From Fortune 500 companies to unsuspecting individuals, digital espionage has quickly become a problem on the forefront of the cyber newsfeed. While hacking is nothing new, the frequency and intensity at which information and identities are being stolen has increased, with billions lost each year in intellectual property, technological advances and financial accounts in the U.S. alone. With the most recent large-scale attack on the U.S. Government’s Office of Personnel Management leaving the personal information of an estimated 18 million people compromised, the world is scrambling for a solution to a danger that could lurk in the simplest email.
Digital Espionage 101
PHISHING LINKS: Most of these hacks start the same way: someone, either an employee in a large company or an individual surfing the internet, gets and email or comes across a site with a link. The link could be obvious spam, but more likely, it will be something incredibly detailed and relevant to the user or even an email sent from someone the receiver seems to know. Hackers dive deep into the corners of the internet to create these “phishing” links using personal information and known acquaintances to reach high-level targets online. Once the link is clicked, a piece of malware is unknowingly downloaded onto the user’s computer and waits until activated by the hackers. When this happens, the virus sends out a signal and begins transmitting data; all the while the receiver is likely unaware that any of this is going on, and could take months or years to detect.
PINEAPPLE METHOD: In other cases, a hacker accessing information can be simply sitting in the same coffee shop as you with a small device, known in the information security sector as a pineapple, that tricks phones and other wi-fi enabled devices into literally handing over usernames and passwords. The device fools phones and tablets into thinking that it’s your home wi-fi, and when your phone goes to refresh your email, Facebook and mobile banking app, it collects the usernames and passwords sent out to the servers. From there, hackers can share this information however they so choose. Your life is seemingly in their hands.
For corporations, preventing digital espionage can sometimes mean keeping employees from even taking their devices overseas to countries with high rates of infiltration, like China and Russia. The fear is that if the device is there, even if it’s turned off, it could be compromised. Government agencies have even started implementing a “clean” device only policy for employees, and do not allow anyone in high-risk countries to access government databases while overseas. Security company McAfee requires employees to travel “technology naked,” and if any device owned by someone that works at McAfee is inspected at the Chinese border, it will never be able to connect to McAfee servers again. Clearly, they mean business.
Who’s Behind the Hacks?
A number of the major cyber attacks have come from overseas, namely China, like in the case of the recent attack on the U.S. OPM, on government agencies attempting to corrupt major pieces of infrastructure, like sewage and electricity, or to steal the latest in medical or technological advancements to use or sell. In 2014 alone, there were two major acts of corporate digital espionage: one on casino/gambling company Las Vegas Sands Corp. and one on the major media corporation Sony Pictures.
The security hack on Las Vegas Sands Corp. was in direct response to comments made by majority stakeholder and CEO Sheldon Adelson during the Iranian nuclear conflict. His support for the U.S. resulted in Iranian “hacktivists” infiltrating the Sands system through a small casino in Pennsylvania and caused cataclysmic amounts of damage. The damage was so wide-spread, it resulted in entire Sands properties being cut-off from the internet, running only on the Sands’ internal mainframe that left room keys, casino floors and elevators working for a short time in February 2014. While the attack was contained to only U.S. properties thanks to quick thinking on the part of Sands’ president, Michael Leven, the costs for repairs amounted to at more than $40 million.
In the case of Sony, employees of the multi-national company were locked out of computers by a hacker group known as the “Guardians of Peace.” During the days that followed, several yet-to-be-released Sony movies were leaked, including Annie and Fury, and the personal information of nearly 50,000 current and former Sony employees was released. The hackers threatened to attack anyone seeing the upcoming Sony comedy, The Interview, set to be released on Christmas 2014. This led to an investigation of North Korea because of the central role the country and it’s dictator, Kim Jong-un, play in the movie. Sony made the decision to pull the film from theaters, although it was released to stream via online services on Christmas Day. While North Korean officials ultimately claimed the hack was a “righteous deed,” they vehemently denied any involvement until US officials determined that they were responsible the attack.
While large, public companies are typically the targets of hackers who want to steal information to either sell or to hold ransom, the amount of individuals being singled out based has exponentially increased.
Recently, North Texas’s own Kellie Rasberry of the Kiss FM Kidd Kraddick Morning Show was hacked by a teenager who not only stole her email login, but contacted her email and phone service provider and convinced them that he worked for her using all the information he gleaned from her emails. They handed over the last four digits of her social security number and other personal information, which he then used to change the logins to many of her online accounts. To hear more about her experience, listen to the AudioBoom below.
How do I Amp Up My Cyber Security?
Download antivirus software. Malware detector on this kind of software detects when your computer is prompted to download something suspicious. Run scans regularly to prevent anything from coming in on USB drives or CDs as well.
Turn off your wi-fi devices automatic connection feature. When you’re not at home, having this feature turned off will not only save battery, but it will also keep your passwords safe.
Be wary of suspicious emails. We’ve all seen the messages from the Nigerian businessman who needs to transfer money offshore, but what about your friend who “got a new email” and wants to share a link to a cool new car he’s restoring? The research hackers will do to get into your accounts is unlimited, and can include creating fake emails under the names of people you know! If it seems suspicious, contact the person another way to double check.
Don’t make your passwords obvious. Everyone has that one password we’ve used since 2005. Change it. Add numbers, add characters, do something to make it harder for people to guess. If they’re already in your email, but they have to guess a current password to change it, make it difficult.
While preventing digital espionage can seem simple, there are a thousand ways a hacker can get your information. Being cautious in how you store and share your digital property is just one step in protecting yourself.