Let’s get right to the point: you are not very safe online today. At all. I want to explain why I think this by telling you a bit about what happened to me a few years ago.

In 2021, I was working for the City of New York’s Department of Information Technology (DOITT). I had over 20 years with the City of New York. When the COVID-19 pandemic hit, everyone, including me, had to start working from home. The city gave me a laptop to use.

When I got that laptop, I discovered a major problem. Important security features were not active or set up correctly. This wasn’t just a New York City issue—it’s a common problem with many Windows laptops. I even wrote an article about it for a professional military magazine (you can find the reference at the bottom of this page).

This was a serious security hole. Because of my job, I knew it was extra serious. At the time, I was also doing work for the NYPD/FBI joint task force that focused on terrorism. I knew bad actors, including foreign governments, could use this kind of security weakness to hack into systems.

So, I did what I was supposed to do. I sent many emails to the security team and to upper management. I warned them about the problem. I explained that because of my work with the FBI task force, I knew this was a real threat, and they needed to take it seriously. I offered to discuss it with them.

For weeks, I got almost no response. One person from IT security finally replied, but it was clear they didn’t really understand the problem or how computer security works. Unfortunately, in a big bureaucracy like the New York City government, people sometimes get jobs they aren’t fully qualified for. Don’t get me wrong—I worked with many brilliant and capable people—but this was a case where the wrong person was in charge of a critical issue.

Time went on, and the city got a new Chief Security Officer. I thought, this is my chance to go directly to the top. This person was a CSO with the NYPD. For safety, personal information about high-ranking NYPD officials, like their home address or phone number, is usually removed from public listings. But I needed a way to contact her. I’m not saying I’m a super-hacker, but I have a lot of skills. Let’s just say it only took me a few minutes to find her personal cell phone number. It wasn’t even a hard challenge. A determined teenager could have done it. That’s how exposed we all are. Our personal information is out there.

I called her and explained the major security problem with all the city-issued laptops. I mentioned that I knew for a fact that foreign countries were aware of this type of weakness. She asked me to send her an email summarizing everything, which I did.

Here is where things went bad. I sent the email. Within hours, I was completely locked out of all the city’s computer systems—my email, my work files, everything. Instead of investigating the security threat, they began proceedings to fire me. I decided to retire instead. I had my 20 years in, so I could keep my pension. I was also 68 years old and dealing with a return of cancer I’d fought years before (I’m okay, it’s stage one and closely monitored).

The whole experience showed me two terrible things: First, our devices often aren’t secure to begin with. Second, the people in charge often don’t want to hear about it, even when you have proof.

There’s another, more frightening thing I learned from my counterterrorism work. I found out that some dangerous extremist groups were not just interested in targeting government officials. They were looking into targeting those officials’ families—their children or grandchildren. The idea is that family members are easier to reach and less protected. They were specifically looking at families who had kids in certain catholic private schools.

I never reported this specific intelligence because I didn’t have the hard proof that the NYPD/FBI required, just patterns and chatter. But the memory has stayed with me. So, when I say you are not safe online, this is what I mean. If a major city’s government laptops have basic security flaws, and if reporting those flaws gets you shut down, what does that mean for the rest of us? If a high-ranking official’s personal phone number can be found in minutes, what about your information?

Share

We all need to be more careful. Use strong, unique passwords. Be suspicious of strange emails. Understand that a lot of our personal data is already available online for anyone with a little skill to find. And we need to demand better security from the companies and governments that provide our technology. They need to listen to the experts who try to warn them.

The security of our nation and our citizens depends on it.

Reference: For the technical details on the laptop security weaknesses I mentioned, please see my article published in the Military Cyber Professionals Association Journal, which discusses password and security setup failures in Windows systems.

Wrong Speak is a free-expression platform that allows varying viewpoints. All views expressed in this article are the author’s own.