The state of network security is that it is in shambles, even if you have a lot of resources and IT teams at your disposal.
It’s absolutely insane how open information networks are, especially those that are used at homes and small businesses. There is a lot to think about in terms of what level of privacy is realistic and how far you can take security without just stepping on your own feet and making it harder to use your networks.
I think it is worth it to go over some of the major examples of hacking incidents over the last 10 years and then let’s dive in to what this means for you and the security of the private information you value in your personal and work life. When reading remember that in modern times
There is no true privacy on the World Wide Web.
An estimated 143 million people in the US had their names, addresses, social security numbers, drivers license numbers and more stolen. Some say this is the worst personal info security breach in American history to date.
The bummer is that they had a security protocol for two months before this happened and simply failed to install this update so hackers had ample time to glean info.
In 2011, it was revealed that the US military’s drone fleet was infected with a virus known as a key logger. So far they claim that there has been no case of them losing control of a drone but they have said recently that the virus keeps coming back. After 6 years, they suspect it is benign but they don’t know.
These are sophisticated machines and weapons that contain valuable information. Them there is the fact that a hacked drone could be used for some pretty bad things. If any agency should be worried about how vulnerable their security is, it should be those that have the safety and security of others on line.
Other incidents of predator drone hacking have been reported as well. Take the case back in 2009 where Defense officials are quoted by The Associated Press as saying that there was evidence of at least one incident of insurgents in Afghanistan monitoring drone video feeds.
In 2011 the Iranian military reported to the Christian Science Monitor that they were responsible for hacking and taking down a CIA surveillance drone worth millions. Not only that, they did it using very basic computer navigational know how that allowed them to even bring it to a soft landing. An engineer on the inside is quoted as saying “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”
Bay Area Transit System
The Bay Area Transit System ticketing system was hacked and files encrypted. The Transit System lost a lot of money because they let everyone ride for free on the day of the hack. The hackers demanded 100 Bitcoins which at the time totaled around $74,000. They did not pay the ransom but their IT team managed to get things in order.
You have to wonder how much information was actually stolen at the time. It could have been worse. Look at the example of the 14 year old that hacked his hometown of Lodz, Poland’s tram system and derailed 4 cars. Luckily no one was killed but who can say what the future holds in such an insecure world?
In 2015 the IRS was hacked and 700,000 accounts had their information put into jeopardy. Since you are required to give the IRS information there is really nothing you can do to protect your IRS account. They are supposed to do it for you but get this, in 2017 they awarded Equifax, yep the same company that lost a record breaking amount of records to hackers, to take care of the fraud protection for their site.
We should not be surprised when it happens again. In fact it gets better, Equifax also designed the software for logins that resulted in a hack in 2015. So they were awarded another contract after making the biggest identity hack mistake in the USA to date. Is it just me or does that make no sense at all?
It was recently revealed that Uber was hacked and customer info was held for ransom. Uber took the approach of paying the ransom and then covering it up until it was leaked and they were forced to publicly acknowledged what happened.
In 2016 a bank employees computer was hacked and used to make payments using the SWIFT system. Although $81 million was actually stolen when it was done, they are making an effort to steal an amazing $1 billion.
This is supported by the fact that they used fake emails to indicate to the New York Federal Reserve that they wished to transfer this money. The $81 million that did get stolen was sent to casinos and agents for casinos. A lot of this money is still missing.
Office of Personnel Management and the Department of Defense
In 2015 the OPM and the Department of Defense admitted that two major data breaches had resulted in the personal information of 21.5 million people being made available to hackers. The records included the personal information of government employees with major security clearances as well as info about their friends and family and those that were put on applications as references for very sensitive government jobs.
It is estimated that 1.1 million sets of fingerprints were stolen. These hacks mean that intelligence operatives may be exposed to other governments thus jeopardising any future missions they may take part in as well as putting their safety at risk both in and out of the workplace.
If top agencies are incapable of protecting the most sensitive personal info of secret agents, then that truly shows the deplorable state of digital security in the United States today.
In Iran in January 2010, at the Natanz Uranium Enrichment Plant in Iran, something was clearly wrong. For some reason centrifuges used to enrich the uranium gas were failing when they shouldn’t. Five months later a security firm was working on an unrelated call and discovered Stuxnet.
This virus is not like others because it is made to actually cause mechanical damage to equipment. In the Belarus case it was causing computers to crash and reboot constantly.
It was then discovered that Stuxnet was causing the pressure within centrifuges to not be regulated at safe levels. The Natanz plant had an air gapped system so there was no way to get Stuxnet into the plant without an external source.
How did they do it? A simple USB drive with Stuxnet on it was used at 5 companies with known links to the plant.
Thus there was some info coming in on USB drives from the outside. While it was not from the internet this goes to show that any sharing of information from “the outside” is a breach and eventually that is probably going to mean your air gapped system has something sinister on it that could lead to a disaster of unprecedented scale when you are talking about nuclear power.
The editor of The Wired, Kim Zetter wrote a full length book called Countdown to Zero Day covering the whole story of Stuxnet for those that are interested in further details about this case and what it means as we think about the security of networks throughout the world.
The Electric Kettle and Iron Incident
Back in 2013, CBS News reported on an incident where electric tea kettles manufactured in China were found to have hidden wireless transmitters in them. Sure this was reported originally by Russia and regardless of how you feel about them, there is evidence that they are right.
A wireless transmitter is small enough to fit into virtually any device that plugs in and it costs little to do it. The transmitters in the kettles and irons reportedly could connect to any hidden Wifi network with no password protection within 656 feet.
In a densely populated area that could be dozens of networks and a lot of stolen information! This is a technique known as “phishing”. If you send out a few thousands of these then one could hope that a few will find their way into a board room or maybe even somewhere better than that. Since transmitters are so cheap, it can definitely be worth it to send out a lot even if only a few every send back anything of true value.
When you live in a world where even the tea kettle might have a bug then privacy is a thing of the past.
Facebook and Social Media
I find myself looking at Facebook too much because more people use it to communicate than ever. I am amazed what people reveal on there. All your posts are indexed! Sometimes if I lose a photo I just go on Facebook and use a search term.
They never lose anything but that doesn’t mean others cannot download your entire Facebook record. Social media encourages the sharing of outlandish behavior and your posts can definitely be used as evidence.
Many a trial has been sped up because of social media evidence. There is little surprise that when you follow the money, one sees that CIA money was involved in the start up of Facebook. Mark Zuckerberg may seem like a major success story to entrepreneurs but he had a lot of help along the way.
Facebook is a way to get the general populace to share information and pictures that they otherwise might have kept private. It is not a bad deal for the CIA , FBI, etc. to let citizens do a portion of their job for them. Facebook was an amazing investment for them that has payed off big.
Twitter and other social media outlets are also used to gather info but it is hard to compare them to the wealth of info that Facebook has archived and is gathering daily.
Smart Devices = Spying
There is no way I will ever have Smart Appliances in my home or locks that are controlled with Smart technology that allows remote access and control. Nor do I relish the idea of a hacker being able to turn the heat up or down in my home or have appliances spying on my private conversations.
I also really don’t think anyone really needs a fridge that has access to Pandora music and Facebook. Are we really that distracted to think we need these things? Also they add a lot of expense to an appliance. My $500 fridge has served us fine over the years.
You might remember the fuss made when it was revealed that Samsung Smart televisions were capable of spying. The experts at The Wired have some tips on “How To Stop Your Smart TV From Spying On You.”
If you choose to use Smart Devices then you need to consider if they are worth losing some privacy over in your communications and the daily grind at your home and work.
So why are major network security breaches and hacking incidents more common than ever?
Windows operating systems are the most common and also very insecure no matter what you do.
Windows is one of the most insecure operating systems out there. The National Security Administration has a major back door built into it and hackers know it inside and out. Without a good antivirus program it seems to barely be functional.
The days of Linux and Mac offering a high level of security are over.
Linux based systems are not as secure as they once were. There was a time where it was not as hackable and viruses barely every reared their heads. I am still a big fan of Linux based operating systems and there are some out there that are supposed to be more secure than others but they are not necessarily as compatible and easy to use for the average user.
The main reason that Linux is no longer secure is thanks to the CIA/NSA demanding that a backdoor be built in. They have a lot of clout and you no longer even have the option of having any privacy from government agencies both domestic and foreign as well as any sophisticated non state actor.
Although the video below tries to be humorous, you are smart enough to see behind the lines. Who is going to stick their neck out too far?
It is clear that designers of all major computer operating systems were approached by intelligence agencies and given a choice where there is really only one answer if you want to stay in business. The old phrase “take the silver or the lead” comes to mind.
What would you do if a major agency approached you and offered you money or a lot of trouble? Why you take the money so you can stay in business.
Privacy Considerations To Remember
All cell phones have GPS in them even if they don’t have any internet access on them. Telecommunications are constantly providing all cell phone meta data making it so phones are being tracked all the time. Law enforcement and other agencies can access this info with ease.
All modern cars have anti-theft devices that house a GPS transmitter so your vehicle can be tracked all the time. This means tow truck drivers can track down where you are parked if they are coming to repossesses a vehicle someone has stopped making payments on.
Cars can be hacked using the Wifi system. Many modern vehicles have Wifi which allows an easy door in.
- OnStar in your car is always on
- Amazon Alexa is always on
- Google is always on and sending location data even if you have disabled location services. Android phones are always transmitting your location data so don’t think just Windows phones and similar are doing this.
Police have Stingray Technology To Track You
Stingrays are also known as cell site simulators or “IMSI catchers” are devices designed to track you via your cell phone signal. Stingrays send out signals that convince cell phones in the area to send them your location and identifying info. When this technology is used it can also get the info of a lot of people who are using cell phones in the given area.
Put a piece of tape over your camera
The former director of the FBI James Comey himself told The Hill that he puts tape over his webcam and had this to say about security at the FBI offices.
“You go into any government office and we all have the little camera things that sit on top of the screen,” he added. “They all have a little lid that closes down on them. You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”
Computers have build in microphones and cameras in them that can be utilized by hackers. If you value your privacy then you should at the least disable your microphone by going into your computer’s hardware settings or if you want to make it inoperable you can put glue in the microphone hole. Add a piece of tape or use a black permanent marker to cover your camera lens.
It is more secure to use a USB camera and microphone that you plug in and use as needed and then unplug when not being used. If you notice in Comey’s statement he says that the FBI uses this protocol.
You can secure your network from other citizens that lack major hacking skills but that is about as good as it gets.
Encypting your computer and network is possible. This can prevent others from leaching off your wifi or use your network for nefarious purposes. Be aware though that WEP2 encryption protocol is compromised so that means any network can be compromised even if encrypted.
Don’t open unknown emails and watch out what sites you visit and allow access to your info
Phishing emails and using some types of websites can result in viruses and spyware that can capture your information and slow your computer down.
Don’t give up on your network password but realize how little security it can offer if someone really wants to get into your network.
Make sure you have a complicated secure network password. This means no using the most common names in your life. While you can change passwords often if you want, this doesn’t offer as much protection as you might think. Networks transmit passwords and keyloggers and spyware can pick them up quite easily.
No matter what you do, if the places you are required by law to give info to are hacked then your info and files are out there.
Charges that are unauthorised and file breaches happen all the time and you never know it because companies catch it and correct it before it causes you issues. Sometimes they will let you know if it is bad enough that they need to change your card but you probably don’t know about the vast majority of them. It is good that they catch them and it doesn’t cause common folks trouble but it would be very disturbing to know exact figures.
Turn down your range
I know that in the past I have written about relaying your internet signal but at the same time if security is your concern you need to turn down your signal so that it does not broadcast past where you actually need it. The more you are broadcasting a Wifi signal the easier it is for someone to notice your network and start poking around.
Pay for a reputable anti virus and spyware remover and keep it up to date
There are many different anti virus programs out there to choose from. All of those listed are $20-$40.
Consider an alternative Linux based operating system.
Linux based systems are more secure and there is definitely less Malware and Viruses designed with it in mind but over time that might change even more than it already has. Ubuntu is the most common Linux system but there are some that are designed to be more secure.
Here are some links to Linux based systems available for download that are supposed to be among the more secure to use:
- Qubes OS
- Tails :The Amnesic Incognito Live System
- Black Arch Linux
Pen names and aliases
As a writer, I have always considered using a fake name for secuiry and privacy but I don’t because it realy doesn’t matter so much. I guess if I wanted to I could hide from the average person a bit more but if someone wants to find you it is pretty hard to prevent that.
The Air Gapped Network
So let’s be honest about the internet. It really was invented to share information and then it exploded into what we have today.
Have you ever considered that as a business or even at your home, that you could benefit from two separate networks. The first network would allow just computers on your local network to connect and share with one another. The other network could be for browsing.
An air gapped system is usually only used in instances where computers are being used to control hardware. A home camera security system is one example.
Virtual Private Networks can help with basic security but anyone that really wants in is not going to be stopped by one. I wish it was as simple as getting a VPN.
VPNs will give you some extra security but the bottom line is this:
Since government security agencies have demanded a way in to any system, everything is compromised. Sophisticated hackers will not have much problem getting in even with a VPN.
Evasive services like VPN’s and other tactics attract the attention of security services so you can actually raise a flag by using them. This means they may actually put more effort into accessing your information.
You should also consider that even VPN servers are vulnerable to hacks. Just because your info is being protected via the VPN, your info is still in their system so if the VPN provider gets hacked then your info may be accessible to the hackers.
The Chip Card Issue
A lot of us have been using smart chip debit and credit cards for awhile now. They are an invasion of privacy, slower at the checkout, easily damaged, and they transmit way too much information.
I don’t like going shopping and then coming home to find that when I am online the ads are mysteriously targeted to what I already bought or very similar even if have not looked at any of those items online. For starters I am not likely to buy the same version of what I just bought in town.
Second of all, this is down right creepy. I wanted to believe it was a coincidence but it has happened far too many times for that. I also don’t fancy something that they recommend carrying in a shielded wallet to prevent thieves from stealing financial info.
Methods Of More Secure Communications
There is a trend towards using older methods of communication for secure communications. Here are some ways that offer more security for times when you want the most privacy.
Typewriters and word processors are back
Even government agencies and foreign powers like Russia are using the written word rather than the electronic written word. This has led to a demand for used typewriters, A vintage IBM electric is $500.
There are other options too, I am writing this on an AlphaSmart Neo Word processor that stopped being manufactured in 2007. I love it because it is just for writing. No distractions. If I want to transfer a file it must be done via USB. IT was $18 shipped on Ebay and barely used. The keyboard is mechanical so it will last practically forever.
Letters & Paper Notes
When was the last time you wrote a letter by hand? It is has probably been awhile and some younger people may never have. It is actually one of the more secure ways to communicate in the age of virtual snooping and sabotage.
Writing by hand sometimes helps you think about what you are saying more because there is not as many distractions.
Use Micro SD cards and send in mail or store info on them but realize viruses and spyware can still be hidden in the directory.
Secure Second Hand Lap Top For World Wide Web Browsing
One possibility for a more secure computer is outlined below:
- Buy a used lap top and wipe the system clean.
- Install one of the more secure versions of Linux listed previously in this article. Do the installation using a disk or USB drive. Preferably do this at an internet cafe or other shared network. This will prevent anyone from knowing your exact home location.
- Never use the computer on your home network
This is not a perfect recipe for security but it does take some extra steps that can prevent some hacks, viruses, etc from finding their way onto your network at home.
One thing is for sure, if you don’t want others to know it or see it then don’t put it out there on the web.
They lost the keys to the backdoor that was built into operating systems. Those with the keys can hold info for ransom and guess what? Major places pay the ransom so that encourages the behavior to continue.
There is no getting the keys back. Try to be safe out there.