Protecting your Identity, Computer and Property

Cyber Security and Self Defense Protecting your Identity, Computer and Property Part 1: There are sharks in the water! Author: Neil Rosenberg, neil@vectorr.com

Top Ten Famous Last Words: 1. Identity theft will never happen to me. 2. The authorities will help me. 3. My accounts are fully protected. 4. I always act in a safe manner. 5. I m a nobody, I m not at risk. 6. I pay for an identity protection service, nothing can happen. 7. I check my credit every year, I ll be able to catch problems in time. 8. I was already attacked, it won t happen twice. 9. I have virus protection, nothing will get through. 10. I use a MAC, bad things only happen to Windows users. Page 2

So what s all the fuss? Damage to credit rating. Inability to get loans, mortgages, jobs. Financial loss, emptied bank accounts, PayPal, etc. Unexpected loans or other debts. Arrest for crimes you did not commit. Being hounded by debt collectors. Loss of or damage to online accounts. The general sense that you ve been violated! Huge effort to restore credit. Fear that it will happen again. Page 3

Danger Will Robinson! Page 4

What we ll cover in this presentation -- Important steps to protecting your computer, your data and your identity: 1. Accept the fact that you are at risk. 2. Educate yourself on the different vulnerabilities and potential damage. 3. Develop your radar (awareness of danger). 4. Evaluate your personal situation. 5. Take steps to protect yourself. Close ALL holes in your armor that you can control. 6. Keep abreast of new risks and attacks, respond accordingly. 7. Be prepared to react and recover. Page 5

We live in a digital world Ours is a highly interconnected world. Critical aspects of our lives have become more vulnerable than ever. Medical Transportation Homes Communications Industry and Agriculture Utilities Infrastructure Emergency Services The Internet Retail and Commerce Banks and Finance Appliances Identity Entertainment Government Page 6

Our Cyber lives vulnerable, open With the right tools, everything on the internet can be viewed by anyone, anywhere. Criminal Hackers exploit weaknesses accessing private data and causing harm to people and property! Page 7

Many Points of attack -- Various kinds of social engineering, enabling unwanted intrusion. Inviting-looking websites or links that contain hidden agents. Attachments that trick you into running infected programs. Fake emails claiming to be from known companies or friends. False warnings or emergencies that cause you to let your guard down. Offers of personal gain that lure you into danger. Page 8

So, what can happen to me? 1. Theft, usually via some kind of identity theft a) Stolen funds (Paypal, brokerages, banks) b) Redirected purchases from online dealers (Amazon, Ebay, others) c) False tax returns (refunds) d) Bogus loans in your name 2. Computer take-over (malware, viruses) a) Email zombie/scam robot b) Extraction of private data c) Intentional damage to data and computer 3. Cons, scams, other mischief a) Email scams b) False scares c) Hacking of social site accounts and web sites d) Harassment Page 9

Identity Theft The BIGGIE! Image copyright (c) Fifth Third Bank Once a criminal has your personal information they WILL attempt to use it. It s not a matter of if, only when. Once your personal information is out there there s no putting it back. Many victims are attacked multiple times. The damage to your personal reputation, financial well-being and credit rating can be huge. Companies and agencies often do very little to help you once you have a problem. Page 10

A particularly painful kind of identity theft... Page 11

Hackers: Who are they? What do they want? Intent Ethical Curious / Mischievous Criminal Risk Low Moderate High White Hat Hackers Use their hacking skills for the purpose of improving security. Legal organizations and Governments hire them in order to discover or solve vulnerabilities and exploits. Also called penetration testers. Gray Hat Hackers Use their hacking skills for legal or illegal purposes, but never for personal gain. In most cases, they exist to share information and to accomplish something specific that is known only to them. Black Hat Hackers Use their hacking skills for personal gain, either in monetary or non-monetary terms. Any criminal activities related to hacked networks can be attributed to black-hat hackers. They make networks unusable for others and attempt to destroy or steal data for selfish motives. The moment a Hacker gains authorization to a system for which they are not explicitly authorized, they have broken the law. Page 12

How can my private data be stolen? From Servers: Target, Yahoo, J.P.Morgan, Amazon, Cloud services, Gov t agencies and lots more! From your personal computing devices, physically or via malware: PCs, Macs Tablet computers Smartphones Discarded devices Directly from you: Your wallet, ID Cards, Phone conversations, Credit cards, Stolen mail, Phishing emails, your trash, Page 13 and more!

How can my private data be stolen? Unencrypted Public WIFI is easy prey to snoops WIFI hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else. The data stream is easy to watch, anyone within receiving range of the wireless can see exactly what you have sent and received!

Computers 101 what you NEED to know! The FOUR basic components that make computing possible: Hardware Operating System Applications (Apps) Data The physical electronics and mechanics. Software that defines the user interface and runs apps. Software to do specific jobs, the real work. Information the apps use and operate upon. Page 15

Computers 101 what you NEED to know! Examples of the 4 basic components: Hardware Operating System Applications Data Examples: Examples: Examples: Examples: 1. The brain (cpu, memory) 1. Windows 1. MS Office 1. Documents 2. Mouse, Display, Printer 2. Mac OS 2. Browser 2. Videos 3. Networking devices 3. ios 3. Email App 3. Emails 4. Storage devices, media 4. Linux 4. Music player 4. Photos 5. Android Page 16

What is Data? What are Applications (apps)? Why do I care? In the simplest terms, Data = Noun, Application = Verb Data can be a picture, document, spreadsheet or any other object that is a collection of information. Data is generally not dangerous by itself, but there are exceptions, such as zip files that can contain infected Applications. When you open, view, edit, visit or do any other action or verb on your computer, you are running an application. Applications are frequent targets of hacking, simply executing an infected application can bring harm. FYI: Application = Program = Executable Page 17

Malware Any program whose purpose is to harm. "Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a computer, server, or network. There are many terms that describe Malware, both in terms of how it enters and what it does once in place: Viruses Worms Trojan Horses Blended Threats Spyware Scareware Bots Page 18

Malware comes in many forms So, what exactly IS Malware? Programs or executables that infect your computer, can be VERY difficult to detect and remove. Often self-replicating. Sometimes doesn t do direct harm, but instead opens your computer to other attacks. Commonly has multi-pronged attack vectors. Often disable your protection (firewalls, virus protection) and can prevent you from running or using other programs. Can sit dormant for indefinite periods of time. How does it get in? Most often, it takes a human action (or inaction) to allow it in. Frequently comes from email attachments or results from visiting an infected web site. Can be attached to or hidden inside legitimate programs. Page 19

What are the vulnerable spots? Infected programs Embedded that execute OS executables attacks, on exploiting that use weaknesses stealth your computer to get in installed. existing protections Hardware Operating System Applications (Apps) Data Page 20

Types of Malware: Viruses Virus -- needs your invitation Virus is a general term that covers a wide range of different cyber attacks. Almost all viruses are executables, which means most viruses don t infect your computer until you run or open the malicious program. Can range in severity: may cause only mildly annoying effects or can damage your hardware, software or files. Viruses often hide their existence and cover their tracks! Page 21

Types of Malware :Worms Worm -- a special kind of virus Worms tunnel, looking for ways to travel to other computers or networks, do their dirty work and hide. They often use your contact list to find new victions. Once installed, worms can spread from computer to computer without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with worms is their capability to replicate and spread quickly; they can cause your computer to send out hundreds or thousands of copies of itself, creating a huge devastating effect. Page 22

Types of Malware: Trojan Horse Trojan Horse, tempting (like the legend) The Trojan Horse, at first glance appears to be useful software but will do damage once installed or run on your computer. Those receiving a Trojan Horse are usually tricked into running it because it appears to be useful software from a legitimate source. Trojans are known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Trojans are one form of Social Engineering, relying on tempting or fooling the user to invite it in. Page 23

Scareware and Spyware Scareware is Malware that is designed to frighten or alarm you, to make you think bad things are happening. Scareware is often used as a tactic to cause you to let down your guard, allowing other Malware to enter. Example: Your computer is infected, click here NOW to download protective software... Spyware is Malware that steals private information. Spyware aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge. Page 24

Ransomware Ransomware is malware that displays a threatening message claiming to be from a legal authority, while simultaneously locking your computer. It makes a demand for immediate payment or your data will be lost. Payment of the ransom will NOT free up your computer! Page 25

Bots Short for Robot, acts like an invading army A malware Bot is designed to automatically infect many computers and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or Botnet." With a Botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their target(s). Bots can act as Spyware to log keystrokes, gather passwords, capture and analyze web actions, gather financial information. They can also be used to launch attacks, relay spam, and open back doors. There may be thousands or millions of PCs infected with any given Bot, working together to carry out their joint mission. Page 26

Special Risks on Smartphones and Tablets Apps may do things you don t want: Track and report your location Access your Facebook info Access your phonebook and contact info Watch logins, other activity Android and IOS are both affected Free apps are particularly suspect You can choose what to install, but almost all apps ask for access to things they shouldn t need! There are tools to scan currently installed apps for permissions. Page 27

Other threats... Just when you thought you d seen them all! Phishing Emails or web sites that fool you into providing private information. May ask for credit card number, social security, etc. Pharming Similar to Phishing, but more insidious. Just by visiting a web site or opening an email, the Phishing attack installs a small program that later makes you think you are going to a secure site (ebay, banking, etc.) but instead takes you to a fake where it harvests your login and other personal information. Page 28

Social Engineering A low-tech way to be taken Social Engineers use deceit or trickery to get the victim to perform actions or divulge confidential information. Social Engineering is like a modern-day version of the con game. It involves psychological manipulation to enable the attack. Examples of Social Engineering: Baiting: leaving an infected CD ROM or USB flash drive where it will be found. Tailgating: seeking entry to restricted area, following a legal entrant before the door can close. Pre-texting: pretending to be someone in authority. Phishing, Trojan Horses, Diversion, the 10 Attack, and LOTS MORE! Page 29

So, now that you re TOTALLY PARANOID... Stay tuned for: Page 30