By: Center for Internet Security
The Center for Internet Security (CIS) recently published their monthly Cyber Tips newsletter, The Harm in Password Reuse.
Below is the content provided in the newsletter published by CIS:
From the Desk of Desk of Thomas F. Duffy, Chair
Every day malicious cyber actors compromise websites and post lists of usernames, email addresses, and passwords online.
By: Center for Internet Security
The Center for Internet Security (CIS) recently published their monthly Cyber Tips newsletter, Sun, Sand, and Cyber Security. This month’s newsletter focuses on securing yourself from cyber threats while on vacation this summer.
Below is the content provided in the newsletter published by CIS:
Every summer, vacationers put their house lights on timers and their mail on hold when they travel away from home.
It used to be that hijacking was something only done in person, but as we discuss in this blog post, online hijacking—where someone or some service takes over an individual’s online account—is now a growing occurrence. Not all forms of online hijacking are “criminal”; for example, browser hijacking— when your Internet search function is diverted to websites you never intended to visit or when advertisements are misleading and redirect you from the main website—may be a nuisance,
Much of the data individuals provide is assumed to be protected because it is anonymized—stripped of any information that identifies who those individuals are. Such anonymized data is everywhere. But how safe is the underlying assumption that individuals can’t be reidentified through such data? Unfortunately, as we discuss in this blog post, there is repeated evidence that this underlying assumption is not holding up—something that raises real concerns that people can be victimized through information they release that can be traced back to them and that makes this an emerging law enforcement issue.
On Twitter, the “#” sign refers to a hashtag—a way to group conversations together and make topics of discussion easier to discover and search. Our blog topic of discussion is #Greenbirds—which involves social media influencers on Twitter supporting the Islamic State (also known as ISIS or ISIL).
#Greenbirds: Measuring Importance and Influence in Syrian Foreign Fighter Networks—is a report from London-based researchers at the International Centre for the Study of Radicalisation and Political Violence who are studying foreign fighter networks.
What are bots, and why should lawyers be concerned about them? For this blog topic of discussion, bots are considered “a device or piece of software that can execute commands, reply to messages, or perform routine tasks, as online searches, either automatically or with minimal human intervention.” For law enforcement, such bots are an emerging threat because they are being programmed to carry out online tasks that sometimes can cross the line into illegal activities.
You may have heard of the terms “phishing” or even “spearphishing”—they both refer to attempts by bad actors to gain personal information to pilfer bank accounts or damage reputation. Phishing is a broader term for wide-reaching untargeted solicitations, whereas spearphishing concerns attempts to target a particular population set like veterans, the elderly, or employees of a particular company for example.
This type of targeting will be familiar with law enforcement, but what you may not know is that early hacking routines were known as “phone phreaking” and the word usage stuck.
With the increase in cell phone and social media users in the last decade, especially young users, the opportunity for cyberbullying has also increased. According to the Bureau of Justice Statistics, 9% of children reported being cyberbullied during the 2010-2011 school year, while the Youth Risk Behavior Surveillance Survey found that 15% of high school students were bullied.
Cyberbullying can be elusive to discover as it can take place in privacy, as in the form of harassing or threatening emails or texts from an anonymous user,
Cyber crime is a global threat to the economic and physical security of all nations. It is the leading crime problem facing the world today and law enforcement organizations must be prepared to recognize and investigate these crimes. The International Association of Chief of Police (IACP) in collaboration with Bureau of Justice Assistance, at the U.S. Department of Justice’s Office of Justice Programs, RAND Corporation, the Police Executive Research Forum (PERF), and other partners, developed the Law Enforcement Cyber Center.
Cryptolocker is financially-motivated ransomware that encrypts a user’s computer files and demands payment in either an anonymous currency (Bitcoin), or Moneypak payment cards. Propagation & Exploit is typically via spam email purporting to come from shipping companies or regarding business processes, dropped by other malware, thumb drives, and Yahoo! Messenger. Upon infection, Cryptolocker contacts the command and control (C2) server for a public RSA-2048 encryption key, which is downloaded and used to encrypt typical enterprise files types,
