What’s going on this September? National Preparedness Month. This will be the time to increase your awareness of the safety of your business, family, pets and community. During disasters, communication is key. National Preparedness Month concludes on September 30 with the National PrepareAthon! Day.
It would be like a science fiction movie: You go to pull up the file detailing the records of your last quarter’s profit and loss statement, and instead you get a flashing notice: “Your computer has been compromised! To see your file, you must pay money!”
This is called ransomware: a type of malware sent by criminal hackers. Welcome to the world of cybercrime. In fact, ransomware can prevent you from doing anything on your computer.
Where does this ransomware come from? Have you clicked a link inside an e-mail lately? Maybe the e-mail’s subject line really grabbed your attention, something like: “Your FedEx shipment has been delayed” or “Your Account Needs Updating.”
Maybe you opened an attachment that you weren’t expecting. Maybe you were lured to a website (“Dash Cam Records Cyclist Cut in Half by Car”) that downloaded the virus. Other common ways crooks trick you into downloading ransomware include:
- Hackers impersonate law enforcement; claim you downloaded illegal material; demand a fine for your “violation.”
- You receive a message that your Windows installation requires activation because it’s counterfeit.
- Or, the message says your security software isn’t working.
What should you do?
- Never pay the ransom, even if you’re rich. Paying up doesn’t guarantee you’ll regain access. Are you kidding?
- Double check that all of the newly encrypted (and utterly useless) files are backed up, wipe your disk drive and restore the data.
- Wait a minute—your files weren’t backed up?
An ounce of prevention is worth a pound of hacking.
- Don’t open links or attachments you’re not expecting! This includes from senders you know or companies you patronize.
- Install an extension on your browser that detects malicious websites.
- Use a firewall and security software and keep it updated.
- Regularly back up data, every day ideally.
Needless to say, ransomware attacks occur to businesses. Small companies are particularly vulnerable because they lack the funds to implement strong security. Attacks on businesses usually originate overseas and are more sophisticated than attacks on the common Internet user at home or at the coffee house.
And just like the common user, the business should never pay the ransom, because this will only prolong the situation.
- Make the criminal think you’re going to pay. Tell them you need time to prepare the fee.
- Build your defense by gathering all the correspondence.
- Present this to your webhosting provider, not the police.
- The webhoster will get to work on this.
- If the loss is extensive, present the correspondence to the FBI.
- If the attack is in virus form, you’re finished.
The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how “phishing” e-mails work and other tricks that cyber thieves use. To learn more about preparing your small business against viruses like ransomware, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”
#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. DisclosuresFiled Under: cyber crime Ransomware
Curl up in a chair at your favorite coffee house, the aroma of premium coffee filling the air, take a few sips of your 700 calorie latte, and then enter cyberspace. Little do you know that you could have a stalker. Or two. Or 3,000. Because public Wi-Fi is there for the picking for hackers. Online transmissions can be intercepted. The credit card number that you enter onto that retailer’s site can be “seen.”
- Never leave your spot without your device on you—not even for a moment. You may come back and still see your computer where you left it…but a thief may have installed a keylogger into it to capture your keystrokes.
- Do not e-mail messages of a sensitive or serious nature.
- When your computer begins seeking out a network to connect to…do not let it just drift to the first one it wants; see if you can choose one.
- Don’t leave on your file sharing.
- If you’re not using your wireless card, then do not leave it on.
- Don’t do banking or any other sensitive activities.
- Don’t position your device so that someone nearby can see the screen.
Yes, Do These when at a Public Wi-Fi Spot
- Look around before you settle into a nice spot.
- Sit somewhere so that your back is facing a wall.
- Assume all Wi-Fi links are suspicious—kind of like assuming all drivers are drunk whenever you go out driving. A wireless link may have been set up by a hacker.
- See if you can confirm that a given Wi-Fi link is legitimate.
- Assume that if the connection name is similar to the Wi-Fi spot, that this could mean that the hacker was clever. Inquire of the manager of the coffee shop, hotel, etc., for information about their Wi-Fi access point.
- You should consider using your cell phone for sensitive activities such as online shopping.
- But cell phone or not, see if you could avoid visiting sites that can make it easier for hackers to nab your data—sites such as banking, social media and any site where your credit card information is stored.
Use a VPN. This stands for virtual private network. What a VPN does is create an impervious tunnel through which your data travels. Hackers cannot penetrate this tunnel, nor can they “see” through it. Your data is safe. The tunnel encrypts all of your banking and other sensitive transactions, as well as sensitive e-mail communications, plus downloads, you name it. With a virtual private network, you will not have to worry about a thief or snoop intercepting your transmissions.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: wifi
The Deep Web is not a nice place. Here, people can hire assassins, take ransomware payments, purchase U.S. citizenship without revealing their identity, among other things, says an article on darkreading.com.
This information comes from Trend Micro, which used a tool called the “Deep Web analyzer,” something of a web crawler, that collected URLS that were linked to TOR- and I2P-hidden sites, domains with nonstandard TLDs and Freenet resource identifiers, says darkreading.com.
The Deep Web is that portion of cyberspace that’s not indexed by the search engines. The Dark Web is part of the bigger Deep Web, accessible only via special tools.
A Dark Web user could literally hire a rapist or assassin. In fact, assassins even advertise, such as the group C’thulhu. Pay them their fee and they’ll maim, cripple, bomb and kill for you.
$3,000 will get you a “simple beating” to a “low-rank” target. $300,000 pays for the killing of a high-ranking political figure, staged to look like an accident.
Users can also hire (and do so much more commonly than the above) cybercriminals and child exploitation services.
The article points to additional research of the Deep Web, that cybercrooks use anonymization tools in creative ways. In fact, they are using TOR for the hosting of their command-and-control infrastructure. TorrentLocker is a type of malware, and it uses TOR to accept Bitcoin payments and host payment sites.
In other words, cybercriminals are using the Deep Web/Dark Web more and more commonly these days. TOR is being used for cybercriminals to receive payments for their hacking services.
But that’s not the biggest problem of the deep, dark Web, is it? As mentioned, it can be used to hire someone to murder. Just what will all of this eventually evolve into in the next 10 years?Filed Under: cyber crime cyber-invasion cybersecurity
Want to earn up to $4.2 million? Then find the hackers on the FBI’s most wanted list. Or at least give the FBI information leading to their arrest and/or conviction. These snakes have stolen hundreds of millions of dollars. Here is the list from the hackernews.com:
- Ironically, one of his aliases is one of the most common (and thus easily cracked) passwords: lucky12345.
- He’s the brains behind the GameOver Zeus botnet and CryptoLocker Ransomware.
- Over a million computers were infected with this malware, causing nearly $100 million in losses.
Nicolae Popescu (reward: $1 million)
- From Romania, Popescu tricked Americans with fraudulent auction posts on various websites.
- AutoTrader.com, Cars.com and eBay were some of these sites.
- He was selling cars that didn’t exist. (Please, people, never, ever send money for something as grand as a car unless you have proof it exists—which includes actually test driving it!)
- Hundreds of people sent money without ever seeing more than an ad for the cars. If you think that’s bad, it gets worse: Some of the victims handed over their money for private planes and yachts! Nearly 800 people didn’t have on their thinking caps, but this doesn’t make Popescu’s deed any less obscene.
Alexsey Belan (reward: $100,000)
- Belan breached the cybersecurity systems of three big U.S. based e-commerce sites.
- He then tried to sell all of these stolen databases, which included passwords.
Peteris Sahurovs (reward: $50,000)
- His crime involved creating and selling malware by putting ads up on various websites.
- These advertisements forced users to buy the phony antivirus software that the ads pitched.
- If the user declined the purchase, their desktop would be bombarded with phony security alerts and pop-ups.
- This crook from Latvia collected over $2 million with the scheme.
Shailesh Kumar Jain (reward: $50,000)
- Despite the name, Jain is a U.S. citizen.
- He scored $100 million in less than two years.
- He should have quit while he was ahead (maybe after the first $10 mil?), but he just couldn’t earn enough, so he kept hacking away at unsuspecting Internet users.
With fraudulent e-mails and pop-up ads, he tricked users into thinking their computers were infected with malware, and then sold them his fake antivirus software packages for $30 to $70. Do the math: Can you imagine how many people got rooked?Filed Under: hackers
If you don’t want your smartphone to know more about you than you do, here are top choices, as detailed on gizmodo.com:
- The Blackphone 2 will black out the federal government from spying on you.
- Has a five inch handset with full HD screen (with Gorilla Glass 3 that prevents shoulder surfing).
- 3 GB or RAM
- Its Silent Circle’s PrivateOS 1.1 provides a “Spaces” UI: Data will be encrypted and compartmentalized.
- The “Spaces” allow you to set up distinct spaces for different types of data, including a Silent Space that’s akin to Chrome’s incognito mode.
- The Silent Suite allows you to keep various kinds of communications encrypted.
- Also provides a Silent Store for apps.
- This outdated “dumb phone” might still be available out there, somewhere.
- The dumb phone is not capable of transmitting data through cyberspace. Thus, you don’t ever have to worry about being “followed,” “tracked” or hacked into.
- If you’re comfortable not being connected to the Internet of Things, this phone is for you—if you can find one.
- If you want to pretty much guarantee that you’ll be untraceable, then use payphones.
- Locate the payphones in your town and anywhere you normally travel, so that when it’s time to make a call, you won’t be spending time hunting for the phone.
- Always have change on you, too.
- To be even more non-traceable, always have in your car a thin pair of gloves to prevent your fingerprints from being on the phone.
Honorable Mention: Apple iPhone/Microsoft Lumia 930/Google Nexus 5
- Apple, Microsoft and Google are no more crazier about government surveillance programs than you are.
- Nevertheless, their phones gather data—but at least it goes to the maker of these devices rather than to the government.
- The manufacturers analyze the data in the name of giving the user a better experience with the product.
Let’s also throw in the landline. Your calls can be traced, but at least data about you like your shopping preferences, health, income, marital status, etc., won’t go leaking out anywhere.Filed Under: mobile phone security
If you are overseas somewhere and want to access your Facebook page…don’t be surprised if you can’t do this. In fact, you won’t even be able to get onto the Facebook site (or YouTube, for that matter), depending on what country that you are visiting. This is because some countries limit website access for their citizens.
- A VPN does the so-called scrambling or encryption of data so that hackers can’t tell what you are doing. To put this another way, a VPN provides a “tunnel” through which your data goes. This tunnel cannot be penetrated. Your transmissions are hidden, unable to be viewed.
- This protected data includes e-mail communications, login information, instant messages, which sites you visit, downloads and more.
- A VPN is private communication over a public network and can be used on all types of devices.
- A VPN will alter your IP address, making it seem that you are using your computer somewhere other than the country that prohibits access to Facebook. You can navigate Facebook with ease while visiting that country.
- This makes the user anonymous. The proxy server does the job of anonymizing. The server of the site you want to visit receives requests from this anonymous server. As a result, even if you are in that country that bans Facebook access, it will have no idea where you are located. Hence, you can get on Facebook.
- Your data, transmissions, etc., however, are not hidden by any tunnel or scrambled (encrypted).
- Therefore, with the proxy server, even though you can spend hours on Facebook or YouTube in that foreign country…any transmissions or activities you conduct can be intercepted by a hacker if you are using public Wi-Fi.
Now if you have a VPN with the proxy server, this solves that problem. Nobody will be able to snoop or steal data like your credit card information when you shop online.
However, there is no point in having both, when one can do the entire job: the virtual private network. Think of a VPN as having a built-in proxy server.
Hotshot Shield is a VPN that encrypts all of your online activities in that non-penetrable tunnel, while at the same time making it impossible for your location to be identified. You are essentially anonymous. Hotshot Shield works for both wireless and wired connections.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: Hotspot Shield HotSpotVPN
Zeus is no longer a god of malware; he’s been taken down by law enforcement agencies spanning six European nations. Five people were recently arrested—believed to have infected tens of thousands of computers across the globe. There have been 60 total arrests pertaining to this cybergang.
Another malware that was asphyxiated was the BeeBone botnet, which had taken over 12,000 computers across the world.
We can thank the Joint Investigation Team for these successes. And they don’t stop there. The JIT put a stop to the Ramnit botnet, responsible for infecting 3.2 million computers globally.
The JIT is comprised of judicial authorities and investigators from six European nations. The cybergang is believed to have its origins in Ukraine. This crime ring was sophisticated, repeatedly outsmarting banks’ revisions of their security measures. Each crook in this ring had specially assigned duties and caused total mayhem to their victims. They even sold their hacking expertise and recruited more thieves. This was one hefty cybergang.
The six nations that are members of JIT are the UK, Norway, Netherlands, Belgium, Finland and Austria. The investigation began in 2013 and had a most thrilling ending. And it wasn’t easy. Here’s some of what was involved in this investigation:
- Analysis of terabytes of data (one terabyte = one million million bytes)
- Forensic analysis of devices
- Analysis of the thousands of files in the Europol Malware Analysis System
- Operational meetings and international conference calls
But the game isn’t over; there are still more cybergang members out there, and JIT will surely hunt them down by analyzing the mountainous load of data that was collected from this investigation. The funding comes from Europol and Eurojust. In fact, Eurojust has provided legal advice and was part of the composition of the JIT Agreement.
Other countries were instrumental in achieving this capture: Latvia, Estonia, Moldova, Poland, Germany, Ukraine and the U.S.Filed Under: malware
Do we really get wiser with old age, or just more vulnerable to all the scammers out there? Here are the top scams directed towards senior citizens.
The phone rings; it’s from the IRS, claiming you owe money.
- Caller ID says IRS (spoof technology).
- Caller says if you don’t pay within 24 hours, you’re going to jail.
- Caller wants your bank account information and routing number, or wants you to wire what you owe.
- Or, caller says IRS owes you, but to get the refund, you must pay a processing fee within 24 hours.
- The IRS never calls people for back taxes; it sends a certified letter.
- Refunds are sent via snail mail without the IRS ever notifying you.
- There’s no monthly payment, but whatever balance and interest has accumulated by the time the borrower sells, it must be paid back. If the borrower dies before this, family members must pay it.
- Misleading ads make it seem this loan is affiliated with the government.
- You CAN lose your home.
- If you run out of equity before you sell or die, you’ll need to repay the loan. If you can’t, it’s foreclosure time.
- The caller identifies self as a grandchild, great niece, etc.
- Or, the caller says he’s your grandchild’s doctor, lawyer, etc.
- The caller is in trouble and wants you to wire them money ASAP.
- They may know details of the person they’re impersonating and you as well, because they’ve visited that person’s Facebook page—and yours.
- If you ask if you can call back, the caller won’t accept this.
- Asking additional questions about the “accident” or “burglary” won’t get you answers.
Obituaries and Funeral Homes
- The caller says that the deceased owes a debt.
- Or, the caller says he provides funeral services.
- The victim is a spouse usually.
- A funeral home that you’re already working with may also try to scam you by talking you into the most expensive casket, memorial plaques, etc.
- Caller or e-mail sender claims to be from the government or authorized by such, to fill your drug prescription at a cheap price.
- You must act now because the great deal is for a limited time.
- If you DO receive something, it’s probably vitamins in a prescription bottle.
- The crook may know details about you from reading your Facebook page.
- A similar scam exists for Medicare.
- Use a mobile phone as much as possible; scammers usually call landline numbers.
- Never answer the phone if the number is unfamiliar or says IRS.
UL in this case stands for Underwriters Laboratories. An article on darkreading.com notes that a UL official, Maarten Bron, says that they are taking part in the U.S. government’s plan to promote security certification standards.
So that’s what we have thus far; this initiative is in its early childhood stage, so there isn’t much more information about it that’s available to the media. UL is looking forward to sharing involvement with the White House’s initiative to unite the private and public sectors to combat cybercrime.
In the meantime, UL is fine-tuning its own test and certification program for Internet of Things products.
The darkreading.com article quotes Bron as follows: “We are prepared to release a test and certification program for this,” that will be fueled by users’ concerns and needs.
Historically, UL has been involved with the testing and certifying of appliances for their electrical safety. About four years ago, UL developed a cybersecurity division. In the darkreading.com article, Bron points out that the security of electronic payments is of particular concern, “namely certification of chip and PIN technologies.”
The transition from magnetic stripe credit cards (which are so easy to fraudulently use) to chip and PIN technology for the cards is underway.
UL has come up with some testing tools that cross-validate the settings from bank card chips against Visa best practices, says Bron. But that’s all just one slice of the cybersecurity pie.
Another big slice is health, and yet another big chunk relates to industrial control systems. UL wants to be on top of holes or vulnerabilities.Filed Under: cyber crime
Just what kind of punishment should a 17-year-old get for making fraudulent 911 calls (a crime known as swatting)?
A 17-year-old boy in Ottawa, Canada, has made several fake 911 calls, including several in the U.S.
- Told dispatcher his mother was lying in a pool of blood; pretended to follow the CPR instructions.
- Pretended to be holding people hostage, demanding $100,000.
- Threatened to blow up a school.
- Arrested in May 2014, he faces 34 charges.
- Evidence includes recordings of the phony calls found on the boy’s computer, plus Skype and Twitter logs.
- So based on the evidence, it’s clear that this boy knows something about modern technology. Wow, he must be as dense as a box of bricks to think he couldn’t be traced.
Maybe if kids, perhaps starting in adolescence, were taught in school how easy it is for authorities to track down a swatter, there’d be a lot fewer swatters. Certainly there would be; it’s not a “maybe.”
It’s the parents’ job to raise good kids, but we know this happens only some of the time. The kid may still be a rotten apple (thanks to a dysfunctional home life), but at least if he’s educated in how simple it is for detectives to trace fraudulent 911 calls, there at least wouldn’t be all of these fake 911 calls that tie up staff while other people really need their help.
And while we’re on the topic of swatting, is there a name for the authentic 911 calls—but that deal with absurd complaints? People will call 911 to report lightning—simply in the sky. Other examples:
- Caller couldn’t figure out how to exit a locked car.
- Caller complained her husband was viewing porn.
- Complaints about inadequate restaurant service.
- Caller complained her boyfriend wouldn’t warm her cold feet.
- Caller (drunk) complained a bouncer wouldn’t let him into a night club.
I say no jail time for these morons. Instead, make ‘em stand all day at a busy intersection wearing a sign that says, “I’m a stupo. Called 911 because (fill in the blank).Filed Under: criminal identity theft fraud alert