Hey Kids, the Internet is FOS

/in /by

The internet is a beautiful place. It is the way we communicate, the way we create, and the biggest business platform that has ever been generated. However, it is also a hazard, as anyone can put anything on it, and it’s extremely difficult to tell fact from fiction…especially if you are a kid.

A Stanford study looked at the ability, or inability in this case, of almost 8,000 students to tell fake news stories from real ones. The results, to be blunt, are terrible. When focusing on the students who were in middle school, 80 percent of them were unable to tell the fake news from the real stories, and they didn’t get better as they got older. When the researchers looked at high schoolers, they really fared no better, and more than 80 percent of them accepted that fake pictures were true without question. The results of this study should scare us all.

Part of the problem here is that we don’t have enough gatekeepers to fact check, edit, or vet the news that is going out there. Anyone with a computer can create a very realistic looking news site, and essentially, they can create stories about whatever they want. As you have probably noticed during the election, many adults also get caught up in the fake news that’s out there, and if adults can’t discriminate between what’s real and what’s fake, how can we expect children to?

The writers who create these fake news stories are very skilled, and when you put them up against the minds of others, especially children, it’s really not a fair fight. These students have to be taught how to use the internet, and it has to be soon. Kids are using the internet as young as two or three years old, and by the time they get to school, they can navigate the pages of the web better than many adults.

Speaking of school, how does the concept of internet literacy fit in with the typical curriculum in schools? Internet literacy, online behavior, reputation management, security and fake news are part of the same puzzle.

When computers first began to be commonplace in schools, most students took a class to learn how to use the mouse, keyboard, and basic programs. Now, these acts are usually learned before a child even gets to school, and the classes that are taught teach kids how to not only work a computer, but also how to be a good online citizen. The problem is, however, is that these classes are not given the same focus as other educational standards.

Further complicating things is that many teachers believe that teaching these concepts is not their responsibility. Instead, they believe that it is the job of others, such as the librarian, teacher’s assistant, or IT person.

If students are taught to consider what the intentions of the writer, or even the sources are, they will be able to eventually learn to sense the bias they have. When children can understand this concept, they can then learn about how news and other information gets from the writer to the readers. The internet creates a totally new concept for how news travels, and we all must recognize that when we click, we ultimately create a trail for more information to follow.

Will this new instruction be enough? We have reason to have hope. For instance, some social media outlets, such as Facebook, have recently announced that they will take steps to eliminate a lot of this fake news. Additionally, if we look at the history of humanity, when new innovations are introduced, such as when the printing press was invented, we, as humans, saw improvements in our lives.

It is also quite promising that children are not making the same mistake that their parents have made…they aren’t on Facebook much, which is where most of these fake news stories are found. Instead, children are in Instagram, YouTube, SnapChat and others. This information has been backed by a number of sources, and one study shows that teens are not using Facebook for their news. Instead, they are getting news from television or on Snapchat, which has recently rolled out a news delivery feature.

The bottom line here is that the original study from Stanford is disheartening, but there is a glimmer of hope since kids these days aren’t getting their news from the same places as the previous generation, like Facebook. Instead, they are using a mixture of traditional and digital sources that will likely help them to become more informed.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Researchers Say Office of Personnel Management Hack Leads to Ransomware

/in , , , /by

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Digitally Secure The Remote Teleworker

/in , , , /by

If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.

New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.

Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:

  1. Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
  2. Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
  3. Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
  4. Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
  5. Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
  6. Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
  7. Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
  8. Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.

Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

The Mind of the Misunderstood Cybercriminal

/in , /by

There are a number of misconceptions about cybercrime and those who engage in it. To a cybercriminal, there is no target that is special unless they have a grudge or beef with a particular entity, and as a rule, they will often cast their net wide and then move to attack the easiest prey they find.

11DSecurity specialists must never underestimate the actions of a cybercriminal. Records are easily shared and sold, and they are highly valued. This is especially the case when personal and medical information is the focus.

Any plan that the security professionals design must be focused on these types of crimes. They must also be aware of any upcoming threats and ensure that all proper backups of data are in place.

What are the Common Misconceptions Associated with Cybercrime and Cybercriminals

The most common misconception about cybercriminals that is often observed is that these people have diverse experience and skills, which allow them to initiate a huge range of cyberattacks. This would mean that they would earn a large amount of money as a result. However, the truth is, many of the cybercriminals out there use automated software, which means they don’t require much training at all. According to a recent survey, the vast majority only make from $1,000 to $2,000 a month. But as many as 20 percent of cybercriminals are making more than $20,000 a month.

Who are the Criminals Behind Cyber Crimes?

For the most part, those who commit cybercrimes have a clean criminal record and do not have any ties to any organized groups. These criminals usually also have a stable job during the day and participate in these cybercrimes in their free time. Often, these people are introduced to cybercrimes during college, and many remain active in the industry for several years after they begin.

The other cybercriminals have a bit of a different background. These people belong to cybercriminal syndicates that work within a hierarchy. There are highly skilled members of these groups, and each have certain responsibilities to ensure the success of their organization.

Generally, these groups are controlled by a “boss,” who is the mastermind. They are typically highly educated, intelligent, and some are often connected with the banking industry, as they must arrange for things like money laundering. Additionally, these groups often include people who are professional forgers, as they often require fake documents to serve as paperwork to “prove” their schemes, and then the group needs those skilled in hacking, software engineering, and other technical operations. Some of the groups also include those familiar with law enforcement, as they are skilled with things such as gathering information and counter-intelligence.

What is often so surprising is that members of these groups are often highly respected members of their communities, and many are seen as successful people in business. These people are also often connected to hospitality, real estate, or the automotive industry.

These people do not think of themselves as regular criminals, and they rarely cross paths with others whom the general public might deem as “criminal.” They usually hide in the shadows and avoid any actions that might bring attention to them.

To avoid all of this, it is best to use the assistance of a professional. They are familiar with how these communities run and how they react to certain actions. There are a number of way to research the dark web in a secure and safe manner without risking the integrity of your organization, but the professionals are best for this job. It is also important for businesses to utilize security teams. This ensures that they are capable of obtaining the data and stimulating the environment.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Woman Chained Like a Dog, Man Killed

/in /by

Back in August, 2016, Kala Brown and Charles Carver arrived to a 100-acre property in South Carolina for a cleaning job. Charles Carver never made it off the property, and Kala Brown spent more than two months in a metal shipping container, allegedly held captive by Todd Christopher Kohlhepp.

10DIn November of 2016, detectives were searching the property of Kohlhepp when they heard banging coming from the inside of a shipping container. When they opened it, they found Brown chained “like a dog.” According to Brown, she saw Kohlhepp shoot Carver, killing him, and then he took her hostage, chaining and locking her inside of the crate.

Carver’s body was found on the property, and Kohlhepp is suspected of being involved with six more murders.

Brown described her captivity as “hard,” and she said she remained chained for the duration of it. She also says that he did let her walk around a bit, and he fed her one time each day. She was finally found when authorities were searching the property after she was reported missing. Her cell phone was pinging on the property, but it took about two weeks before they could get a search warrant.

Police reported that they had no indication that there was foul play when they began searching. The cargo container was located on the middle of the property next to a garage. After finding the body of Carver, the investigators brought in cadaver dogs to search the property. Additionally, ATV’s, backhoes, and even a helicopter circled the property. The cadaver dogs picked up some scents, and the excavation of the property, began. The investigation found two more bodies, that of Meagan McCraw-Coxie and Johnny Coxie, who had gone missing in 2015.

Since his arrest, Kohlhepp has admitted to killing seven people in total.

Public records show that Kohlhepp is both a licensed pilot and real estate agent. He does, however, also have a record. As a teen in Arizona, he was convicted of kidnapping and crimes against children, and he spent some time in prison for these crimes. He is also on the sex offender registry in South Carolina. This is due to a kidnapping in 1986, which coincides with the incident in Arizona. In total, Kohlhepp served 14 years in prison. According to sources, Kohlhepp kidnapped a girl, aged 14, took her to his home, bound her with duct tape and raped her. He was released in 2001.

As is the case with many serial killers, most people who knew Kohlhepp were shocked by these allegations. One real estate agent that worked with Kohlhepp said that she had known him for a decade, and they had met in college. They had even been study partners for a statistics course. She was in disbelief when she heard that he had admitted the murders.

She also said that most people in the area knew that he was a registered sex offender. However, he told people that it was due to exaggerated charges after he and a girl had gone joyriding and the girl’s father, who was a local official, became angry.

Kohlhepp also had a second home in the area, and neighbors describe his as “private” but “pleasant.” He was also described as “a likable guy.”

All in all, Kohlhepp was charged with a total of seven counts of murder and two counts of kidnapping. He was also charged with three counts of possessing a weapon while committing a violent crime. The relatives of other victims will reportedly file wrongful death lawsuits against Kohlhepp, and Brown has said that she will file a civil lawsuit. Kohlhepp is due in court on January 17th.

Oh, and Jeffrey Lionel Dahmer, also known as the Milwaukee Cannibal, was an American serial killer and sex offender, who committed the rape, murder, and dismemberment of seventeen men and boys between 1978 and 1991. Apparently he was a likeable guy too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.