Why Hacking is a National Emergency

/in /by

Foreign hackers, look out: Uncle Sam is out to get you. President Obama has issued an order that allows the State Department and Treasury Departments to immobilize the financial assets of anyone out-of country suspected of committing or otherwise being involved in cyber crimes against the U.S.

7WkThis order, two years in the making, covers hacking of anything. The order refers to hacking as a national emergency. Imagine if entire power grids were hacked into. Yes, a national emergency.

Another reason hacking is a national crisis is because the guilty parties are so difficult to track down. Hackers are skilled at making it seem that an innocent entity is guilty. And a major hacking event can be committed by just a few people with limited resources.

However, the order has some criticism, including that of assigning it an over-reaction to the Sony data breach. But it seems that the government can never be too vigilant about going after hackers.

Proponents point out that the order allows our government greater flexibility to go after the key countries where major hacks come from, like Russia and China. This flexibility is very important because the U.S. has a crucial financial relationship with these countries. And that needs to be preserved.

For instance, there’d be little adverse impact to the U.S. if our government choked off the bank accounts of isolated hackers who were part of the Chinese government, vs. strangling the entire Chinese government.

In short, the activities of small hacking groups or individual hackers within a foreign government will be dealt with without penalizing the entire government—kind of like doing away with punishing the entire fourth grade class because one kid threw a spitball.

Hacking is now elevated to terrorism status; the order is based on the anti-terrorism bill. So foreign hackers, you’ve been warned; the U.S. is not reluctant to level you because the order allows for sparing your government as a whole from being sanctioned.

You can do your part to protect the Homeland simply by protecting your own devices using antivirus, antispyware, antiphishing and a firewall. Keep your devices operating system updated and uses a VPN when on public WiFi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

How to sign out of all Google Accounts

/in , /by

Let’s cut to the chase (never mind how you misplaced your phone): There are several ways to sign out of your Google accounts remotely. It takes three steps, and you’ll need the desktop version of Google. gg

  • On a mobile use a browser opposed to the Gmail/Google app and sign in at gmail.com.
  • Seek out “Desktop version” at the bottom of the window/browser. Click it. You may need to login again.
  • At the very bottom you will see “Recent Activity” in the right corner. Look below that to see “Details.” Click that.
  • A window will pop up giving you information about your account.
  • Look at the top of the page for a button, “Sign out all other sessions.” Click that.
  • And that’s it! Do this now to test it out.

You just signed out of your Google account. What this means is that anyone who might be in your account gets signed out or anyone who gets ahold of your lost or stolen phone/laptop etc will not be able to gain access, because they will need your password (which hopefully isn’t something dopey like 123password or password1, being that these are among the most commonly used passwords and thus very easy to guess at).

Keep in mind that Google has a device location tool. It works only when you’re signed in on the said device. So if you just signed out of all of your Google accounts, this location feature will be of no use. But if you happen to know precisely where your “lost” phone is, then it makes sense to sign out on all Google accounts.

Sounds odd, because chances are, if you know exactly where the phone is…it’s probably not in the hands of a crooked or nosy person. But you just never know.

For example, you may discover your phone is missing after you’ve returned from the gym. So you call the gym and sure enough, your phone was found in the locker room and turned in to the front desk. Thus, you know precisely where it is. However, who’s to say that a bored employee won’t tinker around with it?

If you know where the phone is, don’t delay in retrieving it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Police offer 18 Burglary Prevention Tips

/in /by

To help keep your home and property safe from crime, the New Castle County Police Department provides the following guidelines:

  1. Sounds like a no-brainer, but so many people do otherwise: Keep your doors locked at all times. People will actually go to sleep with the front door unlocked.
  2. Doors should be locked with a deadbolt that has at least a one-inch throw.
  3. Keep windows locked. People have been known to leave a window open overnight in their child’s bedroom. Yes, hot weather is here, but there are ways to ventilate rooms without inviting burglars and rapists in. A bad guy could easily, and quietly, remove a screen.
  4. Check all your windows; all should have locks.
  5. All sliding doors and windows should have a block in the track.
  6. The garage door should never be open unless it’s in use. This includes when you’re outdoors doing yardwork—it’s not in use while you’re tending the garden or lawn.
  7. Check the window A/C units: They should be very difficult to remove.
  8. Close curtains and blinds at night. This means when it begins getting dusky.
  9. Your house number should be easy to read, ideally large, reflective numbers.
  10. Lighting should be installed at all entrances: front, side and back.
  11. Install a timed lighting system to make it look like someone is always home.
  12. Make sure there are no trees or brush obscuring entrances, as burglars can hide more easily.
  13. Don’t leave ladders out in the yard because you don’t have the energy after doing a project to return them to the garage. Unless you just became overcome with severe food poisoning, you can hustle that ladder back into the garage.
  14. Don’t hide keys under the welcome mat or anyplace else outside.
  15. Garage door openers should not be visible inside your car. Neither should valuables, even a pricey pair of sunglasses.
  16. Leave a TV on when you go out at night.
  17. Never post travel plans on social media.
  18. Never create a voicemail message that indicates you’re not home.

On that last point…it’s amazing that people will actually leave a message like, “We’re not home right now, so please leave your name, number and a message…”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Don’t Rely on the Password Reset

/in /by

Think about your keychain. It probably holds the necessities: car keys, home keys, work keys, miscellaneous keychains you bought on your previous vacations. Now, imagine you have a keychain full of these keys that all look the same, but each only opens a specific door.

5DSounds kind of like your list of passwords, right? But what happens when you have all of these keys, and you need to get into your house? In either situation it can be easy to forget which key, or password, goes to what door or website.

So, back to the locked door situation, what do you do? A friend wouldn’t have a key that opens your house, and breaking down the door isn’t a good option for obvious reasons. Would you rely on a locksmith to come change the locks every time you forget your key? That would get old very quick.

It’s essentially the same thing when it comes to your passwords. It’s almost like you’re having to call a locksmith every time you want to get into your house because every time you leave, the lock changes. If you wouldn’t rely on a locksmith every time you want to open your house, why rely on the password reset? Step up your password game instead.

If you have loads of accounts and can’t deal with the hassle of creating and remembering long, strong passwords that are different for every account, then you need a password manager.

Not only will such a service help you create a killer password, but you’ll get a single “master” password that gets into all of your accounts. A password manager will also eliminate having to reset passwords.

Use these tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include mix matched numbers, letters and characters that don’t directly spell any words.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Managing Your Online Reputation

/in , /by

You’ve been “Googled.” No matter how small a speck you think you are in this universe, you have without a doubt created an online footprint that is attached to your name. Chances are high that someone out there has followed this footprint of yours via a Google search.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Whether by a business colleague, family member or even a significant other, it’s reasonable to assume that your name will be “searched” online for personal information about you. But, what are the results of these searches? Are you comfortable with what they might have discovered?

Online reputations are a part of everyday life that should not be taken for granted; they can be key factors in finding (and keeping) a job, not to mention personal and professional relationships.

Make sure your online reputation isn’t tarnishing your personal image. First step: search yourself! You can use any or all of the popular search engines, such as Bing and Google. You will want to make sure to view the search results when you’re logged in and out of your browser, as this can alter the outcome. Results can be different depending on many factors including the type of web browser, geographic location, web history or data center that is serving up the search results. You may be surprised to find that there is negative information you’ll want to get rid of.

If this is the case, and you want to remove some damaging results, you can use this link for Google and this link for Bing to request the removal of particular search results.

Use these tips to ensure your online reputation isn’t susceptible to generating negative search results:

  • Set your social media accounts to private to prevent unwanted retweets, shares, likes and posts (and think before you post).
  • Review the privacy settings for your social media accounts so that people aren’t seeing things you don’t want them to see.
  • Review all of your avatars. They are the world’s first impression of you, even if it’s obviously not you (e.g., an image of an evil dictator).
  • Review photos of yourself. Duck-face mirror selfies and party pictures are a major red flag. Remove any other unfavorable pictures that may lead to negative search results.
  • Remove any insulting or otherwise negative comments you may have made.
  • Now add in some information that elevates you.
  • Never drink while posting. While PUI’s are legal, you could regret it.

There are also ways to build up your online reputation:

  • Check out online portfolio sites such as meAbout.me and Seelio. These can help you to build your digital identity through a single website that showcases all of the positive information from your varying social media accounts.
  • Signing up with services such as Youtube or Flickr where you can promote your skills can also be a big reputation boost.
  • Another option is to create your own personal website domain, where you can represent yourself or your brand in whatever light you choose.
  • Look into online reputation management companies. Expect to pay some dough, but there’s nothing like having all that bad stuff swept under the rug.

Whether it is through posts, updates, or even mobile phones tracking location, just about every part of your daily life is somehow tied to your online profiles. This influx of time spent connected makes managing your online reputation a clear necessity to ensure the face-to-face image that you project into the world, matches the one linked to you online.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Signs You have Malware and what You can do

/in /by

Not all computer viruses immediately crash your device in a dramatic display. A virus can run in the background, quietly creeping around on its tip-toes, stealing things and messing things up along the way. If your computer has a virus, here’s what may happen:6D

  • Windows suddenly shuts down.
  • Programs automatically start up.
  • Some programs won’t start at your command.
  • The hard disk can be heard constantly working.
  • Things are running awfully slow.
  • Spontaneous occurrence of messages.
  • The activity light on the external modem, instead of flickering, is always lit.
  • Your mouse moves all on its own.
  • Applications in your task manager are running that you don’t recognize.

If any of these things are happening, this doesn’t automatically mean a virus, but it does mean to be on the alert.

If you have antivirus software (and if you don’t, why not?) it should scan your computer on a pre-programmed routine basis and automatically download updates. Antivirus software truly works at keeping the bugs out or quarantining one that gets in.

We will never eradicate the computer virus (a.k.a. malware) as it is always evolving to be one step ahead of antivirus software. This is why you must not sit back and let the antivirus software do 100 percent of the work. You should play a part, too.

  • Every day without fail, run a scan of your computer. This would be a quick scan, but every week you should run a deep scan. These scans can be programmed to run automatically, or you can run them manually.
  • You can have the best antivirus software in the world that runs scans every day, but it’s worthless if you shut it down and then open those iron gates and let a virus in. This will happen if you click on a malicious attachment in an e-mail from a sender posing as someone you know or posing as your bank, employer, etc. Never open attachments unless you’re expecting something from someone you know. If you open a malware laced attachment it will download a virus. And by the way, hackers are very skilled at making an e-mail appear like it’s from someone you know.
  • Never click on links inside e-mails unless it’s from someone you know who regularly sends you links, and even then, be alert to any anomalies, such as, for example, this person always includes a subject line, but one day, it’s blank. Should you open the attachment? Contact this person in a new e-mail chain to see if they just sent you something. And never click on links that are allegedly sent from your bank, a retailer, the IRS, etc. A malicious link could download a virus or lure you to a site that, once you’re there, downloads a virus.

Set your e-mail program to display text only, so that it will alert you before any links or graphics are loaded.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Reports say Russians hacked IRS Identities

/in /by

CNN recently reported that the data breach of the IRS, which occurred between this past February and May, originated from Russia. The crooks were able to steal tax returns from over 100,000 people. The thieves filed a total of $50 million in tax refunds, having obtained personal data to get ahold of the data.

11DIn other words, this crime wasn’t a hacking job. The Russians didn’t hack into the IRS’s network through some “back door” or social engineering scheme. They actually entered through the front door, using the personal data they had obtained.

Just how the breach came about is not yet known. The IRS’s Criminal Investigation Unit, plus the Treasury Inspector General for Tax Administration, are trying to figure it all out. The FBI is also involved.

Americans have no reason to feel secure about the protection of their tax data. For years, there have been security concerns by the leaders, and this latest Russian incident has fueled the flames.

Orrin Hatch, the Republican Senate Finance Committee Chairman, has stated: “When the federal government fails to protect private and confidential taxpayer information, Congress must act.” This is not the first time that the Russians have caused a data breach for the U.S. government.

As for this latest incident, the Russian thieves had originally tried to get into the tax records of 200,000 people, but were only 50 percent successful—resulting in the breach of those 100,000 Americans.

However, the IRS intends on contacting every one of those 200,000 people about the attempt. This is because third parties may have these people’s Social Security numbers, among other personal data.

And what is the consolation for the 100,000 people whose tax records were obtained? The IRS said they will get free credit monitoring.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Time to tighten up Google Privacy Settings

/in , /by

There is good news for the tech-unsavvy out there: Google has made their privacy settings easier to work with. This day has not come a moment too soon. “My Account” is Google’s new dashboard.

ggWhen you use any Google account, the giant company collects information on you. The new dashboard will reveal what information this is. My Account also has other privacy related features; check it out first chance that you get. It has the following three sections.

Security

  • If you get locked out of your Google account, Google will contact you via the phone number and e-mail address you’ll see in this section, and you can change them, too.
  • You can look over a list of apps, websites and more that have access to your Google account info. You can place restrictions on permissions.
  • Lists devices that have connected to your Google account.
  • You can change your password.

Privacy

  • Google collects information on you including what you watch on YouTube; this section reveals which information on you is saved.
  • This section controls what phone numbers people can reach you on Hangouts.
  • Additionally you can adjust your public likes and subscriptions on YouTube.
  • Third, you can alter the information that you share on Google+.

Account Preferences

  • Here you can select the language for your Google accounts.
  • Here you can delete your entire account or some of it.
  • You can adjust the accessibility features.

Think of how great it would be to view a list of all the information that Google has collected from your computer, tablet or smartphone…and then delete whichever items you choose. You now no longer have to use the excuse, “It’s too techy for me,” to avoid delving into the privacy settings and making adjustments to your liking. You have a right to know what Google gets on you and what everyone else on the planet can see, too.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

DC Murders as horrific as it gets

/in , /by

The latest report says that Darron Dellon Dennis Wint did not act alone in the arson murder of a Washington, D.C., family and their housekeeper. You might wonder how a $4.5 million mansion—presumably with top-flight smoke alarms—could burn enough to kill the occupants.

7HA cnn.com report says they were held against their will since the day prior to the May 14 fire. Wint is being held without bond.

It’s too soon, however, to draw conclusions, as other people are being interviewed by police.

Wint was arrested a week after the bodies of Savvas and Amy Savopoulos, and their son Philip were discovered. Housekeeper Veralicia Figueroa died later at a hospital.

The victims were discovered bound up and injured from blunt force, continues the cnn.com report. Philip, age 10, was apparently stabbed and tortured.

Bernardo Alfaro, the housekeeper’s husband, stated that Veralicia did not return home the night of May 13. (It’s fair to wonder why he didn’t pay a visit to the mansion that night, because next morning he finally did.)

Alfaro received a text message from someone claiming to be Savopoulos, telling him that his wife, who couldn’t drive, was with Amy in a hospital. Someone identifying herself as Amy called a second housekeeper and told her to stay home.

It’s believed that money was the motivation for the murders. Apparently, Wint and accomplices stole $40,000 that was dropped off at the mansion by a Savopoulos employee.

How was Wint caught? On May 13, two pizzas were delivered to the mansion while the victims were bound up. A woman instructed that the pizza be dropped off at the door (it had already been paid for via Amy’s credit card). Wint’s DNA was found on the crust.

Wint’s attorney says that this DNA doesn’t prove Wint was inside the house. So how did his DNA get there? Wint’s record doesn’t help: charges of theft, assault and sexual offense.

Neighbors of Wint’s parents say that Wint had choices and that “he was not raised this way.” Few people want their kids to grow up into murderers and groom them for such. But one must wonder what kind of emptiness and darkness existed in the childhood of a man who grows up to burn to death four innocent people.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Social Media Scams on the rise

/in /by

Social media is a conduit for thieves to get personal data (they can use it, for instance, to open up a credit line in the victim’s name). Though many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal.

14DThe FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people.

Phishing

You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account unless you click the link to reactivate it. Once on the site, you’re then lured into typing in your login information—that the scammer will then use to gain access to your account.

  • Never click these links!
  • Use antivirus/malware protection!

Clickjacking

You’re lured into clicking on a link. Once you do this, trouble begins, either with a download of malware or you being suckered into revealing account information—to the thief on the other end.

Recently I was perusing the FB page of a person I knew from school, and a recent post was what appeared to be a video in still format, ready to be clicked for viewing.

And what was the lure? A man’s head and torso on a road, his severed legs nearby, with the caption saying that this motorcyclist’s cam had recorded his fatal accident. This was surely a scam because the photo has been around for quite some time with only scant information. Now suddenly there’s a video of the accident? Yeah, right.

  • Don’t click on any videos purporting to show something like “Footage Shows Shark Biting Man in Half” or “Top 20 Blondes of All Time—Naked!”
  • Even the “Share” and “Like” buttons could be malicious. Skip these. These days you can’t be too careful, what with all the foaming cyber criminals out there.

Doxing

Doxing is that of leaking someone’s personal identifying data into cyberspace without their permission, potentially leading to ID theft, among other problems.

  • Think twice before you post personal details on social media. Enough seemingly trivial details could add up to something significant to a savvy fraudster.

Make sure your privacy settings are at their highest, but this is only an adjunct to being very judicious about what you post.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.