fbpx

There’s a lot of misinformation about security online. The truth is that by taking a few simple steps you can make yourself much safer. Here are the basic, super easy ways to do it:

Use a unique Password, but don’t worry too much about complexity

Conventional wisdom says that if you use a long password with crazy letters, numbers, and symbols, your account is safe. The fact is, a password like “annexrubykneadtone” is just as secure as “J+e}F*b>J*S;36fSvbSLX)R}” as long as it’s unique. When a hacker is trying to break into your account, the first thing they’ll probably do is search through previous database dumps for your email address. If you’re using the same password across multiple services, a hacker who finds it can access many of your accounts.

There’s a helpful webste for checking to see if your email address has been included in a database dump, but it doesn’t include every dump. If you use unique passwords for each service, you know that if one of them gets breached, all of your other accounts will be safe. This doesn’t mean that you should make your password short and easily guessable, obviously. And don’t include any personal information that could be easily researched.

When it comes to things like securing your hard drive or external drives with encryption, complexity actually becomes a little more important than it would be for an online service. Offline drives are susceptible to brute force attacks, where a hacker rapidly guesses millions of passwords. There’s a surprisingly easy way to create strong passwords that you can memorize, but that will be able to stand up to a brute force attack. You could also use this method for creating passwords for your online accounts, though it may be a little time consuming.

Use two-factor authentication whenever possible

Two-factor authentication has made the internet much more secure. Generally, two-factor authentication requires that you enter a code generated by an app on your phone or sent to you via text message, in addition to your account password. It ensures that even if a hacker has your password, they can’t get into your account. You should use two-factor authentication on everything you can, from your bank account to your social media accounts to your email. Sure, it can sometimes be a pain in the ass, but it is so worth it.

Here’s a handy guide for services that offer two factor authentication.

Use an ad blocker

Ads are known to spread malware. For that reason alone, you should block all of them. Seriously! I say this as someone whose rent is, in part, paid by ad revenue. With ads, there is no upside when it comes to your security online. My favorite ad blocker is uBlock Origin, because it gets the job done and is easily customizable. (Bonus tip: Chrome is generally regarded as the most secure browser, because it receives frequent automatic security updates.) You might think that ads on sketchy porn sites or illegal streaming services are the only ones that can infect you, but ads on huge mainstream news websites like The New York Times and the BBC have been found to distribute malware.

Source : http://gizmodo.com

Categorized in Internet Privacy

Federal regulators just suffered a major setback in their efforts to help cities build Internet services that compete with large providers such as Comcast and Time Warner Cable.

In a federal court decision Wednesday, the Federal Communications Commission was told that it doesn't have the power to block state laws that critics say hinder the spread of cheap, publicly run broadband service.

The ruling marks a significant defeat for a federal agency that for the past several years has turned "competition" into an almost-literal mantra, with its chairman, Tom Wheeler, repeating the word at almost every possible opportunity.

To-save-the-Internet-regulate-it
To save the Internet, regulate it

Under the court decision, large Internet providers will continue to enjoy certain benefits that insulate them from the threat of popular city-owned broadband operators such as the Electric Power Board of Chattanooga, Tenn., and the city of Wilson, N.C.

Through EPB, residents of Chattanooga have access to download speeds of 1 Gbps at rates of about $70 a month. People outside of EBP's service area have "repeatedly requested expansions" from the public utility, according to Wednesday's ruling from the U.S. Court of Appeals for the Sixth Circuit, but due to a geographic restriction put in place by the Tennessee state legislature, EPB is prohibited by law from reaching more customers.

Last year, EPB and other so-called municipal broadband providers asked the FCC to intervene on their behalf, and the agency agreed. Invoking a part of its congressional charter that it said would allow it to act against the states, the FCC tried to neutralize those state laws. The states responded by suing the agency, claiming it had no right to come between the historical relationship between states and the cities lying within their jurisdiction. This week's ruling, then, rolls back the federal government's attempt to intervene.

privating-core-part-of-the-internet
The U.S. just took one step closer to privatizing a core part of the internet

 

Wheeler, a Democrat, said Wednesday that the outcome of the case "appears to halt the promise of jobs, investment and opportunity that community broadband has provided in Tennessee and North Carolina. In the end, I believe the Commission's decision to champion municipal efforts highlighted the benefits of competition and the need of communities to take their broadband futures in their own hands."

Wheeler's opponents, including from within his own agency, said the outcome was an obvious one.

"In my statement last year dissenting from the Commission's decision, I warned that the FCC lacked the power to preempt these Tennessee and North Carolina laws, and that doing so would usurp fundamental aspects of state sovereignty," said Republican FCC Commissioner Ajit Pai. "I am pleased that the Sixth Circuit vindicated these concerns."

Berin Szoka, president of the right-leaning think tank TechFreedom, said the issue was "federalism 101."

internet-speed
Chicago's internet speeds lag behind other cities'

"The FCC was unconstitutionally interfering with the division of power between state legislatures and municipalities without a 'clear statement' from Congress authorizing it to do so."

The court ruling represents a turning point for the legal tool the FCC tried to use as a weapon against Internet providers. First deployed in earnest by the FCC as an attempt to justify its net neutrality regulations on Internet providers, Wheeler again invoked Section 706 of the Communications Act to defend his moves against state limits on municipal broadband.

 

Section 706 calls on the FCC to promote the timely deployment of broadband across the country. The state laws targeting EPB and Wilson, N.C., Wheeler argued, amounted to a legal roadblock to meeting that goal, so preempting those state laws was consistent with Congress' marching orders.

In rebuking Wheeler's FCC, the Sixth Circuit has now effectively put some new constraints on what Section 706 may be invoked to accomplish. That is a significant step: Not long ago, policy analysts were saying that there were so few limits on the relatively vague language of Section 706 that the FCC could in theory use it to justify almost anything Internet-related. In effect, the court took what some analysts viewed as an unbounded grant of legal authority and imposed some bounds on it.

There are signs, however, that municipal broadband proponents were anticipating Wednesday's outcome - and are already moving to adapt. One approach? Focus on improving cities' abilities to lay fiber optic cables that then any Internet provider can lease; so far, only one state, Nebraska, has banned this so-called "dark fiber" plan, said Christopher Mitchell, who directs the Institute for Local Self-Reliance's Community Broadband Networks Initiative.

"We're pursuing strategies that are harder for the cable and telephone companies to defeat," said Mitchell.

Source : http://www.chicagotribune.com/bluesky/technology/ct-fcc-broadband-competition-20160811-story.html

Categorized in Internet Ethics

The Lower Colorado River Authority’s chief administrative officer urges enterprises to balance the risks of using the internet of things with the benefits connected devices can bring.Security concerns should hasten, rather than hinder, the adoption of internet of things (IoT) technologies, as the use of connected devices has the potential to make the way we live our daily lives safer, it is claimed.

Speaking at the Cloud and DevOps World conference in London, John Miri, chief administrative officer at the Lower Colorado River Authority (LCRA), said people tend to focus on the cyber security aspects of IoT rather than the difference it can make to the safety of citizens.

“Don’t just focus on the cyber security aspect of IoT and say, ‘what if someone breaks into the technology?’, focus on the new use cases that are related to safety and security,” he urged attendees.To back this point, he explained how the LCRA previously relied on local residents to keep tabs on rising water levels and the risk of flooding along the Colorado River, but now uses around 270 IoT sensors to do the job instead.

“In the old days, we would have people with logbooks living near areas prone to flooding and they would come to us and say when they saw something out of the ordinary, but people don’t move as fast as the water does,” he said.

“What we found with IoT, and working on the premise that the speed of light is faster than the speed of water, we can use a larger number of dispersed IoT sensors to detect where flood waters are and keep people safer.”

During his time on stage, Miri also opened up some of the economic challenges organisations currently face when trying to scale up their IoT activities, as the sensors it relies on can cost “tens of thousands of dollars”.

“How will I go from 270 sensors to 2,000 or 10,000 sensors? I’m not going to do it at $20,000 to $25,000 a piece. The only way to do that is to have cheap IoT devices that help expand our network,” he said.

Supply and demand

The LCRA also acts as a wholesale provider of electricity to homes and businesses in central Texas, and is actively involved in mitigating the risk of residents experiencing power outages.“I can secure the power grid using IoT, but I’ve also got to solve the cyber security challenges [that come with that],” he added.

The emergence of smart thermostats in people’s homes could play a key role in this, by allowing his organisation to notify people to alter the temperature in their home to reduce the amount of power being drawn from the grid to safeguard supplies to the whole community, for example.

However, Miri revealed that not everyone in the power and utilities industry are as enthusiastic as he is about the spread of these technologies in people’s homes.“A number of my colleagues in the utility industry see the growth of IoT on the consumer side as a threat. They’ll pull me aside and say, ‘Who do these guys think they are, selling new thermostats?

“If we had come up with this idea, people would expect us to pay for it. They’re taking a lot of work off our plate, and we need to work out how to cooperate with them,” he added.Coming back to the point of security, he said it would be wrong for user organisations to consider this a barrier to using IoT, when they have so much to gain from embracing the use of connected devices.

“There are a lot of unanswered questions on the opportunities and the risk, particularly the cyber threats around IoT, and we need to make sure our ability to handle the threats collectively grows faster than the threats themselves,” he added.

Sources:  http://www.computerweekly.com/news/450298818/Enterprises-urged-not-to-view-security-as-a-barrier-to-internet-of-things-adoption

Categorized in Internet of Things

 

CANCUN, Mexico, June 22 (Xinhua) -- With the goal of securing an open Internet, which can be used with freedom, security, trust and accessibility by all, governments, companies and civil society must come together to craft a new governance model for the web, global experts have agreed.

During the 2016 Ministerial Meeting on the Digital Economy, which is taking place this week in the Mexican town of Cancun, the Organization for Economic Co-operation and Development (OECD) is presenting the final report of its Global Commission on Internet Governance.

The report, crafted by a group of experts from every part of the world, has the mission of finding a way for the Internet to remain inclusive and secure.

"The Internet is at a crossroad. Threats to privacy and other risks that may bring the Internet down are real," Carl Bildt, president of the commission, said at a press conference Wednesday.

Bildt, who is the former prime minister of Switzerland, believes that the Internet can have a future where it provides economic opportunities, boosts freedom of expression, improves political equality and guarantees social justice.

"For this to happen, governments, civil society and the private sector must actively promote this future, and consequently, take the right steps to reach it," he added.The main risks identified by the report are access to essential information services being under threat, people believing the Internet is not safe, and aging technology needing an upgrade.

If these are not addressed, "the Internet could lose its capacity to drive innovation and many of the advances and benefits we have seen in the last two decades could be eliminated."Alongside Bildt, Jose Angel Gurria, the OECD secretary-general, said that "trust is crucial in the digital economy. The Internet is the best tool to bring people together."

According to the report, "a new social pact is needed for Internet governance ... where fundamental human rights, such as privacy and freedom of speech, are protected online."Bildt said that access to the Internet is another challenge, since over half of the world's population has no access to the Internet.

"We run the risk of a world of two halves, with those who have access to the Internet and those who have none. The consequences of this could be catastrophic. If the Internet is not properly managed ... it could lead to a fracture that could cause serious harm to global economic development," noted the Swiss expert.

Alongside this initiative, the OECD is focusing on the development of information and communications technologies (ICT) and the creation of related opportunities for young people.

The report shows that the percentage of professionals working in ICT is at an average of over 3 percent in OECD countries. Some positive statistics have emerged, with 95 percent of companies having access to broadband, 76 percent having websites, and 22 percent use the cloud. However, only 21 percent of companies offer online sales.

In terms of security, the commission states that governments must work together to halt cybernetic attacks.

The report also advocates that consumers must have the freedom to choose the services they wish to use and for "free service providers" to treat their customers' data with more respect before selling them for commercial use.

"Due to their impact on public opinion, governments, civil society and the private sector must unite to understand the effects of ... publicly available data," added Bildt.

Finally, he noted that "there must be a continuous evolution in the governance of an open Internet, with multiple and broad-based participation, in order to guarantee the existence of a unified global Internet." Enditem

Source:  http://news.xinhuanet.com/english/2016-06/23/c_135458529.htm

 

Categorized in Online Research

Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.

The goal of the report was to bring awareness to "a hyper-evolving threat" said James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and — with plenty of hackers for hire and malware for sale — technical skills are no longer required. A large-scale attack could be just around the corner, said Scott.

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers," he said.

U.S. authorities are well-aware of the rising threat posed by Islamic terrorists armed with advanced cybertools. In April, Defense Secretary Ashton Carter declared a cyberwar against the Islamic State group, or ISIS. Ransomware chatter rose to prominence on dark web jihadi forums around the fall of 2015 and continues to be a topic of debate, particularly among members of ISIS and Boko Haram.

"I had the same position that I have right now with this in December of last year with regards to ransomware hitting the health-care sector," said Scott. "We were seeing the same exact thing."

Much of the chatter on jihadi chat boards comes from Europeans and Americans, often social outcasts living vicariously through the online reputation of their handle — including disenfranchised teens or jailhouse Muslim converts turned radicals, Scott said. They may not have strong coding skills, but they have access to Western institutions and businesses and are looking to leverage that access to serve ISIS.

An example of the sort of conversation that takes place on Islamic dark web forums involved a cleaner in Berlin who worked the overnight shift and wanted to know how they could help, said Scott. Others chimed in, explaining how the janitor could load malware onto a USB device and plug it into a computer to allow them to remotely hack into the network.

"That is the kind of insider threat that we are going to be facing," said Scott. "That is what they are seeing as the next step — an army of insider threats in the West."

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers"
-James Scott, ICIT co-founder and senior fellow.

Though not known for being particularly sophisticated in their use of technology — beyond the use of encrypted messaging services and creating malicious apps — Islamic terrorists are now aggressively seeking ways to bridge gaps in their knowledge, said Scott. This may come in the form of hiring hackers, recruiting tech-savvy teens and educating new recruits.

"They are rapidly compensating for that slower part of their evolution," said Scott.

For example, ISIS operates what can best be described as a 24-hour cyber help desk, staffed by tech-savvy recruits around the globe. There are always about six operatives available to address questions, for example, about how to send encrypted messages, and strategize about how to leverage local access into cyberattacks. They also share tutorials, cybersecurity manuals and YouTube links, and try to recruit other techies, said Scott.

"It is obvious that cyber jihadists use dark web forums for everything — from discussing useful exploits and attack vectors, to gaining anonymity tips and learning the basics of hacking from the ISIS cyber help desk," he said. "Setting up properly layered attacks is incredibly easy even if one has a modest budget. All one needs is a target and a reason."
ICIT will present its findings and identify possible solutions for protecting critical infrastructure — along with a panel of industry experts and government officials — on June 29 in Washington.

Source:  http://www.cnbc.com/2016/06/15/the-cyber-jihad-is-coming-says-this-security-firm.html

Categorized in Internet Privacy

Another day, another hack. At least, that's how it's starting to feel.

People are getting hacked or becoming otherwise compromised in their digital lives at an alarmaing rate, and it seems as though that's not going to slow down any time soon.

Just earlier this month, it was revealed that hackers had gained access to millions of Twitter accounts, and not by hacking into Twitter itself. No, instead they simply gathered passwords from previous hacks and matched them with usernames.

With hackers on the rampage, there are plenty of things to keep in mind - things that will help you protect yourself and your online data, and ensure that you retain full control over your personal information.

How hackers are getting your information

Often when we think of the word "hacking", we imagine pages and pages of code, hours spent cracking away on a computer, and finding a way to get around having to use passwords. In reality, however, hackers can simply write a program that will look through information to find what they need to log in to a user's account. That's without having to spend hours at the computer combing through code.

"Hackers will most often parse existing breach data for emails, usernames, and passwords, and then attempt to reuse those credentials on popular websites," Alexander Heid, Chief Risk Officer at SecurityScorecard, a security monitoring service, tells TechRadar. "To achieve this, hackers will make use of 'checker' scripts. These are scripts which are designed to test batches of username:password combinations on specific websites to identify valid accounts. These scripts exist for every imaginable service, and are constantly updated and circulate within the hacker underground."

So, what does that mean? When you create a new account somewhere, you likely reuse at least some information for its creation. Even if you're not using the same username or password, information like answers to security questions or other details can all help hackers gain access to your account.

Hacker Source Flickr credit -650-80

Of course, some hackers are a little more hands on. That's where malware comes in. Malware is basically a type of software designed specifically to infect your computer, often in an attempt to steal your personal information.

A prominent form of malware is a keylogger, which basically tracks everything you type and then sends that information back to the hacker who wrote the malware code. That makes it way too easy for hackers to gain access to your accounts; all they have to do is wait until you log on to something and they'll be able to do the same.

There's one more method that hackers often use to get username and password information - phishing emails. These are essentially emails designed to look like they're from a company like Apple or Amazon, and trick you into willingly giving over your information.

Often times, there's a link in these emails that will take you to an official-looking website where you're supposed to log in to an account. Only, the website isn't official, it just looks like it is. Log in, and you're basically handing your information over to whoever sent the email.

How can you stay safe?

Now that you know how hackers are acquiring personal information, it's sure to be a little easier to protect yourself. The first thing to talk about is passwords.

Make passwords a priority

As mentioned, hackers are often able to use previous data breaches to find passwords, then find accounts on other sites and use the same username:password combination to get in. That should be far too easy for hackers to get into an account, but, in reality, people continue to use the same password, or the same few passwords, for their entire digital lives.

The solution? Come up with a new password for every account you have. Yes, it's a pain, but the fact is that creating unique and secure passwords for each of your accounts is an important step in remaining secure online. Not only that, but it could help save you time in the long run; if one of your accounts is hacked, having unique passwords prevents you from having to change the password for all of your accounts.

Source: http://www.inc.com/john-boitnott/how-entrepreneurs-can-ride-the-internet-of-things-to-success.html

Categorized in Internet Privacy

In 1989, Tim Berners-Lee, English computer scientist and the creator of the World Wide Web, couldn't have predicted that people would be using his idea to spread the word about the Arab Spring uprisings, or raise thousands of dollars to create a product. His goal was simple: he wanted a way to help people find and keep track of information more easily.

Nearly 27 years later, the World Wide Web has grown beyond the single server that Berners-Lee created to become a much larger and more influential entity. But there's one thing that continues to worry Berners-Lee--that some organizations are trying to limit people's ability to access certain types of content on the internet.

"It's been great, but spying, blocking sites, re-purposing people's content, taking you to the wrong websites--that completely undermines the spirit of helping people create," Berners-Lee tells the New York Times.

That's why this week, Berners-Lee and other powerful individuals in tech are hosting an event called the Decentralized Web Summit to discuss ways to give individuals more privacy, and more control over what they can access on the web. They want to find a way to stop governments from blocking certain web pages for example, and find more ways for people to pay for things on the internet without handing over sensitive credit card information.

Berners-Lee also told the Times that he's concerned about how the rising dominance of tech giants, such as Amazon, Google, and Twitter, is discouraging competition among companies that deal with the web, and stemming a more diverse flow of ideas.

"The problem is the dominance of one search engine, one big social network, one Twitter for microblogging," he says. "We don't have a technology problem, we have a social problem."

Berners-Lee and others sketched out their ideas for a few technological solutions that they believe could help decentralize the web. They think it would be beneficial for more websites to adopt a ledger-like style of payment, such as Bitcoin, to give people more control over their money.

Another one of the Decentralized Web Summit's organizers, Edward Kahle, has also created an Internet Archive, which can store discontinued websites and multiple versions of a web page. Those are small steps, but it's a move back in the direction of Berners-Lee's original version of the World Wide Web: a place where anyone can find the information they need--anytime, anywhere.

Source:  http://www.inc.com/anna-hensel/tim-berners-lee-decentralized-web-summit.html

Categorized in Online Research

Signs of improved intelligence communications

 

Most American counterterrorism, espionage and counterintelligence operations, from the Cold War to the Iraq War, are unknown to the public at large.

But we know, implicitly, that the U.S. intelligence community, military and special operations forces work quietly in the shadows to keep America safe.

And today, espionage threats against the United States pose as great a threat as ever.

Hundreds of intelligence officers from foreign nations continue to pose as diplomats, journalists and businessmen, just as they have for hundreds of years.

Recent decades have seen the addition of other types of intelligence gathering: improved signals intelligence to spy on enemy communications, image intelligence that uses photography from space, and most recently what is commonly called cyberespionage, or using computers to monitor, sabotage or steal classified information online.

For too long the public largely ignored or misunderstood the threat posed by cyberespionage. High-profile breaches at the State Department and Officer of Personnel Management and efforts by hacking collectives, Eastern European and Asian criminals and even Hollywood have raised awareness of the general threat, which continues to spread as more Americans have their identities or credit card information stolen.

But unlike most traditional methods of intelligence, cyberespionage has become a multiheaded hydra, targeting more than just America's government and military.

In a more complex area, and one of graver importance, cyberespionage now endangers American companies' intellectual property.

This threat we see from China and Russia, in particular, threatens our soft underbelly: our private sector. Not long ago, security analysts estimated the global economic cost of cybercrime to be $445 billion.

Criminals, nation-states and nation-state-sponsored hackers have begun bleeding businesses of their extensively researched and developed products, simply replicating materials for a fraction of the cost and putting them back on the world market in direct competition with American goods.

And because the United States represents a free market economy that respects property rights, rather than one of gross cronyism, we are unable and unwilling to respond in kind.

Those same countries also use cyberespionage in more traditional ways: to steal government secrets and sniff out American spies, and identify America's Chinese or Russian assets. The Chinese have also been accused of hacking pro-democracy groups in Hong Kong to disrupt their activities and eavesdrop on their communications.

And in a technological twist on its authoritarian tendencies, the Russian intelligence services now use the Internet and satellite television for propaganda purposes, including to quell internal dissent and manipulate public dialogue in the United States and elsewhere.

Meanwhile, cyberespionage can occasionally work hand in glove with another central aspect of our changing intelligence landscape: cyberwarfare.

We saw in the Republic of Georgia in 2008 and in Ukraine in 2014 how Russian forces prepped the battlefield by causing power outages and shutting down government computer systems.

China has reportedly made the decision to boost its cyberwarfare capabilities by as much as 30% in a move designed to try to give it parity, if not an asymmetric edge over other major powers in that battle space.

Cybertheft, cyberespionage and cyberwarfare represent the Wild West of intelligence and direct action, with poorly delineated lines setting the three apart, and poorly formed internationally accepted norms guiding responses to the threats. With the ability to hide a hacking trail, use proxies in an attack or feed government-level technology to criminals, the attribution capability for such activity continues to be murky, with easy deniability for unsavory actors.

Recently, a fourth area of threatening cyberactivity has surfaced: nation-states using destructive hacking for political purposes. The Iranians who hacked the Las Vegas Sands Corp. and the North Koreans who attacked Sony Pictures crossed a new threshold by targeting private companies for punitive, rather than pecuniary, reasons.

No company, no matter how prepared, can withstand the determination and resources of a country.

And just this week, Russian hackers allegedly broke into the Democratic National Committee's servers and stole research on presumptive Republican presidential nominee Donald Trump.

As my new CNN Original Series "Declassified" will show, patriots work every day and night to protect American lives and assets from enemies all over the world. The cyber realm presents a new arena for their efforts, one that we have not yet quite mastered. With new frontiers of concern still unfolding, however, you can bet we will see the emergence of more intelligence activity in the cyber realm.

Source:  http://www.siouxlandmatters.com/news/whos-spying-on-the-us-today-and-how

 

Categorized in Internet Privacy

Last week, the world heard that the Singapore Government plans to restrict Internet access for all public servants from May next year.

On the one hand, critics have argued that the policy will set Singapore back and that it contradicts our Smart Nation aspirations. On the other hand, cyber security experts have supported the plan to keep secure systems and e-mail segmented away from the Internet. Similar segmentation is already practised in sensitive parts of both private and public sectors such as banking and the military. As businesses, the general public and even other countries are watching this controversial step closely, it is important for us, as a nation and society, to send the right messages about cyber security and Internet access.

We need to make clear that segmenting Internet access is one of several ways to be secure. Segmentation reduces the risk of spear phishing, where employees mistakenly click on links in fake e-mail which lead to dangerous websites. It also reduces the risk of ransomware, where malicious software locks up all the computers of an organisation. It is a sensible solution since reports indicate that Singapore is a prime target for both of these cyber attacks. However, for the many organisations, businesses and individuals that cannot afford to disconnect themselves from the Internet, they need alternatives to reduce their risks such as identity management systems and next-generation firewalls.

We still need to prepare the nation to respond to cyber security breaches. Segmenting a network does not guarantee that it will never be hacked. For example, Iran's Natanz nuclear plant was not connected to the Internet, but it was nonetheless attacked by the Stuxnet virus and forced to close down.

Hackers are also increasing their use of cyber-attack methods that do not require Internet access, such as insider attacks and social engineering, using psychology to deceive others to grant access. Some day, a serious breach could take place and systems could be disrupted, or substantial personal data or money could be stolen.

Singapore will be resilient enough to withstand this if it has already set up backup systems, services to help victims, laws to protect the rights of victims and well-crafted emergency plans, and conducts regular drills much like the fire drills widely practised today.

In the meantime, there is a need to encourage organisations in both public and private sectors to work with their employees to find or develop secure Internet tools for work. Some government ministries may be able draw a line between "work" on secure systems and "surfing the Net" on less secure computers. But in many other organisations today, employees carry out their "work" by "surfing the Net", including research, procurement of goods and services, monitoring markets and competitors, and communicating with customers.

Employees may also use webmail to access e-mail from outside office and cloud services to transfer large documents because they are more efficient. Some public servants will use dual computers because they need to access both the secure government network as well as the Internet. Others might need to use personal devices to read work documents that come through the Internet, or use cloud services like Dropbox or Google Drive to receive large documents.

All of them need to be given secure yet efficient methods of transferring information and documents from external sources into the secure network in order to carry out their daily work productively while protecting the system from infection.This message that Internet separation is but one of several ways to be secure is especially important for the digital native generation, who have grown up using the Internet and find it natural to use Internet tools and resources to work productively.

Organisations in the public and private sectors which want to attract the best and brightest young talents from this generation, and to benefit from their fresh ideas, cannot afford to send the message that the Internet is unwelcome in their workplace.

On a broader scale, government and businesses need to assure the public that the Internet is safe enough for transactions like government e-services, banking and e-commerce, provided they observe secure behaviour. While cyber threats are increasing, so are security measures such as two-factor authentication. The challenge is to teach everyone, from the Pioneer Generation to the very young, how to use online services securely. As Singapore progresses with the Smart Nation and fintech initiatives, and more public and private services are provided online, we should not have any segment of the population that avoids using them because of fear, uncertainty and doubt.

Finally, as consumers, we need to demand that makers and providers of smart services and devices build in more security. Many Internet Of Things devices like pacemakers, fitness trackers, smart locks, security cameras and even our cars can be attacked through the Internet, and we need them to be more secure as we embark on the Smart Nation initiative.

At this time when misconceptions still abound about the safety of using the Internet, it is vital to spread the correct messages on cyber security to ensure that our public sector, businesses and the general public are able to securely and productively benefit from the technological advances of our Smart Nation.

Source:  http://www.straitstimes.com/opinion/sending-the-right-message-about-internet-and-security

Categorized in Internet Privacy

A major underground marketplace acting like an eBay for criminals is selling access to more than 70,000 compromised servers allowing buyers to carry out widespread cyberattacks around the world, security experts said on Wednesday.

Researchers at Kaspersky Lab, a global computer security firm based in Moscow, said the online forum appears to be run by a Russian speaking group. It offers access to hacked computers owned by governments, companies and universities in 173 countries, unbeknownst to the servers' legitimate owners.

Access goes for as little as $6 for a compromised server. Each comes pre-equipped with a variety of software to mount denial-of-service attacks on other networks, launch spam campaigns, illicitly manufacture bitcoin currency or compromise online or retail payment systems, the researchers said.

Starting at $7, buyers can gain access to government servers in several countries, including interior and foreign ministries, commerce departments and several town halls, said Costin Raiu, director of Kaspersky's research and analysis team.

He said the market might also be used to exploit hundreds of millions of old, stolen email credentials reported in recent months to be circulating in the criminal underground.

"Stolen credentials are just one aspect of the cybercrime business," Raiu told Reuters in an interview. "In reality, there is a lot more going on in the underground. These things are all interconnected."

The marketplace goes by the name xDedic. Dedic is short for dedicated, a term used in Russian online forums for a computer under remote control of a hacker and available for use by other parties.

XDedic connects sellers of compromised servers with criminal buyers.

The market's owners take a 5 percent up-front fee on all money put into trading accounts, Raiu said.

Kaspersky found the machines run remote desktop software widely used by network administrators to provide technical support for Microsoft Windows users. Access to servers with high capacity network connections may cost up to $15.

Low prices, searchable feature lists that advertise attack capabilities, together with services to protect illicit users from becoming detected attract buyers from entry-level cybercriminals to state-sponsored espionage groups.

An unnamed Internet service provider in Europe alerted Kaspersky to the existence of xDedic, Raiu said.

High-profile targets include a U.S. aerospace firm, banks in the United States, Philippines, Kazakhstan, Jordan, Ghana, Cyprus, South Korea and Saudi Arabia, chemical firms in Singapore and Thailand and oil companies in China and the United Arab Emirates, Kaspersky found.

Raiu declined to name the organizations. He said Kaspersky has notified national computer emergency response teams in several countries.

Source:  http://www.cnbc.com/2016/06/15/cybercrime-market-sells-servers-to-launch-attacks.html

Categorized in Internet Privacy
Page 6 of 7

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media