Posts

Apps for Stalkers Disguised as Parental Control Tools

Sell something called “SuperParent” or even the actual FlexiSpy — and all is swell. Frankly, I’m not opposed to monitoring a child’s phone, kids shouldn’t have phones anyways.

But sell something called “iStalk” or “StalkU,” well … this won’t quite go over well with the authorities or the general community.

It’s all in a name (pardon the cliché).

Apps that track users contain Spyware. A wannabe stalker can secretly install such an app on their intended victim’s phone via any of the following:

  • Manual access to the phone
  • Link to a Twitter share
  • Share for LinkedIn or Whatsapp
  • Text a link posing as security update

Sending a “malicious” link works when its clicked. However the stalker will usually need to have access to the victim’s phone to install the tracking software. With the way people leave their phones lying around, this is fairly easy to do – to users who don’t have a password set up for their device or share their password with their “stalker”.

What can some “stalking apps” track?

  • Call logs
  • Contents of text and chat messages
  • Location of phone (and hence, victim if the phone is with them)
  • Listening in to ambient sounds picked up by the phones microphone
  • Listening in to phone calls
  • Access to voicemail

According to a 2014 study by the National Network to End Domestic Violence, 54% of domestic abusers use tracking software, for which its icon can be visibly concealed from the victim.

Though availability of tracking apps has become more limited over time, due to the revelations of how these have been abused, they are still available, such as mSpy, which can be easily downloaded to Android devices.

Downloading stalkware to iPhones is more challenging, but far from impossible. In fact, one technique doesn’t even require physical access to the target’s phone. And even then…this can be breached by a techy stalker.

How do app makers cover their butts?

They include language with their apps, such as citing that consent of the target is required before installation, or that the app company will cooperate with law enforcement should a complaint be reported.

Stalkware isn’t going away anytime soon. Thus, the emphasis needs to be on prevention.

How to Prevent Remote Stalking

  • Heavens, please don’t let your new boyfriend/girlfriend talk you out of having a password with some kind of nonsense like, “If you trusted me you wouldn’t need a password.”
  • Never share passwords.
  • Tell him or her – on the first date – that  your phone is off-limits to them. If they give you flack, it’s over. Only a control freak would mind this.
  • If they keep cool, this could be an act to gain your trust. Never leave your phone alone with that special someone.
  • Keep your phone turned off unless you’re using it.
  • Disable the GPS feature.
  • Never leave your phone unsupervised in the presence of other people, even your new boyfriend’s great-grandmother.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

What is Malvertising?

Malevolent advertising is called malvertising. The “ad” is placed on a website by cybercriminals who want control of your computer for financial gain.

11DAnd the real scary thing about malvertising is that these trick-ads have appeared on trusted, popular websites like the Weather Network, BBC, NFL and the New York Times.

Oh, and it gets worse: The malicious ad can be hidden, unseen by the site visitor, thanks to a special html code that allows the bad ad to be inside legitimate content. This trick-code is usually hidden in what are called iframes—without affecting the rest of the site appearance.

The type of cybercriminal who succeeds at this needs to be patient and clever.

  • Legitimate advertisers place their ads with ad networks, bidding for ad placement.
  • Ad networks, which handle the bidding, serve the ads to websites.
  • Crooks may place legitimate ads with these networks to gain a good reputation, or, crooks run networks.
  • After building trust with placement of legit ads, the crooks graduate to ad placement on high traffic sites, and then they put in their malicious code in the iframes: malvertisements.
  • When you’re on one of these infected pages, the ad will release malware to your computer that can do a whole host of damage.

What to do?

  • Keep all your software and systems up to date.
  • Install an ad blocker, but be judicious, because ad blockers can disrupt the presentation of some sites, e.g., blocking some content, not just the ads. You may not mind this inconvenience, but also realize that an ad blocker will not block every malvertisement, either.
  • Install antivirus software or an anti-exploit kit that will snuff out exploit kits, a favorite tool of the malvertiser.
  • Exploit kits prowl your computer for vulnerabilities, and the right software will detect and neutralize them.
  • Uninstall browser plugins you have no use for, especially if they’re the vulnerable Adobe Flash and Java.
  • Set the remaining plugins to click to play, which will give you the option to run a plugin when a site you’re visiting wants to load one.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to protect your network from malicious insiders

You may be putting your company at risk simply by hiring a new employee. Why? Because that person could have a hidden, malicious agenda.

11DThis is known as an inside threat, and it means that someone within your organization is planning or conducting activities meant to harm the company.

There is a pattern that most insider threats use: The first step is to gain access to the company’s system. Once they have access to the network, they will investigate it and seek out any vulnerable areas. The malicious insider then sets up a workstation to control the scheme and spread the destruction.

What type of destruction can you expect? The hacker could introduce malware or they could steal or delete critical information, all of which can be damaging to your business. Fortunately, there are ways to protect business from these types of hacks.

Most companies protect their IT systems with firewalls, anti-virus programs, data backup software and even spyware-scanning technology. The problem is that these technologies only work when hackers are trying to get information from the outside.

One way to protect against insider threats is to ensure that employees can only access the data necessary to do their jobs. You should look at the flow of data throughout the organization to determine how information is shared and where it becomes vulnerable to theft or other security breaches. Then work with each department to implement the proper security controls.

The process of preventing data loss begins with discovering the data, classifying it, and then deciding how much risk your company may face if the data gets out. Some of the tools and procedures you may want to consider for protection include:

  • System-wide encryption
  • Password management
  • Device recognition
  • Access controls
  • Data disposal

It’s important to create security policies and procedures that are easy for employees to understand. The more transparent these policies are, the more effective your departments will be when communicating what they want and need.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Researcher says HTTPS can track You

Perhaps you’ve read that “HTTPS” at the start of a website address means that the site is secure, encrypted. However, a feature of the HTTPS can track you, says an article at theregister.co.uk.

2DHTTP is not secure. Carnegie Mellon University in a Register article states “HSTS”, which is “Strict Transport Security”  redirects users to HTTPS. The HSTS authors decided that this redirection every single time was a bit much, so they came up with a feature that browsers could remember regarding the HSTS policy of visited sites. I know, a LOT OF INFORMATION.

The Register article goes on to explain that this feature is a “super cookie.” If you use a redirected site, an HSTS “pin” is set. It’s unique to you and the site you visit. Sam Greenhalgh says, as quoted in the article, “Once the number is stored it could be read by other sites in the future. Reading the number just requires testing if requests for the same web addresses are redirected or not.”

The browsing modes of incognito or private have no effect, continues the article. IE doesn’t support HSTS, but Chrome, Firefox and Opera browsers permit HSTS flags to be cleared.

Safari is a different story, says Greenhalgh. The article quotes him: “When using Safari on an Apple device there appears to be no way that HSTS flags can be cleared by the user. HSTS flags are even synced with the iCloud service so they will be restored if the device is wiped. In this case the device can effectively be ‘branded’ with an indelible tracking value that you have no way of removing.”

Think of all of this as a kind of fingerprinting of the user, you. A crook who runs a malicious site is capable of exploiting this feature. However, Google has reported to Greenhalgh that it’s “not practical” to “defeat such fingerprinting.”Its not practical getting hacked either.

Protect your privacy:

  • Don’t send any sensitive information when connecting over public Wi-Fi (e.g. don’t do banking or shop online)
  • Use private browsing mode on your Internet browser or at least turn off your browser cookies.
  • Never reply to spam or unknown messages, whether by email, text, IM or social networking posts from people you don’t know—especially if it’s for an offer that sounds too good to be true.
  • Only friend or connect with people online you know in real life.
  • Make sure when you’re providing any personal information online that the site uses encryption (look for https:// in the URL) and check to see how they are using your personal data in their privacy policy.
  • Be aware of location services with your smartphone or tablet. Turn off the GPS on your mobile device’s camera and only allow

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

What is Ransomware?

Imagine that you want to pull up a certain file on your computer. You click on the file and suddenly a notice flashes on your screen saying your computer has been compromised and in order to get your files back, you need to pay up some money. This, ladies and gentlemen, is ransomware, a nasty type of malware that, unfortunately, hackers love to use.

4DRansomware is malicious software created by a hacker to restrict access to your device and demand a fee to be paid to the hacker in order to give you back access to your device. It can prevent you from using your computer or mobile device, opening your files, or running certain applications like your browser. Or it could lock down your photos, documents, videos on your mobile phone or PC and hold them hostage until you pay the ransom.

Users unknowingly download ransomware from malicious by clicking on email attachments or visiting infected websites, also known as drive-by downloads . There are several ways hackers use ransomware to extort money from users. One, the hackers pretend they are a law enforcement agency and claim that you have downloaded illegal content and demand a fine to pay for this violation. Another popular trick is a message that claims your Windows installation is counterfeit and requires activation or that your security software is out of date or not working.

If you download ransomware, you must remove it before you can access your device again. You can use security software or clean out your disk drive. If you have an Android phone, you can reboot your phone in Safe Mode. Whatever you do, don’t pay the ransom, as it doesn’t always guarantee you will get access to your device again.

It’s always better to prepare than repair. Here are a few tips for preventing ransomware from getting on your digital devices.

  • Backup your files. Then, if a ransomware attack occurs, you can wipe your disk drive clean and restore the data from the backup.
  • Think twice. Don’t open links or attachments from people you don’t know.
  • Use a web advisor. Hackers use malicious websites to spread ransomware. A web advisor, like McAfee® SiteAdvisor® will let you know what links are malicious or not.
  • Install comprehensive security software.  McAfee LiveSafe™ service includes a firewall and anti-spam filter to protect your computers, mobile phones and tablets from ransomware. If you already have your computers covered, make sure you still protect your mobile devices with our free McAfee® Mobile Security for Android or iOS.

Have a happy holiday!

 Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is a Computer Worm?

Worms. Most of us probably think of them as those squirmy invertebrates we dissected as a kid or found on the sidewalk after a storm. You might have used them as bait for fishing (not phishing), to pull a prank or have even eaten them (no judgment).

6DWhether you like worms or not, there’s one kind of worm that definitely isn’t your friend—the computer worm. This kind of worm is a computer program that can replicate and send copies of itself to other computers in a network. Worms are considered a subset of viruses, but unlike viruses they can travel without any human action.

Most worms are designed to exploit known security holes in software, although some spread by tricking Internet users. Mass-mailing worms, for instance, spread via email or instant message (IM). They arrive in message attachments and once you download them the worm silently infects your machine. Peer-to-peer (P2P) networks are another avenue for worms: cybercriminals upload infected files with desirable names to entice users into downloading them. And once you download the file your computer is infected.

Once your machine is infected, the worm can corrupt files, steal sensitive information, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable. They can also degrade your Internet connection and overall system performance.

The good news is there are steps you can take to keep your computer from being infected:

  • Don’t download or open any files on P2P sites.
  • Since some worms now have a phishing component—meaning that they try to trick users into running the malicious code—do not click on links in unexpected emails and IMs, or download attachments connected to them.
  • Use comprehensive security software, like McAfee LiveSafe™ service, with a software firewall to block unauthorized traffic to and from your computer. Make sure to keep your security software updated.

If you fear that your machine is already infected, immediately run a security scan.

Of course, given the fast-moving nature of Internet worms, your best bet is to be cautious and take steps to avoid getting infected in the first place.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What to do in the Aftermath of an Attack

Can you hack cleaning up the mess a hacker makes after infiltrating your computer? Would you even know the first thing to do? And yes, YOU’RE computer CAN be hacked.

2DAfter the attack, locate the portal through which the crumb-bag entered. This could be the e-mail program or browser. This may be easier said than done. Give it a shot.

Next, this portal must be disconnected/uninstalled from the Internet to prevent it from getting into other systems. Look at your Task Manager or Activity Viewer for any suspicious activity. The CPU usage must be checked too. If it goes way up, you’ll have a better chance of detecting fraudulent activity. It helps to know how your computer runs so that you know what’s typical and what’s atypical.

Otherwise head over to Microsoft’s Malicious Software Removal Tool page here: http://www.microsoft.com/security/pc-security/malware-removal.aspx

After severing ties with the hacker or hackers, take inventory of their destruction.

  • Make sure that your anti-malware and antivirus systems are up to date, and enabled. Do a full system scan with both systems.
  • If something looks odd, get rid of it. Malware will continue downloading if there’s a browser extension or plugin. Inspect every downloaded item.
  • Change every password and make it unique and long.
  • Log out of all your accounts after changing the passwords.
  • Clear the cookies, cache and history in your browser.
  • Be on the alert for strange goings-on, and do not open suspicious e-mails, let alone click on links inside them.
  • If things are still acting strange, wipe your hard drive. Reinstall the operating system. But not before you back up all your data.

Preventing an Attack

  • Have a properly configured firewall.
  • As mentioned, never click links inside of e-mails, even if they seem to be from people you know. In fact, delete without opening any e-mails with melodramatic subject lines like “You Won!”
  • Have both anti-malware and antivirus systems, and keep them up to date.
  • Use long, unique passwords.
  • Never let your computer out of sight in public.
  • If, however, your device is stolen, it should have a remote wipe feature.
  • Give your data routine backups.
  • Be very cautious what you click on, since links promising you a spectacular video can actually be a trap to download a virus into your computer.
  • Use Hotspot Shield when you’re on public Wi-Fi to scramble your communications.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.