hacking - Blog - Global Risk Community2024-03-29T08:49:16Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/hackingCPE | Think Like a Hacker to Identify Gaps in Your IT Security Posturehttps://globalriskcommunity.com/profiles/blogs/cpe-think-like-a-hacker-to-identify-gaps-in-your-it-security-post2023-02-24T08:50:00.000Z2023-02-24T08:50:00.000ZGlobalRiskCommunityhttps://globalriskcommunity.com/members/GlobalRiskCommunity<div><div id="preheader" style="display:none;font-size:1px;line-height:1px;max-height:0px;max-width:0px;opacity:0;overflow:hidden;">Gain 1.5 CPE Credits</div>
<p><span style="font-family:arial, helvetica, sans-serif;"><span style="font-size:11pt;line-height:1.5;">Hi Global Risk Community member ,</span></span></p>
<p><span style="font-size:11pt;"><span style="font-family:arial;">Join us next month for: <a href="https://www.brighttalk.com/webcast/5586/564248?utm_source=GRC">Think Like a Hacker: Tactics to Identify Gaps in Your IT Security Posture </a> </span></span><span style="font-size:11pt;"><span style="font-family:arial;">on Thursday, March 16th at 1pm Eastern. </span></span></p>
<p><span style="font-size:11pt;"><span style="font-family:arial;">Cybersecurity is one of the largest concerns facing businesses today and hackers continuously develop diverse ways of penetrating your cybersecurity defences. Learn how to think like a hacker and protect your systems and data from cyber threats by taking proactive measures, including: </span></span></p>
<ul>
<li><span style="font-size:11pt;"><span style="font-family:arial;">Conducting thorough investigations of your systems by “footprinting” your entire system, </span></span></li>
<li><span style="font-size:11pt;"><span style="font-family:arial;">Running penetration tests to identify the vulnerabilities that exist, </span></span></li>
<li><span style="font-size:11pt;"><span style="font-family:arial;">Performing gap analysis to catch and close gaps as quickly as they open, across both your own systems or that of third-party vendors, </span></span></li>
<li><span style="font-size:11pt;"><span style="font-family:arial;">Creating a culture of cybersecurity with security awareness training to reduce the risk posed by your employees. </span></span></li>
</ul>
<p><span style="font-size:11pt;"><span style="font-family:arial;">We will provide <strong>1.5 CPE Credits</strong> and additional resources to attendees on the live program. If you'd like to attend please <a href="https://www.brighttalk.com/webcast/5586/564248?utm_source=GRC">confirm your position</a> and share with any colleagues who may also be interested, and if you can't make it, register and we'll send you a link to the replay. </span></span></p>
<p><span style="font-size:11pt;"><span style="font-family:arial;"><span style="font-size:11pt;"><span style="font-family:arial;"><span style="line-height:1.5;">I hope to see you there!</span></span></span></span></span></p>
<p><span style="font-size:11pt;"><span style="font-family:arial;"><span style="font-size:11pt;"><span style="font-family:arial;">Kelley Vick<br /> Event Host<br /> IT GRC Forum </span></span> </span></span></p>
<p> </p></div>A Guide to How Hackers Hackhttps://globalriskcommunity.com/profiles/blogs/a-guide-to-how-hackers-hack2019-12-27T18:05:13.000Z2019-12-27T18:05:13.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>You have surely heard of hackers, but do you really know how they work? Hackers are well known for being bad guys, though there are certainly good hackers out there too. Here’s a brief guide to help you understand how a hacker can hack:</p><p><strong><img class="img-right align-right" src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/The-Dark-Web-Black.jpg" width="300" height="219" alt="The-Dark-Web-Black.jpg" />Directions for Hacking are Easy to Come By</strong></p><p>Hackers don’t have to look far for help, especially if they don’t know much about hacking. First is a well-known website known as Kali Linux. It has a ton of tools available for hackers, and the site features many links to other hacking resources. Of course, people who want to hack often go to YouTube, and there are more than 300,000 videos there that teach people how to hack. There are also thousands of other websites out there with easy to follow hacking instructions, and you can find them in about a minute.</p><p><strong>Software is Easy to Find, too</strong></p><p>Directions for hacking is one part of it, but there is also software available that makes the job of hacking quite easy. Here are some of the options available:</p><ul><li>Cain & Able – This tool helps a hacker intercept traffic on a network, and then can use that information to get passwords, which helps them get into accounts. More than 400,000 people have downloaded this software.</li><li>Burp Suite – Hackers use this tool to map out the structure and pages of a website, and then they use the information to attack the site.</li><li>John the Ripper – People use this tool for dictionary attacks. Basically, it takes text strings, encrypts them, and then uses the information for an attack.</li><li>Angry IP Scanner – This is a free tool that allows the user to scan a network for open ports. Once they find one, they can easily gain access.</li></ul><p><strong>Hackers Also Use Hardware</strong></p><p>In addition to downloading software for hacking, it’s also possible for hackers to use hardware. One is called Wi-Fi Pineapple, which is a small, portable object that the hacker can use with any hotspot. They use it to find a laptop that is searching for an access point. Once the Pineapple sees an open connection, the hacker can read texts, emails, and see what websites you are viewing.</p><p><strong>Protect Yourself from Hacks</strong></p><p>There are many things that you can do to protect yourself from hackers. First, make sure you are using an encrypted website, one with HTTPS instead of HTTP in the address. Also, consider using a VPN when browsing. This encrypts your data so a hacker cannot read it. There’s a ton more to do. Go here:<span> </span><a href="https://safr.me/blog/">https://safr.me/blog/</a></p><p>ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of<span> </span><a href="https://creditparent.com/" target="_blank">CreditParent.com</a>, the architect of the<span> </span><a href="https://protectnowllc.com/" target="_blank">CSI Protection</a><span> </span>certification; a Cyber Social and Identity Protection<span> </span><a href="https://safr.me/actnow/" target="_blank">security awareness training</a><span> </span>program.</p></div>Hackers Hacking Airport USB Portshttps://globalriskcommunity.com/profiles/blogs/hackers-hacking-airport-usb-ports2019-06-27T13:31:10.000Z2019-06-27T13:31:10.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Have you ever wondered if it’s a good idea to surf the internet using a public WiFi network at the airport? It’s heavily trafficked, so it’s more likely that your information could get stolen, right? In some cases, it is safe to use public WiFi; your information isn’t always entirely at risk if you’re connecting to the airport network but there are definitely vulnerabilities. And, when at the airport, you may want to rethink the urge to plug in your phone using one of the USB charging stations near the gate.</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/4W.jpg" alt="" width="275" height="301" align="right" /></p><p>It is possible that cybercriminals could use those stations to download your personal data or install malware onto your device without your knowledge or consent. It’s a crime that’s being called <strong><em>juice jacking</em></strong>.</p><p>The IBM Security X-Force Threat Intelligence sector, says that using a public USB port for charging is similar to finding a toothbrush in the street and making the decision to put it in your mouth. You don’t know where the toothbrush has been, and the same applies to that USB port. You don’t know who used it before you and may not be aware that these USB ports can pass along data.</p><p>While it is possible for this to happen, it’s not necessarily an epidemic, and there isn’t a reason to panic just yet. There haven’t been widespread reports that juice-jacking has happened in airports (or anywhere else.) However, it could be happening without people knowing, which means it could be a significant issue, and no one knows it yet.</p><p>If you don’t like the idea of cybercriminals stealing your information and want to stay safe, do this:</p><p><strong>Prevent Juice Jacking</strong></p><ul><li>Before leaving your house, make sure your phone is fully charged if possible.</li><li>Buy a second charger that stays with you or in your car at all times, and make a habit of keeping your phone charged while you drive.</li><li>Of course, there will be times when you’re out and about, and before you realize it, your device has gotten low on power. And it’s time to hunt for a public charging station.</li><li>Have a cord with you at all times. This will enable you to use a wall socket.</li><li>Turn off your phone to save batt. But for many people, this will not happen, so don’t just rely only on that tactic.</li><li>Plug your phone directly into a public socket whenever you can.</li><li>If you end up using the USB attachment at the station, make a point of viewing the power source. A hidden power source is suspicious.</li><li>If bringing a cord with you everywhere is too much of a hassle, did you know you can buy a power-only USB cord on which it’s impossible for any data to be transferred?</li><li>Another option is an external battery pack. This will supply an addition of power to your device.</li><li>External batteries, like the power-only USB cord, do not have data transfer ability, and thus can be used at any kiosk without the possibility of a data breach.</li><li>Search “optimize battery settings” iPhone or Android and get to work.</li></ul><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>Do Not take that Stupid Facebook Quizhttps://globalriskcommunity.com/profiles/blogs/do-not-take-that-stupid-facebook-quiz2018-10-11T13:54:45.000Z2018-10-11T13:54:45.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Where should you live in the world? What <em>Game of Thrones</em> family are you in? What is the food that best describes your personality? All of these answers are given and found by doing quizzes on Facebook. You have surely seen them if you use Facebook, and have may have taken these quizzes, but you definitely might want to consider stopping. If you have ever used one of these quizzes, you have probably given these third-party apps permission to access some of your personal data. Not only does this affect you, it might also affect the people on your friends list. How does it affect you? These answers can sometimes crack password reset questions,</p><p><img src="https://activerain.com/image_store/uploads/agents/robertsiciliano/files/FB-scurity.jpg" alt="" width="300" height="200" align="right" /></p><p>Here are some tips that you can use to protect yourself:</p><p><strong>Use Two-Factor Authentication –</strong> Almost all social media sites offer two-factor authentication. This allows you to further lockdown your accounts, as you won’t be able to sign in with only a password. Instead, you need a password and a code, which is often sent to you via text message. So, no one can log into your account even if they have your password, unless they also have access to your phone and texts.</p><p><strong>Stop Taking Quizzes –</strong> The best thing you can do to protect yourself is to stop taking those quizzes. Though they look innocent enough, every click gives the company information on you. It’s true that not all companies collect your personal info, but you really have to do some digging in the terms of service to see if they do or not.</p><p><strong>Check Your Privacy Settings –</strong> When is the last time you reviewed your privacy settings on Facebook? If you are like most of us, it’s probably been awhile. So, take some time to log in and do this. If you need a tip, choose to only share with yourself by clicking “Only Me” on all of the settings. That’s the safest, but after all, this is SOCIAL media, so you might want to pick and choose.</p><p><strong>Look at What You Share –</strong> You should also look in your app security to find out what you are sharing with third-parties. You might be surprised at what you see.</p><p><strong>Delete Old Accounts –</strong> Finally, make sure that you take a look at, and delete, any old social media accounts. If you don’t want to delete it, at a minimum, change your password. Also, Google yourself and see what accounts come up. If you can find it, you can bet that a hacker can.</p><p><a style="color:#f30e0e;" href="https://safr.me/meet-robert/" target="_blank">Robert Siciliano</a> personal security and <a style="color:#f30e0e;" href="https://safr.me/blog/2018/03/16/identity-theft-advice/" target="_blank">identity theft expert</a> and speaker is the author of <a style="color:#f30e0e;" href="https://www.amazon.com/Identity-Theft-Privacy-Protection-Prevention-ebook/dp/B07FT67BMC/ref=sr_1_3?s=digital-text&ie=UTF8&qid=1535732363&sr=1-3&keywords=Robert+Siciliano&dpID=51hWnD29JtL&preST=_SY445_QL70_&dpSrc=srch" target="_blank">Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud</a>. See him knock’em dead in this <a style="color:#f30e0e;" href="https://youtu.be/2m3Ra6ROPeA" target="_blank">Security Awareness Training</a> video.</p></div>How To Get Knowledge About The Certified Ethical Hackerhttps://globalriskcommunity.com/profiles/blogs/how-to-get-knowledge-about-the-certified-ethical-hacker2018-01-30T09:23:20.000Z2018-01-30T09:23:20.000ZSushant Katochhttps://globalriskcommunity.com/members/SushantKatoch<div><p>Certified ethical hacker training is commonly denoted as the course that teaches you to break through your own or your company’s computer/s in a legitimate and official manner to find out the existent vulnerabilities and to assess the safety bearing of the target system. Certified ethical hackers use the same tools and knowledge that malicious attackers exploit and execute the indicated defensive, counteractive and protective actions to protect the system from any breach in future.</p><p>The ethical hacking course is vendor-neutral certification, so you would be able to safeguard different systems irrespective of their make. The course gives you an opportunity to delve into various hacking approaches and techniques. Globally, CEH certification is provided by EC-council through their authorized training centres. Several universities and private computer colleges offer courses and programs featuring CEH training that align with the certified ethical curriculum prescribed by EC-Council.</p><p><span style="font-size:14pt;"><strong>Knowledge about Certified ethical hacker training</strong></span></p><p>The course is a combination of academic material and practical skills enabling you to discover the working and activities of a hacker. The training commences with theoretical explanations of particular techniques incorporated in the subject followed by a hands-on illustration in the art lab. The objective of the ethical hacking course is to:</p><ol><li>Ascertain and administer basic standards for licensing professional information security experts in the ethical hacking process.</li><li>Notify the agencies or employers that certified individuals fulfil or surpass the basic standards.</li><li>Strengthen awareness about ethical hacking as a self-governing and distinctive profession.</li><li>Train students to classify and break several kinds of passwords, and successfully neutralize password hacking.</li><li>Teach encryption and cryptography techniques, and confidential/communal key infrastructure.</li><li>Inform about widespread cyber-attacks, for instance, phishing, social engineering, identity breach, URL obfuscation, insider attacks, Trojans, dumpster pitching, etc.</li><li>Instruct learners to abide by the code of ethics regulating professional demeanour and the correctness of hacking.</li></ol><p><span style="font-size:14pt;"><strong>What are the prerequisites for this certification?</strong></span></p><p>The <a href="https://www.koenig-solutions.com/ceh-v8-certified-ethical-hacker-training-course.aspx" target="_blank">ethical hacker training certification</a> is aimed at fortifying the functional knowledge of security officials, auditors, site managers, and professionals who are involved in maintaining the integrity of the infrastructure network. Although there are no prerequisites for this certification but, basic knowledge of telecommunications, networking and computer systems is greatly recommended. The minimum age for appearing for the exam or applying for the training is restricted to no less than 18 years. Thus, candidates who fall in the right age category and possess relevant networking knowledge can apply for the course and complete their certification.</p><p>The ethical hacking credential is one of the most sought-after certifications of EC-Council. The certified experts can seek a wide scope of job titles including network security specialist, penetration tester, ethical hacker, security specialist, site manager and auditor. In addition to the important business job opportunities, CEH certification opens gateways to rewarding security recruitments to the government run IT sector positions. The credential is an acknowledgement of your skills to work as an ethical hacker independently or with companies by having privileged access to vulnerable information.</p><p><strong>Also Read</strong> :- <a href="http://blog.koenig-solutions.com/2017/05/24/career-opportunities-after-doing-ceh-certification/" target="_blank">Career Opportunities after Doing CEH Certification</a></p></div>Hacking Humans is Painfully Easyhttps://globalriskcommunity.com/profiles/blogs/hacking-humans-is-painfully-easy2016-06-28T14:26:22.000Z2016-06-28T14:26:22.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Hackers can take over someone’s life in a matter of hours. Just ask Patsy Walsh.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/11D.jpg" alt="" width="300" height="228" align="right" /></p><p>Though she is not a tech savvy person, the grandmother of six did have a Facebook account, and that was all the hackers needed to take over her life. By using methods such as click baiting, the act of convincing someone to click on a fake link, and then gathering information, the hackers were able to use this info to get into other accounts, and eventually hacked things such as her power of attorney form, Social Security information and learned how to open her garage door and her home.</p><p>How did they do this? Mrs. Walsh used the same password for all accounts and did not use recommended security measures.</p><p>Fortunately, Mrs. Walsh’s life wasn’t ruined. Instead, this <a style="color:#bb0000;" href="http://mobile.nytimes.com/blogs/bits/2015/10/14/hackers-prove-they-can-pwn-the-lives-of-those-not-hyperconnected/">hacking was set up</a> by the New York Times and a private company made up of “ethical hackers”, yes there is such a thing, to show just how easy it is to gain access to someone’s digital life.</p><p><strong>Computers Are Gold Mines of Important Information</strong></p><p>When the team of ethical hackers gained access to Mrs. Walsh’s computer, they found a number of malicious programs running in the background. Examples include InstallBrain, a program that will download programs on demand, and programs such as SlimCleaner, SearchProtect and FunWebProducts, which can spy on Internet searches, change home pages and gather information through click baiting. More than likely she downloaded some lame tool bar that added all this bloatware. Keep in mind, Mrs. Walsh was only visiting sites such as Google and Facebook, sites that most of us visit several times a day.</p><p><strong>Stopping the Hackers in Their Tracks</strong></p><p>We can all learn lessons from Mrs. Walsh’s experience. Here are some things that she could have done to avoid this from occurring, and things you should do to remain safe:</p><ul><li>Use a password manager to keep track of long or complicated passwords, and use a different password for every account.</li><li>Use a two-step authentication service, one that asks for a second password when an unrecognizable machine attempts to access an account.</li><li>Use automatic updates for services such as browser updates or operating system updates.</li><li>Wipe the computer clean if necessary, then start employing these new practices.</li><li>Stop downloading stupid useless tool bars that are often delivery methods for crappy software.</li><li>Pay attention to what you are downloading and why. Even when you are updating software, look for any checked boxes that install bloatware.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Hackers hacking Banks big timehttps://globalriskcommunity.com/profiles/blogs/hackers-hacking-banks-big-time2016-06-21T14:01:56.000Z2016-06-21T14:01:56.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>“Anonymous” is an activist hacking group that has recently boasted that it will engage in 30 days of cyber assaults against “all central banks,” reports an article on cnbc.com.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/2D.jpg" alt="" width="320" height="214" align="right" /></p><p>And their bite is as big as their bark, as this announcement came soon after several major banks around the world were struck—and Anonymous proudly claimed credit. The banks that were apparently breached by Anonymous include:</p><ul><li>Bangladesh Central Bank</li><li>National Bank of Greece</li><li>Qatar National Bank</li></ul><p>Anonymous put up their plans on a YouTube video: a “30-day campaign against central banks around the world.” The hacking group calls their endeavor Operation Icarus, bragging about how they crumbled the Bank of Greece with a denial of service attack.</p><p>Anonymous has stated that it will target the following financial institutions:</p><ul><li>Visa</li><li>MasterCard</li><li>Bank for International Settlements</li><li>London Stock Exchange</li><li>And of course, “all central banks” and “every major banking system”</li></ul><p>Anonymous has a real gripe against banks, because they further state, “We will not let the banks win,” continues the report at cnbc.com. The hacking group wants everyone to know that their operation will be “one of the most massive attacks” ever committed in Anonymous’s history.</p><p>The article adds that another media outlet, <em>Gulf News</em>, reports that the hackers who infiltrated Qatar National Bank attacked yet another bank and intend on making the stolen data public for this second attack—very soon. It’s possible that this leaked data will be used for ransom.</p><p>For you, every day bank customer, don’t worry about any of this, BUT, always pay close attention to bank activity and make sure all transactions have been authorized by you. Sign up for alerts and notifications via text and email so you see every transaction in real-time.</p><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>How the FBI hacks Youhttps://globalriskcommunity.com/profiles/blogs/how-the-fbi-hacks-you2016-06-10T14:27:33.000Z2016-06-10T14:27:33.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>In a recent <a href="https://www.wired.com/2016/05/history-fbis-hacking/">Wired.com</a> expose’, they expose how the FBI has been secretly hacking civilian computers for about 20 years, but thanks to Rule 41, their ability to hack has been expanded.</p><p><img src="http://robertsiciliano.com/wp-content/uploads/2014/01/11D-300x228.jpg" width="300" height="228" align="right" alt="11D-300x228.jpg" /></p><p>Nevertheless, effective record keeping for these hacking incidents doesn’t exist. For instance, search warrants that permit hacking are issued using elusive language, and this makes it difficult to keep track of when the feds hack.</p><p>Also, it’s not required for the FBI to submit any reports to Congress that track the FBI’s court-sanctioned hacking incidents—which the FBI would rather term “remote access searches.”</p><p>So how do we know this then? Because every so often, bits of information are revealed in news stories and court cases.</p><p><strong>Carnivore</strong></p><ul><li>Carnivore, a traffic sniffer, is the FBI’s first known remote access tool that Internet Service Providers allowed to get installed on network backbones in 1998.</li><li>This plan got out in 2000 when EarthLink wouldn’t let the FBI install Carnivore on its network.</li><li>A court case followed, and the name “Carnivore” certainly didn’t help the feds’ case.</li><li>Come 2005, Carnivore was replaced with commercial filters.</li></ul><p>The FBI had an issue with encrypted data that it was taking. Thanks to the advent of keyloggers, this problem was solved, as the keylogger records keystrokes, capturing them before the encryption software does its job.</p><p><strong>The Scarfo Case</strong></p><ul><li>In 1999 a government keystroke logger targeted Nicodemo Salvatore Scarfo, Jr., a mob boss who used encryption.</li><li>The remotely installed keylogger had not yet been developed at this time, so the FBI had to break into Scarfo’s office to install the keylogger on his computer, then break in again to retrieve it.</li><li>Scarfo argued that the FBI should have had a wiretap order, not just a search warrant, to do this.</li><li>The government, though, replied that the keylogger technology was classified.</li></ul><p><strong>Magic Lantern</strong></p><ul><li>The Scarfo case inspired the FBI to design custom hacking tools: enter Magic Lantern, a remotely installable keylogger that arrived in 2001.</li><li>This keylogger also could track browsing history, passwords and usernames.</li><li>It’s not known when the first time was that Magic Lantern was used.</li></ul><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Beware of Amazon's scary Customer Service Hackhttps://globalriskcommunity.com/profiles/blogs/beware-of-amazon-s-scary-customer-service-hack2016-03-03T14:03:54.000Z2016-03-03T14:03:54.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Do you shop at Amazon.com? Are you aware they have a back door through which hackers can slip in?</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/11D.jpg" alt="" width="300" height="228" align="right" /></p><p>Let’s look at Eric’s experience with hackers and Amazon, as he recounts at <a style="color:#bb0000;" href="https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.ifitcmvm9">medium.com/@espringe</a>.</p><p>He received an e-mail from Amazon and contacted them to see what it was about. Amazon informed him that he had had a text-chat and sent him the transcript—which he had never been part of.</p><p>Eric explains that the hacker gave Eric’s <em>whois.com</em> data to Amazon. However, the whois.com data was partially false because Eric wanted to remain private.</p><p>So Eric’s “fake” whois.com information wasn’t 100 percent in left field; some of it was true enough for the customer service hack to occur, because in exchange for the “fake” information, Amazon supplied Eric’s real address and phone number to the hacker.</p><p>The hacker got Eric’s bank to get him a new copy of his credit card. Amazon’s customer service had been duped.</p><p>Eric informed Amazon Retail to flag his account as being at “extremely high risk” of getting socially engineered. Amazon assured him that a “specialist” would be in contact (who never was).</p><p>Over the next few months, Eric assumed the problem disintegrated; he gave Amazon a new credit card and new address. Then he got another strange e-mail.</p><p>He told Amazon that someone was impersonating him, and Amazon told him to change his password. He insisted they keep his account secure. He was told the “specialist” would contact him (who never did). This time, Eric deleted his address from Amazon.</p><p>Eric became fed up because the hacker then contacted Amazon by phone and apparently got the last digits of his credit card. He decided to close his Amazon account, unable to trust the giant online retailer.</p><ul><li>Frequently log into your account to check on orders. See if there are transactions you are unaware of. Look for “ship to” addresses you didn’t authorize.</li><li>Amazon’s customer support reps should be able to see the IP address of the user who’s connecting. They should be on alert for anything suspicious, such as whether or not the IP address is the one that the user normally connects with.</li><li>Users should create aliases with their e-mail services, to throw off hacking attempts. In other words, having the same email address for all your online accounts will make it easy for them to be compromised.</li><li>If you own domain names, check out the “whois” info associated with the account. It may be worth making it private.</li></ul><p>Be very careful when sharing information about yourself. Do not assume that just because a company is a mega giant (like Amazon), it will keep your account protected from the bad guys.</p><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>How to recycle Old Deviceshttps://globalriskcommunity.com/profiles/blogs/how-to-recycle-old-devices2016-01-21T14:10:04.000Z2016-01-21T14:10:04.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: <em>Out of site, out of mind, into criminal’s hands</em>.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/7W.jpg" alt="" width="328" height="200" align="right" /></p><p>Your discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.</p><p>Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.</p><p>Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.</p><p>Only 25 states have e-waste recycling laws. And only <em>some</em> e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.</p><p>Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.</p><p>To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.</p><p>I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.</p><p>The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.</p><p><strong>What to Do</strong></p><ul><li>If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:</li></ul><p>Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3<sup>rd</sup> party software to accomplish this.</p><ul><li>If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.</li><li>Or send it to a reputable recycling service for purging.</li></ul><p>Robert Siciliano is an identity theft expert to <a style="color:#bb0000;" href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a style="color:#bb0000;" href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a></p></div>Beware of those hackable Holiday Giftshttps://globalriskcommunity.com/profiles/blogs/beware-of-those-hackable-holiday-gifts2016-01-12T14:20:14.000Z2016-01-12T14:20:14.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>If you’re going to drone on and on about how you got hacked by a cyber thief, maybe it’s because you played with your new drone—you know, those rad little flying devices that hover via remote control over your street? Yes, they are hackable.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/5W.jpg" alt="" align="right" height="305" width="250" /></p><p>If you don’t have a drone, don’t be surprised if you get one as a gift this season, as Americans are spending tens and tens of millions of dollars on them.</p><p>First off, if you spot a drone, before you go, “Wow, cool, there’s a drone! Kids, come look at this!” consider the possibility that it’s spying on you.</p><p>Drones can be connected to the Internet and also have a camera—two ways the cyber crook could spy on you. If something is connected through Wi-Fi, it can hacked, and this includes wireless Bluetooth.</p><p>So this means that your drone or your kids’ drone could get hacked into. To guard against this, you must continually keep its firmware updated, and use a password-protected Wi-Fi.</p><p>So even though the drone is your nine-year-old’s “toy,” it’s a potential gateway for hackers to slither their way into your bank account, medical records and online accounts. And since the drone can be the hacker’s portal, so can your child’s other remote controlled, Wi-Fi connected devices.</p><p>Every device, even a remote controlled car that’s connected to Wi-Fi, should at a minimum have the latest software updates or in some cases have security software to protect against viruses and other malware and also phishing scams.</p><p>And it’s not just thieves who want to hack into your personal affairs to get your money. A hacker may be a pedophile, seeking ways to find victims.</p><p>A hacker could get in even through an application you just downloaded. Before downloading anything, you should read what the app has access to. You may be unknowingly granting permission for the app to access e-mails or turn on cameras.</p><p>Anything that’s “smart” – not just the smartphone, smartdrone, Ebook or tablet – can be a portal to a cybercriminal. This means that smartwatches are on this list. So are those fitness trackers you put on your arm. A hacker could get into your phone via that device on your upper arm that’s tracking your heart rate.</p><p>So before you do the “cool!” thing, first do the “security!” thing. Be mindful of what you purchase and the measures you take to protect it.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>How to prevent your Pics from being lifted: Part 1 of 2https://globalriskcommunity.com/profiles/blogs/how-to-prevent-your-pics-from-being-lifted-part-1-of-22015-10-13T14:09:08.000Z2015-10-13T14:09:08.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>You need not be a celebrity or some big wig to suffer the devastating fallout of your online images (and videos) being stolen or used without your permission.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/10D.jpg" alt="" align="right" height="300" width="300" /></p><p>So how does someone steal your image or use it without your permission?</p><p><strong>Hacking</strong></p><ul><li>Hacking is one way, especially if passwords are weak and the answers to security questions can easily be figured out (e.g., “Name of your first pet,” and on your Facebook page there’s a picture of you: “My very first dog, Snickers”).</li><li>Malware can be installed on your device if the operating system, browser or security software is out of date.</li><li>But hackers may also get into a cloud service depending on their and your level of security.</li></ul><p><strong>Cloud Services</strong></p><ul><li>In 2014, the images of celebrities and others were stolen from their iCloud accounts. At the time, two factor authentication was not available to consumers.</li><li>Apple did not take responsibility, claiming that the hackers guessed the passwords of the victims. This is entirely possible as many use the same passwords for multiple accounts. It is reported that Jennifer Lawrence’s and Kate Upton’s passwords really <em>were</em> <strong>123qwe</strong> and <strong>Password1</strong>, respectively.</li></ul><p><strong>Social Media</strong></p><ul><li>Got a pretty avatar for your Facebook page? Do you realize how easy it is for someone to “Save image as…”?</li><li>Yup, someone could right-click on your provocative image, save it and use it for some sex site.</li><li>And it’s not just images of adults being stolen. Images of children have been stolen and posted on porn sites.</li><li>Stolen photos are not always racy. A stolen image could be of an innocent child smiling with her hands on her cheeks.</li><li>The thief doesn’t necessarily post his loot on porn or sex sites. It could be for any service or product. But the point is: Your image is being used without your authorization.</li></ul><p><strong>Sexting</strong></p><ul><li>Kids and teens and of course adults are sending sexually explicit images of each other via smartphone. These photos can end up anywhere.</li><li>Applications exist that destroy the image moments after it appears to the sender.</li></ul><ul><li>These applications can be circumvented! Thus, the rule should be never, ever, ever send photos via smartphone that you would not want your fragile great-grandmother or your employer to view.</li></ul><p><strong>How can you protect your digital life?</strong></p><ul><li>Long, strong passwords—unique for every single account</li><li>Change your passwords regularly.</li><li>Firewall and up-to-date antivirus software</li><li>Make sure the answers to your security questions can’t be found online.</li><li>If any of your accounts have an option for two-factor authentication, then use it.</li><li>Never open attachments unless you’re expecting them.</li><li>Never click links inside e-mails unless you’re expecting them.</li></ul><p>Stay tuned to Part 2 of <strong>How to prevent your Pics from being lifted to learn more.</strong></p><p>Robert Siciliano is an identity theft expert to <a href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Cheating Website hacked hardhttps://globalriskcommunity.com/profiles/blogs/cheating-website-hacked-hard2015-09-23T14:25:39.000Z2015-09-23T14:25:39.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Bad guys hacked bad guys. Hmmm, whose side should we take?</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/2D.jpg" alt="" align="right" height="214" width="320" /></p><p>Ashleymadison.com got hacked. This site helps and suggests married people cheat. The hack threatens millions of users, potentially revealing their credit card information, addresses, real names, pictures and content of their chat logs.</p><p>This dating site has 37 million users and is owned by Avid Life Media. Their other sites, Established Men and Cougar Life, were also hacked.</p><p>The hackers responsible call themselves The Impact Team. They object strongly to Ashleymadison.com and had threatened to release all the hacked data unless the site closed down.</p><p>The Impact Team is especially unnerved over the site’s Full Delete service that supposedly wipes clean a customer’s profile and everything associated for $19. The Impact Team alleges that Ashleymadison.com took the money but did not delete, retaining clients’ credit card information, names and addresses.</p><p>The site denies the claims and is offering the deletion service for free. It’s also fighting to get the millions of personal data pieces removed from cyber space. If it’s already been exposed… too late.</p><p>Sounds like some spuses are going to get the frying pan for sure.</p><p>The Hacking Team might sell all this personal data for a lot of dough, but that’s a rumor. Either way, the customers are surely shaking in their boots.</p><p>A similar thing happened with another site called Adult Friend Finder. Recently, the sex life of its nearly four million users was revealed—purchased underground for $16,800.</p><p>What do these recent hacking incidents teach us? Not to cheat? Well, maybe, but more so that you risk a lot by putting your identity and other sensitive information online. Online services cannot guarantee protection from hackers. Maybe Ashleymadison.com’s customers should have used a virtual credit card number, but that wouldn’t have kept other sensitive information concealed.</p><p>Had this site used encryption, the hackers would have seen nothing but a bunch of garbled characters: zero value. But most sites don’t use encryption. And when they do, it’s often crackable.</p><p>Some sites, like Ashley Madison, have a privacy flaw: If someone knows your e-mail, they can find out if you’re registered with the site because its password reset requires only the e-mail.</p><p>If you don’t want anyone to know you have an account with a site, then create an e-mail just for that site. But that’s only one small thing you can do. Your private information may still get hacked into and revealed to the world.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Auto Hacking is a real Thinghttps://globalriskcommunity.com/profiles/blogs/auto-hacking-is-a-real-thing2015-09-19T14:04:25.000Z2015-09-19T14:04:25.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>You’ll probably be shocked to learn that last year, thousands of cars with keyless entry technology were stolen in London, says a report from wired.com.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/10D.jpg" alt="" align="right" height="320" width="320" /></p><p>But fact is, the more connected a vehicle is to the cyber world, the more hackable the vehicle is—and the hack could be to steal the vehicle or hurt the owner.</p><p>Rule: Anything that’s connected, especially via WiFi can be hacked.</p><p>The article notes that recently, a Jeep Cherokee was hacked with a smartphone via its Internet-connected navigation and entertainment system; the hackers remotely took control of its steering and brakes while it was on a road.</p><p>But don’t panic yet; it was an experiment conducted by good-guy hackers to demonstrate the vulnerability of a connected vehicle. The flaw was corrected after Chrysler recalled 1.4 million vehicles.</p><p>But what about getting into keyless-entry vehicles? A device is sold online for $31 that can clone the “key.” The wired.com article notes that BMW, Audi, Mercedes, Saab and Land Rover are among the models at risk.</p><p>The thief plugs this device into the vehicle’s diagnostic port. The information collected is then used to reprogram a blank fob that can start the vehicle—after the thief smashes a window to get in.</p><p>To deal with this, car makers are trying to create a key whose signal is harder to copy. Security experts point out that vehicles need additional layers of protection such as encrypted communication between them and the Internet.</p><p>The Jeep mentioned above was hacked via its navigation and entertainment system, forced to go into a ditch. But another thing a hacker could do is spoof the GPS signals that emanate from satellites, and transmit altered directions to the driver, making that person go way off course. Imagine someone doing this as revenge, perhaps on his nasty boss from work.</p><p>Or they can sit back and laugh while they create traffic jams. But it won’t just be fun and games for all hackers. Imagine what terrorists or psychopaths could do. And it’s all very possible. University of Texas researchers actually steered a super yacht off course, unknown to its captain.</p><p>Hacking into cars will be even more feasible as cars become closer to being driverless, because this feature will be dependent upon being connected.</p><p>Pay close attention to any manufacturer recalls or updates that may involve a patch to correct any vulnerabilities.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Big Bad Hackers taken downhttps://globalriskcommunity.com/profiles/blogs/big-bad-hackers-taken-down2015-09-11T14:18:05.000Z2015-09-11T14:18:05.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Darkode anyone? Not anymore. This underground bad hackers’ forum was recently demolished by the FBI, says a report on <a href="http://www.justice.gov">www.justice.gov</a>. The dozen hackers associated with Darkode are facing criminal charges.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/4D.jpg" alt="" align="right" height="213" width="320" /></p><p>Though there are about 800 of such forums, Darkode was among the worst (or shall I say “best”?), presenting a serious threat to worldwide computers. Gone is Darkode’s ventures of buying, selling and trading malware, and exchanging hacking strategies—to actually carry out crimes, not just fun brainstorming.</p><p>The dismantling of Darkode comes as a result of infiltration also by the efforts of law enforcement representing 20 countries including Australia, Colombia, Canada, Germany, Latvia, Denmark, Finland, Romania, Nigeria, Sweden and the UK. This is the biggest bust of a black hat forum to date.</p><p><strong>Here is the cyber smut list from the <a href="http://www.justice.gov">www.justice.gov</a> article:</strong></p><ul><li>J. Gudmunds, 27. He created a botnet that stole data on 200 million occasions.</li><li>M. Culbertson, 20. He’s the brains behind Dendroid, malware for sale on Darkode that was supposed to steal and control data from Google Android. Clever name, too: “Dend” refers to branching out (as in neuronal <strong>dend</strong>rites).</li><li>E. Crocker, 29. He’s the mastermind behind a Facebook spreader that infected the computers of FB users, converting them to bots.</li><li>N. Ahmed, P. Fleitz and D. Watts, 27, 31 and 28, respectively. They’re behind the spam that sent out millions of e-mails intended to bypass spam filters of cell phones.</li><li>M. Saifuddin, 29. He tried to transfer credit card numbers to other Darkode members.</li><li>D. Placek, 27. He allegedly created Darkode and sold malware on it.</li><li>M. Skorjanc, F. Ruiz and M. Leniqi, 28, 36 and 34, respectively. They’ve been charged with conspiracy to commit wire and bank fraud, racketeering conspiracy and conspiracy to commit computer fraud and extortion.</li><li>Rory Stephen Guidry. He reportedly sold botnets on Darkode.</li></ul><p>The article points out that all of these wrongdoings are accusations at this point, and that these defendants are presumed innocent until proven guilty.</p><p>Robert Siciliano is an identity theft expert to <a href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>These are the Bigtime Hackershttps://globalriskcommunity.com/profiles/blogs/these-are-the-bigtime-hackers2015-09-07T14:09:19.000Z2015-09-07T14:09:19.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Hackers with big skills and a big ego will be drawn to Facebook and Twitter as their targets. But they’ll also target dozens of other companies, reports an article on arstechnica.com.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/11D.jpg" alt="" align="right" height="228" width="300" /></p><p>One group in particular stands out as the attackers, using zero-day exploits. They are known as Wild Neutron and Morpho, says the article, and have been active possibly since 2011, burrowing their way into various businesses: healthcare, pharmaceutical, technology.</p><p>It’s been speculated that the hackers want the inside information of these companies for financial gain. They’ve been at it for three or four years; we can assume they’ve been successful.</p><p>Researchers believe that these hackers have begun using a valid digital certificate that is issued to Acer Incorporated to bypass code-signing requirements that are built into modern operating systems, explains the arstechnica.com report.</p><p>Experts also have identified use of some kind of “unknown Flash Player exploit,” meaning that the hackers are using possibly a third zero-day exploit.</p><p>The report goes on to explain that recently, Reuters reported on a hacking group that allegedly busted into corporate e-mail accounts to get their hands on sensitive information for financial gain.</p><p>You’re probably wondering how these big companies could be so vulnerable, or how it is that hackers can figure out a password and username. Well, it doesn’t really work that way. A company may use passwords that, according to a password analyzer, would take nine million years to crack.</p><p>So hackers rely on the gullibility and security un-awareness of employees to bust in. They can send employees an e-mail, disguised to look like it’s from a company executive or CEO, that tricks the employee into either revealing passwords and usernames, or clicking on a malicious link that downloads a virus, giving the hacker access to the company system’s stored data. It’s like removing a dozen locks from the steel chamber door to let in the big bad wolf.</p><p>The security firms interviewed estimate that a minimum of 49 companies have been attacked by the hacking ring’s surveillance malware. The cybercriminals have, in at least one instance, got into a company’s physical security information management system.</p><p>The arstechnica.com article notes that this consists of swipe card access, HVAC, CCTV and other building security. This would allow the hackers to surveil employees, visually following them around.</p><p>This hacking group is smart. They don’t reuse e-mail addresses; they pay hosting services with bitcoins; they use multi-staged control/command networks that have encrypted virtual machines to foil forensics detectives. The only good news is that the group’s well-documented code suggests it’s a small band of hackers, not some giant one.</p><p>Robert Siciliano is an Identity Theft Expert to <a href="http://hotspotshield.com">Hotspot Shield</a>. He is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a> See him discussing internet and wireless security on <a href="http://www.youtube.com/watch?v=Ynj5SgZEIyY&feature=share&list=UUxPUhCstuAW8GJR826pamYA">Good Morning America</a>. <a href="http://ow.ly/1bdMH">Disclosures</a>.</p></div>Even Hackers get hackedhttps://globalriskcommunity.com/profiles/blogs/even-hackers-get-hacked2015-08-13T14:27:26.000Z2015-08-13T14:27:26.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Burglars get burgled, muggers get mugged, and hackers get hacked. This includes a sophisticated ring of hackers: Hacking Team, hailing from Italy, specializing in selling hacking software to major governments.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/10D.jpg" alt="" align="right" height="320" width="320" /></p><p>An article on wired.com describes how a “400 gigabyte trove” went online by anonymous hackers who gutted the Hacking Team, including source code. Even their Twitter feed was hacked, and the secret hackers tweeted HT’s cracked files.</p><p>One of the exposed files apparently was a list of HT’s customer information, spanning the Middle East, Africa and the U.S.</p><p>Hacking Team must really be the Humiliated Team now, because they refused to respond to <em>WIRED</em>’s request for a comment. However, one of HT’s workers tweeted that their mystery hackers were spreading lies. His tweet was then hacked.</p><p>Sudan was one of the customers, and this shows that Hacking Team believed it could sell hacking software to any government, as Sudan is noted for its ultra-high restrictions to access.</p><p>Can the selling of hacking software be equated to the sales of weapons of mass destruction? More likely this is so than not. There is an arms control pact, the Wassenaar Agreement, designed to control the sales internationally of hacking tools.</p><p>Criticisms of the Wassenaar Agreement come from hackers (not necessarily only the bad ones) because the Agreement limits security research.</p><p>Eric King, from Privacy International, points out that the Agreement is required. Wired.com quotes him: “Some form of regulation is needed to prevent these companies from selling to human rights abusers.”</p><p>The Hacking Team organization, despite what it insists, should not be considered a “good guy.” For example, Citizen Lab uncovered that customers, including the United Arab Emirates and Sudan, used tools from Hacking Team to spy on a political dissident—who just happened subsequently get beaten up.</p><p>Eric King says, as quoted in wired.com, that Hacking Team “has continuously thrown mud, obfuscated, tried to confuse the truth.” The hacking of Hacking Team will help reveal the truth behind their “deviousness and duplicity in responding to what are legitimate criticisms,” says King.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Private Investigator faces Jail for Hackinghttps://globalriskcommunity.com/profiles/blogs/private-investigator-faces-jail-for-hacking2015-08-05T14:12:17.000Z2015-08-05T14:12:17.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>What a disgrace: A private investigator, Eric Saldarriaga, 41, got nailed for hacking into peoples’ e-mails. He may get six months in the can. Is six months reasonable for this, though?</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/4D.jpg" alt="" align="right" height="213" width="320" /></p><p>A recent online <em>New York Times</em> article quotes a prosecutor who points out that hackers could be deterred by the threat of harsh penalties—because the mind of a hacker operates with a lot of thinking, vs. the mind of someone who impulsively pulls out a gun or knife.</p><p>So what did Saldarriaga do exactly? He paid an overseas company to get the login information for e-mail accounts: a hacker-for-hire deal. His clients included lawyers and other private investigators. He was known for gaining access to e-mail accounts without the user’s knowledge, so this is why he got some of his cases in the first place.</p><p>Breaking into e-mails is a serious crime because it can involve the accounts of big companies, revealing their trade secrets and other classified information.</p><p>One of Saldarriaga’s victims was journalist Tony Ortega, who has spent about 20 years writing about Scientology. Ortega believes that this controversial church’s reps hired Saldarriaga to get information about Ortega.</p><p>Ortega, as well as possibly most of the other victims, are adamant about learning just who hired Saldarriaga to conduct his dirty deed. One of the other victims is a professional gambler who secretly donates to charity. The <em>Times</em> article quotes the gambler: “For this one guy, to be sentenced today for a crime he did for other people would be a miscarriage of justice.”</p><p>Why aren’t the people who hired Saldarriaga also facing justice?</p><p>Saldarriaga’s lawyer, Peter Brill, gunned for just a three-year probationary sentence for his client because he was remorseful. In fact, his crime got him only $5,000.</p><p>Saldarriaga himself even pleaded with the judge who’s overseeing the case that he deserves some concessions because one of his actions, he claims, may have spared a woman from harm.</p><p>But that doesn’t nullify the reality that Saldarriaga intruded upon peoples’ privacy without their knowledge. And got paid for it.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Why Hacking is a National Emergencyhttps://globalriskcommunity.com/profiles/blogs/why-hacking-is-a-national-emergency2015-07-29T14:29:17.000Z2015-07-29T14:29:17.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Foreign hackers, look out: Uncle Sam is out to get you. President Obama has issued an order that allows the State Department and Treasury Departments to immobilize the financial assets of anyone out-of country suspected of committing or otherwise being involved in cyber crimes against the U.S.</p><p><img src="http://activerain.com/image_store/uploads/agents/robertsiciliano/files/7W.jpg" alt="" align="right" height="201" width="330" /></p><p>This order, two years in the making, covers hacking of <em>anything</em>. The order refers to hacking as a national emergency. Imagine if entire power grids were hacked into. Yes, a national emergency.</p><p>Another reason hacking is a national crisis is because the guilty parties are so difficult to track down. Hackers are skilled at making it seem that an innocent entity is guilty. And a major hacking event can be committed by just a few people with limited resources.</p><p>However, the order has some criticism, including that of assigning it an over-reaction to the Sony data breach. But it seems that the government can never be too vigilant about going after hackers.</p><p>Proponents point out that the order allows our government greater flexibility to go after the key countries where major hacks come from, like Russia and China. This flexibility is very important because the U.S. has a crucial financial relationship with these countries. And that needs to be preserved.</p><p>For instance, there’d be little adverse impact to the U.S. if our government choked off the bank accounts of isolated hackers who were part of the Chinese government, vs. strangling the entire Chinese government.</p><p>In short, the activities of small hacking groups or individual hackers within a foreign government will be dealt with without penalizing the entire government—kind of like doing away with punishing the entire fourth grade class because one kid threw a spitball.</p><p>Hacking is now elevated to terrorism status; the order is based on the anti-terrorism bill. So foreign hackers, you’ve been warned; the U.S. is not reluctant to level you because the order allows for sparing your government as a whole from being sanctioned.</p><p>You can do your part to protect the Homeland simply by protecting your own devices using antivirus, antispyware, antiphishing and a firewall. Keep your devices operating system updated and uses a VPN when on public WiFi.</p><p>Robert Siciliano is an identity theft expert to <a href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Be Cautious When Using Wi-Fihttps://globalriskcommunity.com/profiles/blogs/be-cautious-when-using-wi-fi2015-06-23T18:39:06.000Z2015-06-23T18:39:06.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>The proliferation of mobile devices means that we can work or play online from almost anywhere, so it’s no surprise that public Wi-Fi networks have become more common. From hotels and coffee shops, to universities and city centers, Wi-Fi is widely available, but is connecting to these networks safe?</p><p><img src="http://robertsiciliano.com/wp-content/uploads/2013/10/4W-274x300.jpg" alt="4W" align="right" height="300" width="274" /></p><p>If you were carrying on a highly sensitive conversation on a park bench with your closest friend, would you want everyone in the immediate area to gather around and eavesdrop?</p><p>That’s essentially what happens—or what <em>could</em> happen—when you communicate online using public Wi-Fi, such as at coffee houses, hotels and airports.</p><p>Non-secured public Wi-Fi makes it easy for hackers to read your email correspondence and the information you type to get into your critical accounts.</p><p>Of course, with a VPN, your online activities will be unintelligible to eavesdroppers. A virtual private network will encrypt everything you do so that hackers can’t make sense of it. A VPN is a service you can use when accessing public Wi-Fi. A VPN will also prevent exposing your IP address.</p><p>So, if you are going to connect to public Wi-Fi, make sure that you take some steps to keep your device and information safe.</p><p>Follow these tips to stay protected:</p><ul><li><strong>Turn off sharing</strong>—Keep others from accessing your computer and files by turning off sharing when you are on a public network. This can be accomplished by visiting your computer’s control panel (on Windows), or System Preferences (Mac OS X).</li><li><strong>Use a “Virtual Private Network”</strong>—If you frequently use public Wi-Fi, it might be a good idea to use a Virtual Private Network (VPN). A VPN is like your own private network you can access from anywhere. You can subscribe to VPN services for a low monthly fee.</li><li><strong>Avoid information-sensitive sites</strong>—When using public Wi-Fi, try to avoid logging in to banking and shopping sites where you share your personal and financial information. Only do these transactions from a trusted connection, such as your protected home network.</li><li><strong>Use sites that start with “https”</strong>—Sites that begin with “https” instead of just “http” use encryption to protect the information you send. Look for this level of security on sites where you plan to enter login and other personal information.</li><li><strong>Use multi-factor authentication –</strong> Find out which of your accounts offer two-factor authentication. This would make it next to impossible for a hacker, who has your username and password, to bust into your account—unless he had your phone in his hand—the phone that the two-factor is set up with.</li><li><strong>Always log out -</strong> Don’t just click or close out the tab of the account when you’re done; log off first, then close the tab</li><li><strong>Avoid automatically connecting to hotspots</strong>—Keep your computer or device from automatically connecting to available Wi-Fi hotspots to reduce the chances of connecting to a malicious hotspot set up to steal information. Make sure your device is set up so that it doesn’t automatically reconnect to that WiFi when within range. For example, your home WiFi may be called “Netgear” and will reconnect to “Netgear” anywhere, which might be a hackers connection who can snoop on your data traffic.</li></ul><p><strong><u>PC:</u></strong></p><p><strong>For Windows</strong></p><p>Make sure no “Connect Automatically” boxes are checked.<br /> Or, go to the control panel, then network sharing center, then click the network name<br /> Hit wireless properties.<br /> Uncheck "Connect automatically when this network is in range."</p><p><strong>For Mac:</strong></p><p>Go to system preferences, then network<br /> Under the Wi-Fi section hit the advanced button.<br /> Uncheck "Remember networks this computer has joined."</p><p><strong><u>Mobile:</u></strong></p><p><strong>For iOS:</strong></p><p>Go to settings, select the Wi-Fi network, then hit forget this network.</p><p><strong>For Android:</strong></p><p>Get into your Wi-Fi network list, hit the network name and select forget network.</p><p><a href="http://robertsiciliano.com/">Robert Siciliano</a> is an Online Safety Expert to <a href="http://blogs.mcafee.com/author/robert-siciliano">Intel Security</a>. He is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996">99 Things You Wish You Knew Before Your Mobile was Hacked!</a></p></div>Dude hacked Lottery Computershttps://globalriskcommunity.com/profiles/blogs/dude-hacked-lottery-computers2015-06-02T14:07:09.000Z2015-06-02T14:07:09.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Who needs psychics to reveal future lottery numbers when you can hack into the state lottery association and tamper with it? That apparently was the reasoning of Eddie Raymond Tipton, 51.</p><p><img src="http://activerain.trulia.com/image_store/uploads/agents/robertsiciliano/files/9D.jpg" alt="" align="right" height="300" width="360" /></p><p>Prosecutors believe Tipton inserted a thumb drive into a computer—the one that spits out random numbers for the lottery, says an article in the <em>Des Moines Register</em>, according to a report at arstechnica.com.</p><p>At the time of this purported crime, Tipton was head of security for the Multi-State Lottery Association. Surveillance caught him buying a ticket that was worth $14.3 million (not smart enough to wear a disguise, eh?).</p><p>Coincidence? Not according to the prosecutors, who say he programmed computers that generate the numbers. This shouldn’t even be possible.</p><p>Supposedly on November 20 of 2010, Tipton went into the “draw room” where he altered the time on the computers. The settings of the room’s camera were changed, so that Tipton’s activity inside the room would not be recorded.</p><p>Prosecutors say that of the five people who are capable of changing the camera’s settings, four said they did not change them. Of course, the fifth person is Tipton. What a sly duck: resetting the camera so that it recorded only one second out of every minute, to miss detecting him inserting the thumb drive.</p><p>But he pled not guilty, even though he was identified as the man in the surveillance purchasing the golden ticket. Even if there’d been no tampering, Tipton would be barred from receiving the prize because employees of the association are banned from claiming lottery prizes.</p><p>For about a year, this particular ticket went unclaimed. But through a New York attorney, a company in Belize tried to claim the ticket at the last minute.</p><p>Somehow, authorities smelled a rat and focused on Tipton. Prosecutors also say that he had a fascination with root kits, which is in line with quickly installing the thumb drive. A root kit can be installed fast, carry out its orders, then self-destruct without leaving a trace.</p><p>The scales of justice are not tipped in Tipton’s favor especially because a witness plans on testifying that shortly before December 2010, Tipton told him he had a rootkit—a self-destructing one.</p><p>The trial is set for July 13.</p><p>Robert Siciliano is an identity theft expert to <a href="http://thebestcompanys.com/antivirus/">TheBestCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>.</p></div>Things You should and shouldn't do on Public Wi-Fihttps://globalriskcommunity.com/profiles/blogs/things-you-should-and-shouldn-t-do-on-public-wi-fi2015-05-20T13:53:18.000Z2015-05-20T13:53:18.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Public Wi-Fi is the location where you can get online: airport, airplane, coffee house, hotel, motel and more. Many people don’t give this a second thought, unaware of how risky this really is.</p><p><img src="http://activerain.trulia.com/image_store/uploads/agents/robertsiciliano/files/4W.jpg" alt="" align="right" height="350" width="320" /></p><p>Public Wi-Fi is very non-secure, a goldmine for hackers who want to steal your identity and commit fraud, destroy your website, you name it. They can do this many ways, including intercepting your activity with an imposter website where you input login details—that the hacker then obtains.</p><p>But public Wi-Fi will always be risky as long as its proprietors, such as the coffee house, find that enabling security features hampers ease of use for patrons.</p><p>So even if you don’t do banking and shopping online, the wrong person can still see, word-for-word, your e-mail correspondence.</p><p><strong>Do’s at a Public Wi-Fi</strong></p><ul><li>Make sure your devices are installed with antivirus, antimalware and a firewall, all updated.</li><li>Prior to when you anticipate using public Wi-Fi, consider the nature and amount of sensitive data on your device, maybe remove it (and back it up).</li><li>Make sure the hotspot is legitimate; speak to the proprietor. Cybercriminals could set up hotspots as “evil twins”.</li><li>Sit against a wall so that nobody can spy what’s on your screen.</li><li>If sitting against a wall is not possible, be aware of who’s around you. Cover your hand when typing in login information.</li><li>Use a privacy screen; this makes it impossible for a “shoulder surfer” to see what’s on your screen while they peak over your shoulder or from the side.</li><li>Use a VPN: virtual private network. It will encrypt all of your online transactions, making them impossible to decipher by cyber criminals, whether it’s login information, usernames, passwords or e-mail correspondence. Even your IP address will be concealed. <a href="http://www.hotspotshield.com/">Hotspot Shield</a> is a VPN provider, and it’s compatible with Mac, PC, iOS and Android, quietly running in the background after it’s installed.</li></ul><p><strong>Don’t’s at a Public Wi-Fi</strong></p><ul><li>Don’t let your device connect with the first network that “takes.” Instead, select it.</li><li>Do not keep your wireless card on if you’re not using it.</li><li>Do not keep your file sharing on.</li><li>Can you not wait till you’re in a secure location to do banking and other business transactions? No matter how bored you are waiting at the airport or wherever, do not do banking and other sensitive activities.</li><li>Don’t engage in any serious or sensitive e-mail communications.</li><li>Never leave your devices unattended for a single second. Not only can someone walk off with them, but a thief can insert a keylogger that records keystrokes.</li></ul><p>Robert Siciliano is an Identity Theft Expert to <a href="http://hotspotshield.com">Hotspot Shield</a>. He is the author of <a href="http://www.amazon.com/Things-Wish-Before-Identity-Stolen/dp/1941308996/ref=as_sl_pc_qf_sp_asin_til?tag=httprobertc02-20&linkCode=w00&linkId=JAZ7MOSJYUIXZMJ3&creativeASIN=1941308996"><em>99 Things You Wish You Knew Before Your Identity Was Stolen</em></a> See him discussing internet and wireless security on <a href="http://www.youtube.com/watch?v=Ynj5SgZEIyY&feature=share&list=UUxPUhCstuAW8GJR826pamYA">Good Morning America</a>. <a href="http://ow.ly/1bdMH">Disclosures</a>.</p></div>Hackers for Hire both Good and Badhttps://globalriskcommunity.com/profiles/blogs/hackers-for-hire-both-good-and-bad2015-03-26T14:44:42.000Z2015-03-26T14:44:42.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>Ever see those public bulletin boards with all the business cards on them? Don’t be surprised if you spot one that says “<strong>Hacker•for•Hire</strong>.” These are hackers who will, for a nice juicy fee, hack into your wife’s Facebook account to see if she’s cheating on you.</p><p><img src="http://activerain.trulia.com/image_store/uploads/agents/robertsiciliano/files/4D.jpg" alt="" align="right" height="233" width="350" /></p><p>However, there’s at least one hackmaking site that matches hackers to clients who want to infiltrate a network for personal gain or even revenge. The site, Hacker’s List, is a good idea, certainly not the first of its kind; the site’s founders (who wish to remain anonymous) get a piece of the pie for each completed job. Kind of sounds like one of those freelance job sites where someone bids on a posted job. The client must put the payment in escrow prior to the job being carried out. This pretty much guarantees payment to the hacker.</p><p>The site began operation in November. Imagine the possibilities, like business people getting a complete list of their competitors’ clients, customers, prices and trade secrets. And yes, a college student could hire a hacker for changing a grade. Makes you kind of wish you were skilled at hacking; what a freaking easy way to make a lot of money.</p><p>Is a site like this legal? After all, cracking into someone’s personal or business account is illegal. The site has a lengthy terms of service that requires agreement from users, including agreeing not to use the service for illegal activity. The verdict isn’t out if Hacker’s List is an illegal enterprise, and further complicating this is that many of the job posters are probably outside the U.S.</p><p>Hacker’s List was carefully developed, and that includes the founders having sought legal counsel to make sure they don’t get in trouble.</p><p>Hiring hackers can easily occur beyond an organized website where jobs are posted and bid on. And there’s no sign of this industry slowing down. The line of demarcation between good hackers and bad is broad and blurry, beginning with legitimate businesses hiring hackers to analyze the companies’ networks for any vulnerabilities.</p><p>Robert Siciliano is an identity theft expert to <a href="http://bestidtheftcompanys.com/companies">BestIDTheftCompanys.com</a> discussing <a href="http://www.youtube.com/watch?v=p_ikx0_erfU">identity theft prevention</a>. <a href="http://robertsiciliano.com/blog/2010/01/01/disclosures-term-conditions/">Disclosures</a>.</p></div>The White Hat Hackerhttps://globalriskcommunity.com/profiles/blogs/the-white-hat-hacker2015-03-14T14:49:15.000Z2015-03-14T14:49:15.000ZRobert Sicilianohttps://globalriskcommunity.com/members/RobertSiciliano<div><p>These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year.</p><p><img src="http://activerain.trulia.com/image_store/uploads/agents/robertsiciliano/files/11D.jpg" alt="" align="right" height="281" width="370" /></p><p>While a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly personal.</p><p>You have a right to privacy, but it’s not going to happen in cyberspace. Want total privacy? Stay offline. Of course, that’s not realistic today. So the next recourse, then, is to be careful with your information and that includes everything from downloading free things and clicking “I agree” without reading what you’re approving, to being aware of whom else is viewing your information.</p><p>This takes me to the story of a white hat hacker—a good guy—who posed as a part-time or temporary employee for eight businesses in the U.S.. Note that the businesses were aware and approved this study. His experiment was to hack into sensitive data by blatantly snooping around computers and desks; grabbing piles of documents labeled confidential; and taking photos with his smartphone of sensitive information on computer screens.</p><p>The results were that “visual hacking” can occur in less than 15 minutes; it usually goes unnoticed; and if an employee does intervene, it’s not before the hacker has already obtained some information. The <a href="http://www.3mscreens.com/visualhacking">3M Visual Hacking Experiment</a> conducted by the Ponemon Institute shed light on the reality of visual hacking:</p><ul><li><strong>Visual hacking is real</strong>: In nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. On average, five pieces of information were visually hacked per trial.</li><li><strong>Devices are vulnerable:</strong> The majority (53%) of information was visually hacked directly off of computer screens</li><li><strong>Visual hacking generally goes unnoticed:</strong> In 70 percent of incidences, employees did not stop the white hat hacker, even when a phone was being used to take a picture of data displayed on screen.</li></ul><p>From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless.</p><p>One way to prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack is to get equipped with the right tools, including privacy filters. 3M offers its <a href="http://www.3mscreens.com/eprivacyfilter">ePrivacy Filter</a> software, which when paired up with the traditional <a href="http://www.3mscreens.com/">3M Privacy Filter</a>, allows you to protect your visual privacy from nearly every angle.</p><p>Robert Siciliano is a Privacy Consultant to <a href="http://solutions.3m.com/wps/portal/3M/en_US/3MScreens_NA/Protectors/For_Organizations/Risk_Assessment/?WT.mc_id=www.3Mscreens.com/visualhacking">3M</a> discussing Identity Theft and Privacy on YouTube. <a href="http://robertsiciliano.com/blog/2010/01/01/disclosures-term-conditions/">Disclosures</a>.</p></div>Leveraging Security Risk Intelligence: The Strategic Value of Measuring Real Riskhttps://globalriskcommunity.com/profiles/blogs/securityrisk2012-05-31T10:43:01.000Z2012-05-31T10:43:01.000ZGlobalRiskCommunityhttps://globalriskcommunity.com/members/GlobalRiskCommunity<div><div id="ctl00_Content_InventoryReservation_ReservationsDlt_ctl00_P1">The ongoing struggle to prevent hackers from breaching assets and malware from gaining a foothold requires a vulnerability management strategy that begins with a comprehensive measurement of security risk. Organizations must examine the entire IT stack, including the operating system, network, applications, and databases. These new technologies include dynamic, virtualized environments and services outside traditional physical IT infrastructures, such as virtualized, cloud-based services and social networking.</div>
<div id="ctl00_Content_InventoryReservation_ReservationsDlt_ctl00_P3">Every IT security professional knows that the battle to protect IT resources and data is fully engaged. In its 2012 Data Breach Investigations Report, Verizon registered 174 million compromised records for 2011, compared with 4 million compromised records reported in the 2010 findings. This suggests that cybercriminals - responsible in 98% of the cases - continued to automate and refine their attack methods.<p><span style="color:#ff0000;">Learn more:===></span> <a href="http://bit.ly/SecurityriskIntelligence">http://bit.ly/SecurityriskIntelligence</a></p>
</div></div>