What is a Man-in-the-Middle Attack?

/in /by

There’s a reason why most people feel uncomfortable about the idea of someone eavesdropping on them—the eavesdropper could possibly overhear sensitive or private information. This is exactly the risk that computer users face with a common threat called a “Man-in-the-Middle” (MITM) attack, where an attacker uses technological tools, such as malware, to intercept the information you send to a website, or even via your email.

11DJust imagine you are entering login and financial details on an online banking site, and because the attacker is eavesdropping, they can gain access to your information and use it to access your account, or even steal your identity.

There are a variety of ways that attackers can insert themselves in the middle of your online communications. One common form of this attack involves cybercriminals distributing malware that gives them access to a user’s web browser and the information being sent to various websites.

Another type of MITM attack involves a device that most of us have in our homes today: a wireless router. The attacker could exploit vulnerabilities in the router’s security setup to intercept information being sent through it, or they could set up a malicious router in a public place, such as a café or hotel.

Either way, MITM attacks pose a serious threat to your online security because they give the attacker the ability to receive and request personal information posing as a trusted party (such as a website that you regularly use).

Here are some tips to protect you from a Man-in-the-Middle attack, and improve your overall online security:

  • Ensure the websites you use offer strong encryption, which scrambles your messages while in transit to prevent eavesdropping. Look for “httpS:” at the beginning of the web address instead of just “http:” which indicates that the site is using encryption.
  • Change the default password on your home Wi-Fi connection so it’s harder for someone to access.
  • Don’t access personal information when using public Wi-Fi networks, which may, or may not, be secure.
  • Be wary of any request for your personal information, even if it’s coming from a trusted party.
  • Protect all of your computers and mobile devices with comprehensive security software, like McAfee LiveSafe™ service to protect you from malware and other Internet threats.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is a Backdoor Threat?

/in /by

Did you accidentally leave the back door open? This thought can be scary because you know that leaving the back door open at home could allow someone to enter your home and take your personal belongings.

6DThe same is true for a backdoor in the computer world. It is a vulnerability that gives an attacker unauthorized access to a system by bypassing normal security mechanisms. This threat works in the background, hiding itself from the user, and it’s very difficult to detect and remove.

Cybercriminals commonly use malware to install backdoors, giving them remote administrative access to a system. Once an attacker has access to a system through a backdoor, they can potentially modify files, steal personal information, install unwanted software, and even take control of the entire computer.

These kinds of attacks represent a serious risk to users of both computers and mobile devices since an attacker can potentially gain access to your personal files, as well as sensitive financial and identity information.

Say, for instance, an attacker uses a backdoor to install keylogging software on your computer, allowing them to see everything that you type, including passwords. And once this information is in the hands of the cybercriminals, your accounts could be compromised, opening the door to identity theft.

Here are a few tips to protect you from back door threats:

  • Use comprehensive security software on your computers and mobile devices, like McAfee LiveSafe™ service, to protect you from malware.
  • Never click on an email attachment or a link sent from people you don’t know and watch what you download from the web.
  • Be careful about which sites you visit, since less secure sites could contain a so-called “drive-by download”  which is able to install malware on your computer simply by visiting a compromised web page. You can check the safety of a website before you visit it by using our free McAfee® SiteAdvisor® tool, which tells you if a site is safe or not right in your search window.
  • Only install programs that you really need, minimizing your exposure to potential vulnerabilities.

Make sure you don’t leave any back doors open. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Social Engineering?

/in /by

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Stolen Identities are cheap on the Darknet

/in /by

What a steal: You can purchase a U.S. stolen identity for $25, and an overseas one for $40. Cybercrime is booming. Cybercriminals are competing even against each other. Data theft is becoming increasingly easier, with more and more people gaining entry into this realm. It’s no longer for the elite.

11DHiring someone to perform a cybercrime doesn’t take technical knowledge; only the ability to pay. Even a computer isn’t necessary, and the crime can be outsourced.

The underground of cyberspace is known as the Darknet. Illegal activities of the Darknet are mighty cheap these days.

  • Under $300: credentials for a bank account that has a balance of $70,000-$150,000.
  • $400-$600 a month: Hire a crook to fire a denial-of-service attack on your online competitor to knock it offline. This service can also go for $2 to $5 per hour. Prices are actually quite varied, but the range goes well into the cheap end.
  • $40 bought a personal identity (U.S. stolen ID as of 2011), and $60 bought a stolen overseas ID (as of 2011). Currently, these IDs cost 33 to 37 percent less.

Other Crime Fees

  • $100 to $300: hack a website
  • $25 to $100: A hacker will steal all the data they can on a person or business by using social engineering or Trojan infiltration.
  • $20: a thousand bots; and $250 will get you 15,000.
  • $4 to $8: one stolen U.S. credit card account including CVV number ($18 for European accounts)

What does all this mean to you? It means your identity is at risk.

  • Update your PC with the most current antivirus, antispyware, antiphishing and a firewall.
  • Update your devices critical security patches.
  • Require password access for all your devices and use strong passwords for your accounts.
  • Invest in identity protection because even if you secure your data, a major retailer or bank can be breached putting your data at risk.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Socint: disseminating cybercrime through social intelligence

/in /by

People talk—A LOT. They can’t stop talking. Talking, getting something off your mind and out there feels good. Talking takes the pressure off one’s mind; our mouths are like relief valves for our heads. The problem has always been that people blurt out whatever is on their mind and say things that often get them in trouble. And yes, I’ve done it too.

But now people now post their thoughts online, which in many cases is even worse because it’s not one on one; it’s to the world. We’ve seen numerous kids, teachers, employees, officials, politicians, celebrities, and folks from just about every walk of life say or post something that has resulted in backlash and sometimes arrest.

The arrest part is very interesting. Law enforcement and government are paying close attention to social media and what is being said. A man in Toronto posts on Twitter he’s looking for a drug dealer, provides a location for where he is, and says, “I need a spliff”—slang for marijuana—and the Toronto police respond, “Awesome, can we come too?”

But it goes much deeper than that. NextGov.com reports, “Criminals, organized crime syndicates, gangs and terrorists also use social media. They post information and share photos and videos, and terrorist groups use the tools to recruit new members, disseminate propaganda and solicit funds.”

It seems the next stage to investigate and prevent crime is through social intelligence combined with social analytics, hence “Socint”. Continues NextGov.com: “Officials can use this type of social media-driven intelligence to gain insight, investigate, construct countermeasures and refocus resources.”

So what do YOU do? If you are doing anything illegal, stop…or just keep doing what you are doing and let’s just hope you get caught. For the rest of us who want a little more privacy or don’t want to get in trouble because we say stupid stuff, pay attention:

  • Know that everyone’s watching: What you say or post lasts forever, and it can and will bite you.
  • Lock down privacy settings: Each social site has its own privacy settings. They change often and they require your attention at least semiannually.
  • Update security settings: Criminals are creating viruses in record numbers for computers, mobiles and tablets. It is essential to updates your operating system’s critical security patches and antivirus, antispyware and antiphishing.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress –

On the Internet, FREE is a Dangerous Four Letter Word

/0 Comments/in , , , /by

The wild, wild web is like any major metropolitan city. There are high-class neighborhoods, retail districts, theater districts, business centers, popular social areas, seedy red-light districts (in Boston we called this the Combat Zone), and bad, bad, BAD neighborhoods.

Depending on where you go, you may pick up a virus or get bonked on the head.

The Internet is the same.

As more consumers seek out more free entertainment online, cybercriminals are shifting their attacks accordingly. McAfee recently conducted a series of studies determining that searching for celebrities like Cameron Diaz can increase your chances of infecting your PC. McAfee’s new “Digital Music & Movies Report: The True Cost of Free Entertainment” also confirmed that your PC is equally vulnerable when searching the word “free.” This report reveals the significantly increased risk of fraud when including “free” and “MP3” in the same search query. And when you add the word “free” to a search for ringtones, your risk increases by 300%.

Cybercriminals lure users with words like “free” in order to infect their PCs with malicious software, which is designed to take over the infected computer and allow hackers full access to private files, usernames, and passwords.

To stay safe, avoid searching for “free content.” Stick to legitimate, paid sites when downloading music and movies.

If a website is not well established, avoid clicking links in banner ads.

Use comprehensive security software to protect against the latest threats.

Use common sense: don’t click on links posted in forums or on fan pages.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green annotation in search results, warning users about potential risky sites ahead of time, and highlighting safe results.

Be aware that the more popular a topic, movie or artist is, the more risky the search results will be.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Criminal Web Mobs Responsible For Most Cyber Crime

/0 Comments/in , /by

New reports confirm what we’ve been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up corporations’ and financial institutions’ networks. According to a new Verizon report, a staggering 900 million records have been compromised in the past six years. Up to 85% of the breaches were blamed on organized criminals.

The hackers who infiltrate these networks include brilliant teens, 20-somethings, all the way up to clinical psychologists and organized, international cyber criminals. Many are from Russia and Eastern Europe.

Motivated by money and information, they either exploit flaws in applications to find their way inside networks, or they target their victims psychologically, tricking them into disclosing usernames and passwords, or clicking malicious links.

Flawed web applications often make these types of hacks possible. Criminals use “sniffers” to seek out flaws, and when they find them, the attack begins. Malware is generally used to extract usernames and passwords. Once the criminals have full access to a network, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

To protect yourself, update your PC’s basic security, including Windows updates and critical security patches. Make sure your antivirus software is up to date and set to run automatically. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through. Run spyware removal software. And set up your wireless network with a “key” or passcode so it’s not open to the public.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another data breach on Fox News. (Disclosures)