Posts

A Darker Google: Shodan displays corporate internet privacy weaknesses

When was the last time you checked the internet privacy settings on your photocopier? Chances are your office is more vulnerable than you think.

The search engine Shodan, in operation since 2009, allows anyone to search for all of the public devices we leave connected to the internet around the clock. In addition to desktop computers and laptops, this includes printers, photo copiers, webcams, and more sophisticated equipment like traffic lights, nuclear power plants, air control towers and the electricity grid.

Imagine the prospect of someone gaining access to Laguardia’s air traffic control or Chicago’s power grid because of an unprotected network scanner that is connected to their larger network. Shodan helps hackers find those lonely, forgotten network devices so that they can be used as a back door to breach sophisticated systems. 

Shodan is essentially a search engine for unprotected devices, but Shodan is not the enemy! This search engine is simply pointing out devices that are public and probably shouldn’t be. It is similar to the former website RobMeNow.com that used data from Foursquare.com to point out how ignorant users signal to burglars that they are away from their homes.

Presently, there are checks within the Shodan system designed to prevent ill-meaning users from taking advantage of its capabilities. Searches are limited, even with a full account, and special approval is needed to access all of the system’s functions (though I am not sure how rigorous the approval process actually is). Even so, a trial user can discover devices around the world just waiting to be hacked, as many of these targets have no controls in place (or still have default security settings) for internet privacy protection. 

And the fault lies with the organizations who don’t take the time or dedicate the budget to locking down these loopholes. Unfortunately, the costly price tag also falls to the same organization who refuses to pay attention.

However, even a trial user can discover devices from around the world with an easy search, and many of these are the sorts of things that have no internet privacy protection whatsoever. 

Why let an unguarded camera or heating system in your office allow hackers into your entire network when these devices are so easy to lock down?

Take a minute to search for your company’s devices on Shodan, and then hire an expert to lock them down.

John Sileo is an internet privacy expert and in-demand speaker on privacy, cyber security and online protection. His clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Google drove by your house and took down your information without you knowing…

It's not just hackers that make a habit of scooping your information. Google has had a notoriously dodgy record when it comes to user internet privacy – and some think it might have finally gone too far. 

At this point, most of us accept that the marketplace is watching us all the time, or else we remain blissfully ignorant. Ads that respond to your browsing history are one thing, though: a company driving through your neighborhood and stealing your data is another. Thirty-eight states brought a case against the internet search giant recently for violating data privacy. Google has been charged a $7 million fine and will supposedly take efforts to stay further from user information. In the meantime, this action should serve as a reminder of how available your passwords, email conversations, and messages are.

What did Google do, exactly? Well, in creating its Street View mapping system, it sent wired cars traveling down roads and through neighborhoods across the country to take pictures. But while it was doing that, it was also pilfering data from the unencrypted routers of businesses and families, who remained completely oblivious. And though the company has said it's sorry, the impending arrival of "Google Glass" which will effectively stick a recording device on everyone's face, has privacy advocates worried, especially since Google already racked up a fine from the FTC of more than $22 million last year. Remember: every email, call, and text you send is being monitored. 

Businesses, medical centers, homes – how many go by every day with their information exposed?

The danger isn't just that our online privacy is at risk. It's that we don't know it is, or even worse, we don't care. Those who plunder your digital storehouse can take advantage of your apathy or cluelessness. It's up to us to make sure we take the right precautions and not lose our passion for protecting our assets – and our money. 

John Sileo is an online privacy expert and keynote speaker on digital security, identity theft and social media. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  

Digital Reputations Are Quickly Becoming Currency in the Business World

Are we entering an age where one’s digital reputation is a form of career currency – or are we already there?

That is the subject of an article in Forbes last month that gets some things right and others wrong. It absolutely seems like online histories and reputations could become more important than resumes, portfolios and credit scores.

Our digital footprints are already considered by others when determining if they want to hire or do business with us. And many people don’t even have a traditional resume anymore, but have substituted it with a LinkedIn profile.

Forbes goes through a handful of questions and offers its own answers on the topic. Yes, everything we do on the Web, from Facebook to Twitter to LinkedIn, is becoming more and more connected, meaning that they influence one another as well as how others perceive us. But, there are a few things that the article misses the mark on.

For example, it says “use only the most secure sites for online transactions; and put all settings on the most restrictive possible.” It goes on to add that certain information will likely still seep out for companies to grab and use to target ads or other initiatives at you. But look at the holes in what the article says.

How do you know if a site qualifies as secure before conducting online transactions? And if a social media or other online platform has horrendous privacy settings, how does setting them to “the most restrictive possible” do you any good?

We don’t need generic rules to follow. Instead, we must cultivate a better understanding of internet privacy and online reputation management, so that we can take the steps necessary to protect ourselves. This doesn’t just apply to individuals, but businesses as well. Just like employers evaluate current and prospective employees through the lens of their digital reputations, so do consumers judge companies from which they might purchase goods and services.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Do Free Email Services Cut The Legs Out From Under Users' Online Privacy?

How secure do you think your email really is? Would you be surprised to learn that your inbox is scanned regularly, and not just by you?

Microsoft recently launched its humorously titled “Don’t Get Scroogled by Gmail” media campaign. The company commissioned a study that showed that 70 percent of consumers are unaware that free email service providers, such as Google, routinely scan their emails for information that allows them to deliver targeted advertisements.

Furthermore, 88 percent of respondents said they were opposed to this practice once they became aware of it. Now yes, Microsoft has an ulterior motive here. They’re not so much dedicated to your privacy as they are looking to convince users to switch from Gmail to Outlook. Let’s also not forget that Microsoft has long offered its own free email service, the all-but-forgotten Hotmail.

Google quickly responded to the media campaign taking swipes at Gmail with a statement of its own.

“No humans read your email or Google Account information in order to show you advertisements or related information. An automated algorithm – similar to that used for features like Priority Inbox or spam filtering – determines which ads are shown.”

Look, whether your emails are being read in secret by a shady-looking guy with a sinister grin and the menacing laugh of a super villain or an “automated algorithm,” the fact remains that you are not the only one privy to the contents of your inbox.

And if you fail to use password best practices and leave your accounts vulnerable to hackers and fraudsters as well, the fallout will be the cyber equivalent of a nuclear detonation. Just ask the Bush family, who had multiple family accounts hacked in the past few days and have seen very private information exposed. Your online privacy will be crippled and data security non-existent. This can prove especially damaging if you use your email accounts for relaying sensitive business-related info. This isn’t just a problem for individuals, but for businesses, whose employee behaviors can undermine the security of the organization.

So, how can you protect your internet privacy? It’s best to take the “G.I. Joe” approach – knowing is half the battle. If you don’t actively read terms and conditions agreements and know exactly what you’re letting your service providers access, how can you know when they go too far?

John Sileo is an data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Facebook claims to offer 'transparency' about targeted ads

Facebook will now identify ads that have been targeted at users based on browser histories, ZIP codes and other data that advertisers collect. This is just a glimpse into the information floating around the Web about us.

According to a recent article in VentureBeat, a little blue triangle over an ad on Facebook will denote that it has been targeted for you specifically. But, don’t get too excited about this supposed transparency just yet.

For starters, it doesn’t reveal the specific information that led the advertisers to target you, nor does it specify how they obtained it. Furthermore, you have to jump through more than one hoop to even see the little blue triangle.

As the news source explains, you first must mouse over the ad itself, at which point you’ll see a little grey X in the top right corner. Then you have to mouse over that icon in order to see if the triangle appears. While users may indulge in this for a little while at first, they’ll likely forget about it or not care enough to continue the mouse-over mambo.

“At Facebook, we work hard to build transparency and control into each of our products, including our advertising offerings,” Chief Privacy Officer Erin Egan told VentureBeat. “Today we’re proud to provide an additional way for marketers to communicate important privacy information to users …”

But is this really transparency? Again – they’re not telling you what specifically made them hit you with an advertisement. They’re not providing details about how they collect data that determines what ads show up on your Facebook feed.

As we delve deeper into the digital age, companies will often use smokescreen tactics to make it appear as if they are protecting your online privacy. It’s important that we don’t let these actions distract us from actually reading terms and conditions agreements and privacy policies. If you put your internet privacy in the hands of companies like Facebook or Google, you might as well post all your account passwords online while you’re at it.

John Sileo is a digital reputation expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

FTC chairman resigns, but online privacy threats persist

Word broke last week that the chairman of the Federal Trade Commission (FTC), Jon Leibowitz, will step down from his post in mid-February.

During his four-year run, Leibowitz brought cases against two of the internet’s biggest companies – Google and Facebook – for violating their own privacy policies. He also spent time working on the expansion of the Children’s Online Privacy Protection Act.

An article in The New York Times cites several political figures with varying stances on his performance as the FTC’s chief. Most of the attention, however, has been focused on his actions to curb unfair competition practices in the United States.

While this is obviously the main focus of the FTC, it is frightening that online privacy is treated as the red-headed stepchild of the head of the FTC’s duties. As companies like Google, Facebook and Apple continue to grow in gargantuan leaps and bounds, their business practices are inextricably interwoven with online privacy rights.

This issue should be a top priority of far more people in power than it actually is. And while there are sure to be countless politicians willing to line up and say they care deeply about the topic, far fewer would be able to stand up and say they have done something significant to improve internet privacy.

Like the World Wide Web itself, everything is connected. Breakdowns in online privacy protections weaken our ability to prevent identity theft. When one person is compromised, the company he or she works for is then exposed, as are friends, family and their employers.

Since, unfortunately, we cannot rest on our laurels and wait for politicians to take proper steps, especially when the priorities in the halls of politics are focused on beating the other side, we must take a proactive stance. Take responsibility for training yourself and your company on how to keep vital sensitive information from leaking out through digital devices and online relationships.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.