Tuesday, April 20, 2010

Cyber attack against the United States and us personally?

Listen to Terry Gross on Fresh air but first pour yourself a nice adult beverage or strong tea! You will not be happy after you've listened to this.

Richard Clarke served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush. He spent much of 2001 warning members of the Bush administration about the possibility of an impending al-Qaida attack.

"A cyberattack could disable trains all over the country," he tells Fresh Air host Terry Gross. "It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records."

Now here is the part we all violate -- "Good hackers can get through any password," he says. "If you're going to buy things online, have a credit card for that purpose with a low credit limit. Don't do banking or stockbrokering online and have a lot of money at risk -- unless your stockbroker gives you more than just a password -- a two-step process for getting in. It won't just be a name and password."

Y'all know this but the Fresh Air program reminds us how much WE are a part of cyber crime, cyber warfare, cyber espionage and cyber terrorism.

"Clarke says that one common attack is for hackers to take over a series of home computers through backdoor security exploits. For example, malicious software can be downloaded onto a hard drive after you accidentally visit a compromised website. Your computer can then be used in conjunction with other compromised computers to engage in a large-scale attack. The average computer user may not realize when their computer has been drafted into a cyberattack."

"Maybe your computer will be running a little slowly that day," he says. "Maybe your bandwidth won't look like it's normal. But while you're doing your e-mails, your computer could be sending out denial of service attacks as part of a million other computers all trying to knock off a bank."


Sunday, April 18, 2010

Cyber Warfare - Go to Level RED now! Please.

I have just raised the Schmidt CyberThreat Level to Bright Red!

That's the highest level in my Cyber Categories.

The US government may not be ready for this but I think an alert upgrade is now warranted. Yes I know that " ... the military and the NSA care enough about transparency to tell you they care about your privacy, but if they told you anything more than that they’d have to kill your computer" as the Wired story read. I also know that there are some profound privacy issues at stake here (like, do you want your mom to know everything that you do every day (and night)? ... and if the answer is "NO I don't freakin want my mom to know anything like that! !@@#$%"

Then may I ask ... why would you want the federal government to know!?
So read this?

President Obama’s pick to be the 4-star general at the head of the military’s new computer security and cyberwar command sailed through a Senate confirmation hearing Thursday, while revealing virtually nothing about he plans for the new command.

Lieutenant General Keith Alexander has run the National Security Agency for the last five years, and was nominated to simultaneously head the military’s newest command wing, the U.S. Cyber Command. The elevation of computer security to a command - which is always headed by a 4-star general — signals that the Pentagon considers computer security defense to be of utmost importance to its operations.

Monday, April 12, 2010

Social Networking Deception Leads to ID Theft?

So, first of all, Classmates.com agrees to a proposed settlement of $9.5 million to users who complained about its false advertising – you know the email – “hey, someone’s been looking for you…and if you just upgrade from the free to the subscription membership, we’ll tell you who it is…”

And just about the time you realize you’ve been duped and no one’s looking for you, you’ve already enrolled with your credit card online…

But then you find your personal information on the site may have gone inappropriately public and there are unexplained charges on your credit cards?! Whoa.

It’s no wonder Classmates.com’s problems have now snowballed into a class action lawsuit for invasion of privacy, the above-referenced consumer settlement offer awaiting court approval, and congressional inquiries into the unexplained charges, according to a socialnetworkinglawblog.com article.

Juxtapose that with my nearly 12 year-old daughter asking today whether or not she ought to accept any of the Facebook and similar social networking type invitations to join which she receives on a daily basis. Hmmm. What so often begins as an innocent interest in connecting with friends, classmates, business colleagues, etc., can too often now digress to identity theft, fraud or criminal consequences.

Us social networkers need beware, but so do the site sponsors.

Sue B Martines, J.D.

Labels: , , , , , , ,

Tuesday, April 06, 2010

A New for-Credit Class Planned, and Cyber Espionage out of Control!

I am working on proposing an new class on "Information Security Policy: The Challenges of Software, Hardware, And Humanware in the 21st Century."

The course will hopefully be taught out of one of the "hard" sciences (computer engineering, computer science) but be "user friendly" for folks who are NOT engineers. It will have lots of information from computer geeks, programmers, computer hardware architecture folks, forensics people, cyber-crime experts, national security types, as well as my own expertise on policy and human behavior content.

Why am I proposing this new class?

Because after getting feedback from the tens of thousands of folks attending one of our Identity theft workshops throughout the United States and Canada it became clear that there is too big a gap of knowledge between politicians and policymakers, citizens, business and law enforcement and the community of scientific experts (especially engineers) on the vulnerabilities of information protection.

Also, many of my former students have asked for a class that is not just soft social sciences but also has hard science insights for lay people on these topics. Stay tuned and sign up on this blog for updates on how that class is coming along.

Also see below why I think it is crucial that we up-armor our society on cyber security!

The article "Researchers Trace Data Theft to Intruders in China" NY Times April 5, 2010 is a fascinating and detailed look at cyber-espionage.

"In a report issued Monday night, the researchers, based at the Munk School of Global Affairs at the University of Toronto, provide a detailed account of how a spy operation it called the Shadow Network systematically hacked into personal computers in government offices on several continents."

The report opens with this paragraph:
"Crime and espionage form a dark underworld of cyberspace. Whereas crime is usually the first to seek out new opportunities and methods, espionage usually follows in its wake, borrowing techniques and tradecraft. The Shadows in the Cloud report illustrates the increasingly dangerous ecosystem of crime and espionage and its embeddedness in the fabric of global cyberspace."
You can get the report "Shadows in the Cloud" at Scribd and you can download it as a pdf file.

Don't look at this site unless you are a computer geek and have nerves of steele. It's the site that aggregates information about the Dark Side of the internet and has some scary statistics on viruses and hacking!

Please sign up on the right side of this blog for updates on continuing education seminars on ID theft and information security and the proposed new for credit class.

Monday, April 05, 2010

Top Things That Computer Users Should Fear in 2010

Can the Internet be a scary place? Yes, and it may be an even more dangerous place this year, according to this MSNBC story.
The daunting story makes predictions including:
  1. Anti-virus products will have more difficulty screening out viruses
  2. Increased buying of fake anti-virus software
  3. Social networking sites will continue to be platforms for impersonation/identity theft
  4. Spam numbers will keep climbing
Even though this may not be the most uplifting news, it’s important that the Internet always be treated as a powerful communication tool of seemingly endless possibilities - both positive and negative.

Caution is always the key to safe surfing. If something seems suspicious, avoid it and take precautions to safeguard all your confidential information, both online and during in person interactions.

It’s one thing to hope that these predictions don’t come true; it’s quite another to ignore the warnings and not take steps to protect your identity and leave the door wide open for cyber criminals.

- - - - - - - - - - - -

Written by Stacy Whelchel, a Corporate Writer at Pre-Paid Legal Services, Inc. Pre-Paid Legal's signature products, including the Life Events Legal Plan and Identity Theft Shield, serve more than 1.5 million families in North America.

Labels: , ,

Saturday, April 03, 2010

Forthcoming classes on ID theft prevention education

We are currently working with several partners for a series of very important on-going education and certification classes on information security and ID theft prevention.

The basic concept for these classes is as illustrated in the graphic. (click on the image for a larger version).

It starts with general awareness, covers laws, penalties, hardware risks, software issues, re-awareness, assessment and then direct clients to schedule refresher workshops or enroll in larger academic classes on this topic.

This workshop will be of interest of everyone who needs to comply with FTC, federal bank regulations, NCUA, FACT and Red Flag rules.

These will be reasonably priced, highest quality, college/university vetted, and available 24-7 on an Internet classroom site.

Please sign up for the feed from this blog so that you'll be up to date as we launch the various classes and workshops. We can also contact you directly with registration information by following Mike McCoy's Twitter feeds (click below to sign up). You will be getting the first opportunity to enroll.


You will also start getting heads up on important ID theft news and events from us.

Stay safe. enjoy the spring and stay tuned for these exciting workshops.

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft