In with the New, out with the Old

If you plan on getting a new smartphone, have you ever thought of what the next user of your old smartphone will find on it?

7WThis assumes you’ll be selling or donating it, of course. Are you SURE those risqué photos are totally gone, or that your diary entries have been wiped clean? Experiments have been conducted in which someone buys used smartphones for the sole purpose of seeing how much personal data was left behind by the previous owner. I’ve done one, it wasn’t pretty. We found data on half the devices we bought in the second hand market.

It’s unbelievable how much data was retrieved in these experiments, including addresses, e-mails, passwords and text messages. A factory reset is not a totally reliable way to wipe clean your smartphone, either, as shown by the fact that some Android phones, despite the factory reset, still contained the previous user’s data.

Before taking the first step in getting rid of your mobile phone, back up all of its data. This can be done with a flash drive or automated PC service. For Android and iOS, use Apple’s iCloud or Google’s Auto Backup.

Next, wipe your phone squeaky clean. No, not with a rag and bleach, but “wipe” means destroy all the data using a specific method. This is NOT done by hitting the delete button or even reformatting the hard drive. What you don’t see isn’t necessarily not there.

A reformatted hard drive can still contain your data. To wipe an Android or iOS, use Blancco Mobile. To wipe a Mac computer, use the OS X Disk Utility or WipeDrive. For Windows PC use Active KillDisk. If you use a factory reset for a smartphone, remove any SIM cards too.

What if you can’t wipe your device? If you don’t wish to give it to someone else, then literally destroy it. Don’t just toss it in the trash. Take out the hard drive and mutilate it with a hammer. If you do want to sell it or donate it (get the receipt if you do donate it for an IRS return), realize that your data will still be on it. You never know who will end up getting their hands on the device.

If the idea of hammering at the hard drive isn’t your cup of tea, then find out from the recycling company who conducts the downstream recycling. You don’t want your device—containing your data—getting into a foreign landfill. The recycling company should be part of R2, or “responsible recycling,” or be part of e-Stewards certification programs.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Hacking 2015 and Beyond

2015 brings us no closer to putting the lid on hackers as any other year has. The crime of Criminal hacking will prove to be as big as ever in the new year. Here’s what we have to look forward too:

4DBank Card Breaches

There will always be the bank card thieves, being that stealing data from magnetic stripe cards is relatively easy to pull off and there are different ways to do so. This includes tampering with card swiping devices, then retrieving the stolen data later on when nobody’s around.

The U.S. is moving towards replacing the magnetic stripe with chip ‘n PIN technology, but this will take time and money. Another issue is poor implementation of this technology, which makes a hacker’s job easier. It will be a while before efficiently implemented Chip and PIN technology rules the U.S.; expect lots of more bank card breaches.

Nation-State Attacks

Governments hacking governments was big in 2014 and it’s expected to continue rising. Criminals engaging in this type of threat involve interference with encryption and gaining entry to systems via “back doors,” kind of like how a robber gets into one’s home by removing a screen in the back of the house. One of the tools to accomplish this cyber assault is called a RAT which is a form of malware, and it’s predicted that this tool will be used even more (among others) to invade government and private company networks.

Data Destruction

It’s incomprehensible to the average Joe or Jane how someone (usually a team, actually) could wipe out data on the other side of the world, but it’s happened, such as with computers in South Korea, Iran and Saudi Arabia.

And this was on a large scale: banks, media companies and oil companies. Even if all the data is backed up, there’s still the monumental issue of rebuilding systems. And it’s no picnic trying to make sure that the saved data doesn’t carry malware residue that can reinfect a rebuilt system.

Extortion

Special malware (ransomware) can block a user from accessing data or a corporation from accessing its system, until money is paid to the hacker. This happened to the Sony company (data was stolen but also deleted), but the motives aren’t crystal clear. A cyber extortion requires a skilled attack, and don’t be surprised if this happens to more big companies.

Critical Infrastructure

This type of hack hasn’t really occurred big-scale in the U.S. yet, but experts believe it’s only a matter of time before it does. Cyber criminals will carry out a critical infrastructure attack, infecting networks and gaining control of them, all designed to shut down electricity, disrupt communications and poison water among other disrupting activities.

Third-Party Breaches

A third-party breach means hacking into entity “A” to get to “B.” An example is Target: Hackers got into the HVAC company that Target was contracted with to access Target’s network. Bigger third-party breaches have occurred, and experts have no reason to believe they’ve stopped, even though tighter security has been implemented (and busted through by hackers, not surprisingly).

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Winter Vacation Home Security

Planning a trip? Thinking of having your snail mail and newspaper delivery placed on a vacation hold so that thieves casing your neighborhood won’t see a pile-up of these items?

2HWell, there’s a better option, because what if…just what if…a crook works for the post office or newspaper company and keeps track of all of these vacation holds? They’ll know for sure you’re gone and will rob you, or at least try to. Have a trusted adult retrieve your mail and newspaper.

Next up for protecting your possessions is a rule that cannot be said too often: Never post your travel plans on social media! The number of people who do this daily is alarming, and this includes posting while on the vacation as well, putting up photos of the beach and boasting about the weather, scenery, etc. A thief reading this is like a dog watching you put steak in his bowl.

Another tactic is to install timed lighting devices so that your house isn’t perpetually dark, or perpetually lit up, which looks almost as suspicious.

Are you still continuing to put off getting a home security system? For as little as about $10/month your home can be monitored, but more provisional systems are still reasonable at $30 a month. The system should alert law enforcement if someone breaks in. Complement the home security with video surveillance. Today’s systems allow you to access them remotely.

Additional Tips for Home Security While You’re Away

  • Lock up all your valuables in a safe.
  • Deactivate the garage door opener.
  • Set up automatic timers that turn lights on and off.
  • Inform the police and a trusted neighbor of your travel plans.
  • Record a message on your voice mail that implies you’re home but busy.
  • Ask a neighbor to park their car in your driveway.
  • Have your grass cut to prevent overgrowth while you’re gone.
  • Make sure your car, if you’re using it to travel, is equipped for the long trip.
  • Load up the car under the cover of night or inside your garage so that nobody sees you’re prepping to be gone.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

5 Home Security Myths

If you’ve decided to avoid getting a home security system, I’m banking that the reason is at least one of the myths described below. Check them out:

1S“I have nothing valuable inside.” First of all, unless a burglar has X-ray vision, he’s going to have to break in to find out you have nothing valuable. He might be so pissed at this that he trashes the place before fleeing.

Secondly, a burglar knows that your “blue collar neighborhood” probably isn’t replete with alarm systems, but rather, lots of doors with simple locks and lots of windows with broken locks or already-torn screens.

Finally, what may not seem of value to you may be the burglar’s ticket to his next drug fix—anything he could quickly take off with and sell on the street or even eBay. They also like simple stupid stuff such as clock radios, DVDs, ornaments, even unopened bottles of vitamins.

“It’s too expensive.” Of course, the high-end, super sophisticated alarms that movie stars have for their mansions cost an arm and a leg, but home security companies know that they can make a tremendous profit off of selling less fancy systems for the average working class Joe and Jane. Why sell only to the rich? Some systems come as low as $9.95/month for monitoring. If you can’t spare $10 a month, see what vice you can give up that costs you at least $10/month.

“My neighborhood is safe.” If you think your neighborhood is safe, chances are it’s upscale. But that’s exactly where many burglars like to steal! They’re skillful at figuring out who doesn’t have the alarm system, while some know how to get past the alarm system. They want high-end valuables and won’t find them in “bad” neighborhoods too easily.

“Hide a spare key outside the door under a flower pot or welcome mat.” Even the world’s dumbest criminals know to check the rock that just happens to be by the front door for a key underneath. Either have a trusted person hold onto a spare key, or use keyless technology.

“Don’t let anyone know you’re traveling.” Actually, this means don’t blab about your trip indiscriminately, but do secretly tell a trusted adult so they can keep tabs on your house.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

SSN and Its Afterlife

What’s one billion? That’s about the number of possible permutations of the Social Security number. Which begs the question: What happens to an SSN when someone kicks the bucket?

8DCurrently, SSN’s are never repeated when they’re issued by the Social Security Administration. As of June 2011, the SSA made the issuance entirely random (previously, for example, the first three numbers were determined by place of birth).

With nearly a billion permutations, there’s no point in any number surviving the holder’s death and being reissued. Now in theory, the combinations will eventually run out, because eventually, a billion people will have been born in the United States. But this isn’t exactly in the near future. Why worry?

Nevertheless, some people like to plan way ahead. Maybe this scenario can be mitigated with a 10-digit number. Maybe numbers will stay at nine but be recycled. But for now, your number is as unique as your DNA. But, unlike DNA, a SSN can be used fraudulently.

The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration’s Death Master File Index. Sometimes it takes months for bureaus to update their databases with the Social Security Administration’s Death Master File Index.

Here’s how to avoid identity theft of the deceased:

  • Report the death yourself by calling the Social Security Administration at 1-800-772-1213.
  • Contact the credit bureaus directly to report a death and request the information to be recorded immediately.
  • Right now, before anyone perishes, get the person a credit freeze. Upon death (as in life), the person’s Social Security number will be useless to the thief.
  • Invest in identity theft protection. This is a layer of security that monitors one’s information, including Social Security number, in the wild. Have it activated for six months to a year after death.
  • The Identity Theft Resource Center suggests, “Immediately notify credit card companies, banks, stockbrokers, loan/lien holders and mortgage companies of the death. The executor or surviving spouse will need to discuss all outstanding debts. If you close the account, ask them to list it as: ‘Closed. Account holder is deceased.’ If there is a surviving spouse or other joint account holder, make sure to notify the company the account needs to be listed in that surviving person’s name alone. They may require a copy of the death certificate to do this, as well as permission from the survivor.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Beware of scary WiFi Virus

It’s called Chameleon—a computer virus—but maybe it should be called FrankenVirus. You wouldn’t believe what it can do: literally move through the air, as in airborne—like a biological pathogen.

2WAnd like some Franken-creation, it came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics.

Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop around and spread infection.

The scientists behind this creation have discovered that the more dense a population, the more relevant is the connectivity between devices, as opposed to how easy it was for the virus to get into access points.

Access points are inherently vulnerable, and Chameleon had no problem locating weak visible access points from wherever it was at, and it also avoided detection.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” explains Professor Alan Marshall in an article on Forbes.com. He added that this malware pursued other WiFi APs to connect to and infiltrate.

The scientists made this virus subsist only on the network—a realm where anti-virus and anti-malware systems typically do not scavenge for invaders. Protective software seeks out viruses on your device or online. Thus, Chameleon earns its name.

Think of this virus like the burglar who goes from house to house overnight, jiggling doorknobs to see which one is unlocked. WiFi connections are like unlocked doors, or locked doors with rudimentary locks.

Chameleon’s creators have come up with a virus that can attack WiFi networks and spread its evil fast. The researchers now want to come up with a way to tell when a network is at imminent risk.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Post Holiday Online Shopping Security

When it comes to online security, don’t let your guard down just because the holiday shopping frenzy has passed. In fact, this may be the very time to put your guard up even higher.

4HThough it’s smart to have your radar on for the scammers during the holidays, the scammers don’t exactly go slithering back under their slimy rocks once the New Year is here. So here’s how to be safe online during, and after, the holiday season.

  • Never click a link inside an e-mail. Better yet, delete, without even opening, any e-mails with subject lines promising great offers, gifts, prizes, money or other hyped-up things.
  • If you don’t see the “https” before the Web address in the address bar, the site is not secure. A secure site always has “https” preceded by a padlock symbol.
  • Be suspicious of “too good to be true” offers that are tweeted or messaged through social media.
  • Do you shop on eBay? Then shop on eBay, not through e-mails supposedly sent by eBay. These are scams.
  • Speaking of eBay, always review the feedback of the seller.
  • Another thing to look for is the domain name of anything you received via e-mail. Scammers typosquat or cybersquat on legitimate domains.
  • You can upgrade your protection by doing your online shopping only with reputable, well-known retailers. Though some purchases will be an exception (e.g., home-baked chocolate chip cookies), other purchases like electronics, appliances, linens and consumables should be purchased from trusted merchants.
  • Shop online only when your connection is secure; Unless you use a VPN, never shop in cyberspace from a hotel’s, airport’s or café’s Wi-Fi connection. And make sure your computer’s security is always updated.
  • Never use a debit card online, because if a scammer takes your money, it will be gone that instant from your checking account. With a credit card, at least you won’t have to pay the bill if the fraud is reported within 60 days.
  • Never make an online purchase with your checking account—this means money being withdrawn before you receive the product…that you might never receive anyways.
  • Check credit card statements every two weeks if it’s set up online, and check every paper statement.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

5 Ways to prevent Airline WiFi from Hackers

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Ways to Protect Yourself from Hackers on Airline WiFi

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Protect your Home post Holidays

After Santa has gone back to the North Pole to take a long rest, don’t think for a second that burglars too will be resting in January.

1HTrue, the holidays are a prime time for many burglaries, knowing that underneath that gargantuan Christmas tree in the picture window is surely a pile of expensive gifts. But people give burglars easy entry to their houses year-round.

The prowler will ring the bell. If nobody answers, he tests the door knob. If he does this enough times, this numbers game will pay off, because there’s always some lunkhead who will leave a door unlocked when they’re not home or overnight while they sleep.

If the main doors are locked, the thief may still persist and try other portals and may even break a window.

For safety year-round but especially post-holiday security, here are tips:

  • Get a home security system. If you already have one, good, but not good enough.
  • Keep all portals locked, even when you’re home. Yes, intruders enter occupied homes—these are more likely to be violent sociopaths wanting fast cash for their next drug fix, or rapists.
  • When you’re away, even for just a shopping trip, make it look like someone is inside (leave a TV on so the flickering can be seen, or a loud stereo, and/or lights).
  • When you’re out of town, arrange to have your house look like it’s being very lived in by installing automatic timers for exterior and interior lights, and arranging for trusted people to mow your lawn and park their car in your driveway.
  • As for the boxes that expensive items came in, keep them in your garage, out of public view, for three months. Then demolish them before leaving them curbside. Better yet, stuff the remnants in a trash bag.
  • I know you don’t want to live like a vampire, but do your best to keep shades and curtains closed even when you’re home in broad daylight.
  • Whether or not you have an alarm system, post stickers on your windows and signs in your yards that you do have a system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.