According to the FBI, a man named Chris Roberts claims to have hacked into a Boeing 737’s in-flight entertainment system and from there hacked into the jet’s control system. Then he made the jet fly sideways by manipulating engine thrust. So he says.
In only this weren’t so believable. Given the ingenuity of hackers, you can imagine the options on the seatback’s little screen: “Need for Speed,” “Taken 3,” “Retro Hits,” “Totally 80s,” “Make Plane Fly Sideways,” “Fly to Cabo, Not Spokane.”
The malefactors who do this sort of thing have the country spooked, but not spooked enough. To buy stuff in stores, for example, we let strangers swipe the magnetic strips on our credit cards. Even a simpleton crook knows how to clone the info on those strips to another card and buy pricey items on our account.
Oh yes — there’s an important safeguard. To put purchases on our tab, the swindler supposedly has to replicate our signatures with the skill of a counterfeiter. But this fail-safe measure depends on minimum-wage checkout clerks poring over scribbles while four or five customers waiting in line get increasingly testy. When is the last time a clerk checked your signature?
Places like Europe and Japan don’t put their faith in magnetic stripes that beg to be stolen and signatures that no one cares about. Their retailers and banks use cards embedded with a chip combined with a PIN. The chip emits data specific only to a single transaction, and the PIN (hopefully) ensures that the rightful owner of the card is physically present at the point of sale.
The United States, which invented both the credit card and electronic digital computers, hasn’t gotten the hang of the chip-and-PIN system. In October, a federal law will make chip-averse retailers responsible for fraud perpetrated with chip-less cards. That should concentrate their minds.
But PINs involve another problem: human memory. You have to remember the PIN, which shouldn’t be the last four digits of your zip code, telephone number or Social Security card.
And PINs are just the start. On the Web, you need user ID and passwords for your supposedly secure accounts, of which people typically have two or three dozen.
How do we remember them all? Gawker Media got hacked a few years ago and all the world discovered the passwords connected to the accounts of its hapless subscribers. Among the most popular: “password,” “12345,” “qwerty,” “11111” and “aaaaa.” These are unlikely to block the A Team from North Korea or even the 14-year-old next door.
The best passwords include upper-case letters, lower-case letters, top-of-the-keyboard symbols; they can’t include names, nicknames, pet names, nieces’ names, birthdates, graduation dates, etc. They don’t include any words in the dictionary, because hacker computers know every one of them. Remember, it’s been 75 years since the British broke the Germans’ unbreakable Enigma code, and Bletchley Park didn’t have supercomputers that run at teraflop speeds.
So: If you can remember your password, you’re dead. If you let the websites you visit cache it, you’re dead. If you keep it in a list, you’re dead. If you want to fly sideways, that might be arranged.