With the recent WikiLeaks release of procedures used by the CIA to gather the information I think it might be a good time to remind people of the risks, we face every day from identity thieves and other fraudsters who gather information on us to maximize their income when committing crimes.
Finding information about people on the internet is easy. Computers run on ones and zeros so everyone gets assigned a number. Once you know the number assigned to an individual or organization you can find any information related to that number. That can include information that has been removed from the primary websites and is now stored on archive websites. You can also find unprotected computers, webcams, cell phones, printers and other devices connected to the internet. There are even ways to search for the user IDs and passwords people use to access their electronic information. One way to do this simply enter – “Index of” spwd.db passwd- into your Google search engine. The user IDs and passwords obtained by the criminals can then loaded into a credential stuffing program and tested across all the websites on the internet.
As personal electronics enhance our lives they also make it easier for fraudsters to gather information about us. Consider the proliferation of cameras in today’s society. From baby monitors to traffic cameras we are being recorded on a regular basis. Criminals use cameras to capture images of your checks and credit cards while standing in line behind you at a store and videoing your cards and checks when you checkout. Many security cameras, webcams, traffic cameras, etc. are web enabled and are transmitting unencrypted information over the internet. A simple command in Google – inurl:/view/index.shtml – will produce over 300,000 websites with access to unsecured cameras linked to the internet which anyone can watch or record.
With the proliferation of web enabled speakers and microphones such as Alexis, Amazon Echo and Ok Google we enhance our lives by controlling our homes on voice commands. These microphones can be accessed over the internet and the criminals can listen to or record our conversations. Spyware placed on cell phones and other electronic devices allows criminals to hijack the microphones, GPS, and cameras on those devices to gather information on their intended victims. In the modern world, even our new cars are connected to the internet allowing criminals to hack the computers in our cars. Imagine taking a ride in a driverless Uber car when the criminals hack the system and reroute you to a new destination of their choosing. The criminals usually piggyback spyware and other malware on free apps that are made available to unsuspecting victims.
As we learned from the WikiLeaks data dump all of our electronics including our Smart TVs, computers, phones, home security systems, home automation systems, cars, and anything we own that is in any way connected to the internet can be accessed by criminal hackers, or, as WikiLeaks showed, by various governments throughout the world. Most of us do not want to turn off our electronics, disconnect from the internet, and go live in a cave in the woods.
So, the question is what can we do to protect ourselves? First, you should be aware that any time you are out in public you are probably being recorded. With the proliferation of traffic cameras, security cameras, GoPros, Dash Cams, cell phone cameras, etc. it is highly probable that you could be recorded at any time. Unfortunately, there isn’t much we can do about cameras owned and operated by other people or organizations. We can, however, protect ourselves in our own homes and offices. When purchasing electronic devices, you need to be aware that most are sold without any encryption capabilities or the encryption is not enabled. Check all of your web enabled devices to ensure they are properly encrypted. Be careful when downloading software, especially free applications. Make sure you know and trust the source before downloading anything. Make sure you have hardware and/or software firewalls protecting all of your connections to the internet. Install good antivirus, antimalware, and antiransomware software and keep it up to date. Make sure all communications across your wireless networks are encrypted.