Adidas, Steam, Israeli Sites Hacked - Where is the Outrage?

Monday, November 14, 2011

Rafal Los



Not that this is news to anyone, but the knob is up to 11 on the website hacking front.

Reports of a vast number of Israeli government-related websites[1], Adidas' main and affiliated websites[2], and now reportedly the Steam game forum site[3] have been pouring in, and while this may just be par for the course if you've been keeping score at home - the state of the enterprise web site appears to be in harsh decline. 

So what?

Over the last couple of years, web sites and applications have become easy pickings for hackers, who have been using corporate website hacks to spread malware, spread advertising, and spread their propaganda... but even as the pace of website release accelerates the overall state of security on those sites is dropping... at least that's my personal opinion. 

I think it's rather obvious that the small gains in web application security we've made over the last decade haven't been adopted fast enough, or taken seriously enough, or... or something. 

But my question is - when will we reach a tipping point in this?  Or maybe a better question is will we reach a tipping point?

What I mean by this, of course, is to question when the level of public awareness will sufficiently rise to force corporations to take site security more seriously.  Maybe not when, but if is the right question. 

We've seen US Federal Government sites get hacked, you've probably heard your bank, credit card company, favorite online shopping sites and gaming sites get hacked - and you've had your credentials and credit card details exposed. 

Sites like the Israeli Government websites and the Valve Steam forums couldn't be more different... except that they fell quickly and silently to attackers.  But who really cares?

I feel like we've been on the roller coaster for years, steadily going up, and up, and up... hearing the click of the track as we slowly inch towards the peak where presumably at some point we will go over and plummet down into some new state of being. 

I have to tell you though, after all these years of predicting when the tipping point will be (soon?)... maybe it's time to admit that there really isn't going to be one... but rather that instead of driving outrage all this hacking has served to instill a fair amount of apathy. 

This is bad for everyone.

If Acme Corp gets hacked, and exposes everyone's personal details and financial history - and consumers don't change their buying habits by no longer patronizing Acme Corp a clear message is sent to Acme Corp.  Your users don't care about the security of their data (or at least they don't care) as long as you offer them something they can't do without. 

Maybe you've got better prices, exclusive products/services, or that something else... but the message out there is loud and clear that as long as you have a following for one of those reasons - you're fairly safe even in the event of something ugly happening to your systems.

What you get though, in the end, is what we're already seeing.  The cost of credit is through the roof - have you looked at your interest rates on those credit cards in your wallet lately?  The cost of doing banking is also going through the roof, and for the first time in as far back as I can remember the cost of fraud is being passed on to the consumer. 

Banks have started to beat the drum of setting fees for debit cards, checking accounts, and performing transactions due to the soaring costs of fraud.  The end result of this is simple - small businesses (which can't afford good security anyway, right?) are the first to get crushed by this... then it comes to the consumer, and then eventually it'll hit big corporations.

So, enough doom and gloom... right?  What can we do here?  As corporate information security professionals maybe it's time to take a sobering look at the security of our systems, starting with our websites and commerce sites.  Let's start drawing lines from the hack to the cost of fraud. 

The big question then becomes are we capable of doing this?  I mean to say, are we competent enough to do this?  I know it's very difficult, because there are no direct correlations - yet - that can be made, but I suspect that this is a simply matter of time.

In the end, all the hacking going on is hurting the consumer in many ways they don't even understand... right in the wallet.  It's up to corporate security professionals to step up to keep this from getting too much worse.

Cross-posed from Following the White Rabbit
Possibly Related Articles:
Information Security
breaches malware Application Security hackers Israel Website Security Adidas Steam
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.