Friday, August 12, 2016

All You Need to Know About Hacking

As the FBI is investigating a possible damage to the Democratic Party following what is widely believed to be a Russian hacking attempt on the the Democratic National Committee’s computers, I am investigating an unusual "interest" in my blog  -  in Russia. Several times in the past year or so, the statistics page on my blog showed a disproportionate number of "views" from Russia, at one point 700 in a week.  At first I thought: wow, these people really like culture, because that's mostly what I write about. But after the DNC hacking scandal, I paid a little more attention, and noticed that the most targeted blogs were the most popular ones, not the latest ones. So I suspected hacking. Really, why would anyone in Russia be interested in my review of the Santa Fe summer opera program from two years ago? Or even in my opinion on Philip Glass?  I do not write about Russia or any topic that might be of particular interest to the Russians.  So the question is what could they be looking for?
Greg Virgin, President & CEO of Redjack,
Network Security Company
I got some light on the issue from local network security expert Greg Virgin (anyone surprised he looks so young?) who analyzed my blog and found, among other things, that I was getting hits from Iraq, which never showed up in my traffic-sources page, and that "22% of the US connections are legitimate, the rest are illegitimate."

Greg explained that "illegitimate" doesn’t mean it's hacking, but that it is not legitimate search engine activity. "People spamming your site. You couldn’t imagine what your inbox would look like if you didn’t have the built-in spam blocking you get from most mail providers."

Hmmm.... so hacking is what we need to worry about, spamming not so much.  More answers from Virgin: 


1. Why do people hack ? 
The popular phrase coined more than 15 years ago is “for fun and profit.”

On the “good” side, there is a community of people who do it just for fun, another for research and development and “white hats” who do it so they can report vulnerabilities to individuals and organizations before they are exploited.

Then you have your “black hat” hackers who use hacking in criminal endeavors. This is usually who people are talking about when they discuss hackers. This group takes quite a few forms, from organized crime, nation states, organizations like Anonymous, and people working alone. They tend to make their $ off of extortion and theft of data. Most common is corporate espionage and identity theft.

2. What are some of the most egregious examples of successful hacking?
I am very concerned wit the fraud campaigns aimed at our elderly population. Both the fraud and the population are growing. I have met an FBI agent who does nothing but chase criminals around the world who are doing this to our parents and grandparents.

Typically these are spam campaigns that play off of personal information and the victim’s lack of understanding of technology. An email is sent, usually based on information openly harvested from the Internet, claiming to be a family member needing help, requesting a visit to a site or a payment. These are incredibly successful campaigns and aren’t getting enough attention.

I don’t have a lot of data to cite because the data isn’t being published too widely. I trust my sources though.

3. Who are the hackers?
Well, there is a big community of white hat “ethical hackers” out there doing research and following the rules. Then you’ve got your “gray hats” doing the same thing the white hats are doing only they are openly publishing people’s private vulnerabilities publicly or taking control of a jeep because they think it’s funny.

Then you’ve got your individuals who are, most likely, trying to steal credit card numbers or site credentials and sell them. Or otherwise profit from them.

Then you’ve got your organized groups:

“Hactivists” - Groups like Anonymous trying to affect social change (which is often very misguided)
Organized crime groups - there are some famous ones in Eastern Europe
Intelligence agencies - US, Russia, China are very prominent right now

4. What countries have the most hackers and why?
I don’t think we can say who has the most hackers. Historically, attacks are launched from China, Russia, Netherlands, and Brazil, as well as US Universities. This is because they are large and powerful networks built on government funds without a whole lot of attention to security or hygiene.

5. Are various Facebook games part of hacking? I am talking about various quizzes, such as Which country should you live in, What were you in your previous life, What nationality you look like, and similar.

Those are more about ad revenues than anything else. Historically, you don’t want to be clicking around pornographic sites without really good security. There are other “shady” parts of the Internet where you can get your browser hacked. For the most part, our paranoia about sharing personal information with sites like those are actually overblown. Sites that mine your personal information for profit, like Google, aren’t directly exploiting you. I’m still against a lot of that activity though.

Everyone should remove flash from their browser and use Firefox or Chrome.

6. How can you tell if your Facebook, Google, e-mail, Twitter or any other account is hacked?
That’s really tough. Typically someone finds out for us. Check your accounts for unusual activity I guess...

7. What can you do to prevent it?
Sign up for 2-factor authentication on every site you login to, and maybe stop using the ones that don’t support it.  See https://twofactorauth.org

If you get a text message confirmation when you try to sign into your Facebook from a computer you don’t usually use, you’re doing it right.

Greg Virgin is the founder and president of Redjack, a network security company providing analyses and solutions for protecting your internet space, based in Silver Spring, Maryland. More at   http://www.redjack.com


At Las Vegas annual hacking conference (August 4-7) hundreds of vendors hawked products to those worried about being hacked


While I am still digesting the basic information, the news on hacking developments are cropping up by the hour:

https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

http://www.businessinsider.com/hacking-conferences-paranoia-2016-8

I am trying not to get paranoid or I won't be able to do Christmas shopping online.

No comments: