Botnets Here, Botnets There, Botnets EVERYWHERE

/in /by

What are these “botnets” you keep hearing about? Botnets (think roBOT + NETwork—gets you “BOTNET”) are a network of secretly compromised, run-of-the-mill home and office computers that have malicious software—controlled by a solitary hacker or cybercrime ring.

6DHackers use botnets to execute a variety of cybercrimes like page rank sabotage, mass spamming, bitcoin mining, and more. The FBI says there are 18 botnet infections every second worldwide and these infiltrations pose one of the gravest online threats ever. That figure means over 500 million computers a year are infected.

Needless to say, these attacks can occur without the user knowing it. Botnets will swipe the user’s personal and financial data and can result in stolen credit cards, website crashes and even record your keystroke habits.

The FBI is trying fervently to crumble the botnet empire, as this costs billions of dollars in fallout. And botnetting is on the rise. Hackers aren’t just going after Joe Smo’s credit cards, but top government secrets and technology.

This situation is compounded by another facet of the U.S. government using botnets to build up its power. Think NSA, with its pervasive surveillance program. NSA is assuming control over botnet-infected devices, using these for their own purposes.

NSA, in fact, has a legion of “sleeper cells,” according to the document that was leaked by Edward Snowden. These are remote-controlled computers infested with malware, and as of 2012, were on 50,000 networks.

So we have our government fighting to dismantle botnets, yet simultaneously, building up their arsenal with…botnets. So how on earth will this problem ever be mitigated?

It starts with you.

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive Antivirus security installed on all your devices.
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use
  • Keep your devices operating systems critical security patches updated.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Sweet Sixteen Rule

/in /by

Your child is turning 16! As a parent in the US, your mind is occupied with planning the big sweet 16 party and preparing for a new driver on the road (and the crazy high insurance that goes with it). During this exciting time, there’s something else you should be thinking about—your child’s credit score.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Child identity theft is more common than we want to think it is. According to a study by Identity Theft Assistance, 1 in every 40 households with minor children has been affected by child identity theft. Thieves love this kind of identity theft because 1) it gives them a clean slate because kids don’t have a credit history, and 2) it usually takes years before the crime is discovered—and it’s a lot of time to do some extensive damage. Many kids who have had their identities stolen don’t find out until they are adults trying to buy a car, apply for a college loan, or rent a place and they are denied due to low credit scores. At that point, it could take years to undo the damage and build a respectable credit score. No parent wants that for their child!

So when your child turns the big 16, start a new tradition and check to see if your child has a credit report. If your child does have a report, check to make sure there are not any mistakes on it and also check in why he or she would have a credit report (since most wouldn’t). You’ll not only save your child tons of headaches later on, but you’ll have a head start on clearing this up before it becomes a big mess.

But the best way to fix child identity theft is to prevent it in the first place. Here are a few tips to protect your child’s identity.

  • Keep your child’s information in a private, safe place. Don’t carry your child’s Social Security card or identity card around with you and make sure their birth certificate is in a safe place, like a locked file cabinet, safe or safety deposit box.
  • Only give out your child’s personal info when necessary. Be particular who you share your child’s Social Security number or identification number with, and when in doubt, leave it blank. The little league coordinator does NOT need to have this information, and even places that you may think may need it like your doctor’s office, you should check to be sure. Remember, once the information leaves your hands, it is out of your control.
  • Shred any sensitive documents before discarding. Rule of thumb: if it has an identification number  or any personal information on it, shred it.
  • Be alert to robberies and security breaches. If your home has been broken into, make sure all documents are accounted for.
  • Be careful what you and your child shares online. Make sure to teach your child the “rules of the road” for online safety and why sharing personal information online can be risky.
  • Invest in security software. Use software like McAfee’s LiveSafe™ service to protect your data and identity as well as your child’s on all your computers, smartphones and tablets.

For more information on protecting your identity, make sure to like McAfee’s Facebook page or follow us on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Child’s Honesty nabs Robbers

/in /by

A four-year-old girl witnessed two young men break into her home to commit a robbery. You’d think this would cause some kind of post-traumatic stress disorder, or at least at a minimum, nightmares.

3BBut it looks like instead, Abby Dean of Washington, WI, will have dreams of flying around with a cape and rescuing people. That’s because her accurate description led to a confession by the thieves.

She was with her 17-year-old babysitter when it happened. The men told the girls to leave so that they could steal valuables. And they took off with computer devices and a small amount of cash.

The teenager told police that the burglars were black, and that one resembled the next-door neighbor. The cops took the neighbor away for questioning.

But Abby insisted that the crooks were white. Soon, the babysitter’s story wasn’t adding up very well. Eventually, the teen confessed that the robbers were her teen boyfriend and his buddy. The trio had plotted the crime. The stolen goods were returned. Abby stated, “They got it back because of me being the superhero.”

How do you prevent a crime like this?

  • You can’t beat security cameras. A surveillance system can alert a homeowner with a text or phone call, plus set off additional lighting or loud noises—not to mention provide a visual of the intruder.
  • Don’t worry about cost. The system will add value to your house. Furthermore, your homeowner’s insurance might give a discount if you have a solid security system.
  • Some surveillance systems allow the homeowner to watch what’s going on in real time; Dropcam is such a system.
  • The mere sight of a camera is a proven deterrent to burglaries and home invasions.

But suppose someone breaks in while you’re home and doesn’t care that cameras are on him. This is video evidence that will be extremely valuable in court.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to Secure Your iCloud

/in /by

By now you’ve heard that Jennifer Lawrence’s (and other celebs’) cellphone nude pictures were leaked out, but how in the heck did the hacker pull this off? Tech experts believe it was through the “Find My iPhone” app.

Apple2Someone anonymously posted nude photos of Jennifer Lawrence and Kate Upton to the 4Chan site, and the stars confirmed the photos were of them.

It’s possible that the hacker/s discovered a vulnerability in the Find My iPhone service. This app helps people locate missing phones via cloud. hackers use a “brute force” program to protect hack accounts. These programs make repeated guesses at random passwords for a particular username until a hit is made.

So it’s possible hackers used “iBrute” to get celebs’ passwords, and hence, the photos in their iCloud accounts.

This is only a theory, as most hacking occurs in a more straightforward manner such as:

a person receiving a phishing email and responding with their password

someone’s personal computer gets hacked and spyware is installed

a laptop with all kinds of data is stolen

the wrong person finding a lost cellphone.

Also, evidence suggests that some of the leaked photos came from devices (like Android) that won’t back up to the iCloud.

Apple is investigating the leaks, and apparently put out a security upgrade Sept. 1, to prevent a brute force service from getting passwords via Find My iPhone.

You yourself are at risk of this breach if brute force indeed was used, as long as the problem hasn’t been fixed. If someone has your username, this tactic can be used.

If you want 100 percent protection, stay off the Internet. (Yeah, right.)

Bullet proof your passwords

  • Each site/account should have a different password, no matter how many.
  • Passwords should have at least eight characters and be a mix of upper and lower case letters, numbers and symbols that can’t be found in a dictionary.
  • Use a password program such as secure password software.
  • Make sure that any password software you use can be applied on all devices.
  • A password manager will store tons of crazy and long passwords and uses a master password.
  • Consider a second layer of protection such as Yubikey. Plug your flashdrive in; touch the button and it generates a one-time password for the day. Or enter a static password that’s stored on the second slot.
  • Have a printout of the Yubikey password in case the Yubikey gets lost or stolen.
  • An alternative to a password software program, though not as secure, is to keep passwords in an encrypted Excel, Word or PDF file. Give the file a name that would be of no interest to a hacker.
  • The “key” method. Begin with a key of 5-6 characters (a capital letter, number and symbols). For example, “apple” can be @pp1E.
  • Next add the year (2014) minus 5 at the end: @pp1E9.
  • Every new year, change the password; next year it would be @pp1E10. To make this process even more secure, change the password more frequently, even every month. To make this less daunting, use a key again, like the first two letters of every new month can be inserted somewhere, so for March, it would be @pp1E9MA.
  • To create additional passwords based on this plan, add two letters to the end that pertain to the site or account. For instance, @pp1E9fb is the Facebook password.
  • Passwords become vulnerable when the internet is accessed over Wi-Fis (home, office, coffee shop, hotel, airport). Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal information including usernames and passwords.

Use two-step verification.

Apple’s iCloud asks users two personal questions before allowing access. And let’s face it: We’re all wondering what Jennifer Lawrence was thinking when she decided it was a smart idea to put her nude photos into cyberspace.

Passwords seem to be the common thread in data breaches. But passwords aren’t too valuable to a hacker if they come with two-factor authentication. This is when the user must enter a unique code that only they know, and this code changes with every log-in. This would make it nearly impossible for a hacker to get in.

Go to applied.apple.com and you’ll see a blue box on the right: “Manage Your Apple ID.” Click this, then log in with your Apple ID. To the left is a link: “Passwords and Security.” Click that. Two security questions will come up; answer them so that a new section, “Manage Your Security Settings,” comes up. Click the “Get Started” link below it. Enter phone number and you’ll receive a code via text. If your phone isn’t available, you can set up a recovery key, which is a unique password.

All that being said, two factor will not protect your phones data. Apple is lax in making this happen. What Apples two factor does is protect you when you:

  • Sign in to My Apple ID to manage your account
  • Make an iTunes, App Store, or iBooks Store purchase from a new device
  • Get Apple ID related support from Apple

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Credit Card Fraud booming

/in /by

Online credit card fraud is flourishing, according to the U.S. Retail Fraud Survey 2014. One of the reasons is because online sales are ever on the increase, currently accounting for 6 percent of total sales, says the report, the most extensive of its kind. The projection is that within three years, retailers will be getting 15 percent of their sales online.

2CThe survey was carried out between April and May of 2014, and dealt with primary research into the processes, systems and strategies that were used by 100 of the U.S.’s leading retailers, representing 126,000 stores in the U.S.

The loss prevention manager or director for each retailer went through a detailed interview. Also interviewed was the e-commerce manager or director (if the loss prevention leader wasn’t available) regarding their prevention tactics for online fraud.

The survey has a few changes this year. Only the retailers who participated can see the detailed results. Plus, the report has an anonymous portion to help with quality and availability of the most critical data. These tweaks will assist retailers with their war against fraud.

Online fraud is higher on everyone’s radar due to so many high profile hacks. In fact, the study indicates that spending on online fraud prevention has gone up by 50 percent. Though this is good news, it hardly crushes the reality that credit card fraud continues to demonize retailers, requiring detection, prevention and management.

Protect your data:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Burglars steal Computers, Jewelry and Puppy!

/in /by

If ever there were a heartless robber, it’s the one (or two/three?) who stole a little dog named Pepper, a schnauzer-poodle mix, as part of their burglary in New Jersey.

Barbara August, the homeowner, said, “I’m devastated—I keep thinking I’m seeing her.” She wonders why the burglars didn’t just put Pepper in her crate and then do the ransacking. August also explained that the burglars got in through a back door that was not locked due to a defect.

But this story has a happy ending: A few days later August and her husband were reunited with their “schnoodle.”

2BHere’s how to prevent home thefts:

  1. Keep your home’s exterior well-lit, and use timers on indoor lights so nobody thinks the house is vacant.
  1. Have an alarm system and one that sets off a sound (when you’re home) and shrieking alarm (when you’re not) whenever a door or window is opened.
  1. Lock your doors and windows! If something’s broken, waste no time getting it fixed. Hollywood likes to perpetuate the idea that burglars typically use elaborate tricks to get into a home or simply whack a window with a sledgehammer to get in. But the reality is that many just traipse right through an unlocked door or crawl through an open or unlocked window.
  1. As for burglars who get past a locked door, a solid core door will be very difficult to bust through. Use heavy deadbolts—ones that go deep into the jamb that have 3-4 inch screws. A sliding glass door can be guarded with a wooden dowel that prevents it from being opened from outside.
  1. Wooden dowels should be installed on top of windows as well. Windows should have films over the glass that prevent breaking. Top everything off with a glass-break sensor anyways.
  1. Get an alarm system AND security cameras. Today’s surveillance cameras are more affordable and easier to install than ever.
  1. Get to work now on your security system; don’t wait till you’re victimized.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

SEC comes down on Breached Companies

/in /by

If you’re wondering if businesses, who’ve been targets of cybercrime, have been properly handling the fallout, you have company: The U.S. Securities and Exchange Commission.

1SThe SEC is investigating this very issue. Key Questions Include:

  • Did the businesses adequately protect data?
  • Were investors properly notified about the breach’s impact?

One of the companies being investigated is Target Corp.

The SEC, historically, has concentrated on giving guidance to companies regarding disclosure of data-breach risks, and the SEC has traditionally also assisted with ensuring that financial companies were well-equipped against hackers.

But the SEC doesn’t like when there seems to be incomplete disclosures of the data breaches or some kind of perceived misleading information.

For example, Target didn’t disclose its breach until the day after it was first reported—by renowned security blogger Brian Krebs.

Just how much should companies say about breaches? This is being debated among regulators, corporate attorneys and activist investors.

Nevertheless, public companies owe it to investors to inform them of material compromises that could affect the investors’ decisions to sell or buy shares. A material attack, says the SEC, includes one that makes a company greatly boost what it spends on defenses, and one in which intellectual property is stolen.

Businesses in general would rather keep silent about breaches to avoid negative fallout. At the same time, it’s not easy to come up with evidence that a business should have disclosed more about a data breach than it actually did. A stolen trade secret, even, won’t necessarily be harmful to a big company’s growth or profits. The interpretation here varies almost as much as the different kinds of cyber attacks do.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Post-Data Breach Reputation Building

/in /by

You WILL be hacked. Remember that mantra if you’re a business. Business leaders need to realize the effect that a data breach would have on customers and clients—an aftermath of distrust which can take a lot of time and money to rebuild.

4HInteractions is a customer experience marketing group that released a study called “Retail’s Reality: Shopping Behavior After Security Breaches.” One of the findings is that 45 percent of shoppers don’t trust retailers with their personal information. Following a data breach, 12 percent of faithful shoppers cease shopping at that store, and 36 percent shop there less. And 79 percent of those who’d continue shopping there would more likely use cash—which means buying less.

So that’s a retailer’s worst nightmare: Non-trusting customers who are spending less (not to mention the ones who quit shopping there altogether).

This leaves retailers with two options: prevent all data breaches (not an attainable goal) or devise a plan to minimize the disastrous aftermath.

Communication and transparency with customers is crucial in the aftermath of a breach. Customers want to know that a company will rise to the occasion in the event of a breach and are more interested in how the retailer will deal with the fallout, rather than how a retailer will prevent it. After all, consumers tend to realize that hacking these days is just a part of life.

Companies should not wait till a breach occurs to figure out how to retain customer trust; they should plan ahead. Companies should be able to assess the risk related to the data they collect and have a breach response plan in place prior to a data breach.

The IT department is often on center stage following a breach, but marketing, customer service, and HR departments are also very important.

The departments should pool together to come up with a plan to reassure customers that their security is the top priority and that should a breach occur, they will do everything possible to protect their customers and restore any and all accounts that are compromised as a result.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Home Security in a “Blink”

/in /by

Home monitoring, and home security, traditionally target a very specific type of customer: the homeowner who isn’t intimidated by complex set-up, has the resources to pay for installation, and who’s comfortable with monthly or annual fees. In short, a relatively small portion of the population. Blink is a unique entry into the home monitoring space: a wire-free HD home monitoring and alert system that aims to make smartphone-based home insight easy and affordable for the masses–whether they rent or own. How? By building a product around three tenets that translate into real-life benefits for its rapidly-growing community.

2BMake it easy to set up. Blink offers simple, DIY set-up that requires little technical or toolbox know-how. Its battery-powered, wire-free design makes it uniquely appealing, in that users can truly place it anywhere–on a bookshelf or desk, flush on the wall, or in a corner–without having to worry about the nearest outlet, or unsightly wires draped across their home or apartment.

Make it easy to customize and manage. Blink allows users to create a system that suits their lifestyle. Want to make sure your garage is safe? Arm Blink’s motion detection, and receive an alert and video clip if a door or window opens. Prefer to check in on your furry friend a few times a day? Activate Live View for a glimpse of what’s happening at home. Worried about a break-in? Add the optional, 105db alarm unit to ward off intruders. Temperature and status alerts round out a rich feature set that’s scheduled to expand further in 2015.

Make it affordable. With no monthly fees and systems ranging from $69 to $269, users can create a whole-house system for far less than the cost of traditional home monitoring and security products, with the flexibility to affordably expand their system as necessary.

With this user-centric approach, Blink has quickly built a community of more than 5,000 supporters and garnered over $800,000 in pre-order pledges, as well as introduced several new features–including an open API and optional alarm unit–that mark the beginning of an integrated ecosystem.

Kickstarter: https://www.kickstarter.com/projects/505428730/blink-wire-free-hd-home-monitoring-and-alert-syste

Majority of Executives believe Attackers will overcome Corporate Defenses

/in /by

Many technology executives don’t have a favorable outlook on their ability to sideswipe cybercriminals, according to research conducted by McKinsey and World Economic Forum.

2DThe research also shows that both big and small businesses lack the ability to make sturdy decisions, and struggle to quantify the effect of risk and resolution plans. As the report authors state, “Much of the damage results from an inadequate response to a breach rather than the breach itself”.

These results come from interviews with more than 200 business leaders such as chief information officers, policy makers, regulators, law enforcement officials and technology vendors spanning the Americas, Europe, Asia, Africa and the Middle East.

Cybercrimes are extremely costly and the cost can hit the trillions of dollars mark.

Several concerning trends regarding how decision makers in the business world perceive cyber risks, attacks and their fallouts were apparent in the research findings:

  • Over 50 percent of all respondents, and 70 percent of financial institution executives, think that cybersecurity is a big risk. Some executives believe that threats from employees equal those from external sources.
  • A majority of executives envision that cyber criminals will continue being a step ahead of corporate defenses. 60 percent believe that the gap between cyber crooks and corporate defense will increase, with, of course, the crooks in the lead.
  • The leaking of proprietary knowledge is a big concern for companies selling products to consumers and businesses.
  • Service companies, though, are more worried about the leaking of their customers’ private information and of disruptions in service.
  • Large organizations, says ongoing McKinsey research, reported cross-sector gaps in risk-management competency.
  • Some companies spend a lot but don’t have much sophistication in risk-management capabilities, while other companies spend little but are relatively good at making risk-management decisions. Even large companies can stand to improve their risk management capabilities substantially.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.