Targeted Hacks- Is Your Information Safe?

dreamstime_s_15252752It seems no matter where we go (online or in person), from clicking a link or swiping a credit card, we meet a new threat to our digital security. Whether it is Hackers, Malware, or a newly fashioned invasive program; high profile attacks are on the rise, and it seems no device or system is out of the scope. And there is no sign of it slowing.

You can’t be too careful. 

When you think about data breaches, you think most often about your computer or your workplace– but do you think of your smartphone? We are relying more and more on our mobile devices which opens up all new means for digital dilemmas. The statistics on mobile usage are astounding, and they only continue to rise. We can’t go a day, let alone an hour with out picking up the handheld mini computers at our disposal. Our technology and information addiction opens the potential for our information (we believe to be safe) to be compromised.

Can you believe there are even spies in our cellphones? According to a report on Yahoo via Associated Press.

Documents leaked by former NSA contractor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.

The documents, published Monday by The New York Times, the Guardian, and ProPublica, suggest that the mapping, gaming, and social networking apps which are a common feature of the world’s estimated 1 billion smartphones can feed America’s National Security Agency and Britain’s GCHQ with huge amounts of personal data, including location information and details such as political affiliation or sexual orientation.

The size and scope of the program aren’t publicly known, but the reports suggest that U.S. and British intelligence easily get routine access to data generated by apps such as the Angry Birds game franchise or the Google Maps navigation service.

The joint spying program “effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system,” one 2008 document from the British eavesdropping agency is quoted as saying. Another document — a hand-drawn picture of a smirking fairy conjuring up a tottering pile of papers over a table marked “LEAVE TRAFFIC HERE” — suggests that gathering the data doesn’t take much effort.

If you are going to use apps that connect your personal information, be sure that they are worthwhile and of a reputable source. Be cautious about giving out unnecessary information or permissions for the use of an app. Ask yourself– What is it worth to you to use that app? Many of the issues come from location sharing apps, so if you want to lessen the chance, you can limit the apps that are permitted to access you location.

Whether it’s the device in your hand, or a pass of your debit card at the register– our digital information is everywhere. Hopefully it’s stored in and secured by impermeable digital fortresses, but it’s often not. Impenetrable is seeming less possible, but certainly isn’t impossible. Is it?

Unfortunately, there are people out there who spend their days and nights trying to corrupt and invade our personal and highly valuable data. The problem comes when companies and entities do not employ substantial or sufficient security measures. Passwords for a corporation on the scale of Target should have better data security in place.

Where do the hacks and attacks originate?

In regards to the Target incident at the end of 2013, details have been released that the writer of the program was a 17 year old Russian boy, and he was paid just $2,000. According to an article on The Washington Post online

The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.

Additionally, Slate.com reports,

IntelCrawler says that ree4 sold his “BlackPOS” malware to more than 60 Eastern European cybercriminals, plus some in other regions. He is based in St. Petersburg and is well-known in forums and the wider hacking community. The IntelCrawler report notes that he wrote other popular malicious tools, “such as ‘Ree4 mail brute’, … social networks accounts hacking and DDoS attacks trainings.” But ree4 doesn’t seem to have personally taken part in the Target or Neiman Marcus hacks beyond writing and selling the malware. When contacted by the Washington Post, Target declined to comment on the IntelCrawler report. A Neiman Marcus spokeswoman specifically addressed one part, which said that hackers were able to plant the BlackPOS malware because the credit card terminals at the retailers they targeted had default passwords that were guessable and therefore weak.

Even more startling are the reports according to Slate that, 

The report quoted IntelCrawler’s CEO, Andrew Komarov, as saying that more BlackPOS hacks, largely of department stores, are going to come to light soon. This agrees with an article Reuters published on Jan. 12, citing anonymous sources who said they knew of at least three other breaches.

PCWorld states that there could be up to six additional infringements, “Cybercriminals have stolen payment card data from six more U.S. retailers using similar point-of-sale malware that compromised Target, a computer crime intelligence company said Friday.”

The conclusion comes from a study of members-only forums where cybercriminals buy and sell data and malicious software tools, said Dan Clements, president of IntelCrawler, which conducted the analysis.

Slate goes on to say,

Regulations in 46 states mandate disclosure when hackers steal customer information in a cyber attack. But different states have different requirements for how long retailers can delay giving notice if there is an ongoing investigation into the hack. There is also state-to-state variation in how much information the retailers have to release about the incident.

Joseph DeMarco, the former head of the cyber crime unit at the U.S. attorney’s office in Manhattan, told Newsday, “It’s a judgment call. A breach investigation could take weeks or months before you know enough to have a legal obligation to disclose.” But consumer advocates are calling for regulation revisions and federal intervention. In summary, this enormous situation seems pretty out of control at the moment.

Target seems to be under fire for not reporting the hacks earlier. Does that make a difference for you?

Once security has been breeched you’d hope that the corporations would have their customer’s best interests at the forefront. Sometimes they have to wait for criminal investigation, but it’s usually their bottom line they think of first.

The people that write these infiltration programs are getting younger and doing it for less money, many times just for the thrill.

There should be more preventative steps to thwart attacks. Corporations that handle the quantity of credit information on the scale of a national retailer should have more stringent password and encryption to prevent attacks like the Target breach. Some companies do take proactive steps to safeguard their clients and customers private data. There have even been reports like the one on abcnetspace.com that Microsoft will pay people up to $100,00 to hack in to their programs to find bugs.

Somehow though, however malicious the attack on Target was, or the inconvenience it caused its customers, there seems to be so sign of the breach changing people’s habits, as posted on Yahoo.

The poll finds a striking contradiction: Americans say they fear becoming victims of theft after the breach that compromised 40 million credit and debit cards and personal information of up to 70 million customers. Yet they are apathetic to try to protect their data.

It all seems a little overwhelming. We don’t want to hide from technology or the comforts of the modern world–so, what can you do to protect yourself from a loss of information security?

For some hints, take a look at a helpful post – Stay Safe: Practice Safe Computing 

We’d like to know- have you ever been hacked or had your personal information compromised? How so? And what did you do?



Categories: Current News and Events, Data Loss Prevention, Hackers, Internet Security, Malware, Security Breach

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: