“Computer hacks, attacks, and outages” an interview with Tom Sanders by Bronson Tang

With the recent, and unfortunately all too common computer attacks on major companies, I thought I would take a moment to speak briefly with Tom Sanders from Serinus42. His company is responsible for the social website Downdetector, a service which offers real-time outages and problem detection for all kinds of services by analyzing social media trends. Currently Downdetector is available in 27 countries.

The purpose of the interview was to get a better handle on what is going on with all the computer hacks, attacks, and outages. I wanted to know, whether what we are currently witnessing is a precursor of more things to come or is it just an aberration. I was also curious to know, what he thought about what we can do now to protect ourselves from being victims of future attacks.

It was my hope that Tom might be able to shed some light on the subject (seeing as he is on the front-line dealing with these issues on a daily and weekly basis.)

Here are the questions, and most importantly, the answers from our interview:

Bronson Tang: Could you tell me a little bit about your background and motivation behind creating serinus42 and downdetector.com?

Tom Sanders: Prior to this project, I worked as a group editor in chief for the business publications at IDG in the Netherlands (eg: webwereld.nl, computerworld.nl, cio.nl). In those days Vodafone was having
a lot of outages.

Our readers would email us when ever Vodafone had problems, but as a journalist there isn’t too much that you can do. Initially, you call the provider to get a confirmation, the company’s PR department needed time to check into the issue and by the time they got back, the problems were over. We’d still publish a story about the outage, which would get lots of traffic.

Often we could only report that there was a problem, so the content wasn’t very informative. However, demand for this information from the community was large. That lead me to believe that there was an opportunity for providing real-time information about outages. I discussed this with a friend (who is a great programmer), who proposed to use Twitter data to collect signals from users who have had problems with their service. If we’d seen an increase in the number of problem tweets, we’d know that there
was an outage.

We started building this service in January 2012, and by May we were able to detect our first outages. We’ve later added additional data sources, such as reports that people can make directly on our website. As well as other data sources that we don’t disclose. We currently operate websites in 27 countries and support about a dozen languages. On the one side, technology is becoming ever more complex. Banks for instance, still rely on mainframe computers that were designed at leased 40 years ago. However, we are now expecting these systems to power mobile banking apps that are fed with real-time data.

The result is that banks are piling even more layers of technology on top of each other, which makes for extremely complex systems. Each layer can fail (and will fail at some point), so as we continue developing existing services, we are continuing to see these systems fail.

On the other side, we as a society are becoming ever more dependent on these systems. If you are a teenager, Whatsapp or Snapchat are an essential part of your life that you can’t afford to lose. There is a trend for banks to close their main street branches and push their clients towards internet banking and mobile banking. That means that if these systems go down, we no longer have an alternative.

Thirdly, as we are moving more services and devices online, there is more stuff for the bad guys to attack. If western intelligence services can build a computer virus that sabotages the nuclear program in Iran, then a rogue state can build a virus that opens up a levee during a storm in New Orleans. An internet-connected fridge sounds great, but if an attacker is able to disable all the fridges in the world, we have serious problem.

BT: Your site downdetector.com is absolutely fantastic! Thank you for providing such an invaluable service, is what we are witnessing with the recent internet attacks a precursor of more to come or is this just an anomaly? Why or why not?

TS: I believe that we will continue witnessing large scale outages.

Over time banks will succeed in building a stable infrastructure for the mobile banking era, but we are already in the middle of a new wave of cloud adoption and the next wave of the internet of things is approaching fast. These are more layers of complexity and therefore will introduce new choke points in the system.

BT: Is there measures that non technically savvy people can do to ensure that their own private data will not fall victim to cyber attacks and hacks? How do you personally protect yourself?

TS: We’re not really about offering security but outage detection… but personally I would say:

Use a password management tool such as Onepass, Passkeper or Lastpass. Don’t use the same password on two services. Use two-factor authentication (eg: Google authenticator or Authy) whenever it is supported, and if it isn’t supported contact the supplier and ask them to support it.

BT: And last but not least, what question should I have asked you that I didn’t ask, why is it important, and what is the answer?

TS: I think we’ve covered most of it above.

BT: Thanks Tom, for your time and for this interview.

(This interview was conducted by Bronson Tang from etomicmail.com)