Data in 2019, more valuable than oil

In a previous article, In Defense of Privacy, I wrote that we should not fetishize privacy, we should demand privacy. While I stand by that, we run into the issue that most of our privacy is degraded and put at risk because we willingly and nonchalantly provide our data.

I’m as guilty of this as anyone else so what can we do? Is it possible to get our data back? The short answer…no. In an interview with Bloomberg in September 2018, Brittany Kaiser formerly of Cambridge Analytica put it simply, no.

“If you were on Facebook before April 2015, you’re never getting your privacy back. That data has been copied and proliferated around the world so many times without any due deligience, any tracking or traceability on a technology level that there is no way that there is no way you will be able to erase all of that data, you’re not going to get it back”.

So what do we do? Similarly to debt, the best way to start to get out of debt is to limit and if possible stop spending. With data, we can limit the amount of data we provide moving forward and in terms of social media, limit the number of people we “friend.”

There is also the issue of our data being hacked/stolen from organizations that we should be able to trust with that data, i.e., government, banks, and hospitals. Where what happened with Facebook and Cambridge Analytica could be seen as a case of TOS (Terms of Service) manipulation. There is an expectation that the data shared with banks, hospitals, credit card companies, and the like are protected at the highest level possible.

Unfortunately, this is not always the case.

Almost daily, we see reports of data breaches that target companies storing user data instead of individual users and instances of companies leaving the data unprotected or unencrypted or selling that data for profit.

“The Biggest Security Breaches of 2019, so Far.” 2019. The Kim Komando Show. 2019.

Missing: FDNY Hard Drive With the Medical Records of More Than 10,000 People

DMVs Are Selling Your Data to Private Investigators

Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?

And yes, the issue of data protection and privacy are a major concern in the Cryptocurrency space, especially with increasing government demand for KYC (Know Your Customer) policies.

But what can be done? We must demand our elected officials step up and do more to protect user data. It is also essential that companies be held accountable for data breaches and data theft by internal employees.

For our part, some actions we can take:

  1. Use companies, apps, and programs that use clear terms of service with opt-out options for data sharing and that provide confirmation in writing our data destroyed when requested.
  2. Unless required for the situation at hand, do not provide private information such as social security number, address, birthday, or family information.
  3. Utilize programs like Google Voice to get a phone number that you can give out that is not your actual phone number.

These are only a small sample of the tools we can use to protect our data moving forward. It will require some forethought on our part, and unfortunately, that is what we have to do.
We are raised to be honest, and when someone asks a question, we should give an honest answer. But that honesty and openness are used against us by corporations who have no such sense of openness or transparency, so why should we give them the same consideration?

In 2019, Data is more valuable than oil, and we need to guard our claim.

“The Biggest Security Breaches of 2019, so Far.” 2019. The Kim Komando Show. 2019. https://www.komando.com/tips/584393/what-to-do-after-a-security-breach-2019-round-up.

2019. Gizmodo.Com. 2019. https://gizmodo.com/missing-fdny-hard-drive-with-the-medical-records-of-mo-1837109038.

Cox, Joseph. 2019. “DMVs Are Selling Your Data to Private Investigators.” Vice. vice. September 6, 2019.

https://www.vice.com/en_us/article/43kxzq/dmvs-selling-data-private-investigators-making-millions-of-dollars.

Young, Joseph. 2019. “Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?” Cointelegraph. Cointelegraph. June 18, 2019. https://cointelegraph.com/news/round-up-of-crypto-exchanges-hack-so-far-in-2019-how-can-it-be-stopped.

Advertisements

Bringing Diversity & Inclusion to Tech

In this episode I chat with Pariss Athena creator of #BlackTechTwitter and founder of the Black Tech Pipeline. We discuss the need for diversity and inclusion in tech and how we can bring more women and people of color into the space. #womenintech #diversityintech #blacktechtwitter

You can find Pariss on Twitter: @ParissAthena where you can follow the hashtag #blacktechtwitter
You can find the Black Tech Pipleline on Twitter: @BTPipeline and on the official Black Tech Pipeline website: blacktechpipeline.substack.com

Also, a special shout-out to Isiah Jackson author of Bitcoin & Black America, get your copy on Amazon.com today!

Cyber Security Threats: A Conversation with Cyber Security Expert Kim Crawley

In this video, I sit down with IT & Cyber Security expert Kim Crawley as we discuss IT, Cyber Security, Information Security (InfoSec) and Operational Security (OpSec), Malware, Cyber Attacks and how they intersect with Cryptocurrency and protecting ourselves online. Visit these sites for more Kim Crawley Content:

https://www.alienvault.com/blogs/auth…

https://www.peerlyst.com/users/kimber…

https://www.tripwire.com/state-of-sec…

https://threatvector.cylance.com/en_u…

https://hackernoon.com/@kim_crawley

For the work of author Mark Russinovich: http://www.trojanhorsethebook.com/

Why You Should Use A Password Manager

We live in a time where we pass through hundreds if not thousands of websites every year, many of which we have accounts on to either tailor our experience, purchase goods and services or conduct business through. For most of us, trying to remember the login/passwords for all of these sites is next to impossible. This is where password managers come in.

Password managers allow users to store all of their passwords (and the websites associated) in one place. Products like Dashlane, LastPass and 1Password are popular.

With a password manager, the users only need to remember one password, a master password that unlocks their vault of passwords. Instead of remembering hundreds of passwords, the user only needs to use one.

Now, this does not absolve the user from using password diligence. Remember, this master password unlocks all of your other passwords so, Letmein is highly unrecommended.

Passwords should be no less than ten characters and include upper case and special characters. Keep this password in a safe place or better yet, memorize it. And for the love of everything you hold dear

DO NOT GIVE THIS PASSWORD TO ANYONE!!!!!!

Sorry…

More and more mobile devices come with either fingerprint or facial recognition and will open the vault with this method but this does not mean the user does not have to choose a strong password.

Enabling 2FA on the password manager will provide added security.

Remember: The greatest threat to Cyber Security is laziness.

Take care.

https://www.lastpass.com/

https://www.dashlane.com/

https://1password.com/

Using Cyber Awareness To Fight Cyber Crime.

More and more, we are seeing instances where criminals are sending emails either threatening to release personal or embarrassing information and more recently scammers have begun threatening to do harm to the victim or their business, demanding up to $20,000.00 in Bitcoin.

People forget that the technology that makes Bitcoin possible, Blockchain Technology is a digital ledger, think notebook, that records transactions that take place in the Blockchain.

This includes Bitcoin transactions done for illegal purposes. There are many who still believe, mostly due to how the media portrays Bitcoin and CryptoCurrency, that Bitcoin is anonymous, when in fact Bitcoin is pseudo-anonymous.

Bitcoin would be anonymous as long as the person or agency looking to find who the transactions belong to do not dedicate money and resources to find out as with the Coinbase/Neutrino debacle. Bitcoin would be anonymous as long as the user does not use Bitcoin to Fiat exchanges as more and more of these require KYC (See my article on Exchanges). Bitcoin would be anonymous as long as the user does not broadcast on social media that they have or use it.

But what mainly keeps Bitcoin from being anonymous is the fact that the Blockchain that Bitcoin is based on is open and permissionless which means anyone at any time can view it.

So how does this fit into Cyber Security and Cyber Awareness?

I recently did a video on Phishing Scams to see how successful they are, I took Bitcoin addresses that clients received in phishing/scam emails and used the explorer tool on Blockchain.com to see the transactions.

Some people do send Bitcoin to the criminal addresses in the hope of avoiding any issues but my advice to anyone who receives these emails, do not respond and most certainly do not send any Bitcoin to them as there is no guarantee that the threats will stop or in cases where data is compromised, that the criminals will not release the data anyway.

The idea of a Phishing attack is just that, fishing. You throw out a net and see who you catch or in this case, who responds. The Bitcoin they receive is the catch of the day.

The most important thing that can be done to combat this type of Phishing Scam is to educate ourselves, our employees and our families about what Phishing Scams are and how they work. To not click on random links or attachments that would open their computer or company up to Ransomware Attacks and if they receive an email claiming to be from a financial institution or government agency, to call directly, not using the information provided in the email but going through the agencies official website or Wikipedia page.

Unfortunately, there is no way to protect ourselves 100% as long as we are connected to the Internet but awareness is the first line of defense that all of us can use, starting NOW.

Take Care.

Helpful Links

U.S. Department of Homeland Security Cyber Security Division: http://bit.ly/2Y1P48a

U.S. Department of Homeland Security, Be Cyber Smart Campaign: https://www.dhs.gov/be-cyber-smart

Business Insider: Bitcoin scammers are sending bomb threat emails to millions around the world, but authorities are confirming ‘NO DEVICES have been found’ https://read.bi/2Qv4bXK

Fox News: New scam tries to blackmail with bogus porn threats https://fxn.ws/2QQETml

Coindesk: Bitcoin Trader on US Sanctions Blacklist Says He’s Innocent https://bit.ly/2AQLPFV

Bitcoin Magazine: Is Bitcoin Anonymous? A Complete Beginner’s Guide https://bit.ly/2ildwk8

Helping Kids Stay Safe Online

As we all know by now, the Internet is great!

Information, connections, and opportunities at the touch of a button or swipe of a finger. As more and more of us go online, and the age of the average user becomes lower and lower, we have to consider the responsibility we have to safeguard the wellbeing of those that come after us into this new digital age.

I was recently out for breakfast with my girlfriend, across from us was a family of three (mom, dad and baby girl) the parents were on their cell phones and the baby, maybe two or three, had a tablet. It made me think, this child will never know a time when she couldn’t find someone or order something by using the device in her hand. She’ll never know a time when notifications, news updates or social media post were not a part of daily life, then I thought, I hope those parents put on the parental controls that came with that tablet because they have no idea what she is looking at right now.

We hear all the time about Cyberbullying, Predators, and kids either viewing or sharing inappropriate material, and while there is no way to 100% protect kids from these things, there are steps we can take to make it just that much harder for them to be exposed.

Many, if not all, tablets and phones produced after 2010, come with some form of parental control. Whether this is blocking access to certain sites or apps or making so that the credit card associated with the account that was set up on the device can not make purchases without a password or code.

There are also features that limit the use time. For example, iOS and Android devices have a setting called Screen Time that turns the device off at a designated time. Another idea is to purchase age-appropriate devices like the Amazon Fire Kids Edition or the Samsung Galaxy Kids and the PBS Playtime Pad.

What about Social Media? Sites like Facebook, Twitter, Snapchat and Instagram are very popular and the ability to connect with friends and family from around the world has helped to make the Internet the wonder it is but there is a dark side. Trolls, Predators, Bullys, and Cyber Criminals abound on the Internet and unfortunately, they do use Social Media as a tool for harassment and worse.

The one thing you can do to protect kids on Social Media is to teach them awareness. Teach them to not share personal information like location or age, teach them to not post pictures of themselves (especially inappropriate pictures), teach them that its not okay to talk to adults online without approval and that it’s okay to tell you if someone says something online that the kids don’t like and not to be ashamed for saying something.
This is no way a complete list but hopefully, it helps to start the conversation that we need to have with the next generation of users and hopefully it will help grow cyber awareness.

Take Care
Jason Nelson
@dragonwolftech

Yes, Exchanges Are The Problem With Crypto

Last year I wrote a post on Steemit titled: Cryptocurrency Exchanges, the 800lbs Gorilla in the room, which you can read at the following link: http://bit.ly/2H3b3q5

Originally my issue with cryptocurrency exchanges was in how long it took for transactions to go through or the fees (Gas) needed to send funds but the more time I spent in this space the more I’ve come to realize that the problem isn’t how long it takes for transactions to go though or how much is required to send or fees or anything like that.

The real problem with the exchanges is the amount of data they collect from users, the fact that for the most part we have no idea who runs them, what they are doing with the money we send them (in cases of fiat to crypto exchanges), and who they are sharing our information with.

Also, consider if a cyber criminal wanted to steal user data, they wouldn’t need to hack the user, they could hack the exchanges.

See: Cryptopia Hacked Again via Crypto Insider: http://bit.ly/2T34Snm

We forget that the whole point of cryptocurrency, especially Bitcoin, is a peer to peer cash system outside of the fiat markets, that was protected by encryption and backed by trust. Now what we have is a space with over 1500 different coins/tokens and an ever growing number of exchanges offering them, where Crypto was meant to be used without trusted third parties, exchanges have in essence become those third parties.

Exchanges wanting to be compliant with government regulations have begun requiring ever increasing KYC or Know Your Customer Policies. Where first KYC was as simple as name and email address, today KYC includes name, address, telephone number and in some cases social security number or drivers license number. Enough information to steal an identity.

We in this space spend a lot of time talking about public/private keys, proof of keys and if hot wallets are worse than cold. But we forget to talk about does the exchange asking for our data use HTTPS, does it operate out of a country under sanctions, are the owner/operators of these exchanges involved with criminals or war criminals? And more likely, will this exchange sale my information to the highest bidder or give it to the first government agency that ask?

As we progress on the path to mass adoption, the likelihood the exchanges still in existence are run by criminal organizations or war criminals will become increasingly less likely but what will increase is the amount of exchanges willing to sale our data or give it over to government.

CryptoCurrency is still a new and exciting place to be but we need to be vigilant in our dealings with the companies that intend to be its gatekeepers.

Take Care

Jason Nelson

@dragonwolftech

Anatomy of a Phishing Scam

Recently, I was sitting in my home office working on a report. My cell phone rang. Normally this would not have been a reason for concern because I forward my work phone to my cell phone all the time.

So I answered the phone and a recording said, “this is AT&T, your account has been locked due to irregular behavior, please press one to unlock”. So obviously this was a scam, I looked at the screen and it said my name and nothing else, wherein normal instances, it would show my name and the name of my company.

But I was curious, so I pressed one. The next thing it said was “please enter your social security number”, definitely a scam so I hung up. I called AT&T and the customer service rep I spoke with verified that it was indeed a phishing scam and they have developers tools for users to deal with it.

The reason for this post is because we need to remember, especially those of us in IT or Cyber Security who think we “know computers”, that we must always stay vigilant. Despite what you may hear, the internet is still the Wild West.

So let’s look at this scam in detail:

  1. The phone rang, the ID showed my name as the caller. This is similar to phishing emails that show your email address as the sender.
  2. An automated voice said my account “had been locked due to irregular behavior”, refer back to number one.
  3. Next, I was asked to enter my social security number. Let’s think about this point for a moment, say I did enter my social security number, with that my telephone number and my name, they would have enough information to start stealing my identity.
  4. After I hung up, the first thing I did was call AT&T from the three-digit number for customer service, where I was able to speak to a rep and verify this incident as a scam.

This case is not unique to me, the reason phishing is called what it is, has to do with historical fishers used a wide net to catch as many fish as possible. The scam that I described above has happened to thousands, if not millions in one form or another. This is why CyberSecurity and awareness training should be a common practice, something that is discussed regularly at work and at home. It’s the only way to stay safe….as safe as possible.

Take care.

Jason Nelson @dragonwolftech

Personal Cyber Security: Using a VPN

“Sometimes paranoia’s just having all the facts”. William S. Burroughs

Having constant access to the internet has become a staple of modern life. Most, if not all, of us, have a personal computer in our pockets that give us access to a wealth of information undreamed of even forty years ago. It also allows us to connect with each other.

Companies race to get an edge on this connection and services like AT&T and Spectrum provide WiFi hotspots to their customers. While the quality of these hotspots is ….debatable, at least they are tied to your service.

Then there are the free WiFi services, the sort you find in coffee shops or airports, even buses may provide WiFi to attract riders.

In both cases, VPNs are a useful addition to any cellphone.

A VPN provides a variety of benefits, two of them that would benefit the average user is the ability to mask location and the direct funnel through the VPN to the Internet.

There is a multitude of VPN providers and you will need to do your research to find the right one for you but the one word of caution I will give you is this: stay away from so-called “free” VPN services.

Free VPNs are a case of “you get what you pay for”. Free VPN providers have no incentive to keep their services up to date or to protect your privacy. They have to make their money somehow and selling information on users is a sure way to make money.

Ideally, use a VPN that does not use personal identification information such as a name or email as a username. Also, look for VPN services that allow users to pay via PayPal or Cryptocurrency so that you can use the service without having to enter credit card information.

Make it a habit to turn on your VPN as soon as you leave home. There is a debate on whether this is necessary but from my experience, especially after using public WiFi, it doesn’t hurt.

Cyber Security is not just for corporations and we shouldn’t assume that we are safe. Be vigilant and take care.