I’ve written a post about this on my Security blog, and you can read all about it here. Essentially, don’t panic and follow the advice provided in it (from the National Cyber Security Centre).
As some of you may know, I work in Information / Cyber Security, and I run a separate website for cyber related posts. It’s called EasyCyber, and my goal is to explain cyber and related security in simple terms. Cyber affects every single one of us – you couldn’t read this message without it – so is something we all need to be aware of.
To try to make the topic even easier to understand, I’ve launched a series of podcasts so please head over and check them out. I know that for many it’s not the most exciting of topics, but hopefully I can help change your perception of that.
Here’s the first one, subscribe to the site for free and follow me there for more simple, practical and free help.
The other night Dee and I sat down to watch a DVD. It was the film Eye In The Sky, and we’d bought it on the strength of Helen Mirren and Alan Rickman being in it: it’s generally difficult to go wrong with either of them. We didn’t even read the synopsis on the back.
The basic premise of the film is that the UK and US governments have been following known terrorists for some time and finally have them in their sights in a house in Nairobi, Kenya, and a Kenyan army force is on standby to try to capture them. There is an armed drone in the skies above, and it is relaying images back to teams in the UK and US.
The suspects then move to another part of Nairobi which is effectively a no go area for the authorities. Further surveillance reveals two men putting on explosive vests and preparing to move out into the population. It is only possible to follow one target with the drone, so if the bombers move out there’s a choice to be made of who to follow. The drone targets the premises they’re in, and a calculation of likely collateral damage gives acceptable figures.
Then, a young girl appears and sets up shop selling bread her mother has made, right outside part of the target building. The collateral damage calculation shows she is likely to die.
And here’s the crux of the film, one which they draw out very well, looking for approval from various government departments, the military and all interested parties. The question is: do you take the opportunity to kill known high level terrorists you’ve been chasing for 6 years along with two imminent suicide bombers who are likely to kill 10s if not 100s of people, but it also means an innocent young girl will almost certainly die? Or do you hold back, and save her life at the expense of unknown numbers of others.
The film presents good arguments for both decisions, as there is merit in both. There are also arguments to be made against both. Things like – if they let the bombers walk, when they detonate their vests they will be blamed, but if the US and UK kill an innocent girl then they are likely to stir up anti-Western feeling. And where does the law sit on this, with two nations launching a lethal attack on the home soil of a third, friendly, country?
I wouldn’t necessarily rush to watch the film again, but it certainly provided a lot of food for thought. What would you do? What choices would you make?
I saw this video for the third or fourth time in the past 6 months recently, and it occurred to me that you might like to see it. On the face of it, this guy is able to tell a lot about a person just by holding their hands or talking to them, but then…
This contains a lot of really good examples of the impact of not locking down your privacy settings on social media. If you’re happy for all and sundry to find out the sort of things this guy does, then carry on. But if you’re a bit uncomfortable, a bit worried about what someone could find out about you, then it’s time to review your settings.
It’s a good idea to do this reasonably regularly anyway, as hidden within your Terms and Conditions for most sites there will almost certainly be agreement for the suppliers to change permissions as and when they see fit. Normally that happens during an update or upgrade, but it’s a good idea to be vigilant.
Have you ever wondered why a lot of the internet services and products that you use are all free for you to use? I’m reading Future Crimes by Marc Goodman at the moment, and it explains why in very clear detail. I’m only about a third of the way through, and it’s pretty scary reading. All it’s done so far is to set the scene about the data we share. To give you a little clue, check out this clip from the Onion News Network.
You may think that the myriad of advertisements which appear on your screen when you visit all these sites are what is paying for your free service, and you’d almost be right. What’s actually happening is that you are the product, not the advertisers. Every bit of data you post, every tweet, every picture is captured, along with details on every device you use, its location, every browser or app you use. That will include this blog article and the tablet device I’m writing it on right now. All of this information is bought and processed by data aggregation companies, and sets of data are then sold to advertisers.
Ever wondered why, if you shop at the same supermarket chain (not even the same store) regularly and use a loyalty card, the vouchers you get are for product which may complement your regular shop? So if you buy a lot of cheese, there’s a high likelihood you’ll get vouchers for crackers which go well with cheese. More and more complex algorithms are being developed to predict what you are likely to want to buy, and where you are likely to be in the next few days. For example, if you buy a selection of swimming trunks, shorts, t-shirts and sun tan lotion, it’s likely the adverts you see will include travel insurance and holidays to sunnier places. All of this is down to the trail of data you leave, even if you’re unaware of it.
And the big secret? You can’t stop it. Have you read any of the Terms and Conditions you’ve signed up to? Probably not – those documents are big, they’re convoluted, and they often refer to other documents. In Future Crimes for example, evidence is given to show that the Terms and Conditions for PayPal are actually longer than the play Hamlet by Shakespeare. In them, you will almost certainly have consented to data which is collected being shared with others, without additional permission from you, and also to allowing the Ts and Cs to be changed whenever the company wants. Oh, and get this – they also probably say somewhere that your data can be harvested from any kind of technology, known or unkown ie on systems that haven’t even been developed yet.
If you’re trying to reduce your footprint, wave goodbye to store cards and credit cards, use cash at all times, and don’t carry a mobile device of any kind, because those are also pumping out data which tracks you. They’re your own personal GPS! Living off the grid is practically impossible.
I’ll just say, read the book, and prepare to be dazzled!
This originally appeared over at http://easycyber.net and I thought it would be worth providing this beginner’s guide here. I’m guessing that you’ve heard of phishing, and I thought I’d provide some words around related topics. Let’s start at the beginning though.
Most people with email will have received a phishing email at some point. Essentially, it’s a mass mail sent to a lot of people indiscriminately, in the hope that one or more of the recipients will reply or click on a link in the message. The bad guys have either provided a link to a compromised website, or which will download and install malware, or something like that, or they note the replies they receive and build a list of people to target with the sort of fake IT support calls you’ve probably read about. These types of attack are relatively simple and unsophisticated. They don’t target individuals and are effectively a random attempt, a bit like fishermen on a trawler using a net: their catch is indiscriminate.
This type of attack is a bit more sophisticated. It follows the same sort of approach as above, but focuses on specific individuals. These emails typically include your name and may also include a little bit of information about you, and will likely be more targeted around some of your likes and interests. Because they are specifically directed at you, and you are they prey, you become the fish that the bad guys try to get without looking at others around you: hence “spear phishing”.
This is really just a version of Spear Fishing, but targeted at the biggest fish (OK, so I know that whales are mammals, not fish, but that’s beside the point). As these are the big fish, you can imagine that these are the biggest prize. Typically the bad guys try to get their hands on large sums of money, and may involve more skillful techniques like phoning an employee (a technique sometimes called voice phishing, or vishing) in finance and pretending to be one of the big fish, saying that they’ll be emailing shortly to request immediate payment of a bill. Who queries the boss, right? This type of attack is definitely on the increase.
So how do you protect yourself from these sorts of attack? The following tips may help:
- If it seems too good to be true, it probably is
- Don’t click on unknown links in email
- Don’t reply to messages from people you don’t know
- If at work and you get an email from senior management which eg doesn’t follow normal processes, ask for confirmation / clarification – but not by replying to the mail
- Be vigilant – phishing and related attacks are on the increase
A while back I posted about the difficulties I had in “getting” Twitter. I also posted about having created a new account fairly recently. Since then I think I’ve made more of a concerted effort to use it and have noticed a couple of things:
- the more you post, the more retweets and followers you seem to get
- the best time to post seems to be on a Sunday evening
- people add you to groups without you asking – and I don’t know how to get out of them!
- I’m really bad at using hashtags
Does that mean that there are loads of people gearing up for work for the week by checking the world of Twitter with their Sunday dinner? Is it a way of easing ourselves gently in? Is this how we’re evolving? And why is it that I seem to need about 5 more letters in my posts than I’m allowed? lol