John McAfee and Bitfi offered a bounty to anyone who could hack a Bitfi wallet. After a very short time, John and Bitfi raised the bounty to $250,000. As of two days ago, a hacker has claimed that bounty. Bitfi (and John) are saying that this was not a valid hack of their wallet. So there is a tremendous disagreement about whether John (and Bitfi) will pay the bounty.
I do think that the hack was successful. But whether I believe that the hack occurred or not is irrelevant. What I do believe is that no system is impenetrable – or “hack-proof”. Over the past few decades, I have seen every secure system successfully attacked (and usually overwhelmed) by a determined hacking entity. These successes come in many forms. For some systems, hackers have leveraged a software vulnerability. For other systems, attackers have leveraged a vulnerable person. If you don’t believe this, then look no further than the DNC in the 2016 election cycle.
I would say that anyone who boasts in their impenetrability is merely inviting an attack. This axiom should remind us of a few important things.
1. Don’t boast! Pride is a deadly sin.
2. If you can be inconspicuous, then strive to become (and remain) inconspicuous. If you are not a target of a determined person or group, then don’t offer to become a target. For companies like Bitfi, the organization should not make outlandish claims. For you, I recommend that you not boast (on social media) about the things that you own. And don’t tell people when you are leaving your house for a splendid vacation. And for John McAfee, I say that he has exceeded his “best used by” date. Therefore, we need to dismiss him.
3. If you are part of a large group of targets, then be better (and more secure) than the other members of the group. For example, if you have online accounts, then use strong passwords. If you use strong passwords, then use two-factor authentication. If you use two-factor authentication, start using a virtual private network that will obscure your identity.
4. Remember that if you are a discrete target, then a determined hacker will probably defeat you – unless you are an equally skilled hacker. Therefore, make sure that you have a plan for the time when you are hacked. This includes backups. But it also includes a press statement about what you are doing (and will do) to minimize risk to your customers. After all, they are trusting you to protect them.
One thought on “The Hack-proof Conceit”
Comments are closed.