Because of the increasing amount of cyber threats, it is now more important than ever to protect your identity online. To better understand why people commit cyber crime and how we can protect ourselves we interviewed Jennifer Arcuri, an ethical hacker and a founder of Hacker House, a company that provides experts in cyber security and ethical hacking.
Cyber security explained
Jennifer makes it clear from the start that "cyber security is the new 21st century way of warfare, just like a medieval way of defending your castle with a magical princess in it”. She claims that to protect “your castle” you have to understand the threat and decide how to protect yourself. She uses a simple analogy, saying: “Will you put a dog in there or have a full-time watchman with a bow and an arrow?” So just as you would secure the locks on your front and back doors, you must also anticipate every other way that an intruder could enter, such as windows or roof. She adds that understanding cyber security is just another way of protecting yourself.
Your digital footprint
According to Jennifer, it is very important to pay attention to how much information you leak out publicly and what kind of digital footprint you leave. However, most people tend to have the "I don't care, I have the door wide open" policy. “It's amazing when you leave the door wide open, but anyone can walk through it and sometimes you won’t even know about it. This quickly becomes an invasion of privacy and puts people in a place of being uncomfortable,” says Jennifer.
“I've grown up in Hollywood, in Los Angeles, and there is a belief that the more people see me, the better it is. The culture is very much about trying to be seen, but the reality is, you really want to make sure that people see the right stuff. That’s why guarding your digital assets is extremely important. Sometimes you could check in to 37 places in one day and if someone knows that you're out of town, that opens a whole new door.”
Why people commit cyber crime
Cyber attacks are very common. Jennifer says that there will always be someone who wants to make a quick buck in the black hat market by spamming sites, sending fraudulent malware or vicious links that can defraud and steal people's credentials. Also, if hackers target an individual, they would not necessarily start with that individual, but instead would choose an easy target, someone from their family, spouse or kids.
“The difference between when I entered the industry in 2014 and now is that there is more of an acceptance for cyber security as an art, as a form of a real skill. Nowadays, you can make far more money doing it the lawful and ethical way. Why would you ever try to break the law if you could gain a six-figure salary doing this professionally for an actual company?,” asks Jennifer.
Social media and buying online
“Facebook is one of the easiest places for people to be compromised because of the amount of information that it gives away. It tells us where you work, how long you've worked there, and who your friends are. If you don't want to be a target online then get rid of your Facebook account,” Jennifer says.
For example, if Groupon was hacked, hackers may not be able to access your password and your email in plain text, but they will be able to access those credentials because they will be saved in a database somewhere. “It's the same as when you put your credit card details on a database that's not securely protected. When you buy from a dodgy site and you enter in credit card details, you don't know where they save them or how they save them. You don't know if they're encrypting them. That's where you get a lot of this rampant credit card theft,” explains Jennifer.
If you get hacked
Jennifer certainly has experience dealing with hacking. “We often get calls from people saying, ‘my wife is cheating’, ‘my girlfriend's account got hacked’, ‘can you get in?’, even when people beg us for that help, we can't do it because it would breach the terms and services of a very big company,” she says.
If your social media account gets hacked, there is nothing that can be done legally or lawfully, but Jennifer recommends to use the government's action fraud line. She says: “Report it there because if the police are getting enough cases where they can see enough metadata for issues like this, then they can start putting together action plans for people.”
If your account gets hacked, Jennifer advises, the first thing you should do is change all your passwords because somewhere a trust boundary has been compromised. When you download a new app and they allow you to log in with Facebook, it is convenient, but the problem is that you are extending a trust boundary to any app. You assume they will have the same kind of security as Facebook does.
Security within your connected devices or Internet of Things (IoT)
Just think about all of the connected devices, such as your smart household appliances, connected vehicles, smart homes – they will bring even more convenience, but also more security risks.
“Internet of things has a lot of security issues because it runs on a very simple Internet Protocol, Telnet. Telnet protocol is where all devices connect to a network that is not necessarily secure. Telnet was eradicated for the most part in the mid-90s for computers. But as we've become more advanced, and with the advent of smart washing machines, dryers, microwaves and baby bags, everything still runs on this basic, simple protocol,” says Jennifer.
Most people might think that no one cares about hacking their microwave and they are right. However, as Jennifer explains further, “if I can hack your smart microwave, it could be a part of a DDoS attack [when multiple devices are compromised, this can cause denial of a larger-scale service] with tens of thousands other microwaves. I could access your inbox and possibly get your bank details. I could use your microwave in my botnet of other microwaves to cause bigger problems pertaining to gas or electricity.”
One of the real-life issues Jennifer mentions are baby monitors, which are one of the easiest things to hack. She says: “Imagine someone can see who goes into the bedroom, when and what a baby's doing at any time.”
Online connectivity is a great convenience and we, as consumers, have chosen it to be this way. “We have demanded convenience and security is just a byproduct. Consumers have to demand security – it will create more awareness,” says Jennifer.
How to better protect yourself online
Jennifer shares the following steps to ensure you are safe and sound online:
Change your passwords on a routine basis, every few months. If you are struggling to create or remember passwords, think of your favorite song and use a lyric, change it up or add some symbols. Changing passwords is important because someone can get in and store a password, and if that password is used across many different places, it is very easy to compromise many different areas of your life.
Do regular software updates. Everyone hates those little notifications at the bottom of the screen that say ‘Update your software’. Remember the recent NHS hack, which happened just because they were running out-of-date software?
Set up a two-factor authentication for both your email and phone. You need to be able to keep up good passwords and do not click on suspicious emails. Educating yourself is the single best thing you can do around security.