What is a Mobile Botnet?

/in /by

The word botnet is short for robot network, a group of internet-connected computers that have been infected by a malicious application. The malware allows a hacker to control the infected computers without alerting the computers’ owners. Since the infected computers are controlled remotely, they are known as bots, robots or zombies.

When a virus recruits an infected computer and converts it into a botnet, a criminal hacker is able to remotely control that computer, install other malware and access all the data on that computer. For example, the so-called Zeus botnet malware can collect your banking and login credentials and use them to impersonate you or take money from your account.

Mobile botnets give criminals some advantages over PC-based botnets. First, the devices attach to many different networks, including business networks, making them a good carrier for infecting other devices. Second, the devices can be controlled using text messages, which are small, efficient and always get delivered.

McAfee Labs points out:

Due to their wide choice of hardware, botnets can initiate more types of attacks (voice, video, GPS) and serve as launch pads for infections of other computers via any connection (PC, WiFi, Bluetooth, SD card, USB, etc.).

Keep your device from becoming part of a mobile botnet:

  • Use antimalware, antivirus and antispyware on your mobile device.
  • Often, botnets’ malware comes as part of an app, so only install apps from reputable app stores.
  • Keep an eye on your monthly bill. If you start unexpectedly seeing a spike up in text messages received or data charges, call your carrier to investigate.
  • Install Hotspot Shield VPN. Hotspot Shield VPN is a versatile internet security and privacy solution. In addition to protecting you from dangerous online threats, it also protects your privacy and enables you to access any blocked websites and content.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

How the Government (and Bad Guys) Intercept Electronic Data

/in /by

The news of the NSA spying using PRISM should not come as a surprise to anyone in the intelligence community. Electronic spying is as normal as breathing. And when a 27-year-old American traitor with little life experience (he was 15 when 9/11 hit) blows the lid off of a current spy program, it’s time to define why and what needs protecting.

  • PRISM: This is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. Much of the information collected by PRISM is done via warranted tapping into servers here in the U.S. that route lots of data overseas. Its purpose is to discover “chatter” and prevent manmade disasters.
  • ECHELON: ECHELON is a name used in global media and popular culture to describe a signals intelligence (SIGINT) collection and analysis network created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s. The ability to intercept communications depends on the medium used, be it radio, satellite, microwave, cellular or fiber optic.
  • Cell site simulators: Slate.com reports this “equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design, Stingrays, sometimes called ‘IMSI catchers,’ collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service.”
  • Remote-access Trojans: A remote-access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program—such as a game—or sent as an email attachment.

These are just a few of the ways data is collected/gathered/stolen. So should you be worried? If you are up to no good, yes. If you have personal information on your devices that can be used to steal your identity, yes.

However, I’m personally not concerned about data being collected by my government. I’m well aware of what I’m electronically communicating and nothing incriminates me. But what does worry me is when bad guys get hold of data via RATs and use it to take over accounts or open new accounts. Using antivirus, antispyware and a firewall is your best defense.

We can’t do much to protect ourselves from government surveillance other than simply not communicating digitally or using less popular search engines, social sites and email programs. But there are tools such as TOR and Hotspot Shield VPN that mask IP addresses and can be used to anonymize communications.

If you want to seriously hide, then using anonymizers to create accounts and then continuously communicate using them is the most effective way to go.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Securing Your Mobile in Public Places

/in /by

What would cause you more grief: your wallet being lost or stolen, or your mobile phone? I’ve read studies that showed that more people would be at a loss without their mobile device. This makes sense for a number of reasons. Your wallet itself might cost 20 bucks and the cards and IDs are free to under $50 to replace. If you have cash, well, that’s a direct loss.

But a mobile phone can cost as much as of $800 and has all your contacts and, in many cases, personal information and access to all your critical accounts such as banking and social media.

Bad guys are everywhere, and they are targeting your mobile devices to turn the information on them into cash and resell the hardware to the highest bidder.

Keep your device close

Criminals look for devices sitting on counters and tables in coffee shops, on park benches, on car consoles, sticking out of a pocket or purse, and they even steal them right from your hands as the phone is to your ear. Keep your mobile as discreet as possible and use an earbud when talking.

Lock it down with a password

Its simply irresponsible for anyone to not password protect his or her mobile devices. Thousands of devices are lost or stolen every day, and if the device isn’t password protected, then all the contacts, information and open apps can be taken over.

Use lock/locate/wipe software

Some operating systems come with software that, when the device is lost or stolen, the user can remotely lock the device, locate it with GPS and even wipe the data. There are also third-party programs that do the same thing and are often bundled with antivirus.

Install mobile security software

There was a day when PCs didn’t need antivirus; now there are millions of viruses targeting PCs. Mobile devices didn’t need antivirus either, but today there are thousands of viruses targeting mobiles.

Use a private VPN

Logging into public WiFi without any encryption puts all your information at risk. Install a wireless VPN such as Hotspot Shield. Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection on both your home internet network and on public internet networks (both wired and wireless). Hotspot Shield’s internet security solution protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

What is Mobile Banking? Is it Safe?

/in /by

Mobile banking (mBanking) or text (SMS) banking refers to online banking that occurs via mobile phone rather than via a PC (online banking). The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and the Apple iOS and Google Android operating systems, mobile banking is now primarily offered through applications as opposed to through text messages or even a mobile browser.

Mobile banking allows you to review transactions, transfer funds, pay bills and check account balances via your mobile device. MBanking also offers enhanced security with SMS transaction notifications and the ability to turn card accounts on or off; the development of new technologies like mobile check deposit (where you simply take a picture of the check using your smartphone’s built-in camera) is contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace automated teller machines (ATMs) and credit cards.

However, studies show that many Americans are still uncomfortable with mobile banking, citing security as a top concern. According to Javelin Strategy and Research, “Between 2009 and 2010, the number of consumers who rated mobile banking as ‘unsafe’ or ‘very unsafe’ increased by a shocking 54 percent.”

While banks are working to do their part, users have to take additional steps to make sure their mobile data is protected. Here are some tips for mobile bankers of all ages to help keep you safe while banking on the go:

  • Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site.
  • Connect to your bank’s mobile site or app securely by making sure that your wireless network is secure.
  • Never send sensitive information over an unsecured wireless network, such as in a hotel or cafe. Use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. My favorite, Hotspot Shield VPN software, has been downloaded over 120million times.
  • If available, use additional layers of authentication in which the account holder authorizes various transactions via text message or phone calls with the bank to give an additional code.
  • Configure your device to auto-lock after a short period of nonuse.
  • Don’t store data you can’t afford to lose on an insecure device.
  • Use mobile security protection that offers multiple layers of protection including anti-theft, antivirus, antispyware, anti-phishing and app protection.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How Secure is My Mobile Carrier’s Network?

/in /by

The National Security Agency (NSA) prescribes security regulations covering operating practices, including the transmission, handling and distribution of signals intelligence (internet, phone, etc.) and communications security material under control of the NSA’s director. The NSA acts as the national manager for national security and answers to the secretary of defense and the director of national intelligence.

The NSA uses the Android operating system with double encryption for voice communications and a unique routing scheme for 3G wireless communications. You’ve got to figure that if their people are communicating with the president of the United States, then they need to be on a secure, protected network. But you, on the other hand, aren’t the NSA and don’t really need that.

While there is no such thing as 100 percent secure, your mobile carrier’s wireless is pretty much as secure as it can be due to the way it is setup, and the security technology is built into the way the network communicates with the hardware in your mobile device. There are numerous encryption methods, keys and authentication tools designed to identify each user and provide a secure channel of communication.

Mobile broadband (your carrier’s network, which you use to send and receive data over 3G/4G) has a degree of encryption that has been cracked before—hence the reason why the NSA uses double encryption—but the necessary hardware isn’t widely available to criminals. Researchers have demonstrated how the system can be hacked, but it’s still more secure than other options—particularly WiFi, which is unsecured.

Standalone, unprotected WiFi is far from NSA-grade secure and requires additional encryption for anyone at any level to be protected. On WiFi, at a minimum, use a secure virtual private network (VPN) such as the free Hotspot Shield VPN proxy that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

 

Avoid Risky Web Searching on a Mobile Device

/in /by

The mobile web can be a minefield of malicious links luring you to click so bad guys can infect your device. Search engines do their best to filter out these sites, but nefarious criminals have found ways to get their scammy pages to the top of search results through a process called black hat search engine optimization.

Criminals create fake websites and then use the same techniques as legitimate online businesses do regarding search engine optimization, marketing and online advertising. They use keywords to boost rankings on internet search engines, causing their fake websites to appear alongside legitimate ones.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers especially often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full sender’s email address; this makes it hard for you to know whether it’s coming from a fake person or company. Finally, the “hover over” option that many of us use to preview URLs on computers doesn’t work yet on most touch screen mobile devices.

Wireless internet also contributes to risky web searching. Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over WiFi in your home, office or any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured—such as public ones—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Teen Dies Fighting Off iPad Thief

/in /by

There is nothing that I have, other than family members that I would risk my life for. Whether it is jewelry, money, a wallet, bag or expensive electronic item, I’m simply not going to offer resistance if some whacked-out mentally ill person wants to take it from me. The fact is, I’m too pretty to have a box cutter slashed across my face in exchange for any material item.

Although it’s a normal reaction to fight for what’s right (and what’s yours), it’s not necessarily the right decision when you fight over material items. I think we learn this as kids when we tussle with a sibling over toys. As we grow older, we become territorial when it comes to things like standing in line, driving and even land disputes.

But dying over a $400iPad simply ain’t worth it.

The Las Vegas Sun reports, “A teenager died after a man grabbed an iPad out of his hands and fled in an SUV that ran over the boy as he struggled to hold onto the tablet.”

Investigators determined the boy was walking with the iPad when a white vehicle stopped and a man exited the passenger side of the vehicle. The man attempted to steal the iPad and started to drag the teen, who was trying to hold onto the device, to the vehicle. Facing resistance, the suspect got back into the SUV with the teen still grasping at the tablet, but the vehicle then fled and the boy fell and was struck by the SUV.

Think about it like this:

About 12,000 laptops are lost each week in US airports alone, and 113 cell phones are lost or stolen every minute in the U.S. Now imagine if everyone was fighting over every device. Mind blowing, isn’t it? Instead of fighting over this replaceable item, simply:

#1 Let it go. It’s not worth fighting over.

#2 Activate a lost/locate/lock/wipe software that helps you recover, lock or wipe the data.

#3 Call the police and be happy you are OK.

#4 See if your homeowners insurance will cover lost or stolen devices.

#5 Make sure all your devices are password protected. Do it today. This way, the chances of your data being exposed are reduced.

Better to lose your device—even lose your data—than your life.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 Million Mobile VPN Users Can’t Be Wrong

/in /by

A virtual private network (VPN) is a network set up to communicate privately over a public network. For example: You occasionally want to or need to work from home and your employer knows that if you do, the data that travels between your PC and an office PC needs to be protected. Another example is when you use public WiFi, knowing your wireless data can be sniffed out by criminals. Using a VPN solves that problem.

Hotspot Shield VPN service is a great option that protects your entire web surfing session, securing your connection on both your home internet network and public internet networks (both wired and wireless). Hotspot Shield’s free proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol. Further, Hotspot Shield encrypts all mobile data, protecting the user’s identity. Finally, the mobile version of the app compresses bandwidth, allowing users to download up to twice as much content at the same cost. Since its launch in May 2012, users have saved 102.9 million MB!

While it bears noting that the 10 million downloads milestone was achieved roughly twice as fast on mobile as with the desktop product, which was first released in 2008, Hotspot Shield continues to rack up impressive numbers on non-mobile platforms too. In the past 12 months, the service has protected more than 50 billion pages.

What Hotspot Shield does:

Security: Encrypts users’ entire web sessions, turning all HTTP sites into HTTP(S) and making the entire web as secure as major banking sites—protecting users in unsecured WiFi networks and blocking malware in the cloud.

Privacy: Protects users’ identity from unwanted tracking and masks their IP addresses.

Access: Establishes a secure tunnel between a user’s computer or mobile device and the internet, allowing users to gain secure uncensored access to all internet content.

Bandwidth compression: Compresses all traffic on the server side before sending it to a user’s phone, allowing users to stretch their data plans.

Hotspot Shield is available for PC, Mac, iOS and Android. Once installed, Hotspot Shield will run in the background, protecting all applications, email and web browsing.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

6 Tips for the Family PC Fixer

/in /by

Are you your family CFE? (In other words, Chief Fix Everything?)If it needs repair, do they come to you? That’s me. If it’s wood, metal or plastic, I can cut it, glue it, screw it or weld it. If it’s electrical or electronic, I’ve already broken it and now I know how to fix it. Everyone’s day job spills into personal time, like it or not. Professional cleaners clean their own homes and sometimes those of their family members. Computer technicians fix all the families PCs. Nurses are the family health practitioners. My day job is to talk about IT and some of the security around it.

I used to get pretty frequent requests to fix family PCs, which meant I’d usually have to get into my vehicle at an inopportune time and commence repairs on a device that should probably have been tossed years ago. But today, I’ve solved lots of those problems by doing a few key things to keep the upkeep down.

#1 Make everyone upgrade: Tell them no more repairing of old WinXP machines. Either upgrade to Win8 or get a Mac.

#2 Set up admin rights: Only those qualified should be able to install software. Often that means only the CFE.

#3 Set up a remote access network: Remote access software allows you to stay home to access your family members’ PCs. Whether you’re a road warrior or simply own multiple PCs or are the family fixer or just want access to all your data from anywhere, there are a few easy ways to do it. A quick search on “remote access” pulls up numerous options.

#4 Set automatic updates: Software often lets you know it needs updating. Sometimes it’s monthly; often, it’s less frequent. But by setting software to auto download and update, you reduce popups that often confuse your family members.

#5 Schedule four- to six-month reviews: By logging in at least quarterly, you can clean out any bloat, fix whatever’s broken and update whatever software licenses need attention.

#6 Install security: You need all the fundamentals, such as antivirus and a firewall, but an often overlooked security tool is a personal VPN that protects wired and wireless communications from data sniffers. Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection at both your home internet network and on public internet networks (both wired and wireless). Hotspot Shield’s free proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How Mobiles Have Become a Big Target for Corporate Networks

/in /by

Mobile was born with the consumer market in mind. As mobile has developed for consumer use over the past 20-something years, security hasn’t been much of a priority. Now, with a variety of different operating systems and millions of applications, security on mobiles has become a significant problem—especially in a corporate setting. Criminals know that by targeting an employee’s wireless device, they have a good chance of getting onto the corporate network.

The LastWatchdog.com reports, “New research…shows that an estimated one million high-risk Android applications will get introduced into corporate networks this year. Another recent study analyzed two million currently available Android apps, from both third parties and the Google Play store, classifying 293,091 as outright malicious and an additional 150,203 as high risk. When you factor in iOS, Windows Mobile, BlackBerry and…other mobile platforms, the IT landscape is no longer centered on securing an exclusively Windows-based ecosystem.”

Protect yourself (and your employer) by refraining from clicking links in text messages, emails or unfamiliar webpages displayed on your phone’s browser. Set your mobile phone to lock automatically and unlock only when you enter a PIN. Consider investing in a service that locates a lost phone, locks it and, if necessary, wipes the data as well as restores that data on a new phone. Keep your phone’s operating system updated with the latest patches and invest in antivirus protection for your phone.

Use a free VPN service such as Hotspot Shield VPN, to protect your entire web surfing session. Hotspot Shield secures your connection, no matter what kind of wireless you are using—whether you’re at home or in public, on wired or wireless internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. It also offers an iPhone and Android version.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.