Privacy and Security - Touchless Cyber Crime

Synopsis: Our goal in presenting the following information is not to scare our reader base but to inform. With knowledge of real and potential PC crimes and threats you can take steps to guard yourself. Brace yourself for the real world as we take a look at some of the trends in cybercrime and security breaches. After that we introduce the privacy and security features available with PC Clean Maestro.

Cybercrime has been a growing concern since the onset of the first computer virus. The very first PC threats were more about status and cyber geeks flexing their brain muscle as they penetrate computer defenses and proliferate in typical virus fashion. These days there is much more to lose. Personal information and finances can be stolen with the use of more sophisticated and stealthy technology. One recent hot topics in this field is “skimming wallets” – theft which involves just walking past someone and picking up there credit card information. We will look at this and other forms of cybercrime and speak to how to guard yourself from PC cyber attacks.

Trends and Threats:

Researchers and security professional are in agreement: breaches of PC security are on the rise. This is not only at an individual level but even with institutions and businesses that have considerable expertise and finances directed specifically at cybercrime prevention.

Here are some outstanding examples:

In 2011, Sony failed to protect over 100 million user records and suffered losses of over 1 billion dollars along with customer relations.
Google, Yahoo, and dozens of Silicon Valley companies were hacked by the government of China in 2009. It was announced that it was for the purpose of gathering information on Chinese human rights activists although Google also stated that intellectual property was stolen. The exploitation took advantage of a weakness in Internet Explorer.
NASA experienced 13 security breaches in 2011. This occurred after spending just over a third of its 1.5 billion annual IT budget on cybersecurity. The attack resulted in hackers gaining full functional control of the NASA Jet Propulsion Laboratory systems.
134 million credit and debit cards were exposed in March of 2008. This occurred despite the fact that security analysts had warned online retailers of the vulnerability. The attackers were able to install spyware via a SQL injection and obtain Heartland Payment Systems data.
April 26, 2013 – the website LivingSocial which offers online deals suffered a database hack and compromised the personal information of over 50 million people including names, email addresses, and encrypted passwords. The attacks utilized web applications to access the databases.

There are numerous examples and the instances will go on despite the fact that continual research and money goes into prevention. The fact is cybercrime is innovative and exploits mistakes and takes advantage of technologies that are designed for our convenience.Several of the above examples involve institutional, corporate or business attacks – systems that were fortified by well-financed security systems. If these can fall prey to cyber attacks, it becomes easy to imagine how personal PC attacks can occur.

Identity Theft: This form of theft is considered one of the fastest growing crimes. Some reports[1] state that 9 million people in the US fall victim to identity theft and that in 2010 there were $37 billion in losses. For the most part online hackers are able to avoid being caught as less than 700 crimes lead to an arrest. One of the most challenging thefts in terms of detection is that of child identity theft:

Child advocates, regulators, financial services and other professionals agree it is a particularly damaging crime that can go undetected for years, only to be discovered when the victim applies for a student loan or credit card.[2]

At Stake:

There are those that feel there likely isn’t much at stake with respect to data obtained from a PC. However, with identify theft you stand the chance of a thief running up thousands of dollars in charges, committing crimes using your name, opening up a bank account and running up bills on credit cards that are charged to you. Identify theft can result in financial fraud involving frauds related to credit cards, tax refunds, social programs, mail fraud, and even other computer crime. What could be worse than becoming the victim of a cybercrime and be held accountable for other cybercrime? An example of this is the case in December of 2000 where a U.S. Air Force system was hacked and code for controlling communication and spy satellites was downloaded to a computer in Sweden. The Swedish destination had no idea and cooperated with the investigation and further activity was traced to Germany which was also believed to be used by a distant hacker

Then there is a loss of private information. On March of 2013, a website titled “The Secret Files” became public. It exposed personal and private information of numerous public figures and celebrities such as Ashton Kutcher, Jay-Z, Tiger Woods, Bill Gates, Mitt Romney and Hillary Clinton. The information included social security numbers, credit reports, addresses and phone numbers of celebrities and public figures.

What about the ramifications with respect to loss of data? In 2006 a laptop in custody of a data analyst was stolen that contained personal and health data of about 26.5 million active duty troops and veterans. The agency has estimated that it will cost between $100 million to $500 million to prevent and cover possible losses from the data theft.[3]

The Technology:

Advancements in computing technology can lead to both convenience and, when used for fraudulent or harmful purposes, invasion and loss of proprietary data and personal finances. There are those referred to as “black hat” hackers that can carry out targeted attacks (possibly picked at random or for personal gain). They will scan the network to determine how vulnerable it is by testing all the ports on a host machine. Any open ports that do respond can allow access to the hacker.

Even more prominent is the onslaught of a new breed of hackers that have little to no expertise. These hackers are referred to as a “script kiddie” or skiddie. They simply download from the web pre-made automated tools to break into other’s computers.

Near Field: Smartphones and mobile devices can use Near Field Communications in such a manner as to conduct data exchange, contactless transactions, and more complex communications such as Wi-Fi. Hackers are using this technology to brush by someone to gain credit card information. It’s a form of pick pocketing without even touching someone.

More widespread and well-established techniques involve stealing ones laptop or gaining online access to ones PC. Accessing the data is a matter of getting past and security and encryption by means of hacking the code.

All websites and computer-related programs are run by some sort of code. Whatever program was used to design it, such as HTML, C++ or JavaScript, hackers try to exploit the code and find its weakness. They try to find a way to get around the security codes by using special programs or writing their own codes to try and alter the original. [4]

Drive-by Downloads: A special note must be made for the drive-by download method of hacking. This involves the following steps:

A hacker injects code into a vulnerable website that is malicious in nature.
The injected code exploits vulnerabilities in the browser of those people that surf to the infected website. This can also occur through commonly used plug-ins such as Flash and Adobe.
The malware silently works in a way that, in some cases, can evade antivirus detection. It launches malicious applications that control the infected machine and steals private and personal information.

If you are interested in reading more on the subject of hacking we recommend that you take a look at the PC World article that describes the process used by a 23 year old white hacker (an ethical security expert) and a 19 year old black hat hacker. This describes the use of programs that can identify the computer information, ones to crack passwords, and other tools to examine the content of the PC being targeted. [5]

Private Data: One important note about information that can be collected and used by companies: there are public and private databases that gather up statistics about you: “everything from your shopping habits to your health history”. This information can be made available, even bought and sold “to creditors, employers, landlords, insurers, law enforcement agencies, and, of course, criminals”.[6] This can have life-changing impacts on you or it can merely be used to direct advertisements in your direction when you are browsing online.

Solution – Guard Yourself:

Common strategies to guarding yourself from attacks include – what else – using technologies designed to protect your PC. This includes security firewalls, data encryption, and using passwords (and regularly changing passwords). However, it is commonly agreed that utilizing security tools alone, such as antivirus software, firewall and intrusion detection applications, will not suffice. You need to patch up vulnerabilities. Commonly used programs, including your web browser and your operating system, need to have the latest security patch upgrades.

Those that are self-proclaimed hackers will state that there are no safe places to hide your personal information once hacked. For this reason alone, we recommend the most effective strategy – remove confidential and private data on your PC.

Remove and protect Confidential Data:

Although you may not be aware of it, your PC stores personal and private information such as passwords, credit card information, email, chat communications, and more. This exposes you to identity and security threats. The need to completely remove confidential data from your PC is fundamental but requires some understanding of the fact that data can be recreated even after you have supposedly deleted it.

Tip – Deletion: Complete deletion of data needs to occur when throwing out or re-selling devices including PC’s, laptops, mobile devices, USB keys, external data storage, and the like. You need to look into methods of file deletion and reformatting of the drive.

Keep in mind that standard deletion of files in most cases will not be sufficient. When you delete something it is removed to the Recycle bin so that you have the opportunity to re-claim it. You need to empty it periodically. We recommend that your use the technology available with PC Clean Maestro as an effective method of cleaning your PC as we have outlined in our previous article, and to remove private data to safely protect yourself from losing private information as a result of a malicious incident of cybercrime.

Tip – Configure Your Browser: You can configure your browser settings to better restrict the privacy controls. By doing so you choose what items to block or restrict including cookies and Private browsing or Do Not Track (DNT) browsing traffic. In recent years all major browsers have included a Do Not Track option. This enables a user to choose to not have their online activities tracked. This applies to Internet Explorer, Google Chrome, Mozilla Firefox, Safari, and Opera. The one shortcoming of this: “The Do Not Track system is completely voluntary, and there are no legal or technological requirements for its use. As such, not all websites and advertisers will honor the request or may completely ignore it altogether.”[7]

For a list of items identified as private and related to personal security, please see our blog article along with complete instructions on how to safely remove these.

Now that you are in the know about the potential of hacking and about keeping your personal computing private, we will provide some instruction on how to go about it in our blog article including how to use the Security and Privacy tools. We hope the PC Clean Maestro operations will help you feel more confident about operating your PC safely.

References

[1] www.InvestingAnswers.com

[2] www.IdentityTheftAssistance.org

[3] Wikipedia.org

[4] www.ehow.com

[5] PCWorld.com

[6] www.consumerreports.org

[7] Wikipedia.org