Posts

A look into Cyber Weapons of the Future

Remember the good ‘ol days when you thought of a finger pushing a button that launched a Russian missile that then sped at seven miles per second towards the U.S. to blow it up?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Little did we know back then what would one day be a way for the Superpowers to war on each other: cyber technology!

A new book is out called Ghost Fleet: A Novel of the Next World War, written by Peter W. Singer and August Cole. WWIII certainly won’t be wrought with speeding missiles and hand-to-hand combat in the trenches—at least not the bulk of it.

An article on vice.com notes that the Third World War will take place in cyberspace (in addition to land, sea and air).

Vice.com contacted Singer about his novel. One of the villains is China, even though much of the attention has been on the Middle East and so-called terrorist attacks by radical Muslims.

To write the novel, the authors met with a wide assortment of people who, if WWIII were to come about, would likely be involved. This includes Chinese generals, anonymous hackers and fighter pilots. This gives the story authenticity, realism…a foreshadowing.

Singer explains that his novel is so realistic that it’s already influencing Pentagon officials in their tactics.

The Third World War will probably not require so much the ability to do pull-ups, slither under barbed wire and rappel down buildings, but the mastering of cyberspace and outer space: It’s likely that the winner of this war will be king beyond land, sea and air: lord over the digital world and the blackness beyond our planet’s atmosphere.

Projected Weapons of WWIII

  • A kite-shaped Chinese drone, massive enough to take out stealth planes and ships
  • Drones that, from high altitude, could get an instant genetic readout of an individual
  • Smart rings that replace computer mouses
  • Brain-machine interfaces. This already exists in the form of paralyzed people using their thoughts (hooked up to a computer) to move a limb (their own or robotic). This technology has applications in torturing the enemy.

That old saying, “What the mind can conceive and believe, can be achieved,” seems to be becoming more truer by the second. Imagine being able to wipe out the enemy by plugging your thoughts into a computer and imagining them having heart attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

A Quarter of all Underage Kids Will Meet with Complete Strangers

According to a new Intel Security study, more than 2,000 American parents and kids ages 8-16 were surveyed to unveil some interesting things.12D

  • 79% of the juvenile respondents learned online safety from their parents.
  • 35% of them said they’ve been a cyberbully.
  • 27% of them said they have met, or would meet, a person in real life who they initially met online.

Technology is often blamed for all of this. But what drives these behaviors is the same force that drives the schoolyard bully to trip the bookworm and steal his lunch, or the lonely girl to get into a stranger’s car after school: parenting!

Parents need to get more involved and bone-up on their cyber smarts! Because, according to our kids, 79% of them learn online safety from you —the parent

  • Your kids want a social media account? Great—you get to have their password in exchange. Leave no other deal on the table.
  • Did you know it’s legal for parents to use monitoring software on their kids’ devices? Monitoring isn’t a break in trust. It’s simply an exercise in smart parenting.
  • Parents think because they are on Facebook with their kids, that they are “informed” about their kids’ activities. Facebook is like going out to dinner with a tween. They tolerate it, but are embarrassed by you. And while they behave in public, they may not be so well-behaved when unsupervised.
  • Apps such as Kik, Snapchat, Instagram and many others are potential platforms where risky business can take place. And these are some of the sites parents are less familiar with. Which is why you should be there.
  • Discuss with your kids the sites you do not want them visiting —including “pro-ana” sites that give tips on how to waste down to skin and bones, and other sites that give advice on how to cheat on tests. If you’re not familiar with these sites, search for them.
  • Tell them they should never reveal their password to a friend any more than they would give that friend the key to their diary (if they had a diary, of course).
  • Reinforce with your kids that anything they post online will outlive the galaxy. Digital is forever.
  • Make sure your kids are made to feel at ease approaching you about online worries or concerns. Never make them feel they’ll be judged, criticized or blown off over any questions or comments. Don’t set yourself up to be a “Why didn’t she come to ME about this?” type of parent.
  • Cover your bases: Educate your kids about common hacking scams, install parental control software and make sure your entire family’s devices have security software installed and that it’s always updated.

Digital lives are no different than physical lives and need to be treated with the same care and concern. While parents may think they have a handle on their kids’ online lives, they probably don’t. It takes a bit of denial to function as a parent because if a parent actually thought through all the horrors a kid can get into, they’d cease to function. As a result, some parents go the complete other direction and fool themselves into thinking everything’s just peachy.

Understand this: It’s not the same today as when we were kids. We know this. But the big difference is when kids fall today, they fall harder and it’s on a national and sometimes international scale that can impact the whole family.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

3 More Ways Criminals use influence to steal

Criminals use six basic principles to influence and steal. In the first post we discussed:

  • Reciprocation: Do something nice for a person and they will feel obligated to return the favor.
  • Social Proof: This is the “It’s okay if everyone else does it” approach.
  • Commitment and Consistency: Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through.

11DRobert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. In this post we will discuss 3 more principles of influences that tie it all together and make scammers experts at their craft.

Liking

  • If someone likes you they will more likely comply with you. Get more bees with honey as they say. We do business with those we know, like, and trust. When you see others rate a product high, you are more likely to buy it.
  • The liking could even result from noticing that you have a similar hairstyle or body mannerisms. This is why salespeople are taught to mimic the vocal patterns of their prospects.
  • A similar name, knowing the same people, finding common ground, a similar physical appearance, is all comforting.
  • Scammers do everything they can to appear as a likable trusted source. The scam email looks exactly like your bank because you must like your bank if you trust them with your money, so you click the link. This new person friends you on social and you see they are connected to 25 of your others friends and colleagues. They must be OK right? No.

Authority

  • Coming off with some authority increases one’s ability to influence people. This is why salespeople are taught to speak with downward inflections.
  • To seem more authoritative, wear dark clothing. Police officers and security guards dress in black or dark blue. So do ministers, judges and karate instructors. Attorneys in court, especially during closing arguments, usually wear dark. Imagine a cop in pink. Or SWAT in lavender.
  • But authority can also be white (doctor’s lab coat, nurse’s uniform). The bottom line is that when people perceive authority, they tend to comply.
  • This concept greatly pertains to social aggression: A man harassing a woman will usually back off if she suddenly squares up her shoulders, stares hard at him and speaks in a deep, primal voice, “Get out of my way, or else!” Dog are more effectively trained when the trainer uses a deeper voice.
  • Scammers pose as the government, law enforcement, the IRS, bill collectors, the security department from your credit card company, HR, accounting and more. Anytime an authoritive figure contacts you, be suspect.

Scarcity

  • Scarcity of an item makes it more appealing. Antique cars and rare old coins are worth more because there are few of them and a lot of people who want them.
  • This concept is used by marketers all the time. Ever hear “will soon be discontinued”? You suddenly buy a dozen of the product, even though you’ve hardly purchased it before. Ever hear “limited offer” and “but if you act now…”?
  • When there is a big storm/hurricane coming, people clear the shelves at the supermarket in fear they will not eat or drink.
  • Scammers understand scarcity is also associated with loss. They use the same principle when they tell you in a pop up if you don’t fix this, or in an email if you don’t act now, or over the phone if you don’t give up your username and password all your data/money etc will be gone, you won’t get paid next week etc. It’s limitless how they use scarcity.

I’ve said this before. Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cyberbullying: Its Uniqueness & Prevention

Unfortunately, cyberbullying is prevalent, and a growing threat in today’s always-connected world. Cyberbullying refers to bullying done via computers, or similar technologies, such as cell phones. This kind of bullying usually includes mean or threatening comments, or public posts through texts, emails, voice mails, social media posts, all intended to embarrass the victim.

11DCyberbullying can happen to both adults and kids, but since it’s so common among youths, it’s good to know how to help your children deal with the problem.

One important idea to keep in mind is that unlike the kind of face-to-face bullying that many of us witnessed in school years ago, cyberbullying doesn’t end when the bully is out of sight.

These days, a bully can virtually follow his or her victim everywhere using technology. The bullying can take place without the victim’s immediate awareness, and because of the broad reach of social media, the audience is often much larger than at the school yard.

Since it can be difficult to get a cyberbully to stop their harassment, your best bet is to teach your kids safe online habits to try to prevent a bullying situation in the first place.

Cyberbullying Prevention Tips:

  • Let your kids know that you will be monitoring their online activities using parental control software. Explain how it works and how it can benefit everyone. This policy should be well-established long before your kids get their own cell phone and computer.
  • Make a point of discussing cyberbullying with your kids, and help them understand exactly what it is and how it happens. These discussions should take place before kids get their devices.
  • Set a condition before a child gets his or her very own smartphone and computer they must give their passwords to you. You can, of course, reassure them that you won’t use the passwords unless there’s a crisis.
  • Another condition for device ownership is that your kids will sit through instruction on smart online habits, and most importantly, they should understand that once you post something in cyberspace, it’s there forever.
  • Once your kids get their devices, role-play with them. This gives you a chance to play the part of a bully, and teach your kids appropriate responses.
  • Warn your kids not to freely give out their cell phone number and email address, and tell them that they should never reveal their passwords, even to close friends.
  • Stay aware of your children’s online activities and reassure them that they will never get in trouble if they report cyberbullying to you.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How Employers or Parents Spy

Disgruntled employees act out in lots of ways. A guy I knew who hated his boss “played” on his work computer all day. The computer was strictly for constructing company graphics. But he installed all kinds of games and wasted lots of time. His boss never knew he blew off half the day.

2WCompany computers are obviously company owned, making it legally possible for your boss to spy on you. Employers can also figure out whom you’re speaking to on your company owned or sanctioned phone and for how long—with phone monitoring software—They can also see contacts, emails, texts, media and more. All legally.

An article on forbes.com notes that some companies sell and advertise such software in a sensational way (“Find Out WHO Is Making Up Normal Personal Calls”)—software that can automatically send e-mail alerts about phone calls made by employees. These include details such as frequency and with whom.

The forbes.com article then mentions another such company, that sells spyware for cell phones and tablets that’s “100% invisible and undetectable.” They usually call it monitoring, not spying, and point out that businesses have a right to monitor to “control their business.” And, frankly, they do.

However, most of these programs are geared towards and used by parents and spouses (spouses concerned with cheating) and parents, what with kids developing all kinds of psychological disorders with the help of cyberbullying.

And again, company monitoring is legal if this activity is in the employer’s contract. The monitoring must have a business-related reason. There’s a difference between “spying” or tracking an employee’s use of the company phone during times that employee is supposed to be working, and spying on his conversations with his ex-wife over the custody fight of their kids while he’s on lunch break.

Businesses need to strike the right balance so that employees don’t feel that their trust has been violated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

3 Ways We are Tricked into Cyber Attacks

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

9Drecent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

  1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
    1. Do not click on links inside emails, regardless of the sender.
    2. Never open an attachment or download files from senders you don’t know or only know a little.
    3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
  2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
    1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
    2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
    3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
  3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
    1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
    2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
    3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Protect Yourself from Online Fraud

Yes, it’s possible: preventing fraudsters from getting you via online trickery and other stealthy actions. Yes, it’s possible to be thinking one step ahead of cyber criminals. Let’s begin with e-mails—the conduit through which so many cyber crimes like ID theft occur. 9D

  • Imagine snail-mailing vital information like your SSN, bank account number, a duplicate of your driver’s license and your credit card number. At some point in the delivery process, someone opens the letter and see the contents. Electronic messages are not entirely private. Recognize this risk before sending knowing that in transmission there is a chance your information can be seen. Sometimes the telephone is a better option.
  • Ignore sensationalistic offers in your in-box like some ridiculously low price on the same kind of prescription drug you pay out of pocket for; it’s likely a scam.
  • Ever get an e-mail from a familiar sender, and all that’s in it is a link? Don’t click on it; it may trigger a viral attack. As for the sender, it’s a crook compromised your friends email and who figured out a way to make it look like the e-mail is from someone you know.
  • In line with the above, never open an attachment from an unfamiliar sender; otherwise you may let in a virus.
  • If someone you know sends you an unexpected attachment, e-mail or call that person for verification before opening it.
  • Enable your e-mail’s filtering software to help weed out malicious e-mails.
  • Ignore e-mails asking for “verification” of account information. Duh.

Passwords

  • Don’t put your passwords on stickies and then tape them to your computer.
  • Do a password inventory and make sure all of them contain a mix of letters, numbers and characters, even if this means you must replace all of them. They also should not include actual words or names. Bad password: 789Jeff; good password: 0$8huQP#. Resist the temptation to use a pet’s name or hobby in your password.
  • Every one of your accounts gets a different password and change them often.

General

  • Make sure your computer and smartphone are protected with antivirus/anti-malware and a firewall. And keep these updated!
  • Your Wi-Fi router has a default password; change it because cyber thieves know what they are.
  • When purchasing online, patronize only well-established merchants.
  • Try to limit online transactions to only sites that have an “https” rather than “http.” A secure site also has a padlock icon before the https.
  • Make sure you never make a typo when typing into the URL; some con artists have created phony sites that reflect typos, and once you’re on and begin entering your account information, a crook will have it in his hands.
  • Access your financial or medical accounts only on your computer, never a public one.
  • Ignore e-mails or pop-ups that ask for account or personal information.
  • When you’re done using a financial site, log out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Latest Russian Cyber Attack on White House a Boon for CISA

The Russians have come…again—in the form of hackers. Not long ago Russian cyber criminals busted into the U.S.’s State Department system and mangled it for months.

1DThis time, they got into a computer system at the White House. Luckily, this system did not hold any classified information, but nevertheless, the hackers got ahold of President Obama’s private itinerary. So it just goes to show you just what hackers a world away can do.

This isn’t the first time that the White House has been hacked into. Remember the attacks that were allegedly committed by the Chinese? These, too, did not involve sensitive information, but the scary thing is that these cyber invasions show how easy it is for other countries to bang into the computer systems of the No. 1. Superpower.

So President Obama’s personal schedule got hacked, and in the past, some White House employee e-mails got hacked. What next—top secret plans involving weaponry?

What the Russians may do next is of grave concern to the FBI. Perhaps the Russians are just teasing us with this latest break-in, and the next hacking incident will really rattle things.

Ironically, Obama had recently signed an executive order in the name of stomping down on cyber crime. Well, someone didn’t stomp hard enough, and the Russians, Chinese and everyone else knows it.

Obama’s efforts involve CISA: Cybersecurity Information Sharing Act. The Act would mandate that there’d be greater communication between the government, businesses and the private sector relating to possible cyber threats.

CISA is not well-received by everyone because it involves what some believe to be a compromise in privacy. This latest attack on the White House, say CISA critics, might encourage lawmakers to hastily pass the Act without first building into it some features that would protect the privacy of the private sector.

The chief concern, or at least one of the leading ones, of CISA opponents or skeptics is that of the government gaining access to Joe’s or Jane’s personal information. And why would the government want to get our private information? For surveillance purposes—that harken back to the efforts to increase cyber protection and prevent more hacking episodes.

The bottom line is that this latest attack by the Russians will surely add a few more logs to the fire in that lawmakers will feel more pressure than ever to strongly consider passing CISA.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Fear of Fraud trumps Terrorism

Okay, what’s more likely? Getting bombed … or some punk racking up charges on your credit card?

11DThe yearly Crime Poll says that two-thirds of the respondents were edgy about data breaches involving their credit cards, as well as their computer and smartphones getting hacked—far more so than being robbed or taken hostage.

It’s easier to thwart a mugger or burglar than it is to thwart cybercrime. Just because you never click links inside e-mail messages doesn’t mean a cybercriminal won’t still figure out a way to nab you.

Interestingly, many people who’ve been digitally victimized don’t even bother filing a police report, says the survey. But a much higher percentage of burglary and mugging victims will.

Maybe that’s because 1) They know it will be easier to catch the thug, and 2) It’s way more personal when a masked man jumps you on the street and hits you with a brick, versus some phantom from cyberspace whose body you never see, voice you never hear, hands you never feel—even though they drain your bank account dry.

But which would you rather have? An ER visit with a concussion and broken nose from the mugger, or a hacked credit card? The Fair Credit Billing Act allows you to dispute unauthorized charges on your card statement and get other things straightened out. And until you pay the whopping bill, your account isn’t robbed.But if someone hacks into your debit card, they can wipe out your checking account in a flash.

The good news is that often, cyberthieves test the waters of the stolen data by making initially small purchases…kind of like a would-be mugger feeling out a potential victim by initially asking her for the time or “accidentally” bumping into her.

A credit card can have varying levels of alerts that can notify the holder of suspicious activity. An example is a charge over $1,000 nets a text message to the holder about this. However, if you set a much lower threshold, you’ll know sooner that the data or card was stolen. Don’t wait till the thief makes a huge charge to be alerted. The lower that threshold, the sooner the card company will contact you and then initiate mitigation.

You know how to prepare for a mugger (pepper spray, self-defense lessons, etc.), but how do you protect your credit and debit cards?

  • Check your credit card statements thoroughly.
  • Don’t put off contacting the company over a suspicious charge.
  • All of your devices should require a password to log on.
  • Use encryption for all of your devices.
  • Always use your bank’s ATM, never a public kiosk.
  • Never let an employee take your card out of your sight.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

It’s Beginning to Look a Lot Like the Holiday Shopping Season

The holiday season is in full force. Not only is it time to bring out the tinsel while jamming out to holiday music, it’s also time to buckle down on your holiday shopping. Have you made your holiday shopping list yet? Luckily, in the U.S., the biggest shopping days of the year are coming up meaning lots of shopping deals at stores on and offline to help you complete your holiday shopping list.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294There are people out there who are really gung-ho about Black Friday—camping outside a department store the night before and fighting the masses for the half-price widescreen tv. That’s not really my style; I’m more of a Cyber Monday kind of guy. I just fire up my computer or tablet and start clicking and then boxes magically arrive at my house…well maybe not magically.

Online shopping is convenient for the holiday shopper. No lines, no braving the sometimes nasty winter weather, no crowds—you can buy almost anything and never leave your couch. Although online shopping is a great way to complete your holiday shopping list, you should take a couple precautions while online to keep your personal and financial information safe from hackers.  Along with avoiding the 12 Scams of the Holidays, here are the top 5 tips to help you stay safe while shopping online this holiday season.

  • Be wary of deals. Does that 90% off blowout sale of iPhones sounds too good to be true? It probably is. Any offer you see online that has an unbelievable price shouldn’t be believable. Beware of spam emails with links to awesome deals, as it’s particularly dangerous to buy on a site advertised in a spam email. I recommend using web protection, like McAfee® SiteAdvisor® provides easy to results to protect you from going to a malicious website.
  • Use credit cards rather than debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Another option savvy shoppers sometimes use is a one-time use credit card, which includes a randomly generated number that can be used for one transaction only. If the number is stolen it cannot be used again. Using this type of credit card also ensures that a thief does not have access to your real credit card number.
  • Review the company’s policies. Look to see how the merchant uses your personal information and check to make sure that it will not be shared with third parties. You should only disclose facts necessary to complete your purchase and not any additional information about yourself. Also, check the website’s shipping policy and make sure it seems reasonable to you. You want to make sure that you understand all your shipping options and how they will affect your total cost of your online purchase.
  • Check that the site is secure. Find out if a company’s website is secure by looking for a security seal, like the McAfee SECURE™ trustmark, which indicates that the site will protect you from identity theft, credit card fraud, spam and other malicious threats. Make sure the site uses encryption—or scrambling—when transmitting information over the Internet by looking for a lock symbol on the page and checking to make sure that the web address starts with httpS://.
  • Only use secure devices and connections.  If you are using a public computer, information such as your browsing history and even your login information may be accessible to strangers who use the computer after you. Also, never shop using an unsecured wireless network because hackers can access your payment information if the network is not protected.  To protect yourself, do all of your online shopping from your secure home computer. When shopping at home, make sure all your devices are protected with comprehensive security like McAfee LiveSafe™ service which protects all your PCs, tablets and smartphones.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.