15 December 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,050,497Views 62Comments

Obama; Cybersecurity and ID Theft Protection Starts at Home

06 October 2009  |  2483 views  |  1

Whether you realize it or not one of the biggest threats to your personal security is your computer. And the Obama administration is bringing to light the fact that they believe, and you should too, that one of the biggest security threats to national security is also your computer.

The message is “Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.”

The Internet, and the power it has in contrast to the security it doesn’t, is incredible. We have never seen something so powerful bring people together, educating, informing and making life easier but it’s also used to hurt, scam and debilitate in so many ways.

As reported in the Associated Press, the Pentagon’s computer systems are probed 360 million times a day, and one prominent power company has acknowledged that its networks see up to 70,000 scans a day.

Utilities, banks, retailers and just about every computer network are faced with attacks each day. Many of these hacks are insignificant. However many are with intent to commit crimes such as espionage, stealing financial data or destroying information.

The criminal hackers could be cyber terrorists trying to destroy the U.S. or its economy, malfeasance simply trying to wreak havoc for the sake of it, or opportunists looking to make a profit.

The US is a prime target for many reasons. The most obvious is we’ve made mistakes that have many in the world hating us. Then there is our financial system that’s wide open and lends credit to anyone with a Social Security number instantly checking and approving credit. And of course credit card security is an oxymoron because anyone any time can use anyone’s credit card present or non present. We have a bull’s-eye on us and we put it there.

A growing concern is “Weapons of Mass Disruption”. The US and many other countries are electrically/digitally dependent. Our critical infrastructures including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. No electricity, no computers, no gasoline, no refrigeration, no clean water. After a major successful attack we’d be back to the dark ages instantly. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security, are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
TagsSecurityRisk & regulation

Comments: (1)

Heinrich Mautner Markhof
Heinrich Mautner Markhof - WebLookOn Inc. - Austria | 07 October, 2009, 11:20

Hi Robert,

you saying ID theft protection starts at home. You would be right, but one is hopelessly overcharged by doing it. How can ordinary PC user like us handle all this software, hardware, security blabla etc.? I wrote it already in another blog... but dont you think that the "evolution of PCs" respectively the whole "revolution of IT" is much to conjoined to protection tools/method that origin (history) from completely other contexts. Passwords are used since more than 2000 years. The were invented and used for protecting physical admission to something. They were never considered to protect virtual admission to networks. Even technology could not make them more secure. So alternative methods like hardware based factors and biometric solution had to be invented. The purely knowledge based password method has still survived. But why?
The research of the Santa Barbara University of California "Your Botnet is My Botnet:Analysis of a Botnet Takeover" clearly shows what bad guys are looking for when attacking IT-systems. These are commonly identity credentials, Passwords and login keys. In other words everything that is automatically stored by and in the PC and is being transmitted everytime when needed for a login.
So did you know what kinds of data items are sent to a C&C server by torpig bots? Answer:

54,090 Mailbox accounts
1,258,862 email
11,966532 Form data
411,039 HTTP accounts
12,307 FTP accounts
415,206 POP accounts
100,472 SMTP accounts
1,235,122 Windows passwords

Ok, you will say. Everybody is responsible for his PC, network, etc.. But tell me how one can be so. It is impossible as long one is constrained, pressured, forced or obliged to protect his IT equipment by passwords.

Imagine there are no passwords any more. Instead there would something that is not stored in a PC and is not physically owned by a person. It is just in his head (on one side) and safely stored and protected by a machine (on the other side).It is just knowledge based. And when admission/Login/authentcation to a network/PC is requested, just the knowlegde of the "secret" is proved. Not asked to enter by the keyboard. No. Just proved without sending the secret through the line. http://www.weblookon.com  does it like this....
No botnet can detect the secrets, no phishing, no spoofing, no MitM. And if a bad guy has somehow detected the secret, he can just use it on single time before the owner has detected the fraud (or the attempt)....

I am certainly convinced that headlines like yesterday would be the past "Email phishing attacks spreads to Gmail, Yahoo, Hotmail, Microsoft" when the password method itself is dammed. Greatings H.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6228 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6805 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5410 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5785 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5248 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan