With the recent Internet-wide protests of PIPA and SOPA legislation making headlines, the issue of online piracy has sparked a controversial debate. In addition to the morality issue of pirating software, consumers should be aware of the many risks — including security risks — involved in this practice.
Software piracy is a widespread problem. In the U.S. in 2010, 20 percent of software was pirated, according to the Business Software Alliance, an organization aimed at stopping copyright infringement of software. What types of programs are consumers pirating? The Software & Information Industry Association says the software most likely to be pirated includes programs like Adobe Acrobat, Adobe PhotoShop, Intuit Turbo-Tax, and Adobe DreamWeaver, among others. The 2010 value of this illegal software was nearly $59 billion, costing the software industry plenty of money. But not so advertised is the potential cost to those who illegally download.
Though pirating may seem like a cheap and easy alternative to purchasing licensed software, there are more risks from pirating than many realize. In addition to the legal and financial ramifications (the BSA says those found guilty of using or creating pirated software can be fined up to $250,000 or face a maximum prison sentence of seven years), consumers also risk their computer security.
Pirated software is unsafe. Unlicensed software that harbors particularly dangerous viruses and malware is often distributed by cybercriminals hoping to gain access to your information. For example, an illegal copy of a word-processing program might contain spyware that can send your credit-card information to a hacker. Or you could pirate a copy of a spreadsheet program and unknowingly activate your computer as a botnet drone. In addition, the keygens (key generators) that often come with illegal software or can be downloaded separately to activate the program are also commonly infected with malware.
Pirated programs also often cause computer-wide problems, corrupting files and disrupting function. Even worse, many of the pirated security software programs are actually decoys that cause the very problems they claim to protect against.
Using legally licensed software is the only way to properly protect your programs and computer. Developers frequently update their software, often releasing patches that protect their programs from the latest malware and keep the latest versions running smoothly. If you are using pirated software, your program and computer will remain vulnerable. Remember, too, that you might find yourself struggling to master your new software without the help of customer service that is only provided for legitimate versions.
Pirating software poses major legal, financial, and security risks to any user, and therefore should be avoided. But you should also consider the larger economic impacts. Though it may seems like a way for you to personally save money in the short-term, according to the SBA, if law enforcement agencies could reduce the amount of pirated software by 10 percent during the next four years, it would create 32,000 new jobs and generate $41 billion in economic growth — much needed in our current climate.
Medicare fraud is a huge problem in the United States. It is estimated that it costs taxpayers more than $60 billion each year. Some experts believe the number is higher than that figure. These rising costs are driving up federal budget deficits that endanger our future. There is enough money in Medicare fraud that if we were to take that amount, it would be enough to pay for a healthcare reform. Medicare is a huge problem for the United States and is costing taxpayers billions each year. One way we can protect against Medicare fraud is to mandate that Medicare records be electronically stored in a central data base and then protecting that data by securing the access with technology such as two factor authentication. Two factor authentication is a secure and effective way to protect sensitive data and is also an effective way to combat Medicare fraud.
Medicare fraud has become one of the most profitable crimes in America and will continue to rise as long as criminals find ways to exploit the weaknesses in the Medicare system. Medicare fraud has become much more sophisticated and these criminals recruit patients, get patient lists, find doctors, and look for new ways to commit Medicare scams.
In locations like Florida, Medicare fraud has become bigger than the drug trade. Rather than stealing or making $100,000 to $200,000 off of drug sales, they can steal millions off of Medicare fraud. In cities like Los Angeles, the City of Angels Medical Center recruited homeless people off the street to fill their beds, offering them food and money, meanwhile billing Medicare millions of dollars for their stay.
There are even companies that provide “lists” of Medicare patients that include their name, social security numbers, addresses, and dates of birth. With those four pieces of information, a criminal can bill the government for a patient. Copies of patient information can sell for $10 per patient on the black market and it is common for fraudsters to purchase thousands of these patient lists and then bill Medicare. Many of these lists are stolen from doctor’s offices and hospitals. Many of these charges go unnoticed because Medicare auditors can only check a fraction of these charges to see if they’re legitimate claims.
The Medicare system is based on trust and when the Medicare program was introduced in the 1960’s, it was assumed that no one would try to defraud the system that was designed to take care of the elderly people’s health needs. The government is required to reimburse Medicare vendors in less than 30 days, and in most cases Medicare “auto adjudicates” which means that as long as the computers decide that the right codes are being sent and the right forms are filled out, checks are sent to the vendors. This is a huge flaw in the Medicare system and the right security measures need to be put in place to prevent this kind of fraud. The Medicare system needs to be reformed and security measures need to be put in place to prevent access to sensitive data and to prevent unauthorized users from accessing it.
Security methods such as two factor authentication are an effective way to combat unauthorized access of users trying to fraud the system. By using two factor authentication, health care workers have to present two factors of identifying themselves to access the healthcare records of patients to ensure that they are authorized to access the data and to ensure their identity. Two factor authentication methods are also fairly cheap to implement and can be a very cost efficient way of combating Medicare fraud. One of the most effective ways to implement two factor authentication and the cost effective ways is to implement two factor authentication is to use a login/password combination in conjunction with a one-time password sent through a mobile device such as a smart phone or a tablet. Using this method, a user is identified with their username/login credentials and also through their mobile device that receives a one-time password through an out of band network that ensures that they are who they say they are. This is an effective and cost efficient way to identify someone because most users already have a mobile device such as a mobile phone and adding this additional layer of security can thwart fraudulent access because even if an unauthorized user has a user’s login credentials, they would not be able to access the one time password that is being sent through the mobile device.
Two factor authentication can be easily incorporated, can be low cost and requires minimal training. If we took a fraction of the $60 billion that it costs taxpayers like you and me each year and used it to incorporate two factor authentication into Medicare security systems, we would be saving a significant amount on Medicare and preventing a lot of fraudulent activity. The Medicare system needs to be reformed and it needs to be reformed in a hurry with an importance on strengthening the security system.
As the battle between “good and evil” wages forth bills like SOPA and PIPA along with government regulations seem to be big news. Also on the frontier of data privacy and protection we are seeing hacktivism through malicious attacks exposing confidential information. At the forefront of this mess it is not hard to see that password failures along with an overall lack of security knowledge are what got us here.
Government Regulatory Compliance and Bills
With data breaches becoming more common, information technology security is starting to be seen as a necessity. Government regulatory compliance such as HIPAA, FFIEC and PCI DSS is already focusing on protection of confidential financial and healthcare data which is being transmitted or accessed through a network. In these cases strong authentication is required to identify a user requesting access to confidential networks.
Recently legislation has been trying to move more to data protection matters as well. SOPA and PIPA, 2 government bills which would allow the federal government to police the internet, were shot down by the public recently. The bills would make it possible for the FBI to shut down websites which may be dealing in pirated data. However there is a gray area that exists between what is and what is not “personal data or information”. That is why many websites, including Google and Wikipedia, protested the bill in order to protect freedom of speech. Hactivist groups also took a stand against the new legistlation with a series of DDOS attacks and possibly data breaches for later attacks.
Hacktivist Groups
Leading the data breach headlines are groups like Anonymous who participate in hacktivism to take a stand. In recent news Anonymous has claimed responsibility for shutting down the FBI and Department of Justice websites in protest to SOPA and PIPA. In the past year Anonymous and other hactivist groups like Lulz Security have been responsible for shutting down websites through DDOS attacks but more importantly for data breaches which have a longer lasting effect.
Data breaches like the Stratfor hack lead by Anonymous have leaked confidential intelligence and personal data. Coordinated with Lulz Sec, Anonymous also breached private data of over 77 million Sony Playstation Network accounts. Many of these attacks spawn from the lack of strong passwords and network security.
Passwords and Authentication
It is clear to see that data is where the power lies in the future, government wages war against hackers who are not only fighting for privacy but are the same ones leaking it confidential data. It would seem that everyone believes creating stronger passwords will prevent future data breaches however the problem lies in accountability as well.
Passwords are too easy to forget, lose, crack, hack and just do not work. That is why password failure is at the forefront of data privacy and protection. All of this along with the fact that our personal passwords are being leaked through data breaches leads to the reality that passwords, no matter how strong, are old news and not considered secure anymore. Through strong authentication however, everyone can forget their passwords, relying on the added layer of protection along with notifications to fight accountability.
Two-Factor Authentication is Strong Authentication
In order to protect against password failure we have to get rid of passwords all together. How can we do that though? Two-factor authentication through an out-of-band one-time password allows users to use almost any password because the authentication process relies on “something you have” to identify a user. An OTP is sent to a separate network than the original point of access, usually through SMS text message since the network is out-of-band, cost effective and efficient. By utilizing a mobile phone you also gain notification whenever someone requests access to the account.
The new frontier of data privacy and protection relies on authenticated access for remote users. Not only does this prevent from data breach but it allows users to leave passwords behind. Placing accountability back into the hands of security.
