Skip to main content

Where's the outrage over the Sony hack?

By Arun Vishwanath
updated 11:00 AM EST, Wed December 17, 2014
STORY HIGHLIGHTS
  • Public should be angered over Sony hacking, says Arun Vishwanath
  • Vishwanath: Internet is an online extension of our own neighborhoods
  • U.S. should develop a single nationwide gateway for reporting hacking, he says

Editor's note: Arun Vishwanath is associate professor in the Department of Communication at the State University of New York at Buffalo. The views expressed are his own.

(CNN) -- Major crimes usually shake us into action. A London fire that killed five women ultimately led to the creation of 999, a precursor to our own 911 emergency system. The rape and murder of Kitty Genovese, meanwhile, inspired the creation of the neighborhood crime watch system. Yet while the Sony Pictures Entertainment email breach is a different sort of crime, it is a crime nonetheless, and one that was perpetrated in a neighborhood where almost all of us are resident these days -- the Internet.

Arun Vishwanath
Arun Vishwanath

So where is the anger? The letters to congressmen?

Part of the reason is that the reporting has focused on celebrity feuds rather than the fact that what happened to Sony could happen to any of us -- emails of a personal nature allegedly being held ransom or released as payback.

In fact, if you add up the number of victims of the most notable known breaches this year, it's clear that a troublingly high percentage of us will have had some sort of information hacked. The other reason is that few of us feel like we're paying a price for cyberbreaches -- companies that are hacked typically eat the costs, at times without even informing customers.

SONY hack an act of cyber-terrorism?
Who's behind the SONY hackings?
Oprah: Don't judge out-of-context emails

But lost in the reporting is another fact: We are, in a very real sense, responsible for such attacks. Not simply because we are the audience for the hacker's seedy releases, but because we are the inadvertent moles that provide the hackers access to large computers networks.

Hackers often enter networks through simple phishing attacks, attacks that these days are actually simpler but more insidious than the infamous Nigerian phishing scams.

Now, instead of trying to persuade you to part with your money in exchange for a nonexistent financial windfall, emails from trusted sources ask you to check out a photograph, click on a hyperlink to an interesting story or enter your login on an official-looking webpage. Complying with any of these requests provides varying degrees of access to your devices and accounts, and it is these simple ruses that have been responsible for launching malware and "backdoors" that have ultimately compromised major networks.

The apparent simplicity of these attacks conceals a sophisticated understanding of people's online behavior that is surprising even to the many academics who have spent years studying human behavior.

The reality is that many of us fall for these scams because of our email habits. Simple actions such as frequently checking email or Facebook status updates have become part of the daily rituals of Internet use. The human brain overtime automates such routines, which leads to people clicking on hyperlinks, opening attachments and providing credentials without really paying attention to what they are doing.

Smartphones and tablets have only exacerbated this. After all, smartphones, which the majority of us now use to access the Internet, are designed for media consumption, not deception detection. Their apps are programmed to optimize smaller screen sizes and restricted data-caps, often by reducing the prominence of elements such as a website's URL or a sender's email address that could highlight the deception. Throw into the mix the fact that many of us are accessing these devices while talking, texting or even driving, and it's hardly surprising that we don't notice something nefarious.

Making things worse, even some people who suspect a deception open such emails anyway because of flawed assumptions about the security of their devices and operating systems. Others might report the intrusion to their employer, but the reporting either comes too late or is lost in organizational silos.

This is not surprising -- there are so many different arms of federal and state governments, along with organizations such as the Anti-Phishing Work Group, that collect complaints and disseminate information on cyberattacks that it is hard to keep track of where to send details of a complaint, much less go through the process of finding a contact address.

Besides, there is no incentive for reporting a suspicious email unless someone has actually become a victim of an attack, in which case, it is generally already too late.

So, what can be done?

A simpler fix would be to develop a single nationwide gateway -- an email address or a phone number similar to the 911 system -- where anyone suspicious of a cyberthreat can quickly report it. In addition, it would be a welcome development to see the proliferation of organizations akin to neighborhood watch groups -- cyberwatch groups, if you will -- where people can routinely report suspected attacks and receive immediate feedback.

From Aurora to Regin and the Nigerian scam, most cyberintrusions are named after the codes written into them or the hacker's fake persona, which cedes power to the very people who perpetrate these crimes. Instead, wouldn't it be better to highlight the names of the people who help detect an attack?

This would be just one way that we could encourage people to feel they are more invested in protecting our cyberinfrastructure.

Ultimately, the Internet is an online extension of our own neighborhoods. It's time for us to take their protection just as seriously.

Read CNNOpinion's new Flipboard magazine.

Follow us on Twitter @CNNOpinion.

Join us on Facebook.com/CNNOpinion.

ADVERTISEMENT
Part of complete coverage on
updated 8:51 AM EST, Wed December 31, 2014
Pilot Bill Palmer says the AirAsia flight had similarities to Air France 447, which also encountered bad weather
updated 8:29 AM EST, Wed December 31, 2014
Poverty isn't the only reason why so many parents are paying to have their child smuggled into the United States, says Carole Geithner
updated 11:49 AM EST, Wed December 31, 2014
Michael Rubin says it's a farce that Iranian Supreme Leader Ali Khamenei posted tweets criticizing U.S. police
updated 1:40 PM EST, Wed December 31, 2014
Ron Friedman says your smartphone may be making you behave stupidly; resolve to resist distractions in 2015
updated 8:32 AM EST, Tue December 30, 2014
Artificial intelligence does not need to be malevolent to be catastrophically dangerous to humanity, writes Greg Scoblete.
updated 8:27 PM EST, Fri December 26, 2014
The ability to manipulate media and technology has increasingly become a critical strategic resource, says Jeff Yang.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT