Bad stuff is coming

By Jim Hance

You can’t be too careful protecting yourself from con artists these days. Even if you live in a “safe” neighborhood, it’s a good idea to have a security system that includes monitoring. Even if you have a great lock on your bicycle, it’s a good idea to keep it indoors out of sight of passersby when you’re not riding it. Even if your computer and smart phone are protected from intruders with up-to-date virus and malware protection, it’s a good idea to know where the threats to your privacy and security will likely be coming from.

That’s why I picked up The Cyber Attack Survival Manual by Nick Selby and Heather Vescent. It’s a (relatively) fun read with lots of illustrations and stories throughout. And quite an adventure into the underworld of the darkweb where the unimaginable crimes are being concocted by bad guys. The tips on safe computing aside, some of the stories in the book are hair-raising. You won’t likely be going to those darkweb places on the web, but it’s good to know what happens there and how it can affect your security.

The book came out in 2017, but it is still well worth your time. You will be reassured that some of the “hacks” recommended for staying safe are probably already in place through the numerous updates in computers, smart phones, wi-fi routers and browsers in recent years. But the weakest part of any security system is likely the user. A ‘case study’ showed that 70% of people on the street in 2016 were willing to share their work login with a stranger for a candy bar. (I’d like to think some of those people gave bogus logins to get a candy bar, but it’s amazing that they even participated in the offer.) Of course, that experiment was just to show how thoughtless and cavalier people can be regarding security. There are lots of slicker ploys to steal your identity, your money and your peace of mind that you can be on the lookout for after you read about them.

What piqued my interest in picking up this book isn’t addressed at all. I seem to be targeted as a consumer of security products by the very company I rely on for security. They want to upsell me on products and services that aren’t well described, perhaps because the online security business is ever-changing, and perhaps because they don’t want to tip the bad guys off about what their products do. Their weekly newsletter reports remind me that new perils are being unleashed daily that could make my life miserable. But as the book noted, if you’re not the customer you must be the product. And in the case of security products, both could be true. I would feel better if I knew what I am actually paying for and why — two things that are difficult to determine with this type of product. Your relationship with a security products company is based on trust, and coincidentally that’s how a successful con operation takes advantage of you.

The book outlines security basics, and steps you can take if your identity has been compromised. Not surprisingly, the word ‘password’ is mentioned a lot. It’s a pain in the rear to change your passwords, but expect to be doing that after your data has been breached. And it likely will be breached as large companies of all kinds that you have done business with report compromises to their customer databases. Your email, street address, phone number and birth date are probably floating around on the darkweb right now.

If you own a business, the authors have suggestions to keep you safe from criminals. Don’t scrimp on business computers and up-to-date software. Train your employees to use the best security practices. Install a good quality home business firewall. Some businesses might want a managed DNS service to keep your computer activity private from your internet provider. Keep office equipment away from windows where it could be spotted by thieves. Use a cloud-based file backup system so that thieves don’t get all of your backups if they steal your computers. Get insurance for data breaches. Purge files regularly. Stage a drill to practice your response to a data breach, and improve your response plan as you go. The author says that small boutique banks often provide the best security for your business accounts (but I’m pretty happy with one of the largest banks). If you dedicate one computer to doing your online banking, there is less chance of your banking credentials being hijacked.

The book has a section entitled “The Future of Money” that explains the emergence of cryptocurrency, and how it’s used, Also, trends in cashless transactions.

The section entitled “The Deep Dark Net” takes you on a tour of some of the activities on the web where your browser won’t take you. You will need a special browser on your computer to visit the darkweb, and the book recommends using a clean computer, disable all scripts on your computer, use a VPN, use only cryptocurrency if you buy anything, encrypt all interactions, and keep your data on a thumb drive so you can erase all traces from your regular machine. There are bad guys waiting for you on the darkweb, and government sting operations are common. 23% of the world’s goods and services is on the black market and accessible on the darkweb. “Anyone who wants to make or receive untraceable (and untaxed) payments for anything, including illegal goods and services — from guns and drugs to hacking and stolen data — can find what they are looking for on the digital black market.”

One story about the darkweb relates the story of Silk Road, a kind of ebay on the darkweb where you could buy anything, including murder for hire. FBI and DEA agents spent years trying to take down the man behind Silk Road known as Dread Pirate Roberts, and finally did apprehend the same (real name Ross William Ulbricht) in San Francisco in 2013. Ulbricht was convicted of money laundering, computer hacking, and procuring murder, and is serving a life sentence without parole. A DEA agent involved in the takedown was found to have stolen some of the cryptocurrency seized from Silk Road, so he also went to prison. The Silk Road story still continues to develop as Donald Trump has mentioned in a campaign speech pardoning Ulbricht if he is re-elected president.

Some of the “big takeaways” from the book are security measures you’re probably already using: create strong passwords, password protect your wi-fi, don’t click on suspicious links, and don’t give out private info over email or texts. Advanced measures include always using two-factor authentication, check your credit report regularly, and never use public wi-fi without a VPN or SSH tunnel. For the ultimate protection, the book says eschew electronic communication, file your taxes the old-fashioned way on paper, don’t use banking apps on your phone, and prepare for an infrastructure attack with off-the-grid self-sufficiency measures. Those aren’t all the things recommended, but you get the idea.

Recently my wife asked me to make a list of things she would need access to in the event anything happened to me. So I made a list of everything important and listed each by location. I didn’t put any sensitive information like account numbers or login information on it — just a location that she would readily identify. One location, for example, is my wallet. Having a list of credit cards and ID that I carry in my wallet would come in handy if I were to ever lose my wallet. Just having a list of things that we have is a great start in identifying what needs to be replaced if it goes missing, or what login information needs to be changed when the next information breach is reported. I printed this list for her to have, but there’s an online document of this list that can be updated from time to time, and reprinted. Maybe that’s a personal hack you can put to good use.

Other things I have recently adopted are migrating my regular email correspondence away from email addresses that are getting a lot of spam, using an encrypted email account for banking and such, and employing a VPN for most of my computing. A couple of email providers for encrypted accounts include Tuta.com and Proton.com. DuckDuckGo is now my preferred browser and search engine, so I am delighted they have a new VPN.

(Another VPN benefit: I can use the VPN to watch the local Rays baseball games that are usually blacked out from MLB-TV. Ca-ching! I just saved $20 a month. I no longer have to subscribe to that sports app that starts with a B.)  

Stay safe out there.