Cyber Security Awareness

There are threats to watch out for in cyber security, and then there are things that are a lot safer than we tend to think. For instance:

Browsing The Global Web

We’re not saying that you don’t need antivirus software and a routine security check on your phone and laptop now and then. It’s just that the odds of getting a serious data-compromising infection are relatively slim as long as you practice basic security measures. If you’re not downloading zip and exe files from questionable sources, if you’re not cruising the deep web, if you’re not handing your email out to everyone who asks for it, then you have very little to worry about.

Your Devices

A cyber attack is more likely to target your network than it is your devices. Hacking an iPad gives a cyber-criminal a piece of the puzzle. Hacking the network gives them the entire thing. In any event, the gateway to your data is more likely to be your people than your hardware. It’s been noted that many leaks began with a misplaced USB drive or a laptop left open in a public place or an ex-employee who bears a grudge. Targeted, web-based cyber attacks are relatively few and far between. Cyber-criminals tend to be opportunists, not masterminds. Keeping your network secure and your hiring the right people will do more good than adding another layer of encryption onto your desktop computer.

The Cloud

In a survey, 76% of those polled said that their main security concern was cloud-based services, with almost half believing cloud-based services to be inherently insecure. However, a good majority of data breaches involve on-site servers. In truth, some cloud services are safer than others, the same with any other area of data, but the cloud is not nearly as at-risk as many believe it to be. Again, the real threat is in “social engineering.” People who give their information to the wrong people, employees who have more data than they actually need in order to do their job and so on.

The moral of the story is simply that the hardware is not the most at-risk gateway in any organization. Serious cyber-criminals rely more heavily on social engineering and opportunism than they do on any inherent security flaws in a server or a wireless device.  You can’t improve your cyber security by rejecting cloud-based services, but you can do a world of good by hiring the right people and giving them the right training.

Sometimes it looks like a virus and it turns out to be a virus. Other times, a simple hardware malfunction can mess you up in ways that will make you think you’ve been infected when all you really need to do is replace a damaged component. Here are a few examples of hardware errors that some people mistake for infection:

Computer Keeps Shutting Itself Down

If this happens with a laptop or desktop computer, the issue could be as simple as your computer overheating. Fans will wear out and break down, driving up the temperature, and your PC or laptop will shut itself down to avoid any damage due to overheating. This is common for people whose work is media-intensive or if you play CPU-hogging high-end computer games. You can usually replace any fan that’s busted, but if it’s the graphics card, you might need to buy a whole new one. In the meantime you can always downclock your computer and leave your tower open and use a desk fan, but this fix is a little unwieldy as anything but a temporary fix.

Blue Screens

This is usually an issue related to poorly-made hardware drivers. It could also be a hard drive or a motherboard that’s on its last legs. In any event, it’s usually a problem that can be solved with either an update or an upgrade. There aren’t a lot of viruses that will give you a blue screen of death without any other symptoms.

Computer Won’t Boot

This could be an issue with the power supply. Check to ensure everything is in order on that end and then try again. If that doesn’t work, it may be your CPU.  If you’re getting a “No Bootable Device” message, then that usually means that your hard drive is the culprit, and you’ll want to run Startup Repair.

Jumbled Data

This is the most “virusy” symptom on the list, but it might actually point to issues with your RAM. Your computer’s temporary memory might simply be “misremembering” something when it tries to read the data back to you.

The good news is that replacing one component is usually pretty affordable and pretty easy. The bad news is that it’s a bit like maintaining a car that’s acting wonky: You might not know what you need to replace until you’ve already replaced a dozen other things. In any event, these are issues where antivirus software won’t do the job.

So-called “hard” science fiction uses speculative concepts and “day after tomorrow” age technology in order to tell us stories about the human condition, society. “Soft” science fiction is less concerned with speculation as to how technology will affect our daily lives than in, well, space opera, giant robot action and things of that nature. In both varieties, you see a lot of high-end advanced technology, and yet, unless the story is specifically about cyber-security threats to this technology (for instance, the hacker-heroes in The Matrix), these films almost never delve into what those threats are. Here’s some of our favorite sci-fi tech that would be ripe for the hacking:

Jaegers, Pacific Rim

One of the questions that needs to be asked of the movie Pacific Rim: Is there really no way for those giant robots to be controlled remotely? We’re willing to bet that even if the people who run them can’t figure it out, it wouldn’t take too long for a well-funded Kaiju-conservation eco-terrorist to find a way to take control of, or at least sabotage one of those big robots. It wouldn’t be the first time military grade equipment had been hacked.

Rekall, Total Recall

Total Recall centers on “Rekall,” a sort of virtual-tourism agency that implants the memory of an incredible adventure, and then wipes out any trace of memory that you had ever gone to Rekall. The process goes wrong within the film, but because of simple technical errors, not because it was hacked. Here’s the first problem: How do you get word of mouth when your business model is that nobody remembers buying their vacation from you? More importantly, if the process is so slipshod and insecure as to go so horribly awry as it does in the film, what’s to stop a hacker from creating their own army of personal soldiers by having an inside man swap some data disks around? Rekall is, after all, just a media-distribution channel, and those aren’t always difficult to break into.

Robocop

The funny thing about the original Robocop is that it didn’t actually foresee the internet. Somebody wishing to hack Robocop would need to somehow sneak up on him and change his firmware. Today, that would be very easy to do remotely, especially considering Omnicorp’s laissez faire attitude towards creating an effective product. Given the public demand for police reform and groups like Anonymous, it wouldn’t be long before a real life Robocop was hacked and Omnicorp lost their government contracts.

Part of the reason movies don’t cover cyber-security in these movies is it would slow the plot down quite a bit to devote a whole twenty minutes to how they plan to encrypt their laser gun firmware. All the same, you do have to wonder what an IT guy’s job looks like on the Empire’s Death Star.

A “bricked” device, a PC that just isn’t going to work ever again, an Xbox 360 that suffers the dreaded Red Ring Of Death, an iPhone that you might as well start using as a coaster, can be frustrating and, if it’s one of your prized possessions, something that you use to get a lot of work done, a little heartbreaking and might even set you back on some money you could be earning.

From the minute you see the blue screen flash on your monitor at startup, you get that feeling like there’s a rock in your stomach, and you start mentally calculating what it’ll cost to replace your busted computer. But, before you go all Office Space on your PC tower out in a vacant lot, consider that it might be fixable! Here are some easy fixes for devices that seem all but ready to start pushing up daisies:

Windows 10 Blue Screen of Death

If your PC or laptop suffers from the Blue Screen of Death, error C1900101-20017, with installation of Windows 10, here’s what you can do: Go to C: . Windows . Software Distribution > Download, and delete every single thing in the folder. Then go to the $Windows.~BT folder in the root directory of C:, and delete that, too. Now if you want to install Windows 10, you’ll want to download the ISO files from the Microsoft website. Prepare a bootable USB drive or DVD, and reboot your computer. Tap F12 or Delete when the display appears, and this will take you to the BIOS menu. Disable overclocking, enable UEFI bBoot from BIOS, reboot from your USB or DVD, and you should be good to go.

Xbox 360 Red Ring Of Death

This is a hardware issue, but it’s usually an easy one to fix. Note: It will void your warranty unless you have a professional handle it. What you want to do is replace, reattach and recamp the heat sinks in your system. A heat gun applied to the motherboard’s solder joints can improve your rate of success here. The fix is pretty easy, and some people make some nice supplemental income buying broken Xboxes and fixing them for resale.

Phone Or Tablet That Won’t Turn On

In many cases, a hard reset is all you need to get your phone or tablet running again. You can boot into recovery mode on most devices by holding the volume up and the power button until you see the word “Start.” Some devices may have their own ways of doing this.

You pay premium prices for business class Internet, and it winds up leaking through the Ethernet like honey off of a spoon. In 2016, you need high speed Internet in order to run a successful business, so getting it back up to speed when it starts to slow down is a top priority. Here’s a quick troubleshooting guide to help you determine whether you can apply a quick fix, or if you might need to make a phone call:

Boosting Your Wifi Signal

The issue might not be your Internet connection, but your Wifi signal. It doesn’t matter how fast your web connection is when you’re too far away from your Wifi router or it’s putting out a weak signal. Plug directly into your Internet with a wired connection. If it runs fine, you may simply need to buy a more powerful router, switch to wired connections, or rearrange your office space so that your router can reach everyone who needs it.

Someone’s Doing Some Heavy Downloading

Let your employees know that business-class internet doesn’t mean “Go ahead and do all your bit torrenting at the office from now on.” Downloading twenty eight movies at once while uploading fifteen others is going to slow you down.

Do a Security Check

Your network may be infected with a worm. More so than most viruses and malware, worms can really drag your connection down to a crawl. A network scan will be able to help you root out the intruder if this is the case.

See if Someone is Stealing Your Wifi

Places of business are an easy target for Wifi thieves. You can check your router device list to see if someone is connecting without permission. If so, you can change the password, and/or switch your security settings to WPA2-AES.

Call Your Provider

Call your provider and ask there are any issues in your area. It may simply be a temporary issue that they are already hard at work rectifying. And if that doesn’t work…

Start Shopping Around for a New Provider

Your provider might just not be up to the task of providing you with top-notch business grade Internet. If there are competing ISP’s in your area, don’t hesitate to get some quotes and compare download speeds. Brand loyalty is all well and good, but you don’t owe it to an ISP that isn’t providing.

So you’re selling your old iPhone, or maybe you bought some used laptops in bulk for the office, or you just want to cover your bases by getting every scrap of sensitive data off of your PC. Whatever your reasons, you need to completely wipe down your old device or computer and restore it to factory settings. So, how do we do that, in the simplest way possible, and without having to watch one of those Youtube tutorial videos where a guy sloooowly types the instructions into notepad? Read on:

Step 1: Get backups of whatever you need to keep

When you wipe a drive, there’s no going back. The data that’s deleted is deleted forever. So if there’s anything you’d like to keep, anything that you can’t just download again off the Internet, back it up. Get a USB stick, upload it to the cloud, whatever you have to do to keep it.

Step 2: Clear your bases

Remove your SD cards, your SIM cards, and log out of anything you’re logged into. Finally, write down the serial number on the device and keep it somewhere safe, just in case.

Step 3: Reset and restore

Most PC’s and laptops are easy to restore to factory settings. Go to change PC settings, click update and recovery, go to recovery, and then “remove everything and reinstall windows,” and follow the instructions from there. Portable devices usually have a very simple means of restoring itself to factory conditions. For iPhones, go to Settings > General > Reset > Erase All Content and Settings, and then remove your phone from your Apple ID, if you registered. iPhones are easy. Androids have a factory reset option. However, this will only remove data at the app level, and may retain chat logs and so on, so you will need to…

Step 4: Encrypt

Encrypting your device before you wipe it will scramble the data so that even if the wipe isn’t complete, the next user will need a special key in order to see what you were up to. Stock android phones let you encrypt from the security tab under settings.

Alternative Option: Surgery

An easy way to back your computer up and wipe it down at the same time: Just take out the hard drive and replace it with a new one, and then reinstall Windows. You can plug your old drive right into a new computer and you’re good to go.

In some fields, such as medical data entry, hackers have actually surpassed accidental data disclosure, or data spillage, in terms of responsibility for data lost. However, this is a fairly new trend. By and large, more data has been lost due to accidental leaks than due to cybercrime. Here are some of the more well-known cases in recent memory.

Uber

In late 2015, Uber accidentally dropped the personal data for hundreds of their drivers. The leak included social security numbers, copies of drivers licenses, vehicle registration numbers and much, much more. Even drivers who had never actually taken a job from the service, but simply signed up, saw their taxi certification forms and W-9’s being spread across the internet. 674 drivers in total were affected by the leak.

The good news is that damage was minimal, and the company’s security team took only a half-hour to patch the leak.

Google

Here’s an interesting statistic: In the UK, less than five percent of around 220,000 requests made to Google for the removal of online information come from criminals, politicians or public figures. 95% of the requests for the removal of sensitive information come from private citizens who just want to keep their private information private.

Of course, Google reveals personal data about people all the time simply  by nature of being a search engine, why is this a story? Well, the story is that we shouldn’t actually know who’s requesting the removal of their sensitive information, but Google accidentally leaked the intel on their “right to be forgotten” requests. Rather than this information simply vanishing without a trace, Google released information on individuals making these requests.

Menulog

Menulog is an Australian food and beverage ordering service where users can log in and book their meal for delivery. They suffered a major leak just last month wherein customers were able to see what other customers had ordered through their phone app. Users logged in only to see other peoples’ histories and data, rather than their own. In previous newsletters we’ve talked about how hackers aren’t as smart as they seem, that almost anyone can guess passwords until they get it right, well, apparently you can be a hacker completely by accident, too.

Menulog quickly shut down their website and patched the security flaw in their system, but not before the email addresses and names of over one million users had been leaked to the public.

It can be tricky to know what will and what won’t void the warranty on your phone, your PC, your tablet or your laptop. You probably have a manual laying around somewhere that can lay this out in more detail, but feel free to rely on this as a quick FAQ on some of the more common questions on what will and won’t void a warranty on an electronic device:

DIY Repairs

Some do-it-yourself repairs will void your warranty, some won’t. As a general rule, repairing cosmetic damage almost never voids your warranty. If you have to replace the screen on your phone, for instance, then your warranty will remain valid as long as you let them know that you’ve replaced your own screen. Replacing the entire shell casing, on the other hand, might be a bit of an issue, but luckily, your warranty probably means that you can go have your casing replaced for free.

ROOTing Your Phone

If you take a ROOTed phone in for repairs, they’re going to tell you to hit the bricks. Here’s the good news: you can just unROOT your phone. There’s an app called Universal Unroot that can do the job for you quick and easy.

This applies to a lot of mods and hacks for your phone or tablet: they’re reversible. You may be able to bring your phone in for repairs by simply restoring it to factory conditions and collecting on your warranty.

Customizing a Desktop or Laptop Computer

Even though they’re built as all-in-one units, if you have a Mac, you’re probably going to wind up adding more RAM to it. It varies from brand to brand, model to model, but most sellers and manufacturers will honor the warranty even if you’ve added some bells and whistles to its hardware within certain limitations.

Cosmetic Modding

A general rule of thumb for cosmetic modding of a phone or a PC is: If you need more than a screwdriver to crack the casing open, then you’re probably voiding your warranty. They sell stickers and decals specifically for cosmetic modding of your devices, and you can go ahead and put your PC in a custom case, but once you’re peeling open the parts that weren’t meant to be exposed, you’re doing potential damage that will definitely void your warranty.

We’ve provided some general guidelines here, but some companies are more or less strict than others. When in doubt, shoot them a quick email and see what’s covered.

If someone steals your credit card number, you can report it missing and get a new one. If someone hacks into your email, you can change your password. What do you do if you’re riding in a self-driving car that gets hacked? We’ve all seen that part in Batman Returns where the Penguin hacks into the Batmobile and uses it to wreak havoc around town, but how realistic a threat is that in the real world?

Well, it’s already happened. A Defense Department-backed group of researchers in Virginia managed to remotely hack into a driverless car. The photo used in the article is pretty dramatic, showing a driverless van having crashed right through an obstacle set up on the course. The purpose behind the experiment was to determine how severe a threat driverless car-hacking can be. The hack targeted the automated features of the car, including braking and acceleration. Frightening, sure, but they also discovered that it’s quite easy to combat these hacks in realtime.

Manual override is one option, but the researchers found that an automated response may be our best bet for avoiding an accident should a driverless car be targeted in a cyberattack, as a built-in security system will be able to respond to the attack more quickly than would a human driver.

An unfortunate setback in cybersecurity in driverless cars: Manufacturers are currently unable to track cyberattacks due to laws preventing certain types of data-collection. You don’t want Google keeping tabs on everywhere you go in your vehicle, so data is simply deleted after you get from point A to point B. This is an area where the law is not keeping up with the technology. For self-driving cars to be truly safe, we need legislation that allows for companies to track data that might be relevant to driverless cybersecurity without compromising passenger privacy.

The researchers noted that their goals at the moment are to reduce the cost of their realtime cyberattack-response software, and turn it into something that can be easily installed into a self-driving automobile, perhaps through a smartphone or digital download. Although, at this point, it’s difficult to make specific predictions about the driverless car market. It may well be that the team’s techniques will become a foundation on which all driverless security software is based, or the first big wave of driverless cars may be released with firmware that is effectively unhackable. In short: Yes these cars are at risk, but it’s not quite as scary as it sounds.

When it comes to piracy through web torrents, the truth is that you’re probably never going to go to jail for it. A handful of private downloaders have been hit with heavy penalties in order to make an example of them, but the government simply does not have the resources to go after everyone on the internet who’s guilty of piracy (hint: That’s very close to 100% of us). The real risk you run when downloading something you haven’t purchased is having your service interrupted, throttled, or even dropped by your provider.

How Do They Do It?

ISP’s do look for specific files being uploaded and downloaded through your ip address, mostly files protected by DMCA and similar acts. These include, for instance, new seasons of Game of Thrones. Downloading older movies isn’t usually as big a deal, but if everyone’s downloading it the minute it goes online, then it’s probably something that your ISP is specifically looking for.

There are ways to disguise what you’re downloading, services that can block anyone from seeing what it is that’s going through your router, including your ISP. However, your ISP is also looking for excessive downloading and uploading. Nobody’s burning through 200 gigs of uploads and downloads a day playing online games and watching Netflix. Even if they can’t prove that you’re pirating anything, they may send you a warning for excessive internet usage and throttle your bandwidth for awhile.

Why Do They Do It?

ISP’s have a couple of reasons for not wanting you to download copyrighted materials without permission. First is bandwidth: Simply put, you’re putting more stress on the network when you’re downloading and uploading full seasons of TV shows at a time. More importantly: Your ISP might become a target of the DMCA if they don’t put a stop to piracy wherever it lurks.

The real issue is not so much the downloading but the distributing. There’s plenty of copyrighted material posted on Youtube without permission and your ISP really doesn’t care how many Michael Jackson videos you watch without buying them on DVD, they tend not to pay attention to what you’re streaming at all. Distribution comes with far heftier fines though, and your ISP comes into the DMCA’s crosshairs when you seed that Game of Thrones torrent.

Most ISP’s aren’t going to call the FBI on you, it’s bad business putting your customers in jail. Most likely they’ll send you a warning and temporarily limit your internet usage if they catch you torrenting, eventually cutting you off if you persist. You’re probably not going to get into any legal trouble for torrenting unless you’re seeding enough torrents for copyright holders to specifically target you. But you might lose your provider if you’re not careful.