Stop Paying Ransomware and Increasing the Payoff for Cyber Pirates

For the love of all things Internet, just stop it. Stop being so damned naive and dumb about cybersecurity and paying off ransoms. Just frigging stop it!

I just posted a blog entry on this a few months ago.

Ransomware payments solve diddly squat. Sure, the cyber pirate hacker may release your computer after you fork over thousands of dollars, but guess what. HE/SHE IS STILL INSIDE YOUR COMPUTER! What is to stop this hacker from just locking up your system again tomorrow? Nothing, nada, because you were too dumb and lazy to find a cybersecurity expert.

Cybersecurity and business cyberbullying is hard enough without compounding a crime with a bad decision and rolling out the red carpet for another pirate to say, hey, this idiot paid Hacker 14's ransom, he'll probably pay mine, too.

According to Lloyds of London, cybercrime costs businesses $400 billion a year. $100 billion of that is in the U.S. and the victim count is upwards of 556 million. It is expected that the global cost of cybercrime will net $2 trillion by 2019. Two trillion. At this rate, every gang banger is going to learn how to code. It's a better return than the drug trade.

Why? Because companies don't want to spend money on IT, and by the time they do, the hacker has been in their system for years. (See Sony.) How sad is it that even our educational institutions are set up for failure when it comes to this stuff. Case in point, the University of Calgary. Instead of paying ransomware, maybe the curriculum needs to include and force its administration to attend Cybersecurity and Information Technology courses. Oh wait, it does have a Business Technology Management course.

Look, I don't mean to be mean about this, but seriously, when the hell are businesses and organizations going to take this shit seriously? For every dollar you don't spend on IT, for everything you don't know about basic cybersecurity, updating software/apps, or just basic common sense, you put everyone who is connected to you through the Internet at risk.

Sure, companies don't really want to admit their mistake, but saying nothing and hoping it will go away just means all your employees, suppliers, family members, customers, and golf buddies just had their identities stolen and sold to the black market. Then to add icing to the hacker's cake, you just willingly gave him $20,000 top up the money he will earn from selling the credit cards and social security numbers because instead of finding a security expert, you chose to pay ransom instead.

Please, just stop it.

 

  

LinkedIn Warns Members of Data Breach Fallout Four Years After the Fact

Um, what?

Seriously. This is no joke. LinkedIn sent out a note from their legal department and it is as real as the words on this page. You can even read it on the LinkedIn site.

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.

This is Hacker 101. Hack website, steal information, sell on the dark web. This would have been a no-brainer in 2012. It's almost laughable that it took LinkedIn this long to figure it out.

The bottom line is, you really need to change your passwords often on the sites you use the most, a minimum of every six months. I know I've changed mine several times over since this breach happened, and most definitely when we were alerted to the Heartbleed bug. You need to take care of your own security.  

Seriously, if I were LinkedIn's brain trust, I'd be firing the ass of its security and legal teams. In 2016, if you have a business where you access a computer or mobile device, you are negligent and should lose your business license if you are putting everyone in your network at risk by keeping a security breach secret and not upgrading your IT.

Hacking Is Life

It's happened to everyone at some point on the web. Even to those seasoned and technically-savvy veterans of the Internet.

It is guaranteed to happen to those who surf the Net without a parachute and in complete and total ignorance.

You've been hacked.

It's a good chance everyone who has ever owned a Twitter or Facebook account has been hacked at some point. How? When you don't pay attention to what you are clicking. Some of those too-good-to-be-true or sexy salacious stories come with a hacksaw. You usually know when one of your buddies tells you they've just received some weird message from your account.

How do you get out of a social hack? Change your password. Log out. Log back in with the new password. Use a complicated password, like: iReallywantTogoto1henew5tarwarsMovi7 or something half that long.

You really do need a unique password for every account. Don't use the same one across the board or something simple, like benandsandy if those are your kids' names.

Even if your computer is Fort Knoxed, you can still get hacked. Your information is as secure as the IT from the companies you deal with. If Amazon decides to save money on IT and put it into a new launch instead, unless they have a blackhacker on staff, all their information is put at risk if their IT is not as tip top as they can pay for.

Need an example, besides Sony (which isn't just about movies but also your Playstation)? Here are some biggies:

Netflix
Go Daddy, Dropbox, Nissan, Mastercard, Visa, Reuters... in 2012
Facebook, Microsoft, NBC, Twitter... in 2013
Target, Michaels, AT&T, US and Canadian governments, Home Depot, Apple iCloud... in 2014
Anthem, IRS, JP Morgan Chase, British Airways... most recent

There is no getting around it. The Dark Web, where all of this information gets sold as hackers make money on your behalf, is bigger than the Internet you are currently using.

You can't hide. Even if you decide to put a moratorium on Internet travel, you can't control what other companies do when you shop in person, or how secure your cable company's records are. You can only use best practices and be diligent: strong and unique passwords (so what if you have to write them down in a book), don't do banking from a public wifi (coffee shops, airports), make sure your computer is fully upgraded and not too old for upgrades (I don't use my Windows XP laptop online anymore), have a really good and fully updated antivirus program.

‘It’s F–king Stolen’

Yes, Sony was hacked and it was bad. Do you want to know what is worse? The media publishing the material they received as a result of the hack.

Just because it is Hollywood and too good to pass up on learning the dirty little secrets behind closed doors, somehow it is okay for even the most trusted news sources to publish private emails and material for all to see because it involves A-list public figures.

Target and Home Depot were hacked, too. Did the media publish the social insurance numbers and internal communications from those executives? Will they do it if a bank or insurance company gets hacked? 

Seth Rogan is right. It stinks and with regards to the material being published: "It's F--king Stolen."

This is no different than publishing the hacked photos from the private files (that were not publicly shared by the subjects) of Jennifer Lawrence and other celebrities. It's slimy and if hacking is a crime, perhaps publishing hacked material is also a crime. 

Cybersecurity Is A Start Against Business Cyberbullying

Project Blitzkrieg

When is the last time you updated Windows, Mac, your software, antivirus, checked your firewall, did a Disk Cleanup, or cleaned out your Internet history? At the bare minimum, these are your basic tasks to securing your system.

Leaving all of these items unchecked means your computer is at risk for outside hackers, your performance will suffer, and your laptop and desktop may ultimately shut down when it collects too much cache.

If you are still running on Windows XP (which Microsoft no longer updates as of early this year), you have now put your entire network at risk. Merry Christmas, you just invited hackers into your company and clients' computer systems.

If your company has not updated its computers, system, or security since they were purchased in 2010, you have just put all your suppliers and their suppliers at risk.

You can no longer afford to drive the Internet without up-to-date insurance. If you do, it's like leaving the doors to your house and your car wide open as you head out for a Hawaii vacation. Your not understanding technology isn't an excuse. Find or hire someone who does.

The stakes are high. We've seen many examples of late, including Target, Winners/TJ Maxx, and Home Depot. They put all their customers at risk for identity fraud and financial hacks.

While in the back of our minds, we might expect that something could happen with retailers whose investment in computer systems is so far down the line of priorities, it may not exist. Where we are surprised is when it happens to a digital savvy firm, one that produces digital content and products that we view our digital content on. This is why the Sony attack is huge. If it can happen to that organization, it can happen to any of us.