How’s Your Digital Protection?
2/13/19, Brody Childs
Before May 20th, 2013, the idea of someone, or someones, tracking every citizen’s move was only something heard of in science fiction. However, reality often follows fiction, and on that day an apparently average looking man stepped from his flight into the city of Hong Kong, China. Hidden throughout his luggage was the information revealing a set of secrets that would warp the world of the internet. These keys were a collection of documents and data indisputably connecting the United States government’s surveillance organization, the NSA, to a series of disturbing, big brother-esque activities.
Back in Hong Kong, Edward Snowden first revealed the NSA’s documents to the United Kingdom publication known as The Guardian under the alias of Verax. An applicable name, meaning truthful in Latin, considering the scope the information that would be revealed to the world through Snowden’s series of leaks.
When all was said and done, the actions of the NSA and their global surveillance tool known as PRISM has been revealed to the world. Of course, with such an extensive network Snowden was identified and ultimately fled to Russian for asylum. According to Russian authorities, his visa will last until 2020. What happens after that is unknown to likely all but Snowden himself.
However, this is more than just a story of one hotly contested whistle blower. In truth, this is a story of cybersecurity and this goes beyond just one man’s reveal about a singular system. This story includes the hackers and the hacked, as well the governments and organizations orchestrating both.
With the expansive nature of the internet in modern society, the ability for digital incursions into that which was secret have become increasingly more common. For in a world of digital things, there are those that understand how to secure their digital lives and those who stand in the majority who, perhaps unknowingly, surf the internet without a caution in the world. As such this story is more than that of a government or an organization, this is a story of the average citizen and how they themselves can protect the digital world they cultivate around themselves. Likely, this is a story where you are character.
The true expanse of what is available to be found on anything connected to the internet is astonishing. People store their entire lives on computer databases in this day and age whether they know it or not. This data, of course, ranges from family photographs, to business finances, to private messages, and everything in between.
The sheer amount of data to be found across the myriad of computer systems running in the world is beyond what a single human could index. However, as these data points are already in a format understood by computers, it allows them to sorted by one as well. One such of these programs finds its name as PRISM.
Created the United States government and revealed in its full extent to the public by Edward Snowden, it provides a clear look into just some of the possibilities that can be found in this universe of computers. The reveal of PRISM showed the world that an organization could in fact track and acquire data points on anyone, anywhere, as long as they were accessing the internet.
It was shown in briefs it was revealed that PRISM could be used the United States government to “to monitor the phone, email, and other communications of U.S. citizens for up to a week without obtaining a warrant.” A scary proposition in and of itself, but Snowden’s also brought to the surface that all data that had been previously collected was not only stored, but freely searchable by the NSA, FBI, and CIA. What this means to the average computer user is that PRISM could be used to extensively monitor all digital communications of said individual and store it for later use without the permission of those were recorded.
Of course, to the law abiding citizen, there would not be much to fear of PRISM’s eye. As PRISM itself is run by the United States and is officially a controlled system that is operated without abuse. However, it proved to the world that not only could data from a hundreds of thousands of sources be skimmed, but it could connected back to an individual. Unfortunately, in this world not all tools of this nature are used by authorities.
Most intrusions, or hacks as the layman would put it, are not perpetrated by those in power. A stunning example occurred, again, in 2013 except this time on a global scale. Across New York City and major cities in 24 other countries including Japan, Germany, Russia, and Mexico, a highly organized and incredibly operation took place. It became known by the prosecutors in New York as the “Unlimited Operation.”
Across the entire scope the “Unlimited Operation,” the cyberattacks managed to net nearly $45 million in cash from ATMs across the world. The most impressive part of this operation was not the amount of stolen, but rather the finesse with which the operation was executed.
First, still unfound hackers breached various bank systems allowing them take control of a handful of prepaid credit card numbers. From there, the value present in the credit accounts were raised to astronomical values of money and the cards were printed off through commercial ID badge printers. With these bootleg credit cards in hand, operatives spread out across to access ATMs. In New York City, where at least three card carriers hit at least 100 ATMs pulling $4000 from each.
In the aftermath, the leader of the New York cell was gunned down in a drive by where after investigation $100,000 were found in a simple manila envelope. Authorities later managed to track down and apprehend at least two other members of the New York cell, one of which was reported to have been official labeled as deceased years before.
As such, it is incredibly important to remember the extent to the which the computer world surrounds us. It manages our money, our official records, and, as is increasingly common, our social connections. While the hackers involved in “Unlimited Operation” were targeting MasterCard and other bank agencies, it makes a good point: with proper planning and skilled engineers even some of the most secure systems on the planet can be breached. While it may seem that a ground operation is required for a group to perpetrate a successful, intrusion it’s not always the case.
In January 2019, the town of Del Rio, Texas became victim to a county wide ransomware attack. This assault on their digital data locked down all systems within county’s governmental systems including those which organize public transport, birth and death certificates, and general utilities like water and electricity.
The town itself is a small place and not a town possessing something particularly valuable. As such when the mayor was interviewed about the county wide cyberattack, he put forward an interesting thought: the hackers may not have known what their worm, a specialized form of computer virus, had found, but rather simple knew it was reporting a target. Unfortunately, the town was eventually forced to pay the ransom off.
Luckily for the neighboring towns, however, the intrusion was detected fast enough to avoid it spreading into neighboring local government systems, which was done simply by disabling the wireless connections within the Del Rio government buildings.
Del Rio makes an important point as well that cyberattacks can happen at any time against almost any target. You don’t have to be a bank, a politician, or a military target. Regular people can fall victim to digital intrusion through their simple everyday activities. But this is no reason to throw your computers away and move into the mountains. Rather, all that must be done is to learn about the proper ways to protect yourself.
There’re a few easy steps to creating a safer online environment for yourself. Here we’ll keep things simple, as there are tons of great resources on how to improve both personal and network security already out there on the internet.
The first thing to do is to review how you handle the internet’s most popular security feature: the password. While it may be easier to simply create one short password and use it for everything, this is unsurprisingly the worst possible thing to do. To really make those wannabe hackers scream, make sure you’ve got at least 12 characters in your password and try to mix up a bit. Simply putting word after word may be easier to remember, but can be easily hacked through what’s called a dictionary attack. To avoid this always remember to include at least few numbers and special characters. Though remember to filter them throughout the password rather than just stick them at the beginning and end.
Finally, never let your browser save your passwords. That’s like attaching a sticky note with the password to your password protected computer: it’s just something you really shouldn’t do. If you really need to write your passwords down, consider using a reputable password vault system. These can even generate random passwords for you that are often up to 128 bit encryption, an industry standard for keeping people out of your things.
When it comes to pins for things like your smart phone or debit card, the first thing to remember is shared with passwords. You always need to make sure you always use unique ones. It’s also worth noting that while biometrics like face and finger print scanning is incredibly convenient, it’s within the rights of law enforcement (at least in the United States) to force you to open your device with such methods.
For your computers, and those of you with Android phones, it’s important to remember that protection matters. As such, downloading a reputable antivirus is always a good thing to do. Personally, I find that Avast, a free antivirus with an option paid premium version with some nifty tools, does the job fine. In fact, Avast was crowned Best Free Antivirus of 2019 by PC Mag and has been protecting my systems since 2010.
Of course, there’s much more advanced ways to secure your online presence and for those so inclined, more information can be found a simple Google search away. As a general rule of thumb, use your gut. If something seems like a scam or malicious in some way, it probably is and should be avoided unless you can almost certain it’s legitimate. In the end, there’s a saying in the computer world:
“There’re only two types of system on the internet: those that have been hacked, and those who just don’t know it.”