Net Neutrality and the FCC

This past week, the FCC announced that broadband Internet will be regulated like a utility.  For most of us, this will be a non-event – Internet will continue to work the way it’s always worked.

The main reason the FCC made this ruling was to enforce the notion of “net neutrality.”  Supporters of net neutrality (including Google, Amazon, Facebook, Yahoo and Microsoft) say all Internet traffic should continue to be treated equal, regardless of content.  However, broadband providers like Comcast, Verizon and AT&T, want the flexibility to charge businesses extra to have their content delivered faster.  The FCC ruling now prohibits this.

Imagine that the Internet is a freeway.  Broadband providers get businesses and consumers to pay for onramps to this freeway.  That is your Internet broadband connection.  Broadband providers argue that if most of the traffic on that freeway is going to one business, shouldn’t that business pay extra not just for a bigger onramp to the Internet, but for faster, dedicated lanes on the freeway?

Supporters of net neutrality, and now the FCC, say if they allowed broadband providers to create these dedicated, faster lanes on the Internet, only larger corporations would be able to afford them.  This would give those corporations an unfair competitive advantage.  Even more, broadband providers could create exclusivity contracts which would give one business or organization the only dedicated fast lane for a particular type of business or speech.  This would create winners and losers based solely on how much an organization could pay.

Another reason the FCC ruled that broadband Internet is a utility is to give alternative broadband providers the opportunity to compete for business.

In many US markets, you have just one or two choices for wired broadband service – the telephone company or the cable TV company.  These companies have enjoyed near monopolies providing Internet service because they own the right to deliver service using public easements and telephone poles.  With this ruling, services like Google Fiber, now have easier access to those same public easements and telephone poles.  By opening the market to additional broadband providers, consumers and businesses will have more choices for access to the Internet and competition should lower costs.

There are concerns about the FCC ruling which trouble some people.  Some believe the ruling could result in additional taxes and fees on their broadband bills.  Many experts believe state and local governments might have the right to add a fee to your bill, but others say existing laws prohibit this practice.  It would be up to Congress to make sure the law is clear about the potential this ruling has on additional fees on your broadband Internet bill.

Broadband providers, fearing additional regulatory requirements and oversight, are now threatening that they will stop creating additional Internet capacity, but that prospect remains to be seen.  Its all but certain that the national broadband providers will file suit against the FCC in an attempt to overturn this ruling.

For consumers and small businesses, this ruling is very positive.  It keeps the playing field level for everyone.  It keeps the Internet as an open platform where all voices are equal.  And it will give consumers and businesses additional choices for broadband service.

Target Breach Highlights Busy Year for Cyber Criminals

Target logo

2013 was a busy year for cyber criminals.  A lot of media attention has been focused on the Target Stores security breach, but it’s important to take a step back and understand how cyber criminals are perpetrating their crimes, so we can better protect ourselves from fraud and identity theft.

In years past, the hacker activist group Anonymous would target financial institutions for distributed denial of service (DDoS) attacks, effectively knocking those websites offline.  However, this past year, we saw the Federal Reserve Bank’s website compromised by Anonymous.  Anonymous was able to steal contact records for an undisclosed number of bankers on the Fed’s disaster recovery communication list.  A web server with a security vulnerability was to blame.

Another scary attack was on the New York Times in August.  Hackers successfully rerouted nytimes.com to a Syrian Pro-Assad website.   This was not a case of a web server vulnerability, but rather a hack of the nytimes.com’s DNS records at a domain registrar.  Similar to your phone’s address book, DNS maps a name (a website address) to a number (an IP address).  The hackers were able to break into a domain registrar and change the DNS records for nytimes.com to point to a different website.  Visitors to nytimes.com had no way of knowing that this change had happened behind the scenes.  The potential for attacks like these on financial institutions or retailers online could undermine the entire security of the Internet.

Millions of other users’ information was stolen from various online retailers, including 50 million from Livingsocial, 50 million from Evernote and 38 million from Adobe.   In all of these incidents, usernames, email addresses, security questions and passwords were stolen.  In some cases credit card information was also stolen.  Web servers from each of these retailers were compromised to gain access to data.  What is alarming about these attacks is that researchers have discovered people reuse their passwords across multiple sites, including those for financial institutions.  So an email address and password combination used on Livingsocial, may very well be a user’s bank username and password, as well.

Taking a look at the most recent breach at Target, it has been determined that a company web server was compromised and this gave the hackers access to Target’s internal network.  Malicious software called BlackPOS was loaded onto Target’s Windows-based point of sale terminals.  According to cybersecurity blogger Brian Krebs, currently no antivirus software detects this particular malware.  The hackers then setup a server inside Target’s network to collect the data.  It is believed the hackers repeatedly breached Target’s internal network to retrieve the data collected by the BlackPOS software.

In all, 40 million credit cards and data from 70 million users has been compromised, making this one of the largest security breaches in history.  Financial institutions are bearing the brunt of the losses from this breach.  Either through direct losses or from the cost of reissuing scores of debit and credit card, the effects of the Target breach will total into the hundreds of millions of dollars.

This past weekend, McAllen, Texas Police are believed to be the first to make arrests of individuals who are accused of using the compromised data to create fraudulent credit card cards.  Two Mexican citizens were arrested after buying tens of thousands of dollars’ worth of merchandise with nearly 100 bogus credit cards.

In my next story, I will cover what businesses should do to protect their network, what users should do to safeguard their information and what the industry must do to better protect against cyber criminals.

 

Updated Jay Leal.com

Jay Leal

As someone who works in technology, I am frequently asked my opinion about cyber security, recommendations on products or just simply, how does it work.  My name is Jay Leal and I will use this site to share with you my thoughts and experiences on topics related to technology.  Some articles will focus on technology that I think is fascinating and others will be about my other passions, my family, photography and public service.  These articles are of my own opinion.  They do not necessarily reflect the opinions of my employer.  With that out of the way, I hope you enjoy the site.