Latest Russian Cyber Attack on White House a Boon for CISA

The Russians have come…again—in the form of hackers. Not long ago Russian cyber criminals busted into the U.S.’s State Department system and mangled it for months.

1DThis time, they got into a computer system at the White House. Luckily, this system did not hold any classified information, but nevertheless, the hackers got ahold of President Obama’s private itinerary. So it just goes to show you just what hackers a world away can do.

This isn’t the first time that the White House has been hacked into. Remember the attacks that were allegedly committed by the Chinese? These, too, did not involve sensitive information, but the scary thing is that these cyber invasions show how easy it is for other countries to bang into the computer systems of the No. 1. Superpower.

So President Obama’s personal schedule got hacked, and in the past, some White House employee e-mails got hacked. What next—top secret plans involving weaponry?

What the Russians may do next is of grave concern to the FBI. Perhaps the Russians are just teasing us with this latest break-in, and the next hacking incident will really rattle things.

Ironically, Obama had recently signed an executive order in the name of stomping down on cyber crime. Well, someone didn’t stomp hard enough, and the Russians, Chinese and everyone else knows it.

Obama’s efforts involve CISA: Cybersecurity Information Sharing Act. The Act would mandate that there’d be greater communication between the government, businesses and the private sector relating to possible cyber threats.

CISA is not well-received by everyone because it involves what some believe to be a compromise in privacy. This latest attack on the White House, say CISA critics, might encourage lawmakers to hastily pass the Act without first building into it some features that would protect the privacy of the private sector.

The chief concern, or at least one of the leading ones, of CISA opponents or skeptics is that of the government gaining access to Joe’s or Jane’s personal information. And why would the government want to get our private information? For surveillance purposes—that harken back to the efforts to increase cyber protection and prevent more hacking episodes.

The bottom line is that this latest attack by the Russians will surely add a few more logs to the fire in that lawmakers will feel more pressure than ever to strongly consider passing CISA.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

1 Billion Records hacked

Billions and billions—it’s only a matter of time before this becomes the number of hacking incidents in a single year, because just in 2014, over one billion records were hacked out of 1,500 different hacking incidents, says a recent report.

4DSome other findings from the report:

  • A little over half the breaches involved credit card numbers, Social Security numbers and other personal information.
  • Most hacking incidents occurred in the U.S.
  • 55 percent of the incidents involved retailers, primarily affecting point of sale systems that lack encryption technology.
  • The private sector, combined with the government, took up 17 percent of the hits.

The government has had it; the White House plans on devoting an office entirely to figuring out how to stay ahead of cyber crime. Let’s hope that the White House really dissects cyber attack technology.

What can consumers, the private sector, retailers, banks and the governments do to make it difficult for hackers to cause mayhem?

  • Go through all of their passwords and replace the weak ones with strong ones. A weak password is less than eight characters (some experts advise that it be at least 12), contains actual words or names, contains keyboard sequences and has limited character variety.

    Keep in mind that an eight-character password such as $39#ikPw is strong and superior to the 12-character 123qwertyTom. But maximize the strength by making the password at least 12 characters and a jumble of character gibberish. A password manager can do this all for you.

  • Install antivirus software. This means antivirus, anti-spyware, anti-phishing and a firewall. Then make sure they are always updated. This software should also be installed on your smartphone and tablet.
  • If you’re still using windows XP because you don’t want to part from your comfort zone, get out of it immediately, because it won’t be so comfy when your system gets dismantled by a hacker. Windows XP is no longer subject to security patches and updates by Microsoft. You need a version, such as MS Win 7, that receives regular updates.
  • Your router has a password that’s been set by the manufacturer. Hackers know these passwords. Therefore, you should change it. Next, turn your WPA or WPA2 encryption on. If you don’t know how to do these things, contact the router’s manufacturer or google it. And unless you have encryption while using public Wi-Fi, consider yourself a lone zebra wandering around in the African savanna where prides of hungry lions are watching you. Get a VPN. Google it.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Hacking Humans: How Cybercriminals Trick Their Victims

Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money.

11DThe fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a heck of a lot of people out there who are easily duped into giving over their money. I’m riled because many of these emails (we all get them) scream “SCAM!” because their subject lines are so ridiculous, not to mention the story of some befallen prince that’s in the message

I bet there’s a dozen phishing emails sitting in your junk folder right now. Unfortunately, a lot of these scam emails find their way into your inbox as well.

McAfee Labs™ has declared that there’s over 30 million URLS that may be of a malicious nature. Malicious websites are often associated with scammy emails—the email message lures you into clicking on a link to the phony website.

Clicking on the link may download a virus, or, it may take you to a phony website that’s made to look legitimate. And then on this phony site, you input sensitive information like your credit card number and password because you think the site really IS your bank’s site, or some other service that you have an account with.

6 ways hackers get inside your head:

  1. Threatening you to comply…or else. The “else” often being deactivation of their account (which the scammer has no idea you have, but he sent out so many emails with this threat that he knows that the law of numbers means he’ll snare some of you in his trap).
  2. Getting you to agree to do something because the hacker knows that in general, most people want to live up to their word. That “something,” of course, is some kind of computer task that will compromise security—totally unknown to you, of course.
  3. Pretending to be someone in authority. This could be the company CEO, the IRS or the manager of your bank.
  4. Providing you with something so that you feel obligated to return the favor.
  5. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances.
  6. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust.

In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams, ruses, motivations and then simply hit delete. Whenever in doubt, pick up the phone and call the sender to confirm the email is legit.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

It’s Beginning to Look a Lot Like the Holiday Shopping Season

The holiday season is in full force. Not only is it time to bring out the tinsel while jamming out to holiday music, it’s also time to buckle down on your holiday shopping. Have you made your holiday shopping list yet? Luckily, in the U.S., the biggest shopping days of the year are coming up meaning lots of shopping deals at stores on and offline to help you complete your holiday shopping list.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294There are people out there who are really gung-ho about Black Friday—camping outside a department store the night before and fighting the masses for the half-price widescreen tv. That’s not really my style; I’m more of a Cyber Monday kind of guy. I just fire up my computer or tablet and start clicking and then boxes magically arrive at my house…well maybe not magically.

Online shopping is convenient for the holiday shopper. No lines, no braving the sometimes nasty winter weather, no crowds—you can buy almost anything and never leave your couch. Although online shopping is a great way to complete your holiday shopping list, you should take a couple precautions while online to keep your personal and financial information safe from hackers.  Along with avoiding the 12 Scams of the Holidays, here are the top 5 tips to help you stay safe while shopping online this holiday season.

  • Be wary of deals. Does that 90% off blowout sale of iPhones sounds too good to be true? It probably is. Any offer you see online that has an unbelievable price shouldn’t be believable. Beware of spam emails with links to awesome deals, as it’s particularly dangerous to buy on a site advertised in a spam email. I recommend using web protection, like McAfee® SiteAdvisor® provides easy to results to protect you from going to a malicious website.
  • Use credit cards rather than debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Another option savvy shoppers sometimes use is a one-time use credit card, which includes a randomly generated number that can be used for one transaction only. If the number is stolen it cannot be used again. Using this type of credit card also ensures that a thief does not have access to your real credit card number.
  • Review the company’s policies. Look to see how the merchant uses your personal information and check to make sure that it will not be shared with third parties. You should only disclose facts necessary to complete your purchase and not any additional information about yourself. Also, check the website’s shipping policy and make sure it seems reasonable to you. You want to make sure that you understand all your shipping options and how they will affect your total cost of your online purchase.
  • Check that the site is secure. Find out if a company’s website is secure by looking for a security seal, like the McAfee SECURE™ trustmark, which indicates that the site will protect you from identity theft, credit card fraud, spam and other malicious threats. Make sure the site uses encryption—or scrambling—when transmitting information over the Internet by looking for a lock symbol on the page and checking to make sure that the web address starts with httpS://.
  • Only use secure devices and connections.  If you are using a public computer, information such as your browsing history and even your login information may be accessible to strangers who use the computer after you. Also, never shop using an unsecured wireless network because hackers can access your payment information if the network is not protected.  To protect yourself, do all of your online shopping from your secure home computer. When shopping at home, make sure all your devices are protected with comprehensive security like McAfee LiveSafe™ service which protects all your PCs, tablets and smartphones.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The Beginners Guide to using TOR

Want to be invisible online? Get to know Tor.

TORTor will make you cyber-anonymous, concealing your cyber footprints, ID, browsing history and physical location. It even makes the sites you visit anonymous. Now, all that being said, there seems to be a concerted effort by certain US government agencies and others to crack Tor, but that hasn’t been completely accomplished…yet.

More on Tor

Realize, that Tor can’t provide 100 percent security. On paper, the Tor network is secure. But the typical Joe or Jane may unintentionally exit Tor using an “exit node,” and end up getting on a website or server that’s in the “open web.” If the visited site is not encrypted, Joe or Jane’s communications can be hijacked.

Tor is actually easy to set up. You can download packages for your operating system: Mac, Windows or GNU/Linux, and this includes the Tor Browser. The Covert Browser supports Tor for iOS and Android.

You may find, however, that your device may fight against installing Tor; the device thinks it’s malevolent and won’t accept the download. Keep trying. Have faith in the Tor code and download it.

The Tor experience is quite leisurely, slowing down what you can do in a given amount of time. It’s not going to get faster, either, as more and more people decide to use Tor. It’s slow because it directs traffic through multiple, random relay nodes prior to arriving at the destination node. So realize that you’ll be dealing with more of a turtle than a hare.

Tor blocks applications, too. If you want total anonymity, you should use the Tor software with the Tor Browser. But plugins will be blocked by the Tor Browser—because plugins can be used to see your IP address. This is why the Tor Project suggests not installing plugins. This means giving up YouTube and other sites while using Tor.

Be warned, Tor can get you undesired attention because the government is more suspicious of Tor users. This doesn’t mean the government will knock down your doors if you’re using Tor. It just means that Tor users may get the attention of the government more than typical Internet users.

As previously stated there’s evidence that government agencies, including the NSA, are trying to dismantle the Tor network, even though it delivers strong privacy protection to average Internet users.

If you want this level of anonymity, you’re going to have to get used to the fact that using Tor will change your online experiences (can you get by without YouTube?). The Tor Project says: “You need to change some of your habits, as some things won’t work exactly as you are used to.”

No matter whether on Tor or the open web, make sure if you are on free public WiFi that you are using Hotspot Shield to encrypt any wireless data.

Give Tor a try if privacy and anonymity are important enough for you to give up some of the features that make your online activities enjoyable, convenient and/or productive timewise.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cybersecurity Insurance still Requires Cybersecurity

OpenSSL vulnerabilities are sticking around for a while. In fact, recently two new ones were announced: One allows criminals to run an arbitrary code on a vulnerable computer/device, and the other allows man-in-the-middle attacks. A more famous openSSL vulnerability that made headlines earlier this year is the Heartbleed bug.

3DMight cybersecurity insurance be a viable solution?

As reported in SC Magazine, Yes, says Hunton & Williams LLP. Cybersecurity insurance fixes the problems that these vulnerabilities cause—that technology alone can’t always mitigate.

Hunton & Williams LLP reports that GameOver Zeus malware infiltrated half a million to a million computers, resulting in gargantuan losses to businesses and consumers. The firm says that antivirus software just isn’t enough to prevent mass infection. The fact is, advances in malicious code have rendered antivirus software frightfully weak, continues the firm..While not everyone agrees on this point, Hunton & Williams recommends a proactive approach which includes assessment of risk transfer methods, e.g., insurance.

Laurie Mercer, from the security consulting company Contest Information Security, also believes in cybersecurity insurance. Mercer uses cars as an analogy. A car must stick to safety standards. The car gets serviced every so often. But the car also has various buttons and whatnots inside that can alert the driver of a problem.

Likewise, with cybersecurity, products can be certified with commercial product assurance accreditation. A website can get a regular security audit every so often. And like the interior buttons of a car, a website can have a response strategy to a cyber incident or some kind of detection for an attack. However, the car should still be insured.

At a recent SC Congress London, Sarah Stephens from Aon EMEA pointed out that cyber insurance is rising in popularity. But Andrew Rose, a security analyst with Forrester, noted that many threats can be resolved with adequate plans in place.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Cyber Security Insurance Difficult for Business to Navigate

Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage.

4DLosses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online report. When it comes to a data breach, there are often related losses such as reputational damage and loss of customer loyalty that are harder to quantify.

Add to this the fact that underwriters don’t yet have sufficient data to estimate the likeliness or cost of an attack; most breaches get missed or aren’t reported publicly.

While an insurance company can tell you the precise odds of a major city office building burning down, nobody knows when the next giant retailer will be hacked. Statistics on hacking risks aren’t constant due to the continuous evolution of cyber crimes.

According to New York Times estimates, companies seeking coverage can only hope for, at best, a $300 million policy, peanuts compared to the billions devoted to property protection. Though this still sounds generous, the cost of a major breach can easily exceed it. Target’s situation is on course for just that, says the New York Times online article. The 2011 Sony breach has already exceeded $2 billion in fallout.

The best policies cover costs associated with alerting customers, plus forensics, call center setups, consumer identity monitoring, legal fees and a crisis management firm. But that may only dent the disaster. Policies don’t address loss in profits due to customers jumping ship. A policy can’t prevent a marred brand reputation. “Although a solid cyber policy will cover notification, crisis management expenses, defense costs, damages and the costs associated with regulatory action, it would not cover other, potentially much larger losses, such as reputational injury and loss of brand and market share,” says Roberta Anderson, an insurance coverage and cybersecurity attorney with the law firm of K&L Gates, LLP.  “Those losses are difficult to value and remain uninsurable in the market today.”

Expect the cyber insurance industry to continue swelling while cyber crime continues to remain several steps ahead of businesses and security systems.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Cyber Monday Launches Black Hat Shopping Season

Yup, the holidays are here. And I don’t know about y’all, but the last thing I plan on doing is walking into any store to buy anything. Other than to get food, most of my shopping is generally done online.

4WPeople always ask me, “Aren’t you concerned your identity will be stolen? Don’t you worry about always giving out your credit card over the internet?” And I say nope. Not worried. Don’t care. Never have been. And neither should you. Seriously.

BUT! You still have to do something first to make sure that, to a certain degree, you will not end up a victim of fraud. And there are things you should do after you hand over your account information to monitor your accounts.

But no, you shouldn’t worry. Just do this:

Secure your devices: No matter what device or operating system you use, your data is only as secure as its hardware and software. That means updating everything and locking everything up, too.

Operating system: Each device’s manufacturer provides frequent software updates with critical security patches designed to patch any vulnerabilities that were discovered by researchers or criminal hackers. Set critical security patches to update automatically.

Browser: Your browser needs to be updated to its latest version for the same reason an operating system does. Only enter credit card numbers in sites that have HTTPS in the address bar. That means there’s encryption on that page.

Wireless: Always use an encrypted wireless connection using, at a minimum, WPA or WPA2 encryption. Otherwise, use a virtual private network software like one from Hotspot Shield VPN.

Websites: Only buy from legitimate websites that you already use for shopping—sites like Amazon and eBay that you know are relatively safe. Once you stray too far off the ranch, you risk your device being infected, plus orders you place may never arrive and your credit card numbers risk being used without your authorization.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Role Of The CIO: What’s Really at Stake

The Chief Information Officer (CIO) has become as important as the CEO. It’s a pivotal position that often can make or break the success of a corporation. As criminal hackers have launched various campaigns against numerous organizations, the CIO has become much more than an information officer. They are the guardian of corporate secrets, instrument of progress and the pulse of all communications and connectivity.

Securitymanagement.com recently reported the global cybersecurity market is expected to reach $120.1 billion by 2017. This is nearly twice its current size of $63.7 billion, according to a report by MarketsandMarkets, a Dallas-based research and consulting firm. The increase would represent an annual compound growth rate of 11.3 percent from 2012 to 2017.

Cyberspace is becoming an ever-important part of people’s lives. It’s also powered by a gamut of devices and applications that have made it vulnerable to threats from people and groups including students, spies, hackers, propagandists, and terrorists. Cybersecurity is also becoming an important aspect of the military realm. This has helped make battles “fought in cyberspace as imperative as battles occurring on the ground.”

As a result, as reported by CIO magazine,“the IT leader will still be the nucleus of any company, working closely with business executives and strategizing about future technology directions, leading a staff of highly trained professionals and championing streamlined technical operations. The position will still require a mix of analytical foresight and management prowess over the next decade.”

Going forward the role of the CIO will be critical not only to the organization, but to the public who does business with it and the governments who rely on it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Google Ordered to Name Cyberstalker

Stalking is about domination. It is one or more persons continually making efforts to control another person’s life and thoughts by paying unwanted attention. Stalking is when someone contacts you when you repeatedly request that they do not. They watch, follow, call, email, text, fax or continually send mail to you after you request they do not. Stalking is psychological terror. Celebrities and everyday people are potential victims of the stalker.

Stalkers become obsessive investigators, interrogators, intimidators and terrorists. Some stalking statistics report almost a million and a half people are being stalked by an ex-boyfriend, ex-girlfriend, ex-husband, ex-wife, estranged husband, estranged wife, secret admirer, or an infatuated mentally unstable individual.

Stalkers make you a prisoner in your own life. They make it known that they know where you have been, whom you have spoken to, what you have done and where you are going next. They insist that they cannot live without you and you cannot live without them.

With today’s technology, stalking has never been easier to stalk and it’s never been easier for stalkers to hide.

Until now.

Information week reports “A New York judge has ordered Google to reveal the identity of a cyberstalker who has anonymously posted video and messages on the Internet. The videos included sexual slurs and damaging information that could affect the woman’s reputation and career.

She was quoted saying “I don’t care about being called names. It was a safety issue. The Internet cannot become a safe haven for harassers and stalkers.”

And how right she is.

Cyberstalking is going away, but finally government and corporations are now thinking progressively and considering victims of these crimes and acting on their behalf accordingly.

Tips:

Set up Google alerts to keep you in tune to any postings of your name.

If something comes up that is in any way threatening report it to the police and develop a paper trail.

Every internet site has some form of “contact us” page that you can submit your concerns too.

If you do not get any response have a lawyer send a letter.

Dogs: this is also a good time to get a vicious dog. With little research a fully-grown Doberman, Pit-bull, German shepherd, Rottweiler or any other dog trained to kill can be a lifesaver. There are many outfits that will rent you a guard dog while you are in jeopardy.

Make sure you notify friends, family, neighbors, co-workers and local businesses who you are a customer of and acquainted with what your situation is and show photos of the stalker. Your circle of relationships might be a significant factor in staying safe.

Self Defense: knowing how to disable an attacker armed or unarmed should be a staple of everyday living. When you are being stalked you are essentially at war and need to understand the fundamentals of armed and unarmed combat. Once you have the tools to debilitate another human being, that’s when you decide if carrying a weapon is appropriate.

Home Security: if there was ever a time to install an alarm, it is when you are being stalked. Make sure it is monitored by local law enforcement and keep it on while you are home during the day and when you sleep at night. Wireless alarms can be installed quickly and there are no phone lines to cut.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.