The Public Eye with Eric Chabrow

Putting Integrity Back into CIA

Latest Hack Refocuses the Direction of IT Security

Integrity is returning to the CIA. No, not the Central Intelligence Agency, but an acronym from an earlier era of IT security: Confidentiality, Integrity and Availability.

That's how IT security had been traditionally described, says Sanjay Kalra, a 21-year IT security veteran and founder of the company that publishes this website. "In recent times, much attention has been paid to security compromises that highlighted confidentiality and availability, but not integrity," says Kalra, who made that point at a weekly conference of Information Security Media Group editors.

Put it another way, defending reputation has taken a back seat to safeguarding transactions and protecting privacy.

But integrity is about to make a return as a focus of IT security professionals after the Independence Day hack of Fox News's Foxnewspolitics Twitter feed.

Intruders on Monday hacked Foxnewspolitics with false tweets claiming that President Obama had been assassinated. A Fox News statement says it has asked Twitter to investigate how the hack occurred and informed the Secret Service of the breach.

Exploiting one's reputation isn't new. Phishing does that. But phishing attacks misuse an institution's reputation to connive users to furnish personal and financial information that the hacker can profit from. The Foxnewspolitics tweet goes after Fox News' reputation to harm Fox News directly. And, in journalism, reputation is among a news organization's most valuable assets.

Let's look at the Twitter hack from a different perspective. Former Rep. Anthony Weiner, D-N.Y., exposed too much of himself on his Twitter account. Weiner initially blamed hackers for posting the racy photos of himself. The fact that someone could hack Twitter to soil the reputation of a prominent accountholder seemed plausible. Yet, that's not how the Weiner case turned out, and the congressman eventually fessed up that he posted the photos himself and quit. Still, the point that the integrity of an individual and institution needs to be safeguarded had been made by Weiner's initial claims, a fact that the Foxnewspolitics incident proved.

Foxnewspolitics' reputation seems to have survived the hack. The wording of the assassination claim didn't mirror how Fox writers post other tweets on Foxnewspolitics. However, the unimaginable can be imagined with a bit more ingenuity (and skill) by hackers. What if hackers simultaneously altered Twitter feeds of other news organizations as well as their websites, all with the same dreaded news? Hackers would need only a few moments, not only to harm the reputations of news organizations, but to throw financial markets into chaos if the timing is right. Imagine the ramification if the Foxnewspolitics tweets linked to a Fox News website story on the faux assassination, with other hacked sites confirming the story.

Hard to pull off? Yes. Impossible? No.

The upshot: Protecting integrity will again become the latest job responsibility of the IT security professional.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.