Tag Archives: man in the middle

How Not to Get Hacked in Six Easy Steps

canstockphoto22219067Getting hacked is so easy that it is almost comical. Black people need to be aware that most hackers take advantage of human kindness, weakness, curiosity and even stupidity to get inside computer networks. Hacking is simple when the victim is willing to give the hacker a helping hand. Understand how easy it is not to get hacked and you’ll feel a lot better and safer online.

Step 1) Don’t take the bait! Phishing is the first simple step to getting hacked. A Verizon Data Breach Investigation Report revealed 23 percent of phishing recipients open malicious messages and 11 percent open attachments. The report showed that it only takes 82 seconds from when a phishing campaign is launched to when people start biting on the phony lures.  One of the the cardinal rules of email security is to not click on any link or download attachment that you are not absolutely certain of what it is and where it came from. If you receive an unexpected email with a link or attachment then call the person who sent it to you if you know who it is. Ask them what they sent you. Avoid any cute pictures, prayers, or jokes. That is how malware gets in your computer along with getting your email on spam lists. If you don’t know who sent it then delete instantly.

Step 2) Don’t fall for the phoney phone call! Much the same as phishing, the simplest way for attackers to gain access to users machines is to just ask for it. The age-old method of social engineering is still reliable.  This is when a hacker talks their victims out of information sometimes without the person even knowing it. On the phone they pretend to be an executive or someone in authority. Sometimes they smooth talk their victim into giving up information using compliments and encouragement. Or they may bully their victim and frighten them into doing or saying something they shouldn’t.

One of the most popular and effective scams is the IT support scam. A caller contacts the victim posing as IT help and asks for the user’s login and password. Sometime they will tell you things like your computer has a virus and it is spreading to your friends and family. Sometimes they may pretend to be a fellow employee or business partner and ask the employee to open a specific document that is actually something like a remote access Trojan or other malware.

Something to think about is that anti-virus software makers do not make outgoing calls to alert an individual that their computer is spreading viruses. Never, ever, share your user name and password with someone on the phone you do not know. Finally, if they claim to be working in the same company with you make damn sure they are who they say they are. Do not open any attachment or click on any link unless you know for sure that it is your company’s IT department you are dealing with. Most companies suffer hacking attacks as a result of employee actions. And most companies will not hesitate to fire you if you violate computer security rules.

Step 3) Stay up to date! Users are often hacked because their systems are not up-to-date and patched for common attacks. Hackers know what software is vulnerable. They look for computers that are using old outdated software to attack. The simplest way to protect yourself is to make sure your software is up to date. Learn to set your computer to perform automatic updates of all software. And stay up to date on the latest scams. According to Verizon hackers are still finding vulnerabilities in computers that are as much as eight years old.

Step 4) Get a strong a password!  Is your password just stupid? An easy to guess user name and password is simply begging to be hacked. Your user name and password is the key to your computer and all the information contained therein. In addition easy to guess user names and passwords also allow access to your bank and other sensitive online activity.  A good strong password is vital. You may even want to switch to two factor authentication if you conduct sensitive business online.

Step 5) Use caution on free WiFi! Researchers with Cylance recently provided solid evidence why you should consider taking an extra security step when utilizing public WiFi connections.The company strongly suggests using VPN on public WiFi networks.  Cylance discovered 277 hotels, convention centers and data centers in 29 countries used routers  with known vulnerabilities to offer WiFi to guests. Public and free hotspots are wide open for starting man-in-the-middle attacks and other means of establishing footholds in unsuspecting users’ machines. Hackers love to hang out in Starbucks, Panera Bread, public libraries and other places that offers free Internet access. They are waiting and watching you log into your bank account.

Step 6) Don’t put your business in the street!  You talk to much! Social media such as Facebook is another favorite hacker hunting ground.  Hackers do their homework.  The information you share on social media sites is exactly what makes a hacker’s jobs easy.   Sharing the name of your pet, your birthday, place of work and special relationship makes it easier for an attacker to guess passwords or the answer to password reset challenge questions.  For example the question “What city were you born in?” is an easy one to answer just by looking at your Facebook page.

This information can be used against you in order to create an extremely effective spear phishing message. Learn to stop sharing so much information on social media. The more you give away the more that can be taken away.

Now you know

 

ALERT! Superfish Contaminates Lenovo ALERT!

 

CompanyLogos_Lenovo%20LogoThe holiday season has passed and of course many African-Americans got cool new techno-gadgets for Christmas, If you purchased a Lenovo computer it’s time to pay attention.

Lenovo, the world’s largest computer maker, has been selling computers  with an adware/malware known as Superfish. Superfish is the name of a marketing company that produces software called Visual Discovery along with other products.This adware allows ads to be placed in front of the user based on the images they are looking at.

This function involves analyzing images that appear on your computer screen. It matches these pictures against a giant database of images in the cloud. It then places similar images on your computer screen.

For example, if you’re looking at an ad for a new digital camera, Superfish, going by the example in its database, presents matching cameras.

superfish_416x416The Superfish software on your new Lenovo laptop monitors which websites you visit, what you are looking at and searches for related sites. All this based on images instead of the old-fashioned keyword search we are used to.

Sounds good so far right? You probably have no objection to greater choice in shopping or cheaper prices.  But that is if you are aware that Visual Discovery was installed on your computer in the first place. And of course assuming that the software works in a way that doesn’t put your online privacy and security at risk. Sadly many people who purchased these Lenovo computers had no idea this was happening. That is why Lenovo is catching hell and you could be vulnerable.

We like to keep it simple at the AACR so lets tell it like it is. This software opens you up for what hackers call a classic man-in-the-middle attack. See Visual Discovery doesn’t just work inside your browser to see what you are looking at. This adware/malware contains a proxy. This component intercepts network traffic outside your browser so it can keep track of what you are doing, like online banking, user names and passwords. Starting to get the picture? Its an open door to hackers! I don’t think I need to go any further than that.

According to Lenovo the company only installed Superfish on consumer laptops between September and December last year. During the holiday shopping season! Do think that was an accident? Really?

Chrome and Internet Explorer browsers are affected because they use Microsoft’s Windows store of trusted certificates. If you use the Firefox browser the Electronic Frontier Foundation found as many as 44,000 Superfish certificates were run by users of Mozilla’s browser.

How do you know if your computer is infected?  Check Windows’ list of trusted certificates. Go to Control Panel and search for “certificates”.  A list of Administrative Tools will come up. Select the “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. If you see one with Superfish Inc. attached to it then consider yourself officially infected.

This is the nasty part. Even if you do find it, uninstalling the program does not solve the problem since it does not remove the certificate. So if you believe that Superfish is floating around inside your computer back up your data and update it to a new operating system; a new more secure OS. This is probably going to cost you some money but you can get that back and then some by joining the class action lawsuit.

Lenovo will no longer be using Superfish adware in its devices and will help customers remove the malware from their computers as quickly as possible. Lenovo also issued the following statement via Twitter: “We’re sorry. We messed up. We’re owning it. And we’re making sure it never happens again.” Lenovo also issued detailed instructions for removing the adware/malware as well as how to determine if the troublesome Superfish digital certificate is installed, and how to remove it. You can also find a published list of all machines on which Superfish was installed. You may want to check your machine.

 

 

 

Man-in the-Middle; Hackers Stealing Home Buyers Down Payments

Courtesy of Salvatore Vuono

Courtesy of Salvatore Vuono

Black home buyers beware! In a frightening development hackers are now stealing home buyers down payments. It seems that hackers have struck the real estate industry, in this case First American Title.  The scheme, known in technical circles as the “man-in-the-middle attack” works like this;  hackers intercept emails from title agencies to home buyers.  The email contains information for the wire transfer of down payment funds for the purchase of a home. Hackers alter the information putting in their own bank account numbers then send it to the home buyer.  The home buyer, suspecting nothing, wires his hard earned down payment directly to the hacker’s account.   First American Title is aware of the scam and issued this statement;

“First American has been notified of a scheme in which potential purchasers/borrowers have received emails allegedly from a title agency providing wire information for use by the purchaser/borrower to transmit earnest money for an upcoming transaction.”

“The messages were actually emails that were intercepted by hackers who then altered the account information in the emails to cause the purchasers’/borrowers’ funds to be sent to the hacker’s own account. The emails appear to be genuine and contain the title agency’s email information and/or logos, etc. When the purchasers /borrowers transferred their funds pursuant to the altered instructions, their money was stolen with little chance of return. This scam appears to be somewhat similar to the email hacking scheme that came to light earlier this year that targeted real estate agents.”

“It is apparent in both scams that the hackers monitor the email traffic of the agency or the customer and are aware of the timing of upcoming transactions. While in the reported instances, a customer was induced to misdirect their own funds, an altered email could conceivably be used to cause misdirection of funds by any party in the transaction, including the title agent themselves.”

This type of attack reveals the importance of using two-factor authentication for email. Larger email services such as  Gmail.com, Hotmail and Yahoo! all now offer this form of authentication. If you do business via email you need to use this authentication method.  Other services like DropboxFacebook and Twitter all offer additional account security options beyond just encouraging users to implement powerful passwords.

But none of this means anything if additional security is defeated by a hacker who get inside a computer or network  using some form of malware. I urge computer users to clean up their PC by using the guidelines found on KrebsonSecurity Tools for a Safer PC primer.

 

Breaking It Down

First things first, I am really sorry if someone lost their down payment for a home. That had to be devastating  to their heart and soul. What we have is a clear indication that someone’s computer system is not as secure as it should be. Malware can and does open your computer up for attacks and this is one way. In this example malware probably infiltrated someone’s computer and revealed passwords. That’s all it takes. When a hacker can get into your computer you have almost no defense. Be extremely cautious about attachments and advertisements you see online. A lot of malware comes into your computer that way. And familiarize yourself with what is known as a drive by download. I’m not laying blame on anyone here but sound business IT practices are an absolute necessity nowadays.  If you are using email to exchange business information then you need to be hyper alert to what can happen. Man in the middle attacks are more common than you would think. If this scam works on one real estate company it certainly would work on others. So First American Title is not alone in its vulnerability.  I would suggest you use every authentication method possible when dealing with large sums of money. If you have to call the realtor and ask them to confirm the information before you transfer money then do it! Better still, hand carry the check to the bank or realtor. Do what you have to do but be certain your money goes where its supposed to and protect your dreams.