Stop Paying Ransomware and Increasing the Payoff for Cyber Pirates

For the love of all things Internet, just stop it. Stop being so damned naive and dumb about cybersecurity and paying off ransoms. Just frigging stop it!

I just posted a blog entry on this a few months ago.

Ransomware payments solve diddly squat. Sure, the cyber pirate hacker may release your computer after you fork over thousands of dollars, but guess what. HE/SHE IS STILL INSIDE YOUR COMPUTER! What is to stop this hacker from just locking up your system again tomorrow? Nothing, nada, because you were too dumb and lazy to find a cybersecurity expert.

Cybersecurity and business cyberbullying is hard enough without compounding a crime with a bad decision and rolling out the red carpet for another pirate to say, hey, this idiot paid Hacker 14's ransom, he'll probably pay mine, too.

According to Lloyds of London, cybercrime costs businesses $400 billion a year. $100 billion of that is in the U.S. and the victim count is upwards of 556 million. It is expected that the global cost of cybercrime will net $2 trillion by 2019. Two trillion. At this rate, every gang banger is going to learn how to code. It's a better return than the drug trade.

Why? Because companies don't want to spend money on IT, and by the time they do, the hacker has been in their system for years. (See Sony.) How sad is it that even our educational institutions are set up for failure when it comes to this stuff. Case in point, the University of Calgary. Instead of paying ransomware, maybe the curriculum needs to include and force its administration to attend Cybersecurity and Information Technology courses. Oh wait, it does have a Business Technology Management course.

Look, I don't mean to be mean about this, but seriously, when the hell are businesses and organizations going to take this shit seriously? For every dollar you don't spend on IT, for everything you don't know about basic cybersecurity, updating software/apps, or just basic common sense, you put everyone who is connected to you through the Internet at risk.

Sure, companies don't really want to admit their mistake, but saying nothing and hoping it will go away just means all your employees, suppliers, family members, customers, and golf buddies just had their identities stolen and sold to the black market. Then to add icing to the hacker's cake, you just willingly gave him $20,000 top up the money he will earn from selling the credit cards and social security numbers because instead of finding a security expert, you chose to pay ransom instead.

Please, just stop it.

 

  

How to Know if You've Been Defamed Online or If You've Been Guilty of Defaming Someone Else

Who are you going to call when you've been defamed online? The Electronic Frontier Foundation is one resource that will help you figure out how to defend yourself.

The EFF is a non-profit organization that defends civil liberties in the digital world. Everyone needs to bookmark this site right now.

It's a membership-driven organization. It was founded in 1990 by Mitch Kapor (former president of Lotus Development Corporation), John Perry Barlow (Wyoming cattle rancher and lyricist for the Grateful Dead), and John Gilmore (an early employee of Sun Microsystem) to respond to an unwarranted government raid that ruined the business of a games book publisher.

This website is filled with case studies, white papers, news updates, events, and all sorts of advice as to what your rights are as a blogger, coder, and more.

For example, under Bloggers' Rights, it describes what a blogger is and what he or she is able to talk about. The site describes what online defamation is, opinion versus fact, and reporting on public or private individuals.

Bookmark this for your superhero cyber crime fighting folder.

Hacking Law Covers Act of Corporate Computer Sabotage

Disgruntled employees that try to knowingly and intentionally permanently delete corporate computer files are committing a federal crime.

Illegally deleting files falls under the Computer Fraud and Abuse Act, otherwise known as the hacking law.

If a person accesses a computer without authorization or oversteps the authorization they do have to access confidential files, such as financial records, government documents, and protected information -- it falls under this law. If that person causes transmission of files they do not have authorized access to, try to change the records in any way, or delete them, it falls under this act.

Here are some examples of people who have been charged under this Act:

IT administrator Michael Thomas deletes files before leaving his job.

NFL Twitter hacker tweets Commissioner's death.

Journalist accesses content management system and defaces file.

How to Piss off Your Trolls

How dare you.

What were you thinking? You know when you post an opinion about anything, some troll is going to crap in your space. It might even be someone you like.

There are other Internet trolls whose mission from their perceived god is to make life as miserable and ugly as possible for others. Why? Because they have nothing better to do. They'd rather get all up in your space than find a life of their own. All you have to do is be breathing.

Some trolls are outright cyberbullies. They don't just post contrary and negative opinions or get personal and tell you you're ugly, fat, nobody loves you, or whatever. They've got to take it a step further and cross that line to cyber-crime and purposefully try to destroy your online reputation and business.

The universal response for all three types of trolls is ignore. Do not respond. They live for that. If you do, the conversation will escalate and you will have dug yourself an impossible trench. However, if the comment is really ugly, or if it is a cyberslur, delete it and block that person from being able to post in your space again.

But do you want to know what really pisses off a troll? Ignoring their existence, for one. Going about your business as if nothing ever happened, for another. What this does is two things. One: it allows you to take control of your own Internet, regardless of what others may say about you. Two: You absolutely can't let them win.

Any response or acknowledgement you provide to an ugly post means they win. So stop it. Don't do it. If you have to sit on your hands, scream at the ceiling, and chisel the block button -- never let them see they have got your goat. It isn't easy. It may hurt like hell, but your only hope of sanity is to piss them the hell off.

LinkedIn Warns Members of Data Breach Fallout Four Years After the Fact

Um, what?

Seriously. This is no joke. LinkedIn sent out a note from their legal department and it is as real as the words on this page. You can even read it on the LinkedIn site.

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.

This is Hacker 101. Hack website, steal information, sell on the dark web. This would have been a no-brainer in 2012. It's almost laughable that it took LinkedIn this long to figure it out.

The bottom line is, you really need to change your passwords often on the sites you use the most, a minimum of every six months. I know I've changed mine several times over since this breach happened, and most definitely when we were alerted to the Heartbleed bug. You need to take care of your own security.  

Seriously, if I were LinkedIn's brain trust, I'd be firing the ass of its security and legal teams. In 2016, if you have a business where you access a computer or mobile device, you are negligent and should lose your business license if you are putting everyone in your network at risk by keeping a security breach secret and not upgrading your IT.

The Login Ceremony

It’s the one thing about the Internet that drives us all batty: passwords.

If you click the wrong keystroke, nothing happens. Platforms are also becoming more and more insistent that users create more complicated passwords — all the better to protect you with — but how the heck do you remember them all?

There are reputable websites that offer to store all your passwords, to keep them safe. Well, then you need a password to get your passwords. Who can be sure that site can’t be hacked any more than the sites your other passwords belong to?

There are no guarantees.

You DO need complicated passwords: a combination of upper/lower case letters, numbers, and symbols or phrases. You need a unique password for every site you visit, especially the ones you visit the most, such as Facebook, Twitter, and Google.

When it comes to storing those passwords, I say do what is easiest for you. If you need a hard copy, fine, but make sure it doesn’t get into external hands, and always, always, always have an electronic backup saved somewhere in the Cloud. Otherwise you risk not knowing how to complete the login ceremony.

Originally published November 1, 2015, freelancepublishing.net, Debbie Elicksen

Software From Hell

There is a lot of great software out there, along with user-friendly and necessary apps. Sometimes it isn’t always the free downloads that do it. Your paid programs can also become software from hell, launching an all-out attack of freeware, adware, and God knows what into your system.

Eliminate the risk by only downloading directly from the main site, such as the antivirus company, Google Play, Apple. They have already pre-screened and checked that the download will be safe. Then no matter what, do not add any of the suggested products offered up during the download process.

A credible website, when it offers third-party free downloads of the software or apps you’re looking for, can also become a nightmare. I made this mistake twice.

For example, there is a website that is the go-to for learning about how software and apps rate with users. On the same line as the review, it offers the download of the program direct from their site. You are better off opening a new tab to go directly to the original source. Your computer will thank you.

In the case of software (even anti-virus software), a lot of times when you click through the prompts, it automatically downloads toolbars and all sorts of crap into your computer. Some of it is impossible to remove. You can remove the problem, but there is often a residue that reminds you every time you start up that next time, don’t download third-party stuff. The good thing about Google is, when you key into the search engine the name of the problem and how to remove it, you’ll find a wealth of tutorials. Pick the one that seems the easiest step-by-step.

Originally published January 13, 2016. freelancepublishing.net. Debbie Elicksen