Security — It’s about YOU not just your PC

Lots of stories have made the news lately about hackers getting in to Sony, and Nintendo, and NPR and…. the list goes on.   In addition, we have continuing stories about personal computers getting hacked, including the (impenetrable) Mac! [1.  John Gruber has declared that all the protestations about the Mac being vulnerable is simply PC folks “crying wolf.”   I  believe this to be a VERY appropriate analogy.  Remember, in the story the wolf finally does come, and no one believes Peter.  Imagine if people refuse to believe that the Mac is vulnerable.]

I just want to quickly point out a few things, as I prepare for tomorrow night’s Real Tech for Real People podcast (listen live at 9PM ET).

1.  It’s not just computer security–it’s your personal security.  Sony unfortunately stored way too much information about you on their site and in the clear meaning that the hackers got people’s passwords, and credit card numbers, as well as other personal identifying information.  Talk about “bad juju.”

2.  Safe computers are not “safe” any more.  No computer is safe.  And neither are you.  Gone are the days when malicious hackers want to destroy your hard drive, or play silly music, or just replicate their software.  Today’s hackers would prefer you not even know they have made it onto your machine.  They want your passwords.  Your bank account information.  Your social security numbers.  Oh, and your CPU cycles.

Today’s infestations are sneaky.  They don’t advertise through garish graphics and sounds. They sneak on and install keyloggers [1. a program that records all your keystrokes, and sends them off to someone far, or not so far, away.  Giving up user names and passwords simply by typing them in.].  Or Trojans, or Backdoors.  Or “rootkits.” They all have one goal–to NOT be detected while they steal your precious information, or your computer processing power itself.

3.  In an effort to steal your valuable information and even assume your very identity, hackers still rely on the most trustworthy of approaches–the CON.  Yes, they will practice “phishing”   tossing out bait through mass emails to see if anyone (you?) will log on to a look alike site (bank site, FaceBook, Twitter, whatever…) and then they will simply take your user name and password as you type it in.  Even more “evil” is the approach known as “spear Phishing.” In this attack they go after specific targets, sending emails that really do seem to be sent to you directly. You “trust” it…

According to the FBI Spear Phishing works like this:

First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization’s computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.

Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data.

Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

This particular attack has recently been made simpler by the loss of the email lists by the mass-marketing firm “Epsilon.”  Perhaps you received an email from one of your banks, or stores your frequent, or travel company, notifying you that their marketer’s system was hacked.  Sadly, this means you can no longer trust emails from those firms to not lead you astray.

All of these stories (and many more) should have you a bit concerned.  Computer security is now no longer about people stealing internet, or putting destructive programs on your hard drives.  No longer is it simply your $1000 computer investment that is at risk.

It is your identity.  And it is time to protect yourself.  In my next post I will share some tips, and software tools, that you can use to help build a protective barrier around your computer, and your identity.