen. Patrick Leahy says he will "not support" such an idea at next week's vote.  Sen. Patrick Leahy has abandoned his controversial proposal that would grant government agencies more surveillance power -- including warrantless access to Americans' e-mail accounts -- than they possess under current law.  The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. The remarks came a few hours after a CNET article was published this morning that disclosed the existence of the measure. A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the American Civil Liberties Union saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with more than 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!"

Catching Our Attention on other Justice, Media & Integrity Issues

FireDogLake, FCC Plan to Gut Media Ownership Rules Would Benefit Rupert Murdoch, Kevin Gosztola, Nov. 20, 2012. Federal Communications Commission (FCC) chairman Julius Genachowski would like the FCC to vote on a plan to gut media ownership rules. If approved, News Corp owner Rupert Murdoch, who has been considering buying more media, would benefit. The proposal would also allow for more media consolidation. Using innocuous language to describe a proposal that should raise alarm, Genachowski stated yesterday that he wanted the FCC to “streamline and modernize media ownership rules.” This would include “eliminating outdated prohibitions on newspaper-radio and TV-radio cross-ownership.”

Washington Post, Campaigns’ use of supporters’ data worries privacy advocates, Craig Timberg, Nov. 23, 2012. Obama’s sophisticated use of Big Data gave him a crucial edge in what, based on popular support alone, should have been a close election. Republicans are desperate to catch up. But it’s not clear who is positioned to protect voters’ rights at a time when politicians from both parties increasingly build their campaigns on the insight that commercial data brokers provide.

Litchfield County Register Citizen (Connecticut), Anna Gristina prosecution exposes tawdry truth about justice, Norm Pattis, Nov. 21, 2012. I was reminded of the limits of the Miranda decision, and the public confusion about its scope and meaning, this week in Manhattan. A client of mine, Anna Gristina, was sentenced to time served for promoting prostitution. Her case made the news worldwide. The Manhattan District Attorney’s Office stood in open court and accused her of being madam to the leisure class — asserting she’d made millions of dollars over a 20 or so years in the skin trade, arranging assignations for the city’s rich and powerful. She was locked up and held at Riker’s Island, a dismal sort of penal colony, for over four months on a million dollar bail. It took the New York Appellate Court to lower her bond. The tawdry truth in this case is that the Manhattan District Attorney’s Office never produced a shred of proof in court or in discovery that she had arranged a pay-for-play session with anyone other than an undercover cop who went hunting for a good time with taxpayers’ money. The prosecution, engineered by Cyrus Vance’s office, was an elaborate ruse to try to get Ms. Gristina to turn over information about other “persons of interest” to prosecutors. Ms. Gristina was prosecuted by the public corruption unit of the District Attorney’s Office, a small group located outside of Vance’s office in a semi-secret location in lower Manhattan.