All established governments have agencies responsible for offensive cyber surveillance to help keep us safe. Organizations like the NSA stockpile information about commercial software vulnerabilities that it can use for spying, and develops code for sophisticated cyber weapons. Unfortunately, as revealed by a recent New York Time article, these organizations aren’t always able to keep their sophisticated tools safe from cyber hackers. The underlying problem here is our government is inadvertently fueling the cyber-crime market with nation-state-level hacking tools which increases our chances of being personally hacked.
If this sounds more than a little frightening, it should.
Essentially, the NSA – an entity that has back doors into nearly every major ISP, social media network, and technology provider – has had its own tools used against it. What makes the August 2016 breach by an organization called “The Shadow Brokers” particularly significant is that the hackers didn’t just steal information as they have in the past with Equifax, Uber, Yahoo, etc., – they stole tools. Not only will The Shadow Brokers use these tools to carry out their own activities, they likely will sell these government-made, virtually undetectable hacking programs on the Dark Web to other criminals, further increasing incidences of cyber crime.
Let that sink in for just a second. The NSA is a very sophisticated entity that has been successful in waging cyber warfare against nation states. However, despite the national-level resources at its disposal, this criminal group was able to reverse engineer its methods and deploy some of its own code in executing a significant ransomware attack. More than a year into the investigation of The Shadow Brokers breach, NSA’s counterintelligence team still doesn’t know how the information was obtained – a hack, a leak, or both.
What does this mean for individuals? We should expect that cyber attacks on individuals will become more and more sophisticated. More cyber criminals will be able to infiltrate individuals’ devices, accounts and communications to collect the information they need to impersonate and deceive in very convincing ways. Unfortunately, most individuals have little to no cyber security measures in place. John Oliver said it best in his interview with Ed Snowden, “I’m not going to do it because it sounds hard even though I know it isn’t.” This situation makes it “easy pickings” for cyber criminals and organized crime networks.
As an increasingly common example, imagine you are buying a home, preparing to wire transfer funds and liaising with escrow agents, brokers or financial advisors over email. If that communication chain is intercepted, or any email account is compromised, cyber criminals can switch out the banking details with their own and direct payment to themselves.
The key takeaway is that individuals can’t depend on their governments or corporations collecting our data (e.g., Equifax) for protection from cyber crime. We all must take some personal responsibility to protect ourselves and the greater good. Steps to take include:
- Practicing basic data hygiene. Everyone says it, but update your passwords frequently. If you’re relying on a longstanding password for your primary email or bank account, chances are close to 100% that it has been compromised in one of the many breaches over the past several years. Those odds go up if you’ve used the same password for multiple services. Update them soon and often. As a challenge, call us and we’ll see if we can find your password in a few “low hanging” spots.
- Using two-step verification for your all services that offer this option.
- Securing your communications. Use a VPN to encrypt your data so you’re not relying on the security protocols of the sites with which you interact.
- Backing up your devices. Criminal attempts to hold your data for ransom will fail if you always have a copy of your information.
- Configuring your devices for remote wipe. If a device is stolen or lost, you can delete the data before criminals can access it.
- Networking monitoring. Use a 3rd party service that actively scans for threats, reduces vulnerabilities, and looks for anomalies in your data usage which could indicate a potential compromise like phishing links, entering passwords on insecure sites, or malware.
Rubica is at the forefront of individual cyber security, not only providing software, but a 24/7 team of cyber analysts that monitor, protect and provide answers to personal security questions. If you’d like more information about how Rubica can help you lock down your personal cyber security, please contact us below.