Friday, March 22, 2013

Traveling abroad? How to stay connected and safe!

Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment, featuring Kristen Miranda and Theresa Payton.



Bags packed? check! Passport in hand? check! Reservation information handy? check!

Cybersecurity precautions? check? Many of you are going to be traveling abroad this year and you have asked us what you need to do to stay safe while away.



Going out of the country, whether for work or play is an adventure. Most of us think about safety precautions such as having contact information, contingency plans, even planning for the weather. But we have heard from viewers that you don’t really know where to begin to protect your digital safety. That’s where cyber expert, Theresa Payton, comes in. Her tips are both for the leisure travel or adventure seeker and the workers traveling abroad on business.



7 SAFETY STEPS TO TAKE BEFORE YOU LEAVE THE HOUSE OR WORK:


1 Make a full backup of all your files before you travel. If you are going to take a device with you, remove sensitive data from that device, if possible


2 Make sure all the devices you take with you have auto lock turned on with strong passwords. Create different passwords that you will use for the trip and plan to change them when you get home


3 Update all operating systems, browsers, and antivirus software


4 Pare it down - do you really need a smart phone, laptop, and tablet?


5 Sign up for the Smart Traveler Enrollment Program so the State Department can better assist you in an emergency, it’s free: https://travelregistration.state.gov.


6 Look at country specific warnings at the following State Department site: http://www.travel.state.gov/travel/cis_pa_tw/cis/cis_4965.html


7 Enable the encryption feature on your device - call your manufacturer if you cannot find the steps to do this



PERSONAL IDENTITY & PHYSICAL SAFETY TIPS

1. When using an ATM for cash transactions, choose the ones at banks

2. Consider using RFID wallets and passport covers to stop closeby snoops from trying to read your information

3. Never broadcast on social media networks where you are going or checking in at locations in the moment - you not only tell people where you but you also are broadcasting an empty house!



WHAT YOU NEED TO KNOW ABOUT FOREIGN TRAVEL


1. SECURITY & PRIVACY=NONE

Do not expect security or privacy in Internet cafes, hotels, offices, or public places. Many local networks overseas could be havens for malware - be suspicious of connecting to “free” WiFi or internet - it could come with a nasty “free” bonus.


2. DEVICE IN LINE OF SIGHT:

Always keep your device with you instead of in the hotel room, if possible. If not, discreetly lock it up. Assume that all information that you transmit: phone, internet, fax, or telephone could be intercepted.


3. FEATURES AND DEVICES OFF IF NOT IN USE.

When devices are not in use, turn them off and take the battery out to prevent GPS tracking or snoops via the microphone or camera. Disable services such as “bluetooth” and “file sharing”so you don’t accidentally broadcast your whereabouts. Turn off the microphone and the camera feature of your phone when it is not in use.


5. TALK ABOUT WHERE YOU WERE NOT WHERE YOU ARE:

Cybercriminals watch social networks frequently looking for those US travelers that have broadcasted they are away and target them for social engineering and other fraud scams.


6. DEVICE INSPECTIONS:

In some countries, if the customs official demands to examine your device, they might compromise it


7. MAYBE A LOANER IS A BETTER BET?

Consider taking a loaner device instead of your own - there are many companies that will rent a smart phone or tablet for you. Some international hotels will rent out a tablet or smart phone for a fee.



WORD OF THE WEEK: BIT BUCKET

Have you ever lost a document? Blame it on the bit bucket. It’s the place in cyberspace where missing documents or files are said to end up. Kind of how you end up with 1 sock after a pair goes through the washer.



WEB RESOURCES:

Travel tips from the National Counterintelligence Executive:

http://www.ncix.gov/publications/reports/docs/traveltips.pdf



For tips for traveling abroad see the Department of State site at: http://www.travel.state.gov/travel/tips/tips_1232.html



New York Times article that highlights the perils of digital safety while traveling overseas




FBI’s Crime Center (IC3) Posted a notice regarding travelers picking up malware when

connecting through hotel internet connections:




New York University highlights Step by Step Instructions to turn on encryption and other safety

features for these devices at: http://www.nyu.edu/its/mobile/security/

● BlackBerry

● iPhone, iPod Touch, iPad

● Android

If hackers can get into accounts of high profile people, what does that mean for you?



Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment, featuring Kristen Miranda and Theresa Payton.

First we heard that the Bush Family had a hacker break in and post their personal emails and pictures. Then Burger King hat their Twitter account hijacked...followed by 12 people, including the Vice President Biden and the First Lady had their credit profiles posted online. Now Colin Powell's Facebook account has been hacked. If they aren’t safe, are you?


In case you missed it, Colin Powell is the latest in a long string of public figures that has been hacked. The hackers posted messages such as “YOU WILL BURN IN HE--,BUSH” and “KILL THE ILLUMINATI!” Powell actually tried to warn his followers as the hack was in progress. This left the hackers to reply, “PUT A CURSE ON THE FINGER WHICH YOU USE TO DELETE THESE POSTS!!!”



Colin Powell sent out a public apology: “I’m sorry you have to see all the stupid, obscene posts that are popping up,” he told his followers.



Cyber expert, Theresa Payton, gives us some tips on how to avoid being the next victim.



WHAT HAPPENED TO COLIN POWELL’S ACCOUNT?


Former US Secretary of State Colin Powell had his Facebook account taken over. The hackers posted a series of out-of-character messages.



The hacker actually took the photographs they stole from the Bush family, and posted some of them onto Colin Powell’s Facebook page.



Facebook security has stepped in and has suspended the page to restore it to it’s rightful owner.



As of right now they believe the way the hacker got in was through social engineering and guessing the password.



HOW TO PROTECT YOURSELF:


Although none of these methods will 100% guarantee a hacker will get in, these will help


1. A different password and strong password for every account


2. Have more than 1 email address that you use to separate your social media accounts from your home email and from your online purchases



3. Wherever available, use 2nd factor authentication which means you only access the service from a trusted computer or by typing in a code sent to your mobile phone



4. Think twice before linking accounts



5. Click with care so you don’t infect your computer or get your account taken over.


6. Never click on links in emails that tell you to change your social media network’s password.



WORD OF THE WEEK: DOXING

It’s cybercrime slang for taking the documents of famous people and exposing them online.

They “doxed” them or the act of doing it is called “doxing”.



WEB RESOURCES:



If your Facebook account is hacked, go here and follow these steps:




Strong Password Tips:

1. Create a phrase and choose the first letters of each word; use upper and lower case

2. Use special characters and numbers to replace letters

3. Make up a different phrase and password for each site



Sample:

I use Facebook to keep up with my kids.



Step 1: The first letters: IuFtkuwmk

Step 2: The replacement of letters with numbers and characters:

1uF2k!wmk3>

Lastest Cyber Issues: Theresa Payton Speaks with WBT 1110 AM radio


Webnotes by: Theresa Payton, Fortalice, LLC.



GUCCIFER STRIKES AGAIN

First "he" hits the Bush family and posts self portraits by Bush 43 and other photos and emails from the Bush family.

Then "he" hits Colin Powell's Facebook account and sends nasty messages to Bush 43 from Powell's account.  Now 

Guccifer has struck again. 



Guccifer broke into Sidney Blumenthal's emails, a person close to both Clintons.

He circulated what appear to be memos about Benghazi



According to some reports, Guccifer hacked into someone else's account not related to Clinton or Clinton friends and used that other account to forward 4 memos to the Press and Senate and House members along with US news outlets and some reporters at Russian media.



The media has not released much about the memos and will only say that "he" apparently cut and pasted the information out of documents, a common trick to protect your anonymity because a downloaded document might contain metadata about who you are and where you are.



Allegedly one of the cut and pasted memos was dated February 16, 2013 and was “from extremely sensitive sources and should be handled with care.”



=======================================

KIDS MIGHT GET SOME PROTECTION...FINALLY, BUT THERE IS A CATCH  (Isn't there always?)



Children's Online Privacy Protection Act (COPPA) was enacted in 1998 but was beefed up by the FTC...

here is what happens this summer in July:



The rules are targeted at sites that market specifically to kids.



Sites like Tumblr, Google, Facebook will face stiff fines if minors have photos of themselves, photos with geocodes, or even audio or video of themselves

The sites will also be restricted on how they track kids 13 and under either through cookies or other means



There's a catch:  age verification is key and many kids lie to get on sites like Facebook.   Sites are only compelled by COPPA if THEY KNOW THE USER IS 13 OR YOUNGER



Facebook said:

"Facebook is focused on the safety and privacy of the teens who use our site. While Facebook's policies prohibit children under the age of 13 from signing up for our service, we are committed to improving protections for all young people online."



Another benefit hits MOBILE devices!

All data generated by mobile devices, as well as photos, videos and audio files containing a human image or voice, cannot be collected unless a parent first gives permission. 

The FTC’s December, 2012 report talks about their concerns for kids' safety and privacy on mobile devices in  “Mobile Apps for Kids: Disclosures Still Not Making the Grade.”





======================================



BRIAN KREBS' A VICTIM OF SWATTING



Brian Krebs, one of the best cybersecurity reporters in the US, has been a victim of a complex hack.

Last Thursday, his website was hit with a denial of service attack and while undergoing the attack, 911 was tricked into believing Brian Krebs was being held at gunpoint and sent a Swat team to his house - a practice known as swatting.



What happened:

1.  Prolexic, the company that protects his website, received a strange letter that said it was from the FBI but it was false - it said the Brian Krebs cybersecurity site was hosting illegal content and profiting from cybercrime so his website protector needed to shut it down.



2.  Brian Krebs called the FBI and they said the letter was a fake.



3.  That's when the denial of service attack - flooding one web page with traffic in the hope of bringing it down, hit his site



4.  Later, as Brian was preparing for a dinner party, he ignored the phone ringing.  He went to the front door and then heard 

“Don’t move! Put your hands in the air.” It was the Fairfax County Police.



5.  The Police told Brian, after they all realized it was a hoax, that SWATting had become a real problem.  



By the way, the hackers spoofed Brian's REAL CELL PHONE number when they called 911 to report that Russians had broken into the home and were holding Brian hostage (which was not true!)



and on South Korea....



South Korea's military is on a high state of alert for cyber-attacks



What happened?



1.  3 news networks went down

2.  2 Banks had major problems with ATMs, teller terminals, and mobile banking



As the outages went on, South Korea reports that messages were flashing across screens:

1.  Skulls and a message that this was the beginning

2.  They called themselves the "WhoIsTeam" probably a play on words using the "WhoIs" question that you can ask about the owner of a website



Forensics are expected to take days or perhaps weeks.  The internet provider said the origin of the attack is "unclear"



Some wonder if this is "payback" or if hackers are hiding behind recent tensions on the Korea peninsula

Previously, North Korea has accused the United States and South Korea of staging cyber attacks against it.



Does North Korea have this capability?  Some think yes.  

Anti-virus firm McAfee said it believed a 10-day attack in 2011 came from North Korea.