Ralph Echemendia, the Ethical Hacker and CEO of Red-EDigital
Ira Victor, Data Clone Labs
My-Ngoc Nguyen, Executive Vice President, Link Technologies
The country's best hackers and cyber security experts just wrapped up the industry's two annual conferences in Las Vegas. Defcon and Black Hat draw thousands from the hacking and cyber security world to the valley. This year’s conference came at a time when these issues are in the global spotlight. Experts shared tips on avoiding common hacker schemes:
Top Ways You Can Be Hacked ...
Ralph Echemendia, the Ethical Hacker: The most common thing that I’ve seen in fact, is being mislead through email. I can’t tell you how many times I’ve worked on cases back here in Hollywood ... and not only in Hollywood, where people get kind of sent in the wrong direction, just through an email.
Two to three percent is the average – you spam 2 million people, two to three percent will fall for it ... there are some really really crafty (phishing emails) and people do fall for these. And you end up giving away your password.
Ira Victor, Data Clone Labs: Those do happen but I think the ones that aren’t getting as much publicity are called spear phishing attacks, where the cyber criminal will target senior executives in an organization. They’ll grab the information off of Linkedin, off of social media, off of press releases – they will profile executives in organizations for months, if not years. We have one case where the actual student of an executive from a senior in the company – there was an incident with a firearm in that school, and the cyber attackers were waiting, watching the news for an incident involving that executive’s family, and sent him an email within moments of the actual incident. And that email contained a spreadsheet that said there’s been an incident at the school, please don’t call the school, we’re under lockdown. Attached is an Excel file with the contact information for the principal and the school nurse and all these people, please review and we will get back to you. Embedded in that file was a malicious payload that then breached that organization’s security. So it is not just the generic phishing you need to worry about, but also very specific attacks that are going on against organizations right here in Nevada.
My-Ngoc Nguyen, Executive Vice President, Link Technologies: From a personal level, your computer can be used as one of the computers on the botnet to actually target other computers, and added to a set or collection so that criminals can sell it. It’s of higher value because it has a bigger set of social security numbers and credit card numbers and it’s actually one of a collection of many. Your system can be used to actually leverage attacks to others.
And How To Avoid Them ...
Echemendia: Make sure your computers are all up to date as far as patches – that’s been one of the main things as hackers go, you may not have all of your software up to date. Be more aware of the emails you get and where they’re coming from. If it’s not someone that you deal with regularly don’t be as quick on the draw to click on links. A third thing is on the financial side of things, I say be proactive in checking your accounts, things like credit cards and such, to ensure that you don’t see any charges that you don’t know about, because often times attackers will get access and just do like one transaction for a dollar, just to check if this card works. And I you see things like that, immediately notify your financial institution.
Ngyuen: Complex passwords. Individuals like to use simple passwords – don’t use the same password for your Facebook as you do for your bank account and vice versa. The other thing is when you’re going out into hotspots, when you’re going to Starbucks and McDonalds, be careful and don’t try to do your banking transactions there. It’s great, but there are attackers there that will actually put a wireless access point and connect with your information.
Victor: Many people are afraid to update software because they can't trust whether or not it's authentic. Get a professonal to help you ... do not run your computer as administrator when you are using it for anything other than installing software or making administrative changes. Run your computer in user mode. Hello, everyone in the Macintosh world. Your Macintosh is not free from cyber attack. Do not run your Mac as an adminstrator, which is how it runs as default.