Hiding online, a primer for everyman
This is a reprint of my online security column as Science Editor of Perihelionsf.com
What with all the revelations about what Google and Facebook know about you I thought it would be helpful to show what a long-time Internet security expert does to protect himself.
You can also follow the most critical breaking news on security at cyberwwI.com. I believe we are already at war in cyberspace. So does The Pentagon, the CIA, and the NSA.
Internet Undercover By John McCormick
OPEN THE POD BAY DOORS, HAL … possibly the most famous fictional reference to one of the many minor computer problems that occur in endless ways driving the plots of science fiction stories.
Unfortunately, hacking isn’t fiction.
You are unlikely to ever be in a situation similar to that of the unfortunate Dave Bowman trying to deal with a schizoid mainframe. Although a computer may never try to cut off your air, computers hackers using the Net and especially computer bots may cut off your access to credit or much worse, unless your computer is prepared to automatically defend you and you know enough to be able to defend yourself.
The best security is never being seen then you are never a target. This is impractical if you do business online so if the accounts of a business are hacked your personal information may be exposed to thieves. However, this guide and the following issues of Internet Undercover will show you how to avoid the mistake of giving your personal information to companies which make a fortune actively selling your information such as Google, Facebook, and more.
In a later episode of Internet Undercover, I’ll show you how to learn what Google and Facebook know about you – it will amaze and with any luck frighten you. My information stored by Google ran into gigabytes – fortunately, I had protected myself in ways I’ll also explain so I don’t care.
The warnings given by most computer security “experts” miss the point. They talk about how people need to be more careful with their critical data; in reality, if you make use of computers you will store important information on them and what you must do is equip your computer to defend itself. Although important, the first step isn’t to install security software but to be aware of where on the Web you should and shouldn’t be doing things you wouldn’t want to be made public.
There is a recent example still in today’s news-Hillary Clinton didn’t trust the State Department security with her important emails and rightly so since all, let me repeat that ALL government computers are attacked every minute and most are routinely compromised (trust me, for more than two decades I was a columnist for Government Computer News in Washington).
While the Republicans are busily accusing her of some nefarious motive in installing an email server in her home, and some others say she was careless in doing so because of the risk of hackers, the truth is that while her server was already physically protected by the Secret Service, there is no suggestion that it was ever hacked. State Department computers are regularly hacked.
Back in the last century, I remember there were two organizations in Washington that still used Wang computer systems (which had very poor security, having been designed in the ’60s and not really made any more secure in later decades as hacking threats became much more sophisticated). These were the State Department and the National Press Club.
I worked for Wang Computers at an IBM mainframe shop in the late ’60s and part of my job was security. A first BIG step was simply to take the big sign out of the front window, a sign which, during the Vietnam War protests, told people this was the site of a major computer processing information for the Federal Government as well as several states.
In those days computer security was simple – just restrict physical access to the multi-ton machine. today your digital camera has more computing power than that IBM 360-65 and security is a bit more complex as is how we restrict access.
Later, while a member, I consulted for The National Press Club, which was still using Wang systems when I joined. To date things in a way that will make the situation a bit more clear, I was asked to investigate and approve or disapprove a proposal to put Press Club Luncheons on the then-fledgling Internet/World Wide Web, so you can see that I had intimate knowledge of just how poor the security was at some government agencies, not just the theoretical security knowledge of many so-called “experts.”
The Clintons took security into their own hands and because few people were in a position to compromise their security, it apparently was pretty secure although mistakes were made, mostly concerning what files were permitted to be on that server.
Everyone Is At Risk
No matter how secure your system is, there will be passwords and user IDs, and the more people who need to know them to do their jobs, the more likely it is someone will tell the wrong person or fail to keep their access information hidden. Case in point-the infamous Sony hack a few years ago was accomplished with social engineering, not hacking expertise. Someone either intentionally or accidentally disclosed their network access information to the wrong person.
Even at Government Computer News (GCN), which focused on sharing computer security information with the U.S. government, people would routinely click on email attachments that hid Trojans and other infections-needless to say, my computers were never connected to GCN systems.
Your home computer will be exposed to hackers if you have kids. At work, large organizations are vulnerable to social engineering hacks. When hundreds or thousands of people know passwords or have them stored on their office computers/ laptops/ smartphones/ tablets, someone will always write down passwords where a “janitor” on the night shift can copy them down and access systems, or open that inviting email attachment that is carrying a virus or Trojan. In other instances, people will quit or get fired and may hold a grudge against the company.
Even such a small mistake as forgetting to log off before going home means your work computer is vulnerable to anyone who sits down at the desk.
As a sophisticated adult in today’s world, you are probably taking precautions against having your credit card numbers stolen or bank account information disclosed to strangers, but you probably give little thought to how you can live online safely.
Even if you are relatively sophisticated and keep a top anti-virus/general security program up to date, if you don’t know about TOR, the dark web, Bitcoin, and such, you have no real concept of how dangerous the Web can be.
There are hackers-for-hire out there ready to destroy you and your business for a few hundred Euros. Here is an actual ad (not a joke)-the grammar is indicative of a non-English speaker, not a lack of computer expertise.
Sample Dark Web Ad From A Hacker for Hire
The listing is as follows. Contact and payment information has been deleted to protect the innocent:
“rent-a-hacker, Min price 200 euros in bitcoin
What ill do:
Ill do anything for money, im not a pussy 🙂 if you want me to destroy some bussiness or a persons life, ill do it!
Simply hacking something technically
Causing alot of technical trouble on websites / networks to disrupt their service with DDOS and other methods.
Getting private information from someone
Ruining your opponents, bussiness or private persons you dont like, i can ruin them financially and or get them arrested, whatever you like.
If you want someone to get known as a child porn user, no problem.”
The above is unedited for grammar or spelling, original postings on the dark web.
In the next episode of Internet Undercover I will explain about TOR, what it is, how to get it and use it to navigate the dark web. BTW, it is also where The State Dept and other govt agencies go when they want secure communications.