Swimming With the Cyber Sharks

By Carl Weiss

It is said that the only sure things in life are death and taxes. While this pearl of wisdom has stood the test of time, in the not too distant future there could be an addition to that list: Cyberattack. That's because cyberattacks on businesses and individuals are up nearly 50% in the past year alone. Where cybercriminals used to almost exclusively target big businesses with deep pockets, now that ransomware has become so prolific, small businesses and even individuals are finding their online assets and machines being hijacked. And why not, since most individuals and small businesses offer little in the way of resistance.

Enter the Cyber Sharks
Image courtesy of worth1000.com

Who can forget the opening music to the movie Jaws.  In it’s day, the novel and subsequent blockbuster motion picture was enough to keep people on the beaches and out of the surf.  But as paranoid as many moms became about letting their kids frolic in the waves back in 1975, forty years later we should all be hearing the strains of da-da-dum-dum every time we surf the web.  That’s because while Jaws was a work of fiction, the arrival of schools of Cyber Sharks is all too real.

Just like the real deal, there is no 100% reliable cyber shark repellent that can keep someone from putting the byte on your computer, tablet and/or smartphone.  Even worse is the fact that while individuals are woefully unprepared to be hacked, what’s even worse is the fact that many of the devices connected to the Internet of Everything have absolutely no protection whatsoever.

Literally everything from appliances to medical devices to automobiles are rapidly becoming web-enabled.  While this provides the public with even more interactivity, it also provides hackers with more ways to get to consumers and business owners. Just as most people make the mistake of thinking their smartphone is a phone instead of a computer that you can talk on, nearly everyone doesn’t realize that the average automobile being built today have 100 lines of code onboard.  Many are now Wi-Fi enabled as well. You don’t have a car with q computer onboard. You have a computer that drives.  Soon, these computer cars will do most of if not all of the driving.  So if a hacker can take control of your car, what does that mean for the passengers and driver?  (On a recent 60-Minutes telecast, hackers gained access to the car in which Leslie Stahl was driving, turning on the lights and windshield wipers.  So this is not a hypothetical possibility.)

Who’s Watching Who?

Courtesy of Samsung.com
Smart Houses and appliances are also becoming more and more commonplace.  They’re also becoming easy pickings for hackers.  If a hacker can crack your home’s security system, this makes breaking and entering child’s play.  Don’t even get me started on what a hacker can do to your web-enabled Nanny Cam.  The same smart TV that you just installed in your living room can be hacked with ease, since most contain little or no security.   

A February 24, 2015 blog by CNN reported: Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn't just processed by the television; it may be forwarded over the Internet for remote processing. It's literally Orwellian.

What’s really scary is the fact that last year alone more than 10,000 smart appliances were hacked, according to leading US security firm Proofpoint.  Once inside your smart TV or refrigerator, hackers can then gain access to other web-enabled devices.  Believe it or not, your refrigerator can spam your smartphone, laptop or tablet once infected.  Even if your device does come with some semblance of security, unless the protection is updated on a regular basis, it’s only a matter of time before a hacker will prevail.

How Do I Hack Thee?  Let Me Count the Ways.

So many smart devices…So little time.  Everything from wearables to medical devices are becoming vulnerable to hacking.  Symantec reported on March 12 that: “All of the devices failed to check whether they were communicating with an authorized server, leaving them open to man-in-the-middle attacks. One out of five devices did not encrypt communications and many did not lock out attackers after a certain number of password attempts, further weakening their security. All of the potential weaknesses that could afflict Internet of things systems, such as authentication and traffic encryption, are already well known to the security industry, but despite this, known mitigation techniques are often neglected on these devices”

Image by culturedigitally.org
While Symantec’s report was referring to smart appliances, in October of 2014, the US government told the FDA to start taking medical device security seriously while citing the same problems that smart appliances were facing.  The next time you go to the hospital for a dialysis treatment or to get your pacemaker checked out, you might like to ask your physician about the inherent hacking vulnerabilities of these systems.

The number of ways that hackers can get into your devices is staggering. Below are some of the most popular tools of the hacker’s trade:

  1.    Sniffers are programs or device that monitors all data passing through a computer network. It sniffs the data and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter certain types of data, capture passwords, and more. 
  2.     The Hex Dump (aka Voodoo) - When an electronic device is manufactured, it is programmed with firmware.  Hacking firmware is simply a matter of buying a programmer that can receive the memory dump and transmit it to a computer where the code can be altered.  Then transmit the modified code back to the device.
  3.    Attacking Defaults – Virtually every piece of hardware on the market comes with a set of standard defaults, including username and password that provide access to the system.  Since most people do not change these default settings, this is the easiest way to exploit a system.
  4.    SQL Injection – While it sounds like a medical procedure, what an SQL Injection attack are conducted by entering unexpected entries into a database and then probing the returned error messages to reveal information that can be used to hack the system.  For instance, by entering metacharacters like #$%^ into a field that processes only alphanumeric information, the database could be tricked into revealing the contents of the database, or in some other way compromise an SQL server. 
5. DDoS Attacks - Directed Denial of Service Attacks occur when hackers flood a targeted website with so much bogus traffic that it brings the victim's server to a halt.  This is usually followed by a demand for payment in order to restore service.
6. Data Extortion - Most people aren't aware that their data can be hijacked and held for ransom.  This can take a number of different forms, including threatening to release sensitive information stolen from a machine, to locking a legitimate user out of their own website or machine by changing the password.  Just as with DDos attacks, all too many extorted users don't realize they've been hacked until a ransom note appears demanding payment.  Even worse than DDos attacks, non-payment in this case can result in your website or data being erased.  (Lately, online extortion has also extended to threats of having one's reputation smeared online unless payment is rendered.)
7. Ratting - Remote Administration Tools are an increasingly popular and insidious means of hacking everything from laptops to tablets and smartphones.  Once successfully deployed, a ratted machine is literally under the control of the hacker.  Ratted machines can not only be rifled for information, but their webcams and built-in microphones can be surreptitiously turned on, allowing the rat to become the equivalent of a cyber peeping Tom.  (There have been a number of high profile celebrities who have been ratted, resulting in compromising photos and videos making the rounds online.

Courtesy itunes.apple.com
While all of the abovementioned tactics require a bit of technical knowhow, there are many other hacking programs and devices that can be bought online.  There are also online forums, hacking blogs and clubs that teach hackers the tools of the trade.  There are also annual hacker conventions and hackathons such as the one held yearly in Las Vegas.  If you don’t believe me, simply google, Hacking devices available online.”

The real danger is that the Cyber Sharks have the upper hand since detection, much less prosecution is hit and miss at best.  Meanwhile hacking continues to proliferate nearly unchecked.  CNN recently reported that in 2014 hackers exposed the personal information of 110 million Americans, roughly half of the nation’s adults.

 So the next time you turn on your Smart TV or start your web-enabled car, don’t be surprised if the sound you hear emanating from your surround speakers is something like, “Da-da, dum-dum.”

 Carl Weiss is president of Working the Web to Win, an award-winning digital marketing agency based in Jacksonville, Florida.  You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio   

The DIY Online Marketing Solution

By Carl Weiss

“We’re Number ONE!”
Image from engineerofknowledge.wordpress.com

That’s what everyone strives for in this country. Whether you’re talking sports, business, academics, or keeping up with the Jones’, Americans are extraordinarily competitive.  This especially holds true online, where ever since the first search engines appeared more than 20 years ago, website owners vied for the top spot on every keyword combination imaginable.

Back in the early to mid-1990’s achieving a page one result wasn’t all that difficult.  That’s because everything you needed to feed the search engines was on page one of your website.  Back then, there were no blogs.  Social networks hadn’t yet been invented.  Video was not even possible, since most web surfers used a dial-up connection.  Heck, most web designers had to be careful not to use hi-res images, since these could cause a site to load at a glacial pace.

Today, the game has changed.  The Internet has become the mac daddy of interactive, multimedia marketing.  If you want to wind up on page 1 of major search engines, you need to do more than just create a properly optimized website.  There are a lot of moving parts to take into consideration.  Not only do you need to be concerned with site architecture, but you also need to add and feed everything from daily social posts and weekly blogs, but you should also create videos on a monthly basis. 

The Web is run by the Golden Rule – He Who Has the Gold, Makes the Rules

Image courtesy of andhoraa.com
The multimedia approach isn’t just a great way to build and engage a targeted audience, it’s also a way to generate Google Juice. The world’s most popular search engine takes into account everything from how many followers you have on Twitter, Facebook and Google+, to how many people are reading, commenting and reposting your blogs.  Since Google also owns the world’s most watched video portal: YouTube, creating a growing following who watches your videos is another way to move your site and your videos onto page 1.

The problem is that unless you have the time or a dedicated online marketing staff to continually feed content day in and day out to the Internet, most business owners usually take one of three tacks:
1.      They outsource their online marketing
2.      They start off with the best of intentions only to run out of steam
3.      They throw in the towel

Having spoken to thousands of business owners over the past few years, what I always ask is the obvious question, “If your competition is on page one of the search engines and you are not, is this good or bad for your business?”  While every business owner agrees that the last thing they want to do is provide their competition with any competitive edge, some of them have either tried to outsource their online marketing with horrible results, while others simply can’t afford to spend $1,000 or more per month to get the job done.

While I sympathize with both these situations, while I can educate the public on the ways to select a reputable online marketing firm, what I haven’t been able to do is show them how to get the job done cheaply.  That’s due to the fact that it takes a considerable amount of time to feed a minimum of 3 social nets daily.  Not to mention that writing and distributing weekly blogs that engage and grow readership doesn’t come cheaply.  So if you think that paying someone a couple hundred dollars a month is going to magically move your website onto page 1 of Google, you are in for a rude awakening.

    Is Scalable Online Marketing Possible?

Being the CEO of one of the last online marketing agencies around that still offers written guarantees for organic results, I can tell you that until recently, all I could do was shake my head and wish business owners who wanted the results but couldn’t afford the price good luck.  That’s because there is no longer any shortcut to long term online results.  While you can sometimes get an optimized blog or video to pop up on Google page 1, when it comes to getting your website to move up the rankings, someone has to be willing to do the work.

That’s also the main reason we’ve been producing a weekly Working the Web to Win blog and radio show for the past three years.  Hector and I weren’t trying to be blogging or online radio superstars.  We just wanted to keep the public up to speed on the ever changing Internet.  While this provided business owners with tidbits of knowledge, there was no way to pull this material together into a multimedia training course that would teach them what they needed to do in order to become a scalable DIY online marketing system.  Until Now!

Introducing WWW University

Starting on May 1, WWWU was introduced to bridge the gap by allowing website owners to decide how much of the task they want to take on and how much they want to outsource.  That’s because we have launched the first of our DIY Online Marketing Training Courses that are guaranteed to show people the same techniques that we have been using to generate page 1 results for clients.

Our first e-course, SEO Made Easy, consists of twenty chapters that take students step-by-step through the process of optimizing websites.  The course material covers everything from the proper use of page and image tags, to maximizing your Google Juice and leveraging local SEO.  Better still, the course includes a half-dozen videos that show you what it takes to generate page 1 results.  We also include everything from contact information with the instructor, to a weekly WWWU Newsletter that is designed to keep you up to speed with regards to the ever changing World Wide Web.  Not bad for a one-time tuition of only $97.

Check out our Free Preview at http://wwwu.patience.io/catalog/4385

During the course of the next few months we are going to add more courses including Business Blogging, Viral Video Magic, Social Media on Steroids and more.  Even better is the fact that we will provide special pricing for alumni for additional training modules and optional online marketing via Working the Web to Win that will allow graduates to create a scalable online marketing system that lets them decide how much time and money they want to spend to get the job done. 
To put this system into perspective, imagine what it would be like if you could go to your local Mercedes Benz dealer and pick out any car on the lot, knowing that by helping out around the dealership you could get the car of your dreams at a price you can afford. If the prospect of creating a scalable, affordable system of online marketing is something that you would like to learn more about, take our SEO Made Easy course for a test drive at http://wwwu.patience.io/catalog/4385 

 Carl Weiss is president of Working the Web to Win, an award-winning digital marketing agency based in Jacksonville, Florida.  You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio