Latest "Cyber Data Security" Posts
Not unlike the purported size of his hands, Donald Trump has a rather small file of publicly known information compared to those who have been in the political spotlight for many years. That could be one of the motivating factors behind the recent hacking of the Democratic National Committee. While the size of Trump’s hands has little to do with any serious conversation, it does remind us that foreign nation states are highly motivated to collect the private information of powerful people.
The DNC revealed recently that two groups had gained access to their information; one (dubbed Cozy Bear) had been monitoring the committee’s emails and chats for as long as a year. The other, “Fancy Bear”, hacked into the DNC in April to get opposition research files and was able to gain access to all of the DNC’s research staff computers.
Mark Zuckerberg Hacked Because of Weak Passwords
It seems Mark Zuckerberg might be a little lazy, or a little stupid, or at the very least a little embarrassed. The undisputed king of social media has had two of his social media accounts hacked. Granted, it was not his Facebook account—just his Pinterest and Twitter accounts, the latter of which he hasn’t used since 2012. A Saudi Arabian hacker team named OurMine has taken credit for the attack, claiming they got his password from the recent dump of information obtained in the LinkedIn data breach from 2012.
Let’s see where Mr. Zuckerberg went wrong by using the safe password development tips (in bold below) from his very own creation: Facebook.
Make sure your password is unique, but memorable enough that you don’t forget it. Supposedly, Zuckerberg’s password was “dadada”.
Whether data breach or insider leak, Panama Papers Cyber Security lessons still the same.
By now, you’ve heard about the leaked papers from a Panamanian law firm implicating world leaders, sports figures and celebrities alike in a scheme to shelter massive wealth in off-shore corporations (if not, see the NYTimes summary below for relevant links). At this point it is still unclear whether the 11.5 million records were obtained through hacking or leaked from someone inside of the Panamanian law firm.
But from a cyber security perspective, the lessons are nearly identical either way. At issue here is the massive centralization of data that makes either breach or leakage not only inevitable, but rather convenient. World leaders and executives alike must have a sense of deja vu from the leakage of the NSA documents by Edward Snowden several years ago. From a security perspective, it is baffling in both cases that one individual would have access to such a trove of data. This suggests that the records were not properly segmented, encrypted or subjected to user-level access permissions.
Ransomware: A Vital Course on the Next Big Cyber Threat
Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.
Apple vs FBI: Building a backdoor into the iPhone is like burning the haystack…
I’ve been asked almost 100 times since Apple rejected the FBI’s request to break into the iPhone of the San Bernadino killers on which side I support. I am a firm believer that the most complex problems (this is one of them) deserve the simplest explanations. Here is the simplest way that I can walk you through the argument:
- If your immediate response, like many, is to side with Apple – “Don’t hack into your own operating system, it set’s a bad precedent” – then you have a good strong natural reflex when it comes to privacy. But don’t stop your thinking after your first reaction or thought, as it might be incomplete, because…
Common Phishing Scenarios:
“Your account has been suspended” or “We suspect fraudulent activity on your account” or “You’ve won a contest” or “We owe you a refund”
If you’ve ever received an email, voicemail or text with a message like one of the above, you know how visceral your reaction can be. And chances are very high that the message is a fake.
Just as fishing is one of the oldest occupations around, phishing is one of the oldest scams around. Ever since email was invented, thieves have been phishing to get your information by cleverly impersonating a business or an acquaintance. They hope to trick you into giving out your personal information or opening a link or an attachment that downloads malware onto your computer so that they can gain access all of your data.
Influential Cyber Data Breach 2015
January Data Breach
Premera BlueCross BlueShield
Health insurance company Premera BlueCross BlueShield said in March that it had discovered a breach in January that affected as many as 11.2 million subscribers, as well as some individuals who do business with the company. The breach compromised subscriber data, which includes names, birth dates, Social Security numbers, bank account information, addresses and other information.
February Cyber Breach
In February, a billion-dollar bank cyberheist was discovered, affecting as many as 100 banks around the world. The breaches, discovered by Kaspersky Lab, infiltrated the banks’ networks using tactics such as phishing and gaining access to key resources, including employee account credentials and privileges. The cybercriminal ring, known as Carbanak, then used those credentials to make fraudulent transfers and make hijacked ATM machines appear legitimate as they funneled more than $1 billion into their own pockets.
Anthem revealed a breach in February that exposed 80 million patient and employee records. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email addresses, employment information, income data and more. It said it did not believe banking information was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by hackers.
Come on, admit it. Don’t you feel just a little satisfaction watching 37 million adulterers exposed in the Ashley Madison hack? “They do kind of deserve to be cheated just a bit for being cheaters,” someone in one of my keynote speeches commented.
I’ve had dozens of media requests for interviews and countless more email inquiries from people concerned about the Target data breach. At first, everyone just wanted to know details of how it happened, how big the breach was, and what they should do about it if their credit cards were at risk. Now that the initial shock of it is over, we are on to a bigger question:
How do we keep breach from negatively affecting so many Americans?
Breach will always happen. If it’s digital, it’s hackable. It’s coming to light that the Target breach may have been due to the computer access an HVAC WORKER (no, not an entire company, an individual WORKER) had to Target’s systems. While there is no guaranteed way of preventing fraud, there is a pretty reliable answer out there, and it’s been around for decades. That answer is for the US to finally catch up to more than 80 countries around the world and start using chip and PIN enabled credit cards, also known as EMV, smart cards, or microchip cards.