Cybersecurity expert: People too eager to give up passwords

The best way for people to avoid having their personal computer hacked is to resist the urge to give out information to callers claiming to work for major financial or technological corporations, a journalist and cybersecurity expert said Monday.

“You would be surprised how eager otherwise rational people are to give up their passwords, especially when asked over the phone by official-sounding people with mysterious computer jobs,” David Brown told Rotary Club members Monday at the club’s weekly meeting at Boudreaux’s Restaurant on Government Street.

Brown, who lives in Baton Rouge and writes under the pseudonym D.B. Grady, is a correspondent for The Atlantic, national security columnist for The Week Magazine, and co-author of “Deep State: Inside the Government Secrecy Industry” and “The Command: Deep Inside the President’s Secret Army.”

Brown spoke about cybersecurity and how people can protect themselves from hackers.

He also touched on cyberwarfare and cyberattacks.

“Cybersecurity is about protecting the data on our computers,” he said.

He called social engineering, the form of hacking in which people are tricked into giving up their passwords, the most efficient weapon of intrusion for hackers.

“At the National Security Agency, where people are literally paid to break into other people’s computers, spies were allegedly tricked by Edward Snowden, who was a network administrator there, into giving up their passwords,” Brown said. “So if NSA experts are careless with their passwords, you can bet that ‘Tom in accounting’ is, too.”

He said people can protect themselves by installing anti-virus software, encrypting their emails, storing data in clouds and using different passwords for different online accounts. He said free email encryption is available.

He cautioned that while the unknown about cyberwarfare and cyberattacks by the U.S. and other countries could lead to fear-mongering, it is merely centuries-old war tactics, including spying and espionage, but using new technology.

“When we talk about cyber and the cyberwar, we’re just talking about the same old thing that’s been going on forever,” he said.

He also talked about how Target was not required by law to report its massive data breach, but did because word would have gotten out eventually through government documents.