Agile project methodology and corporate governance expert Ryn Melberg states that the recent cyber hacking of the Ashley Madison site was a “backdoor attack”. Melberg made this statement on her weekly podcast, “The Guardian With Ryn Melberg” which can be heard on iTunes, Soundcloud, or her web site, www.rynmelberg.com. The Ashley Madison website, which remains operational, uses a “bcrypt algorithm” that encrypts users’ passwords and protects the site from brute-force search attacks. But according to Melberg this is like locking the front door of a home securely while leaving the back door open.
Back Door Attacks
A backdoor in a computer system is a way to bypass the usual authentication process. Sometimes, programmers will put these in for easier access to programs and make their work easier. The downside is when they forget to take them out. Default passwords can function as backdoors again, if the user does not change them. Passwords like the persons name, name of the company, 12345, or even those who still use the word “password” as a personal identification are the cyber equivalent of leaving the backdoor open. Some debugging features can also act as backdoors if they are not removed in the release version.
For security, the Ashley Madison website, which remains operational, uses something called a “bcrypt algorithm” that encrypt users’ passwords and protects the site from brute-force search attacks. But according to Melberg, the hackers used the corporate site infrastructure to break in and obtain the names of users and their e-mail addresses. “This type of security kept the hackers from directly accessing individual names and e-mails,” said Melberg. “But it did not keep them from getting in through the corporate site. Unfortunately this is not an uncommon security mistake.”
Even People Who Do Not Own Computers Are Vulnerable
There are those who do not own computers or cell phones and are able to navigate the modern world. But just because someone does not own a computer does not mean they are immune to cyber crises. “Just because someone is not online does not mean they are not still vulnerable,” Melberg said. “Everyone with a bank account, medical record or utility bill could have their information taken. You are more at risk from what someone else does with your information than any other whether you spend a lot of time on line or no time on line.”