Going Thermonuclear with Online Security

By Carl Weiss

Back in the 1950’s when the Cold War was raging, governments and individuals took the threat of nuclear war so seriously that they started building and stocking bomb shelters should the threat of nuclear war ever rear its ugly head.  Fast forward sixty years and a new threat has appeared that is every bit as serious and potentially as disastrous to good people worldwide.  Yet this threat has not yet galvanized the nation the way that the threat of nuclear holocaust did back then.  What I’m talking about is the impending threat of cyber attack.

When your head hits the pillow at night, do you fall asleep feeling that your online data, your identity and your financials are safe and secure?  Do you feel invulnerable behind your Windows Firewall and Norton Antivirus?  Are you in the habit of downloading freeware on your laptop and free apps on your Smartphone?  Do you use public wifi at coffee shops, restaurants, hotels and airports? 

If your answer to any of the above was “Yes” then I have news for you, Bunky.   It isn’t a matter of if you are going to be hacked, cracked or cyber attacked.  It’s just a matter of when.  Because the habits evinced above are tantamount to an invitation for hackers and cyber criminals to gain access to your most sensitive information, hijack your computer and Smartphone and in short turn your life into a living hell where your identity, your financial data and your intellectual property can be bought and sold like a commodity.

Does this scenario sound far fetched?  Let me provide you with a news flash.  During the past several months a shocking number of financial institutions, government agencies and the world’s largest domain registration service have all been hacked or denied service in one form or another.  Worse yet, all of these mammoth edifices have layer upon layer of protection that was designed to thwart even the most concerted attack.  Yet their security proved unable to stop hackers from entering and controlling their systems.

October 8 – Cybercrim Group Recruits Botnets for Coordinated Attack on 30 US Banks – by Ken Presti of crn.com

An organized cybercrime group is in the process of recruiting the operators of illegal botnets to participate in a coordinated attack on 30 American banks, according to security vendor RSA.  The attack, which is apparently planned for an undisclosed date this fall, would likely be the largest coordinated cyber attack in history, involving as many as 100 botmasters and their respective botnets.

According to RSA, the group will be leveraging a proprietary Gozi-like Trojan, which RSA calls "Gozi Prinimalka." The word "Prinimalka," which is derived from the Russian word meaning "to receive," appears as a folder name in every URL path to the gang's servers.

Apparently this was the same group that in 2008 stole more than $5 million from bank accounts in the US.  Botnets are networks of robotized computers owned by businesses or individuals that have been hacked and turned to cybercrime by remote control.  Many times the hacker tool of choice is not to spend hours or days trying to guess passwords, but simply to piggyback a piece of malware onto a freeware package that most people are all too eager to download.  Some exploit known back doors to operating systems and public networks.  Once inside a laptop, PC, tablet or Smartphone, the malware or spyware can gain access to and in some cases take control of infected machines.  Unless this malicious software is detected and eliminated, then the person or persons who designed the malware can rifle through your files, detect and extract credit card information, and if desired, use your machine to abet their nefarious activities. 

We Have Met the Enemy and They are Us

Sad to say, but the biggest threat to cyber security to individuals and businesses comes from the poor online discipline.  Former White House CIO and cyber security expert Theresa Payton pointed out in a recent televised interview that “In one instance we had a client that was convinced they were being bugged by a competitor.  We quickly determined that their employees were checking in on Foursquare everywhere they went.  Even worse, they revealed online who they were with and what they were doing.  So I told management that nobody needed to bug their offices.  All the competition had to do was follow them around on Foursquare.”

This problem is not relegated to the US.  Andy Prow, New Zealand managing director of Aura Information Security sums it up, "There is a growing need for privacy. More people are putting more information about themselves online - Facebook and other profiles -- but on the flip side we are becoming far more conscious that we only want our personal information given out if we give it, and we do not want it stolen.”

Is Your Smartphone Smarter Than You?

Unlike PCs and laptops, most Smartphones have little in the way of security.  According to a recent survey, 70 percent of users don’t password protect their Smartphones.  Many Smartphone users have little or no antivirus software or malware eradication software installed on their phones.  And unlike PC’s and laptops, it’s all too easy to misplace or lose a Smartphone, which if left unsecured has a 90 percent likelihood of being rifled through before being returned.

While no one, not even the government and big business are immune from cyber attacks, the most pressing need is for individuals to take the matter seriously and to take appropriate countermeasures to defend themselves.  Below are the top 5 things you need to do protect yourself:

1.      One layer of cyber security is not sufficient to detect malicious software.  You need to have at least three layers of security to harden your system.  As well as using a primary antivirus package such as TrendMicro, Norton,  or McAfee, you should also add a secondary layer of malware detection such as IOBit’s Advanced system Care 9, and/or Malwarebytes Anti Malware. 

2.      Install password and antivirus protection on your Smartphone.  AVG antivirus, Lookout Security, Dr Web Antivirus and other security and anti-malware programs are available for iPhone and Android. 

3.      Online you should always look a gift horse in the mouth.  Never plug in a flash drive or install a free software program with which you are unfamiliar.  If you are looking for software that you can rely on as being malware free, check out the ratings on CNet or Tucows. Paying for a program in most cases eliminates the adware that often come with the free programs. Buying that app you like can help protect your Smartphone.

4.      Do not respond to online come-ons or email addresses to which you are unfamiliar.  Phishing is all too common to be ignored.  And it is much more insidious than you think.  I had to explain to a colleague the other day that the reason she was getting tons of emails but no follow up calls from a Craigslist ad she recently ran was due to the high probability that her ads were being responded to by people phishing for active email addresses that can be sold to spammers.  She has since insisted that interested parties phone her for more information.

5.      Use common sense when posting on social networks like Facebook, LinkedIn, FourSquare and Flickr.  Remember while it may only take you a few moments to post online, your words and images will be available for years to come.  Therefore it is likely that they could be called up by employers, officials, spammers, stalkers and identity thieves.

While the age of information warfare is not as daunting a threat as thermonuclear annihilation, it can be crippling to a business or governments, as Irani officials found out to their chagrin after having their computers compromised by the Stuxnet virus in 2011. They found out the hard way that online security is not something you can take lightly.

Carl Weiss is president of W Squared Media Group and Jacksonville Video.  He is also cohost of Working the Web to Win which can be heard every Tuesday at 4pm Eastern on Blog Talk Radio.