Should You Trust The Internet?

How much do you trust the Internet?

You Probably Don’t Know How Much You Trust the Internet

If you’re like the majority of Internet users, you’re trusting the Internet with your life.

Think about it: So many tasks are much more convenient thanks to the Internet. You can now manage your bank accounts without ever setting foot in a local branch, pay your utility bills without buying stamps or getting checks lost in the mail, and instantly keep in touch with family and friends around the world.

Private Data Won’t Necessarily Stay Private

But there is a trade off: you have to trust that your data will be kept safe. And that’s expecting a lot.

Remember all the information you’ve shared privately online with companies like your bank, utility companies, and other services? There’s also all the personal information you may have shared privately via private email, Facebook messages, Twitter DMs, or social media.

You’ve probably shared your birth date, your address, travel plans, credit card numbers, your income, personal photos, and maybe even personal information like health issues or other things you’d rather remain secret.

Every service you use, from your email provider, to your bank, to social media services, is being entrusted with your information.

Who Can You Trust?

Have they earned that trust? Watching the news lately, it’s hard to agree. From the Heartbleed security vulnerability, to hackers targeting businesses, celebrities, and other individuals, it seems like there’s no guaranteed safe place online for your personal data.

And yet with our lives and data increasingly moving to the cloud, security is a more important issue than ever.

Going off the grid completely just isn’t an option for most of us. So what can you do to keep your personal information safe?

Luckily, there are actions you can take to safeguard your own personal information. But it requires being informed. Check out below to find out just how vulnerable your information is—and some tips from hackers on what you can do to protect yourself.

Can You Trust the Internet

Chances are one of your devices or accounts have been hacked. If so, you aren’t alone. 75% of people already have or will have their data compromised in their lifetime.

Who’s been hacked?

• 90% of businesses will have data breached within a year.
• In 2012, the number of attacks reported to the U.S. Department of Homeland Security grew by over 50%, most dealing with nuclear and power attacks.
  • The attacks were due to a lack of decent encryption methods and the ability of hackers always being one step ahead of security experts.
  • 198 attacks were brought to their attention.
    • 82 attacks on the energy sector
    • 29 attacks on the water sector
    • 7 attacks on chemical plants
    • 6 attacks on nuclear plants

The Heartbleed

The most recent attack, which happened on April 7, 2014, it is referred to as Heartbleed. Heartbleed went undetected for two years and affected many companies and customers.

• Who was affected
  • An estimate 2/3 of the Internet.
  • Websites that run SSL encryption and servers that run Nginx and Apache software.
  • Some affected sites include:
    • Airbnb
    • Pinterest
    • NASA
    • Creative Commons
    • Instagram
    • Pinterest
    • Tumblr
    • Google (including Gmail)
    • Etsy
    • Netflix
• What was accessed
  • The hackers may have access to private info that people entered into the affected websites, applications email and IMs.
• How?
  • According to a site that was set up to help handle Heartbleed, the bug “compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content… As long as the vulnerable version of OpenSSL is in use it can be abused.”
• Protect Yourself from Heartbleed
  • If you receive notification from sites you use that they have recently done a security update you should:
    • Change your passwords.
    • Watch your personal accounts closely for at least a week.

It’s Not Just the Big Guys

When we think of companies getting hacked, usually the large companies are first to come to mind. However, that is not the case.

Small Businesses

• Companies with fewer than 250 employees made up 31% of targeted attacks in 2012.
• FEMA has stated that 40 to 60 percent of small businesses never re-open after a data disaster.
• One in five small businesses falls victim to cybercrime each year
  • Of those, 60% go out of business within six months after an attack.

Large Companies

• According to a study done by Cisco:
  • All 30 of the world’s largest multinational companies they reviewed had malicious software in all of them.
  • All of them also had traffic going to sites that are known to host malicious software and infect corporate computers through their browsers.
  • 92% of the companies had traffic that lead to sites without content, which usually host malicious activity as well.
• Research has also shown that there is traffic going to government or military sites from companies that don’t do business with them.
  • It’s possible this means criminals are attempting to hijack corporate networks and breach the government/military networks.

How Do They Do It?

• Recent attacks show that the hackers are targeting Internet infrastructure.
  • This gives them control over a big portion of the Internet.
• Hackers are targeting domain name servers, data centers and web hosting servers.
  • By compromising just one web host server the hacker can infect thousands of site and website owners.
• By targeting the infrastructure hackers are able to create überbots and use them to deliver malicious software, launch denial of service attacks and send spam.
  • überbots are used by hackers to surpass infrastructure and deliver viruses and other spam.

Biggest Data Losses

Playstation

• 77 million people were affected in April 2011.
• Personal details, including credit card information, was stolen.
• Approximately $171 million was lost due to the hack.
  • This amount came in the form of outage for the PS3 service, the number of games compensated for the downtime, cost of security improvements, etc.
• What was learned: Changing passwords for different systems showed to be very important.

Target

• Approximately 70 million Target customers were affected between 27 and Dec. 15.
• The hackers stole:
  • Encrypted PIN data
  • Customer names
  • Credit and debit card numbers
  • Card expiration dates
  • Embedded code on the magnetic strip of cards
• Later in January, it was found that home address, names, email addresses and phone numbers were also compromised.
• Complimentary credit monitoring services were given to Target customers, whether they were affected or not.
• Losses, fines, and potential costs are expected to reach $400 million to $1.1 billion.
• What was learned: It broke that Target knew about the attack 12 days before they said anything to consumers – sharing information earlier could have helped to have fewer people affected.

TJ Maxx/Marshalls

• 7 million credit and debit cards were compromised in 2003.
• The hackers used technology that enabled them to steal card data during the approval process, when data is transmitted to the card issuer without encryption.
• Banks had to reissue cards to customers as a precaution against further fraud.
  • Some cases were detected as far away as Sweden and Hong Kong.
• What was learned: Remembering to check credit card statements at least weekly helped some consumers to catch the hack early, with very minimal money stolen.

Adobe

• 38 million people were affected by the data breach in Fall of 2013.
• 40 gigabytes of Adobe source code was stolen and user data was compromised, including:
  • Names
  • Credit & debit card numbers
  • Login information
• What was learned: With many different Adobe programs accessed, the importance of having different passwords for each program is paramount.

Watch Out!

At the Black Hat and DefCon computer security conferences hackers present the latest bugs and vulnerabilities they have discovered. Here are some of the things we should keep a closer eye on in the future.

• Remote controlled cars – Hacking on folly autonomous cars is going to be inevitable.
  • We’ve seen it in the movies, but with more cars being “connected” this could soon be a reality.
• Smartphones – A piece of malware can turn a phone into a “spyphone” that monitors the owner and everything they do – media, communications, and location.
  • Verizon “femtocells” are small boxes used to extend cell service, they were hacked by security researchers at iSEC Partners to intercept calls and any other data sent over the network like texts, images and browsing history.
• Smart homes – Many things in the home can be turned into a smart device (something that can be connected to the internet) because of inexpensive sensors.
  • Home cameras are also used to spy on people, including security cameras, which could either be disabled or turned into a remote surveillance device.
• Insulin pumps – The pumps diabetics use to track their blood sugar can be hacked into.
  • The hacker can pick off wireless signals used to control the pump, corrupt the instructions and send the altered commands to the machine.

Advice from the Hackers

• Disable Javascript in AdobeReader, because hackers often insert malware into PDF documents.
• Install NoScript in your Firefox browser – it allows only trusted websites to run Javascript.
• Use two web browsers – one solely for sensitive activities (like online banking), just in case the other browser becomes infected.
• When chatting online, use an off the record messaging service, which enables you to identify everyone taking place in a chat, making it impossible to eavesdrop.
  • Pidgin and Kopete are two messaging services that can be used for off the record chats.
• Use different passwords from banking than you do for your everyday accounts.

Sources

• Hacker Hits on U.S. Power and Nuclear Targets Spiked in 2012 – money.cnn.com
• Hackers Put a Bull’s-Eye on Small Business – pcworld.com
• T.J. Maxx Theft Believed Largest Hack Ever – nbcnews.com
• Sony Estimates $171 Million Loss From PSN Hack – wired.com
• PlayStation Network Hacked, Personal Information of 77 Million Accounts Accessed – gizmag.com
• Adobe Loses 2.9 Mil Customer Records, Source Code – usatoday.com
• Analyst Sees Target Data Breach Costs Topping $1 Billion – twincities.com
• 2.9 Million Adobe Customers Hit in Major Data Breach – mashable.com
• World’s Biggest Data Breaches – informationisbeautiful.net
• Feds Investigating Target Data Breach – usatoday.com
• Target Seen Losing Customers in Wake of Card Data Breach – bloomberg.com
• The Five Scariest Hacks We Saw Last Week – cnn.com
• 10 Scariest Hacks – cio.com
• Scientists Demonstrate Leaner System For Quantum Encryption – npr.org
• Statistics Show Why WordPress is a Popular Hacker Target – wpwhitesecurity.com
• How to Keep Your Webcam From Being Hacked – pcunleashed.com
• Scared of an Online Password Hack? Here’s How to Help Prevent It – abine.com
• How Hackers Protect Themselves From Getting Hacked – huffingtonpost.com
• Report: Assume You’ve Been Hacked – blogs.wsj.com
• Widespread Encryption Bug, Heartbleed, Can Capture Your Passwords – mashable.com
• Heartbleed Is about to Get Worse, and It Will Slow the Internet to a Crawl – washingtonpost.com
• The Heartbleed Hit List: The Passwords You Need to Change Right Now – mashable.com