NEXT UP ON this.
It used to be that the scariest part about donating blood was the needle. But for seven weeks last year, the personal details of 1.28 million Australian donors were exposed online. Worse: along with names, email addresses, phone numbers, and blood types, the records occasionally included sensitive medical information – such as whether a person had recently engaged in high-risk sexual activity.
The Australian Red Cross wasn’t hacked, it just put too much faith in a third party to keep this information safe. That’s a lesson we can all learn from.
When people booked an appointment with the Red Cross, their information was stored in a database by the Red Cross’ technology partner. Unfortunately, they stored it on an open computer server, meaning that anyone with the right URL could access the list of donors.
Dr Nick Patterson, a teaching scholar at Deakin’s School of Information Technology, says hackers come in three flavours. ‘There are ‘script kiddies’, who often use publicly available, pre-made tools.’ Script kiddies are nuisances who often know how to break websites, but usually not enough to dig into databases and extract valuable personal information.
Dr Patterson further explains, ‘Then there are white hat or ‘ethical’ hackers, who are frequently hired by companies to either help defend, detect or determine how an attack occurred.’ It was a white hat hacker who pointed out the Red Cross mistake.
The third type of hackers are the black hats. This group breaks into computer systems for profit or other dubious motives. ‘They’re often very knowledgeable when it comes to penetrating digital defences, and are behind many of the attacks you hear about in the news,’ Dr Patterson says. Sometimes black hat hackers work as individuals, but often they come together to form hacker collectives, or are even sponsored by companies and countries to carry out attacks on rivals.
'(Black hats are) often very knowledgeable when it comes to penetrating digital defences, and are behind many of the attacks you hear about in the news.'
Dr Nick Patterson,
School of Information Technology, Deakin University
Financial harm from hacking is just the tip of the iceberg – ‘The loss of reputation in particular can be devastating,’ Dr Patterson says.
While big businesses like Sony can shrug off the occasional data breach, small and medium-sized businesses suffer when people lose confidence in their security measures. For good measure as well, with examples like the Ashley Madison hack – where the names and emails of the people using the extramarital affairs website were made public – resulting in ruined reputations and shattered relationships.
In the case of blood bank services like those offered by the Red Cross, though, a lack of trust can be deadly, with fewer people ready to hand over their personal details along with their blood.
There’s a possibility that every time you fill out a form, sign up to something or use your credit card to purchase items, that this information will end up in the wrong people’s hands. However with everything becoming more connected to the online world, it’s unrealistic to stay offline forever.
Dr Patterson has outlined a few simple steps you can take to help keep your online information safe:
Given the thousands of attacks that take place each day, some of these tips might save you from becoming a victim. In the meantime you can check to see if your email account’s already been compromised in a data breach.
Interested in pursuing a career protecting digital systems? Study cyber security at Deakin.
Subscribe for a regular dose of technology, innovation, culture and personal development.