Don’t Look now you’ve been hacked – part 2 (useful tools for awareness)!
The thought of people being concerned that NSA is listing and monitoring their activities is a hysterically funny concept to me. Whatever you think of Edward Snowden, know that he is a day late and a dollar short. Most of these very same people that worry about the NSA, have a “Tracebook”, Twitter, Instagram or a half a dozen other social media accounts that should be significantly reducing the NSA operating budget. In fact, let’s just disband the NSA and hire Google! It seems that most of us have no issue publicly posting our most intimate details on Facebook including everything short of our Social Security numbers. Posting our current location and “checking in” so that the entire planet knows not only where we are, but what we are doing seems to be an absolutely essential public service and should also include pictures of the meal I am about to eat. How many of these same individuals are aware that every picture posted contains Meta Data that also memorializes the GPS co-ordinates and the camera type used to take the picture? I know you want to share picture of the family, but do you really want ISIS to know exactly where they live?
As everyone is so willing to publicly disclose these personal details, it explains why so many remain ignorant of the data mining that goes on that you do not knowingly consent to. I assume we all know that Google is in the business of selling digital user profiles to advertisers? Every type an email to a friend about planning a trip to the Italy only to find your inbox now populated with travel agency “hot deals”? If your email does not fill up with travel deals to the Italy, you can bet your internet browser will now display a travel agency advertisements, “learn to speak Italian” and top Italian Restaurants on every page you view fin! Now ask me what we think about using Google Docs! We suggest that you consider DoNotTrackme extensions to your Chrome and Firefox browsers. We also recommend that you install “self-destructing cookies” and watch how many cookies are exchanged with your browser each use. Remember, we really don’t need your username and password, we need your cookies all of which are transmitted in clear text over that Starbucks wireless you have been using! All available using FireSheep!
Now if this is a vulnerability that effects individuals, what vulnerability effects enterprise level environments? Forget the notoriously leaking Windows Operating system and your hopelessly porous laptop, in the wake of the 55 Million credit card numbers stolen from Home Depot and the 45 million stolen from Target, we now have to worry about the credit card machines at the checkout counter. Actually the TJ Maxx heist was in many ways much larger! You might be considering how did the hackers get through the Firewall? As we have pointed out before, most computer network security exploitations are not executed through the firewall, they are executed by “social engineering” with the assistance of an ignorant employee or paid hit man. It is suspect that at least one of the above break ins was assisted by a third party trusted partner like the heating and air conditioning service company. Nothing like a starving janitorial night service crew to earn a few extra bucks plugging a USB device into any desktop computer releasing a new and improved malware version of BlackPOS ! Most of these stolen credit card numbers can be purchase here or on the Darknet using a Tor browser to reach silk road type websites.
It seems you can’t turn on an electronic device today without it alerting you that a software update is available for download. From the TV set, to the mobile phone, tablet and now even your car, all are subject to software updates. Do you even question what is being downloaded to your device when you do a software update? You just assume you are connecting with Apple, Amazon or Samsung? What if some evil doer was really just spoofing a software update and you just willingly downloaded a super basket of spy goodies that turn on your phone camera, activate your microphone and email snapshots to back to the mother ship. NSA, are you kidding? You would never know if it was your spouse, or employer would you? Yet millions of people do this without care, day after day and think nothing more about it. If you want to be tracked everywhere you go, risk having your most intimate communications published (just ask Jenifer Lawrence and the other celebrity Nude hack victims) just carry your Smartphone with you at all times!
Cyber-crime, next to the Ebola virus and violent terrorism is the single most economically destructive phenomenon to threaten the American way of life since the Cuban missile crisis. Yet the average business owner winces at the cost of engaging a computer network security audit and thinks that penetration testing is lovemaking foreplay. When the IT team asks for a Firewall upgrade or an increase in budget to cover a subscription to virus, spam and bot net filtering they somehow can’t justify the added expense. Educating your employees on the safe use of the Internet over WiFi should be part of the healthcare preventive medicine program, but most business will ignore “social engineering” vulnerabilities until a major data thief publicly embarrasses them.
(DrVoIP provides VoIP network readiness assessments and is a certified Network Security consultancy providing penetration testing, firewall and related security services. If you contact DrVoIP@DrVoIP.com we recommend that you use Ipredator and remember that there is a difference between being anonymous online and untraceable on online! We can help you with both.)