Dec 20 2023

How to Take Your Phone Off the Grid

Category: Information Security,Smart Phonedisc7 @ 9:00 am

Without a Trace: How to Take Your Phone Off the Grid

https://themarkup.org/levelup/2023/10/25/without-a-trace-how-to-take-your-phone-off-the-grid

A guide on anonymizing your phone, so you can use it without it using youBy Monique O. Madan and Wesley Callow

Hi, I’m Monique, an investigative reporter here at The Markup. There are a few key moments in my 15-year career that have led me on a quest to phone anonymity: 

When a dark-tinted sedan followed me home after I published a controversial story, which led to the resignation of someone in power.

When a reader published my personal address in a virtual chatroom filled with thousands of people—the reader used my phone number to do a reverse look-up search, and found my address. 

The last straw? 

When the federal government traced my phone number back to me and blocked me from communicating with incarcerated people during the COVID-19 pandemic.

When I joined the team in August, my first order of business was making sure I had a secure way to connect with the people trusting me with their lives, while simultaneously keeping myself safe. I needed an off-the-grid phone. 

Enter Wesley Callow, our IT support specialist. 

What happens next is straight out of a scene of your favorite detective movie as he went about procuring the gear to build a phone that would protect my privacy. Just picture him in a cloak. 

If I’ve learned anything from this, it’s that cash is king. And, I need a trench coat.

Step 1: Cash, Cards, and a SIM 

Just think of me, Wesley, as a London Fog trench coat, collar-popped-to-perfection kind of guy. When Monique reached out, I embarked on a trip into the world of phone anonymity—a meticulous descent into the “no half measures” underworld, to borrow from the series Breaking Bad, a place where digits and data are in disguise.

First thing: In order to make an anonymous purchase, I needed cash—bank and credit cards leave too much of a trace. I drove to our local grocery store and bought some groceries for my teenage boys. This is an almost daily trip, so definitely no suspicious behavior to be spotted. I chatted up the self-checkout assistant about the boys and got an extra $60 in cash back.  

When it comes to service providers, Mint Mobile emerged as a top contender, providing relative ease in activation without demanding personal details. They’re like that low-profile café where the barista doesn’t ask for your life story.

I then ventured off to two local Targets where, to my dismay, there were no Mint Mobile prepaid SIM cards. For my third attempt, I tried Best Buy.

I walked in, head down, headed to the cellphone section. Then, the prepaid carrier section. I perused the spinning display, and then, at the very bottom, there was ONE prepaid Mint Mobile SIM left! It was meant to be. For $45, I got three months of service.

I then headed to my next destination: a nearby drug store. I purchased an Apple Store gift card for $10, again using cash. (You could take an Android phone off the grid too, though, but we’re a Mac newsroom).

It was perfect. Zero people were in the store and the clerk was not chatty. I dropped the cash down, exact change—and bounced from the scene. Now I was ready. 

Step 2: Wipe the Phone 

I had a phone plan. Now, I needed a phone. To begin, Apple/Mac experts suggest purchasing a used, budget-friendly iPhone exclusively with cash. This method, they insist, guarantees no direct ties to one’s identity. Monique had an old phone hiding in her drawer. But first, I needed to make sure it had amnesia.

I had Monique send me her old iPhone via a box I shipped to her with a return label inside of it. Once I received it, I wiped the phone back to its factory settings and made sure there was no preexisting SIM card inside. 

Then I put the phone into recovery mode, connected it to an old Mac with no Apple ID, and reformatted it again. Now, it’s double wiped for safety.

Everyone loves a fresh start, right?

Step 3: Identity

For my public Wi-Fi, I infiltrated my local Starbucks. The scent of caramel frappuccinos and whispered secrets filled the air. Here, amidst the caffeine loyal, I set up accounts with Mint, Proton Mail, and Apple. The creation of a disposable email account is essential (Proton Mail is the favored platform), followed by setting up an Apple ID (You’ll need it to download apps on your phone) with your Apple gift card. And if you’re prompted to provide a billing address? Input a random, unrelated location. You won’t ever be connecting a credit card with a real billing address anyway.

Opt for a six-digit security code—not 123456.

Using this now-naked phone, my fresh Mint Mobile SIM card, and an Apple gift card, I sought out a public space with no association to me, such as a library or café—anywhere that has communal computers and Wi-Fi, so we can activate the phone’s service. But wait, Wesley, I thought public Wi-Fi was insecure! Like all things, you have to weigh the pros and cons. The odds of being compromised on a public Wi-Fi network are low in the time it would take to set up the accounts we need, and in return, we don’t have personal location data or a personal IP address attached to those accounts. 

Once your accounts are set up, turn off Wi-Fi.

For security purposes, Face ID and Touch ID are a no-go. The unanimous advice: opt for a six-digit security code. And don’t make it 123456.

Step 4: Customizing An Anonymous Device

Post-setup, disable Bluetooth. This is important because Bluetooth signals can be intercepted by third-party devices within range, and that allows hackers to access sensitive information, such as your phone’s contacts and messages. The throwaway Proton Mail email address plays another vital role, acting as the gateway to access Proton, a virtual private network (VPN) that masks all phone application traffic. 

It’s like giving your phone a discreet disguise—instead of my trench coat, think Harry Potter’s invisibility cloak. 

Always keep your VPN on, and routinely check that it’s working. Subsequently, any required apps should only be downloaded with the VPN engaged.

The Hard Part: Staying Anonymous

Maintaining this cloak of invisibility comes with challenges. If you find this overwhelming, we totally get it. But doing at least some of these steps will protect you—just find the balance and tradeoffs that work for you. For day-to-day usage, some golden rules emerge:

This phone should strictly be used for its principal purpose. Do not use it for casual online strolls, superfluous apps, or note storage.

  • Cash is essential, but getting your hands on it requires a bit of effort in this cashless society. To keep your phone off the grid, you have to repeat the same routine: take out cash and buy gift cards. You can’t use a credit or bank card.
  • Add more data to your SIM card and pay your phone bill with a gift card. Don’t opt into auto-renewal, since that requires that you use a credit card.
  • After using public Wi-Fi, go into Network Settings, and “forget” the network, so you leave no digital trail.
  • Never connect to your personal home Wi-Fi. Companies can match home addresses with IP addresses. If you have to use it in a pinch, afterward, go into Network Settings, and “forget” the network.
  • Instead of home Wi-Fi, use your phone’s data plan and Proton VPN to go online. Proton VPN will make sure your IP address is obscured.
  • If you’re traveling with your off-the-grid phone and a personal phone, turn Wi-Fi off on one phone, if you’re using it on the other. Or, turn off your off-the-grid phone entirely, and only turn it back on when you’re at your destination. The goal here is to prevent any overlap between which networks your phones connect to.
  • The final and perhaps the most vital rule: This phone should strictly be used for its principal purpose. Do not use it for casual online strolls, superfluous apps, or note storage, though I know that last one will be hard for journalists. If you must keep notes, disable any notes apps from creating a file in the cloud: Settings → Apple ID → iCloud → Apps Using iCloud → Show All.

The Takeaway 

Monique here. Do you feel like you just ran a marathon after reading that? Do you need a moment to process? I sure did. 

As a gritty street reporter at heart, I’ve learned true and complete anonymity isn’t easy. But in this line of work, it’s worth it. That means constantly backing up my documents and keeping a duplicate contact list elsewhere, in case my line is compromised and I need a new burner. 

Wait, did I just use the word “burner”? Feels like I’m living in an episode of How to Get Away with Murder. (Hi, Viola Davis!)

Covering criminal justice, immigration, social justice, and government accountability means my cellphone is my best friend. It’s not only the first line of communication with my sources, but it’s my first line of trust. My phone hosts applications to make contact with people behind bars—oftentimes the only line the incarcerated has to the outside world. It’s the device that rings in the middle of the night from inconsolable parents who have been separated from their children at the border. 

Additionally, it confidentially stores my emails and documents people send to me, and it lets me access encrypted chatrooms that help me better understand and network with the communities I cover. 

In today’s hyper-connected era, the lengths some are going to preserve their phone anonymity are undeniably intricate. While not a path for everyone, this approach paints a vivid picture of the extreme measures individuals are willing to take in the name of privacy.

As for me, I keep a copy of Wesley’s guide tucked away, so I don’t forget the many, many rules of how to master this cash-gift-card-SIM-phone-wipedown operation. I want my sources—and people on the fence on whether or not to trust me—to know that I am committed to protecting their identity, privacy, and stories.

Living Off the Grid: A Teen’s Guide On How to Navigate Life Without a Cellphone 

The Invisible Web: How to Stay Anonymous Online

When spyware turns phones into weapons

How a Spy in your pocket threatens the end of privacy, dignity and democracy

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Living Off the Grid, Pegasus spyware, Spyware, Stay anonymous, Take Your Phone Off the Grid


Feb 17 2022

European Data Protection Supervisor call for bans on surveillance spyware like Pegasus

Category: Cyber Spy,SpywareDISC @ 2:55 pm

The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware.

The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU.

Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.

The abuse of this kind of solution poses a serious threat to fundamental rights, particularly on the rights to privacy and data protection. 

“It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.” states the European Data Protection Supervisor (EDPS). 

“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy.”

Privacy advocated and cybersecurity experts demonstrated the use of the Pegasus in surveillance campaigns worldwide targeting journalists, political figures, dissidents, and activists.

Pegasus was used by governments with dubious human rights records and histories of abusive behaviour by their state security services.

The surveillance software allows to completely take over the target device and spy on the victims. Developers of surveillance solutions leverage zero-click zero-day exploits to silently compromise the devices without any user interaction. Pegasus is known to have used KISMET and FORCEDENTRY exploits to infect the devices of the victims.

NSO Group has repeatedly claimed that its software is sold exclusively to law enforcement and intelligence agencies to fight crime and terrorism, in so-called “life-saving mission.”

According to a series of disclosures by the business publication Calcalist in recent weeks, dozens of citizens in the country were targeted by Israel Police with the NSO Group’s spyware to gather intelligence without a search warrant authorizing the surveillance.

“National security cannot be used as an excuse to an extensive use of such technologies nor as an argument against the involvement of the European Union.” continues EDPS.

EDPS urges tight control over the use of surveillance and hacking tools to prevent and disincentive unlawful use.

Finnish diplomats’ devices infected with Pegasus spyware

El Salvador journalists hacked with NSO’s Pegasus spyware

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

The Pegasus project: key takeaways for the corporate world

Pegasus Spyware – ‘A Privacy Killer’

Tags: Pegasus spyware, Spyware, The European Data Protection Supervisor authority


Feb 11 2022

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Category: Ransomware,SpywareDISC @ 9:56 am

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy”

How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet?

In the last decade, we have observed a progressive weaponization of cyberspace. NATO recognized cyberspace as a new domain of warfare. Cyberspace is the new battlefield for nation-state actors, the digital place where international crime rings operate threatening the pillars of our digital society.

Spyware are powerful weapons in the arsenal of governments and cybercrime gangs. These tools are even more sophisticated and are able to evade detection by using so-called zero-day exploits allowing attackers to bypass the defense of government organizations and businesses. Spyware allows attackers to steal sensitive info from the targets, and perform a broad range of malicious activities.

Is the Pegasus spyware as a game-changer?

Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. Anyway, it is not the only one. Many other surveillance firms develop spyware that are every day abused in dragnet surveillance and target journalists, dissidents, and opponents of totalitarian regimes. These software are developed for law enforcement and intelligence agencies, but they are often abused by many governments worldwide cyber espionage operations. The surveillance business is growing in the dark and is becoming very dangerous.

Which are devices of cyber warfare and cyber espionage?

Every technological device can be abused for cyber warfare and cyber espionage. Malware, spyware are the most common means but do not forget the power of social network platforms that can be used for surveillance and misinformation purposes.

Many governments have fallen victim to massive ransomware attacks from groups linked to organized crime, how bad can this new trend of hacking get?

Every day we read about major attacks targeting organizations worldwide with severe impact on their operations. The situation is going worse despite the numerous operations of law enforcement on a global scale. The number of ransomware attacks spiked in the last couple of years due to the implementation of the Ransomware-as-a-Service model, this means that tens of ransomware gangs have created a network of affiliates and provided them their malware. Almost any criminal group could become an affiliate, obtain ransomware from a gang, and spread it, this is amplifying the damages. Critical infrastructure are even more exposed to a new generation of threats that are more aggressive and sophisticated.

Reports are coming out linking North Korea to illegal online activities related to cryptocurrency. How are some governments using the Internet to threaten world peace in one way or another?

When dealing with nation-state actors you must consider the main motivation behind the attacks and distinguish the technique, tactics, and procedure adopted by the different state-sponsored groups.

For example, China-linked nation-state actors are more focused on cyberespionage aimed at stealing intellectual property, while Russia-linked Advanced Persistent Threat groups often operate to destabilize the political contest of foreign states, carry out cyber espionage activities, and conduct disinformation campaigns. North Korea-linked threat actors carry out financially motivated attacks against banks and cryptocurrency firms worldwide to steal funds to re-invest in their military industry.

What about the resilience of countries’ infrastructure to face such kind of war?

We need norms of state behavior in the cyber space and more information sharing on cyber threats. We need to share information about the attacks in an early stage, profiling the threat actors to mitigate and prevent their campaigns. It is essential to increase the level of security of critical infrastructure like power grids, power plants and hospitals. Critical infrastructure are the main targets of nation-state actors in a cyber warfare contest.

Is making the internet a safe place technically possible?

Let me use the title of a famous book, “No place to hide”. I mean that both nation-state actors and cybercriminal organizations are spending a growing effort to increase their hacking capabilities and evasion techniques. Unfortunately, today most of the organizations still consider cybersecurity a cost to cut and this approach gives the attackers an immense advantage. We need a cultural change and we must consider that a security by design approach is the unique way to make the Internet a safe place. We also need globally recognized norms of responsible state behavior in cyberspace.

The Hacker and the State

The Cyberweapons Arms Race

Tags: Nation-state hacking, Ransomware Protection Playbook, Spyware, The Cyberweapons Arms Race, The Hacker and the State


Oct 26 2021

New York Times Journalist Hacked with NSO Spyware

Category: SpywareDISC @ 2:06 pm

Spyware : It’s Not What You Think

Spyware

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Tags: cyberweapons, Hacking, Israel, NSO Spyware, Spyware


Aug 02 2021

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

Category: Cyber Spy,SpywareDISC @ 10:27 am
Image: Alya Alhwait, Alaa Al-Siddiq, Ghada Oueiss, Loujain Al-Hathloul

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware

Ghada Oueiss, a Lebanese broadcast journalist at Al-Jazeera, was eating dinner at home with her husband last June when she received a message from a colleague telling her to check Twitter. Oueiss opened up the account and was horrified: A private photo taken when she was wearing a bikini in a jacuzzi was being circulated by a network of accounts, accompanied by false claims that the photos were taken at her boss’s house.

Over the next few days she was barraged with thousands of tweets and direct messages attacking her credibility as a journalist, describing her as a prostitute or telling her she was ugly and old. Many of the messages came from accounts that appeared to support Saudi Crown Prince Mohammed bin Salman Al Saud, known as MBS, including some verified accounts belonging to government officials.

“I immediately knew that my phone had been hacked,” said Oueiss, who believes she was targeted in an effort to silence her critical reporting on the Saudi regime. “Those photos were not published anywhere. They were only on my phone.”

“I am used to being harassed online. But this was different,” she added. “It was as if someone had entered my home, my bedroom, my bathroom. I felt so unsafe and traumatized.”

Source: Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

You Are Being Targeted – How to Keep Yourself Safe in a Connected World! (Survival and Security Series Book 1) by [Harvey Toogood]

Privacy

Tags: journalists targeted, Pegasus spyware, private photos shared on social media by governments, Spyware


Jul 22 2021

XLoader, a $49 spyware that could target both Windows and macOS devices

Category: Information Security,SpywareDISC @ 10:30 am

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs.

XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. 

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. FormBook can also receive commands from a command-and-control (C2) server to perform many malicious activities, such as downloading more payloads. FormBook was offered for sale in the criminal underground since July, it goes for $29 a week up to a $299 full-package “pro” deal. The customers pay for access to the platform and generate their executable files as a service.

The malware was pulled from sale in 2017, but it continued to infect systems across the world. In March 2020, MalwareHunterTeam uncovered a Coronavirus (COVID-19)-themed campaign that was distributing a malware downloader that delivers the FormBook information-stealing Trojan.

CPR team has now monitored XLoader since it first appeared in the threat landscape in February. XLoader borrows the code base with Formbook, but it also included major improvements, such as the capability of compromising macOS systems.

“On February 6, 2020 a new era began: the era of the Formbook successor called XLoader. On this day, XLoader was advertised for sale in one of the underground groups.” states the report published by CheckPoint. “On October 20, 2020, XLoader was offered for sale on the same forum which was used for selling Formbook.”

XLoader, a $49 spyware that could target both Windows and macOS devices

Tags: Spyware, XLoader


Jul 20 2021

NSO Group Hacked

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverageMore coverage.

Worldwide probe finds tech by Israel's NSO Group targeted media,  politicians | The Times of Israel

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.

This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.

 here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Spyware and Adware

Spyware and Adware

Tags: Amnesty International, mobile spyware, NSO Group Hacked, rouge anti-spyware, Spyware, Spyware and Adware


Jul 22 2010

10 non negotiables for Internet security

Category: Information SecurityDISC @ 10:03 pm
Forums and Minerals, the new Internet tools
Image via Wikipedia

10 non-negotiables for Internet security covering 10 tips for safe Internet experience either at home or the workplace.

Watch 10 non-negotiables for Internet security video

Essential Computer Security: Everyone’s Guide to Email, Internet, and Wireless Security




Tags: Child Safety, security video, Spyware


Dec 14 2009

Viruses That Leave Victims Red in the Facebook

Category: MalwareDISC @ 3:21 pm

5 Ways to Cultivate an Active Social Network
Image by Intersection Consulting via Flickr

By BRAD STONE – NYTimes.com

It used to be that computer viruses attacked only your hard drive. Now they attack your dignity.

Malicious programs are rampaging through Web sites like Facebook and Twitter, spreading themselves by taking over people’s accounts and sending out messages to all of their friends and followers. The result is that people are inadvertently telling their co-workers and loved ones how to raise their I.Q.’s or make money instantly, or urging them to watch an awesome new video in which they star.

“I wonder what people are thinking of me right now?” said Matt Marquess, an employee at a public relations firm in San Francisco whose Twitter account was recently hijacked, showering his followers with messages that appeared to offer a $500 gift card to Victoria’s Secret.

Mr. Marquess was clueless about the offers until a professional acquaintance asked him about them via e-mail. Confused, he logged in to his account and noticed he had been promoting lingerie for five days.

“No one had said anything to me,” he said. “I thought, how long have I been Twittering about underwear?”

The humiliation sown by these attacks is just collateral damage. In most cases, the perpetrators are hoping to profit from the referral fees they get for directing people to sketchy e-commerce sites.

In other words, even the crooks are on social networks now — because millions of tightly connected potential victims are just waiting for them there.

Often the victims lose control of their accounts after clicking on a link “sent” by a friend. In other cases, the bad guys apparently scan for accounts with easily guessable passwords. (Mr. Marquess gamely concedes that his password at the time was “abc123.”)

After discovering their accounts have been seized, victims typically renounce the unauthorized messages publicly, apologizing for inadvertently bombarding their friends. These messages — one might call them Tweets of shame — convey a distinct mix of guilt, regret and embarrassment.

“I have been hacked; taking evasive maneuvers. Much apology, my friends,” wrote Rocky Barbanica, a producer for Rackspace Hosting, an Internet storage firm, in one such note.

Mr. Barbanica sent that out last month after realizing he had sent messages to 250 Twitter followers with a link and the sentence, “Are you in this picture?” If they clicked, their Twitter accounts were similarly commandeered.

“I took it personally, which I shouldn’t have, but that’s the natural feeling. It’s insulting,” he said.

Earlier malicious programs could also cause a similar measure of embarrassment if they spread themselves through a person’s e-mail address book.

But those messages, traveling from computer to computer, were more likely to be stopped by antivirus or firewall software. On the Web, such measures offer little protection. (Although they are popularly referred to as viruses or worms, the new forms of Web-based malicious programs do not technically fall into those categories, as they are not self-contained programs.)

Getting tangled up in a virus on a social network is also more painfully, and instantaneously, public. “Once it’s delivered to everyone in three seconds, the cat is out of the bag,” said Chet Wisniewski of Sophos, a Web security firm. “When people got viruses on their computers, or fell for scams at home, they were generally the only ones that knew about it and they cleaned it up themselves. It wasn’t broadcast to the whole world.”

Social networks have become prime targets of such programs’ creators for good reason, security experts say. People implicitly trust the messages they receive from friends, and are inclined to overlook the fact that, say, their cousin from Ohio is extremely unlikely to have caught them on a hidden webcam.

Sophos says that 21 percent of Web users report that they have been a target of malicious programs on social networks. Kaspersky Labs, a Russian security firm, says that on some days, one in 500 links on Twitter point to bad sites that can infect an inadequately protected computer with typical viruses that jam hard drives. Kaspersky says many more links are purely spam, frequently leading to dating sites that pay referral fees for traffic.

A worm that spread around Facebook recently featured a photo of a sparsely dressed woman and offered a link to “see more.” Adi Av, a computer developer in Ashkelon, Israel, encountered the image on the Facebook page of a friend he considered to be a reliable source of amusing Internet content.

A couple of clicks later, the image was posted on Mr. Av’s Facebook profile and sent to the “news feed” of his 350 friends.

“It’s an honest mistake,” he said. “The main embarrassment was from the possibility of other people getting into the same trouble from my profile page.”

Others confess to experiencing a more serious discomfiture.

“You feel like a total idiot,” said Jodi Chapman, who last month unwisely clicked on a Twitter message from a fellow vegan, suggesting that she take an online intelligence test.

Ms. Chapman, who sells environmentally friendly gifts with her husband, uses her Twitter account to communicate with thousands of her company’s customers. The hijacking “filled me with a sense of panic,” she said. “I was so worried that I had somehow tainted our company name by asking people to check their I.Q. scores.”

Social networking attacks do not spare the experts. Two weeks ago, Lee Rainie, director of the Pew Internet and American Life Project, a nonprofit research group, accidentally sent messages to dozens of his Twitter followers with a link and the line, “Hi, is this you? LOL.” He said a few people actually clicked.

“I’m worried that people will think I communicate this way,” Mr. Rainie said. “ ‘LOL,’ as my children would tell you, is not the style that I want to engage the world with.”




Tags: Antivirus software, Computer virus, facebook, Google, Kaspersky Lab, Malware, malware 2.0, Online Communities, San Francisco, Security, Social network, Social network service, Spyware, Twitter


Dec 04 2009

Five ways to lose your identity

Category: Identity TheftDISC @ 2:42 pm

beconstructive12

By Jaikumar Vijayan
The rush by shoppers to the Web makes the season a great time for online retailers. It’s also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

Checkout huge savings on Today’s Hot Deals on Information Security Solutions for the holidays

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups, and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

Below are the identity theft awareness tips which can help maximize your exposure to online fraud.

Tip No. 1: Open all attachments from strangers and click on all embedded links in such e-mail messages. Such actions remain one of the most effective ways to provide thieves with personal information and financial data. All a hacker needs to do is find computer users who instinctively open e-mail messages from strangers, even those who write in a foreign language. The action can open the door to keystroke loggers, rootkits, or Trojan horse programs. Crooks can also easily install backdoors to easily steal data without attracting any attention. Once installed, hackers gain unfettered access to personal data and can even remotely control and administer systems from anywhere.

Tip No. 2: Respond to Dr. (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country. Users are told they will undoubtedly be rewarded for helping to get their “well-packed trunk boxes” full of cash out of Nigeria. And to make sure to provide bank account information, login credentials, date of birth, and mother’s maiden name so that they can wire the reward directly into a checking account in time for the holidays.

Tip No. 3: Install a peer-to-peer file-sharing client on your PC and configure it so all files, including bank account, Social Security, and credit card numbers, along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network. Your personal data will stream over the Internet while you check out what songs you can download for free without getting sued by the RIAA.

Tip No. 4: Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as “123456” and “abcdef” and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers. For maximum exposure, keep passwords short, don’t mix alphabets and numerals, and use the same password for all accounts.

Tip No. 5: Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers. Users can help them out by making sure their anti-virus software and anti-spyware tools are at least 18 months out of date or by not using them at all. Either way, it’s very likely that your computer will be infected with a full spectrum of malware.

For additional tips on how to shop securely on Christmas and holidays season:
How to shop safely online this Christmas
Identity theft tip-off countermeasure and consequence | DISC

Please comment below regarding any other new and emerging threat which needs to be addressed during holiday’s season?

Reblog this post [with Zemanta]




Tags: antivirus, Christmas and holiday season, Computer security, Credit card, File sharing, hacker, Identity Theft, Malicious Software, Malware, Online shopping, Personal computer, Security, shop safely, shop securely, Spyware, threats, trojan, Trojan horse


Oct 16 2009

Web Services and Security

Category: Cloud computing,Information SecurityDISC @ 4:01 pm

Cloud Security and Privacy

Because of financial incentive, malicious software threats are real and attackers are using the web to gain access to corporate data. Targeted malicious software’s are utilized to steal intellectual property and other confidential data, which is sold in the black market for financial gain. With use of social media in corporate arena, organizations need to have web services use policy, to ensure employees use the internet for business and comply with company web use policies. To have an effective web use policy makes business sense and to implement this policy efficiently is not only due diligence but also assist in compliance. After implementing, the key to the success of web use policy is to monitor the effectiveness of the policy on regular basis.

webservices

Hosted web security services operate at the internet level, intercepting viruses, spyware and other threats before they get anywhere near your network. These days if malicious software has infected your gateway node the attacker is home free and it is basically game over. How to fight this malice is to use hosted web security services, which is transparent to users and stop the malwares before they get to the corporate network.

Things to look at web security hosted services are protection, control, security, recovery and multilayer protection.

Protect your corporation from anti-virus, anti-spam, and anti-spyware
Content Control of images, URL filtering and enterprise instant messages, all web request are checked against the policy
Secure email with encryption
Archive email for recovery
Multilayer protection against known and unknown threats including mobile user protection

Web Security Anti-Virus, Anti-Spyware – stops web-borne spyware and viruses before they infiltrate your network, protecting your business from information theft and costly diminished network performance.

Web Filtering – enables you to block access to unwanted websites by URL, allowing you to control Internet use and enforce acceptable Internet usage policies


Download a free guide for the following hosted solutions

Hosted email solution
Hosted email archiving
Hosted web monitoring
Hosted online backup




Tags: archive email, boundary encryption, content control, email archiving, email solution, image control, Malicious Software, Malware, multilayer protection, online backup, Spyware, url filtering, web filtering, web monitoring, wen security


Nov 17 2008

Harmful Spyware and their stealthier means

Category: Information Security,MalwareDISC @ 2:55 pm

Dozens of pop-up ads covering a desktop.

Spyware is utilized to gather information about a person with or without their consent and it intercept or record personal/financial information. Some spyware are capable of sending information back to another computer (originator of the spyware).

Characteristic of Spyware

• Compromise user machine without their knowledge
• Use vulnerabilities in the software to push a spyware code on the machine
• Install Trojans to gather data
• Gather personal and financial information to send it to attackers

Spyware are used to gather different kind of information which includes but not limited to advertising, corporate monitoring, child monitoring, governmental monitoring. Besides their legal use which is based on company policy or regulations monitoring spywares can be used for spying on a person without their consent. More common types of spywares are adware (serve advertising) and key-loggers (record keystrokes)

How you can get spyware on your machine: Spyware can be installed on your machine in many ways.

Below are some of the common ways to deliver spyware.
• Spyware can be installed on a computer via a virus or an email Trojan.
• Spyware can be installed on a computer by taking advantage of security flaws in Internet Explorer.
• Spyware sometime are included in the shareware program. User agreement for the shareware may make a reference to grant permission to allow the recording of your internet use
• Pop-up downloads are becoming a preferred method of installing spyware and adware. Pop-up download windows ask the users to download a program to their computers.
• Another popular way to distribute spyware is a drive-by download. It installs itself on the computer without user knowledge. It can be installed by simply visiting a website.

Windows Defender is software that helps protect your computer against pop-ups, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Most popular antivirus products now include adware and spyware scanning. You can find more adware and spyware removal tools at the Spyware Protection and Removal guide. This Web page includes links to popular spyware removal programs, as well as a number of useful articles. Also in Internet Explorer 7 (IE7) you can turn on/off the pop-up blocker. IE7 -> Tools -> Pop-Up Blocker. There is a pop-up blocker setting where you can allow exceptions for some sites and setup pop-up filter to high, medium and low.

Anti-Spyware, Registry Cleaner & PC Optimizer

Computer users particularly need to watch out for bogus spyware removal programs. They are dangerous because they punish the user for doing something right. Victims think that this will remove the spyware, instead in some cases computer users are paying to install a spyware.
Checkout the Rouge Anti-Spyware Products table

How to Protect from Spyware
httpv://www.youtube.com/watch?v=_w-DZNbq66I&feature=PlayList&p=18F23434175F964D&playnext=1&index=26

Reblog this post [with Zemanta]




Tags: adware, bogus spyware, drive-by download, financial information, Internet Explorer, keylogger, Pop-up ad, rouge anti-spyware, Security, shareware, Spyware, trojan, virus, Windows Defender, World Wide Web