Saturday, November 23, 2024
33.0°F

Crime of the future

by Breeana Laughlin Daily Inter Lake
| October 1, 2017 2:00 AM

Whether they like it or not, Montanans are not immune to what law enforcement officers are describing as the “crime of the future.”

Email and text threats made against Flathead Valley schools earlier this month made residents disturbingly aware that today’s criminals are not just lurking in the shadows of our community; they could be making violent threats, stealing money and extorting sensitive data from behind a computer screen anywhere in the world.

“These recent cyber threats have shocked Montana residents. They’re nervous.

“It hits right to the core of who we are with our children,” U.S. Sen. Steve Daines, R-Mont., told national security experts earlier this week in Washington.

While local and national law enforcement agencies work together to try to locate and bring the cyber criminals to justice, the scope of cyber crime is coming all too clear. Experts describe it as a rampant epidemic, and one that is only getting worse.

“All kinds of organizations are constantly under attack,” said Benjamin Wright, a technology-law attorney and senior instructor at the SANS institute. “You can put tremendous resources into protecting yourself and you are still at risk.”

Cyber criminals are known for seeking out places where data is kept, whether it’s banks, schools, health-care facilities or big businesses.

As a result, many organizations are putting extra resources into keeping their information safe.

Earlier this month, just a week before the cyber security breach started unveiling in the Flathead Valley, Equifax, one of four credit-rating services, announced it was hacked.

“They are a massive corporation and they are extremely well aware they are a major target — therefore, they have put a massive amount of resources into this,” Wright said. “That’s the big story. But there are also so many little stories that are happening right now.”

Flathead County Sheriff Chuck Curry said his department has seen a rise in internet crime in the past few years, but nothing on the scale of what the department is dealing with now. Local law enforcement officers are very used to crimes committed by people face-to-face, he said. So when crimes can be committed by anyone, anywhere in the world, it adds a whole new element to finding them and bringing them to justice.

“The biggest take-away for me is that anyone, anywhere, at anytime can be a victim,” Curry said. “It’s important for people to realize that this is the crime of the future. Take precaution to protect your data and your identity.”

Montana Department of Justice Information Agency Security expert Dawn Temple said she’s been a victim herself.

“My data has been breached through multiple organizations,” Temple said.

“I got one just last week. Someone was buying diapers on my card in Florida. I have never been to Florida and I have teenage boys,” she said.

The small-town lifestyle enjoyed by many Montanans does not make them less of a target to cyber hackers.

“I have heard, ‘We are in Montana. What does anybody want our data for?’” But we are just as at risk as someone in California, Florida or anywhere else,” Temple said.

“It’s a big problem and it’s getting bigger every day,” Temple said. “America is still the wealthiest country in the world, so we are also the biggest target.”

A consumer’s information, which could include name, addresses, date of birth and financial data, is worth roughly $11 per record, according to Temple. Each record is not worth a lot of money on its own, but when multiplied can turn into a substantial sum.

The Equifax cyber hack may have resulted in 143 million records compromised.

“All of the sudden that database is worth literally billions of dollars,” Temple said.

Limited information is being released regarding how hackers were able to infiltrate the Columbia Falls School District information systems while the case is being investigated. The cyber hackers were apparently probing different networks and found a weakness somewhere in the system, Curry said.

The school districts within Flathead County have some similarities in how they protect their systems, but not every school has the same network security, Curry added.

Employees in charge of computer security systems at Kalispell Public Schools told the Inter Lake how they are working to keep sensitive information out of the hands of hackers.

“We have a layered security approach to combat against the cyber hackers of the world,” said Jason Hecock, information technology systems and security facilitator at Kalispell Public Schools.

The first layer involves the use of enterprise firewalls, he said. These firewalls are an integrated collection of security measures designed to prevent unauthorized electronic access to a network computer system. IT directors are able to monitor these systems continually.

“We log everything that hits the system,” Hecock said. “One of the things we did after the cyber attack on the Columbia Falls system was check for anomalies and discrepancies in the logs, and we didn’t find anything that made us feel like we had been compromised.”

Kalispell schools also use an endpoint security solution. This involves the installation of security software on every device in the district, whether it be a phone, computer or printer.

“As IT people, we are confident in our outward defense. The place we constantly need to work on is our internal defenses,” Kalispell School District IT Director Rich Lawrence said.

The IT people are careful about the information that staff and students have access to on their electronic devices.

“We think about who needs access to what to do their job, and nothing more,” Hecock said.

Another challenge for school districts, the IT directors said, is keeping students and staff up to date about best practices when it comes to technology — not opening certain emails, clicking on weird links, or downloading potentially harmful software on accident.

The effort to keep on top of potential cyber threats is a never-ending process.

“It’s so important because the threats are constantly evolving. The dark web organizations are constantly probing our networks to get in and changing their tactics, so we are always striving to keep our defenses optimal,” Lawrence said.

Technology-law attorney Benjamin Wright said every organization, whether a school, bank, medical facility or corporation, should have an incident response plan in place so they have an idea about who to call and how to respond in the event of a cyber attack.

“You need to have the ability to reach out to technical security experts, so if you have an incident you can get access to help quicker,” Wright said.

Temple said upper management needs to make security a top priority, and give IT staff access to the resources they need.

“The biggest thing is to make sure all of your technical systems are patched. It’s just like locking your front door before going to work in the morning,” she said.

Each individual should be monitoring their financial data, especially after their personal information may have been hacked. Temple recommends putting a freeze on your credit if you feel your finances have been compromised in any way. A credit freeze requires personal verification before an activity that could impact your credit is authorized.

For the personal computer user, technical experts said keep your security software up-to-date. When it comes to free anti-virus software, you get what you pay for, Temple said. She recommends brands such as Trend Micro, ESET, Macafee and Norton.

It’s also important for people to watch out for strange phone calls and emails, especially after an incident occurs where their information has been breached.

“If it’s too good to be true, it probably is,” Temple said. “If a Nigerian prince is offering to give you $1 million, it is a scam.”

Reporter Breeana Laughlin may be reached 758-4441 or blaughlin@dailyinterlake.com.