People have gone homeless in less than 30 seconds from cyberattacks, an FBI agent told students and faculty at an event Wednesday.
“Once you wire (the money), the bank cannot get it back,” said Michael Sohn, a supervisory special agent at the FBI. “There is no ‘control+z’ for this.”
Sohn spoke to students, faculty and staff at presentations Wednesday about securing their online information. UCLA’s Information Technology Services hosted the event in the Tom Bradley International Hall as part of National Cyber Security Awareness Month in October.
The Department of Homeland Security initiated National Cyber Security Awareness Month to educate people about online safety. UCLA used the month as a way to launch additional campaigns that will continue to educate students, staff and faculty about cyberattacks and identity theft through November, said UCLA spokesperson Rebecca Kendall.
UCLA held two presentations Wednesday – one targeting students and another for staff and faculty members. The student presentation focused on online privacy. Presenters spoke about different types of cybercrimes such as spear phishing, which is when attackers send users fake emails to access personal information. Presenters also advised students to back up their devices and secure their accounts. The presentation for faculty and staff covered personal and business information theft.
UCLA addresses small cybersecurity incidents on a relatively regular basis, said Michael Story, interim chief information security officer for IT Services at UCLA. IT Services receives about 800 security incidents a month, which is relatively common in higher education industry, he said. Universities are a prime target for malicious activities because students are free to surf the Internet and access different websites.
Cybercrime is becoming a profitable field, Sohn said at the presentation. About 80 percent of criminal organizations are now on the internet.
Most of the time, cybersecurity breaches happen because users aren’t careful, said cybersecurity expert, computer science professor and researcher Peter Reiher.
Attackers can easily compromise users’ computers and steal their personal information through email links, Story added.
Another way breaches happen is when attackers exploit bugs that are already in computer programs, Reiher said. When attackers discover a bug, they can use it to access the target’s device and use it to attack other people.
An example of the second type of breach is last week’s Denial of Service attack on Dyn, a company that provides translation services to Netflix, Twitter and Spotify, Reiher said.
“The attack succeeded because several million devices were used to carry (it out),” he said. “The attacker doesn’t own the several million devices, but compromised those several million devices (through cybersecurity breaches).”
Reiher said this attack succeeded due to the lack of security measures in electronic products. Electronics, such as smart appliances, that can be connected to the internet are often given default accounts with the same ID and password by manufacturers. This gives hackers access to all the devices connected to the Internet under the same default account, Reiher said.
Reiher added manufacturers have known about the security loopholes for decades, but don’t have an incentive to address it because they are not liable for the breaches, he said. He also said attackers don’t always do harm even if they manage to breach security measures.
Additionally, internet security laws are minimal, said assistant law professor Kristen Eichensehr in an email. She said technology is outpacing the law in terms of the internet of things. Internet of things is a concept that refers to everyday objects becoming interconnected through the internet.
Reiher said students using the UCLA network are fairly safe because UCLA takes reasonably good care of their networking and server infrastructures, but students should still be careful about what they post online.
He added UCLA has a firewall, and UCLA accounts now allow two-step authentication.
Reiher said students should be careful when using public networks, such as those at Starbucks or other public locations, because the information is not encrypted.
“Anyone who has an antenna can see exactly what you’re saying,” he said. “Some websites provide protection, (but there’s) a lot of stuff going on out there that isn’t protected.”
Sohn said he hopes the FBI will work closely with the academia to prevent breaches in the future for students and staff.
“Once you become a victim, it is difficult for us to do anything,” Sohn said. “One of our missions is to liaison (with) security beforehand.”
Contributing reports from Raeyven Walker, Daily Bruin contributor.