Posts

Botnets Here, Botnets There, Botnets EVERYWHERE

What are these “botnets” you keep hearing about? Botnets (think roBOT + NETwork—gets you “BOTNET”) are a network of secretly compromised, run-of-the-mill home and office computers that have malicious software—controlled by a solitary hacker or cybercrime ring.

6DHackers use botnets to execute a variety of cybercrimes like page rank sabotage, mass spamming, bitcoin mining, and more. The FBI says there are 18 botnet infections every second worldwide and these infiltrations pose one of the gravest online threats ever. That figure means over 500 million computers a year are infected.

Needless to say, these attacks can occur without the user knowing it. Botnets will swipe the user’s personal and financial data and can result in stolen credit cards, website crashes and even record your keystroke habits.

The FBI is trying fervently to crumble the botnet empire, as this costs billions of dollars in fallout. And botnetting is on the rise. Hackers aren’t just going after Joe Smo’s credit cards, but top government secrets and technology.

This situation is compounded by another facet of the U.S. government using botnets to build up its power. Think NSA, with its pervasive surveillance program. NSA is assuming control over botnet-infected devices, using these for their own purposes.

NSA, in fact, has a legion of “sleeper cells,” according to the document that was leaked by Edward Snowden. These are remote-controlled computers infested with malware, and as of 2012, were on 50,000 networks.

So we have our government fighting to dismantle botnets, yet simultaneously, building up their arsenal with…botnets. So how on earth will this problem ever be mitigated?

It starts with you.

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive Antivirus security installed on all your devices.
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use
  • Keep your devices operating systems critical security patches updated.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

How to Secure Your iCloud

By now you’ve heard that Jennifer Lawrence’s (and other celebs’) cellphone nude pictures were leaked out, but how in the heck did the hacker pull this off? Tech experts believe it was through the “Find My iPhone” app.

Apple2Someone anonymously posted nude photos of Jennifer Lawrence and Kate Upton to the 4Chan site, and the stars confirmed the photos were of them.

It’s possible that the hacker/s discovered a vulnerability in the Find My iPhone service. This app helps people locate missing phones via cloud. hackers use a “brute force” program to protect hack accounts. These programs make repeated guesses at random passwords for a particular username until a hit is made.

So it’s possible hackers used “iBrute” to get celebs’ passwords, and hence, the photos in their iCloud accounts.

This is only a theory, as most hacking occurs in a more straightforward manner such as:

a person receiving a phishing email and responding with their password

someone’s personal computer gets hacked and spyware is installed

a laptop with all kinds of data is stolen

the wrong person finding a lost cellphone.

Also, evidence suggests that some of the leaked photos came from devices (like Android) that won’t back up to the iCloud.

Apple is investigating the leaks, and apparently put out a security upgrade Sept. 1, to prevent a brute force service from getting passwords via Find My iPhone.

You yourself are at risk of this breach if brute force indeed was used, as long as the problem hasn’t been fixed. If someone has your username, this tactic can be used.

If you want 100 percent protection, stay off the Internet. (Yeah, right.)

Bullet proof your passwords

  • Each site/account should have a different password, no matter how many.
  • Passwords should have at least eight characters and be a mix of upper and lower case letters, numbers and symbols that can’t be found in a dictionary.
  • Use a password program such as secure password software.
  • Make sure that any password software you use can be applied on all devices.
  • A password manager will store tons of crazy and long passwords and uses a master password.
  • Consider a second layer of protection such as Yubikey. Plug your flashdrive in; touch the button and it generates a one-time password for the day. Or enter a static password that’s stored on the second slot.
  • Have a printout of the Yubikey password in case the Yubikey gets lost or stolen.
  • An alternative to a password software program, though not as secure, is to keep passwords in an encrypted Excel, Word or PDF file. Give the file a name that would be of no interest to a hacker.
  • The “key” method. Begin with a key of 5-6 characters (a capital letter, number and symbols). For example, “apple” can be @pp1E.
  • Next add the year (2014) minus 5 at the end: @pp1E9.
  • Every new year, change the password; next year it would be @pp1E10. To make this process even more secure, change the password more frequently, even every month. To make this less daunting, use a key again, like the first two letters of every new month can be inserted somewhere, so for March, it would be @pp1E9MA.
  • To create additional passwords based on this plan, add two letters to the end that pertain to the site or account. For instance, @pp1E9fb is the Facebook password.
  • Passwords become vulnerable when the internet is accessed over Wi-Fis (home, office, coffee shop, hotel, airport). Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal information including usernames and passwords.

Use two-step verification.

Apple’s iCloud asks users two personal questions before allowing access. And let’s face it: We’re all wondering what Jennifer Lawrence was thinking when she decided it was a smart idea to put her nude photos into cyberspace.

Passwords seem to be the common thread in data breaches. But passwords aren’t too valuable to a hacker if they come with two-factor authentication. This is when the user must enter a unique code that only they know, and this code changes with every log-in. This would make it nearly impossible for a hacker to get in.

Go to applied.apple.com and you’ll see a blue box on the right: “Manage Your Apple ID.” Click this, then log in with your Apple ID. To the left is a link: “Passwords and Security.” Click that. Two security questions will come up; answer them so that a new section, “Manage Your Security Settings,” comes up. Click the “Get Started” link below it. Enter phone number and you’ll receive a code via text. If your phone isn’t available, you can set up a recovery key, which is a unique password.

All that being said, two factor will not protect your phones data. Apple is lax in making this happen. What Apples two factor does is protect you when you:

  • Sign in to My Apple ID to manage your account
  • Make an iTunes, App Store, or iBooks Store purchase from a new device
  • Get Apple ID related support from Apple

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Healthcare High on Hackers’ Hitlist

If you think that retailers are the biggest target for cyber criminals, you have it more than a wee bit wrong. Hackers are really going after the healthcare and pharmaceutical industries. In fact, “Will Healthcare Be the Next Retail?” is the name of a recent report released by BitSight Technologies, a security ratings firm.

4DThe report claims that not all victims of healthcare hacking report breaches, so figuring out the total number of these attacks is difficult. However, the Ponemon Institute released a report stating that hacking into healthcare and insurance companies has jumped 100 percent since 2010.

Why such a jump? It could be due to the fact that healthcare-type enterprises have gotten onto the BYOD (bring your own device) bandwagon. This is almost analogous to an employee infected with a stomach virus coming into the building and spreading the sickness.

Another dynamic: as more doctors use technology to stay connected to their patients, it won’t be surprising to see breaches become more common in the healthcare sector.

What distinguishes healthcare-industry hacking from retail hacking is that the retail hacker simply wants a credit card number. But the crook who cracks into medical records—that’s your patients’ individual profile chockfull of personal medical information.

Healthcare hackers may want to steal your patients’ identities to commit insurance fraud, so your records should be diligently monitored.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

I’ve been hacked, now what?

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess?

4DStart by locating the portal through which the hacker got in such as a browser, emal program. Next, disconnect/uninstall this gateway from the Internet so it doesn’t invade other systems.

Check for suspicious activity by looking at your Activity Viewer or Task Manager. Check the CPU usage—if it spikes, you can have a better chance of spotting malicious activity. In fact, get familiar with how your device runs so that you know what’s normal and what’s not.

Once you’ve snipped access from the hackers, assess their damage.

  • Bring up to date your antivirus and anti-malware systems. If any protection system is disabled, enable it. Do a full system scan—using both systems.
  • Remove anything that doesn’t look right. Various malware scanners will locate bad things, but those bad things will continue downloading if there’s a browser plugin or extension. So take a keen look at all the small items that you’ve downloaded.
  • Change all of your passwords. Make them long and unique.
  • After that, log out of every single account. This will force the hackers to figure out your new passwords.
  • Clear out all cookies, the history and cache in your browser.
  • You may still not be out of the woods at this point. Keep an eye out for suspicious e-mails, new addresses in your account and other phantom activities.
  • If things are still going awry, wipe the hard drive and then reinstall your operating system. But first back up all of your data!

Prevention

  • Have a firewall, and one that’s properly configured.
  • Do not click links inside of e-mails, even if the sender’s address is one you know.
  • Do not open attachments from senders you don’t know or from someone you DO know but would never have a reason to send you an attachment.
  • Delete e-mails with urgent-sounding subject lines or claims you won a prize or inherited money.
  • Have both antivirus and anti-malware applications. They are not one and the same but may be packaged together.
  • Know what your security holes are.
  • Can’t be said enough: Make sure all of your passwords are very strong.
  • Keep your operating system and everything else up to date.
  • If you’re on public Wi-Fi, be extremely cautious. Use Hotspot Shield to encrypt your activities. A Wi-Fi with a password doesn’t mean it’s safe.
  • Never let your device out of your sight. Never. If you think you’ll ever need to leave it unattended, first equip the operating system with a lock and strong password.
  • Back your data up routinely.
  • Your device should have a remote wipe option so that you can eradicate data should someone steal the device.
  • Be very cautious about what you share online. Your computer may have all the bells and whistles of security, but all it takes is one lapse in judgment to let a hacker in, such as falling for some Facebook scam claiming you can watch a video of the latest commercial airliner crash caught on tape.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Make Information Security a Priority

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Malware Can Hide in the Most Obvious Places

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

6DMuch has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.

It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few.

If just one of these systems can be busted into, the hacker can crack ‘em all. The extent of these leaky third parties is difficult to pinpoint, namely because of the confidential nature of the breach resolution process.

A New York Times online report points out that one security expert says that third party leaks may account for 70 percent of data breaches, and from the least suspected vendors, at that.

When the corporation’s software remotely connects to all those other things like the A/C, vending machines, etc., this is practically an invitation to hackers. Hackers love this “watering hole” type crime , especially when corporations use older systems like Windows XP.

Plus, many of the additional technological systems (such as video conference equipment) often come with switched-off security settings. Once a hacker gets in, they own the castle.

The New York Times online report adds that nobody thinks to look in these places. Who’d ever think a thermostat could be a portal to cyber crime?

Security researchers were even able to breach circuit breakers of the heating and cooling supplier for a sports arena—for the Sochi Olympics.

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Hectic Holidays Heavenly for Hackers

Ahhh, it’s that time of the year again: the hustle and bustle of the holiday season—parties, gift giving, travels and get togethers with friends and family. But it also brings up the question of how and when are you going to have time to shop and get everything done in time?—let alone fight those crowds at the mall for that elusive parking space.

online-shopping
With online shopping, not only can you shop any time of day (or night if you’re like me and a night owl), from the comfort of your couch or recliner and can easily compare prices without walking up and down the mall or driving all over town. You can even get things online that you simply just can’t buy locally. But while online shopping provides you with a high level of convenience, it also provides cybercriminals with opportunities to steal your money and information through various online scams.

That’s why as Black Friday and Cyber Monday (which has become one of the biggest online shopping days of the year) approaches, you need to make sure you’re being smart when shopping online. Besides making yourself familiar with the 12 Scams of the Holidays, here’s some tips to stay safe online:

Be wary of deals. Like Mom said, “if it’s too good to be true, it probably is”. Any offer you see online that has an unbelievable price shouldn’t be believable. I saw a 25-foot camper on Craigslist for 10% of the list price, and it was within 10 miles of me. My endorphins rushed and I was filled with excitement—I wanted it! Then I found out it needed to be shipped from Chicago (I live in Boston) and I calmed down. But I can see how when a person’s endorphins peak, hasty decisions can ensue.

Use credit cards and not debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. Some credit card companies even offer extended warranties on purchases. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Even better is a one-time-use credit card, which includes a randomly generated number that can only be used for a single transaction. While this may be an extra step in your shopping process, it can go a long way to protecting yourself online and it’s a good way to #HackYourLife.

shopping-deels

Beware of fake websites. When searching for a product online, you are likely to end up clicking on something within the first few pages of your search results. Cybercriminals often setup up fakes sites that look real at URLs that are common misspellings or typos of well-known shopping sites (also known as typosquatting).Instead of typing in the URL of your favorite site, make sure you have a safe search plug-in installed on your browser, like McAfee® SiteAdvisor®, and search for that site. SiteAdvisor will then give you color-coded safety ratings in your browser search results and give you a warning before going to sites that are known to be malicious.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Hackerville: The Epicenter of Romanian Hackers

Scammers and hackers often originate from Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, Philippines, Malaysia, and, of course, China and the good old USA. These developing countries breed MIT-like hackers who spend all their days targeting consumers and Internet users like you and me.

But Râmnicu Vâlcea is different. Wired describes the odd contrast between flapping clotheslines and the luxury Mercedes-Benz dealership in this small Romanian town, where young men in expensive jewelry drive luxury cars, all paid for with money from eBay scams, Craigslist scams, advanced fee scams, ATM skimming, phishing, infiltrating databases, new account fraud, and account takeover fraud.

Early scams were obvious but successful. English is a second language to Romanian scammers, so over the past decade, consumers caught on to the broken English and typos typical of phishing emails or classified scams. Romanian scammers responded by hiring English speakers to clean up their communication and give them an appearance of legitimacy.

Over time, U.S. authorities and corporations who were being defrauded caught on to Romania being the hub of organized computer crime, and so began flagging wire transfers, product shipments, and credit card orders. In response, scammers developed a distribution chain involving “mules,” who often ship products or collect money in countries like the United Kingdom, in order to avoid authorities monitoring Romanian IP addresses.

There are sophisticated anti-fraud companies that work around the clock to stay ahead of scammers to make the Internet a safer place to conduct business and interact.  One such company is Oregon-based iovation Inc. They have a highly effective fraud protection service called ReputationManager 360 offering device reputation management to determine if a PC, smartphone, or tablet has been used to commit fraud, regardless of the country of origin. Their device reputation management is the only solution that leverages the shared experience of global brands across numerous industries, with thousands of fraud professionals from major online brands reporting and sharing fraud and abuse attempts each day.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)