It is perhaps the element of Hollywood blockbuster film-making that is the most clichéd and hackneyed: the process of hacking a computer. Except for a handful of movies that have depicted the deed in realistic detail, most films cop out with a ludicrous screen that says “access denied” half a dozen times before succumbing just in time to defuse the bomb, assassinate the assassin or deflect the meteorite.
Yet recent developments make one wonder if the film-makers don’t have a point. Companies big and small have been racked by a series of security violations over the last few months. None is more worrying than the massive data breach that occurred at security company RSA.
RSA’s most ubiquitous, if not popular, product is the SecurID dongle that is used by employees and customers of large organizations such as banks to log into online systems. The dongle continuously generates one-time passwords that are used along with a personal identification number and username.
At the time the company assured users that things were under control and the breach was limited. But now fresh hack attacks on a number of US defence contractors, including Lockheed Martin, indicate that RSA may have underestimated or under-reported the extent of the original SecurID attack.
This comes at a time when Sony is reeling under a series of humiliating attacks that compromised millions of user accounts on gaming and music websites across the world. This included tens of thousands of credit card accounts.
Besides the abysmal vulnerability of these systems, what has also been shocking is the callousness with which companies have reacted to the breaches. Reports indicate that Sony took up to a week to inform users of attacks on the PlayStation Network. Lockheed Martin may have ignored warnings about the SecurID tokens used by employees.
The picture that emerges is bleak.
On the one hand, users are committing more and more to online accounts, networks and services. On the other hand, security systems watching over these transactions seem to get less and less capable: a disturbing case of life imitating the movies. Especially the bad ones.
Have firms underestimated the danger from cyber attacks? Tell us at firstname.lastname@example.org