Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    What Was Scary About Blackhat 2017?

    Wednesday, August 2, 2017, 11:24 AM [General]
    0 (0 Ratings)

    As you might know, at the end of July, all types of hackers came to Las Vegas to attend Blackhat 2017. During the conference, some pretty scary hacks were exposed, and we can all take this as a lesson on what we are up against in this technology-heavy world. Here are some of the scariest hacks we learned about during Blackhat 2017:

    Carwash Hijacking

    Nothing is safe from technology, and these days, carwashes are an unexpected target for hackers. It is perfectly possible that a car wash could be hacked, controlled remotely, and used to destroy vehicles. Scary.

    Hacking Cars

    Speaking of vehicles, it was also revealed how easy it is for a pro to hack automobiles. Just last year, Chinese hackers were successful in hacking a Tesla S. The hackers disabled the brakes, so Tesla updated security in its cars. However, recently, the car company was hacked again, showing that hackers always find a way.

    Oculus Headsets and Hoverboards

    Another scary hack participants learned about was that hackers can access hoverboards and the Oculus Rift headsets. These hacks could cause the devices to shake uncontrollably, bringing harm to those who are using them.

    Printer Hacking

    Michael Howard Chief Security Advisor of HP and painfully demonstrated that only 18% of IT security managers are concerned about printer security where as 90% are concerned about PC’s. That stat is one reason why ?92% of Forbes Global 2000 companies experienced a breach in 2016 which in part resulted in 4 billion records breached worldwide. According to the Ponemon Institute, 60% of data breaches reported by companies involve printers. Very scary.

    The Motivation of Adversaries

    We also learned that hackers wanting money, data, or intelligence aren’t their only motivation. More and more, they are motivated by the ability to manipulate people, to undermine democracy, and to wreak havoc for journalists and activists.

    Wind Hacking

    Wait, what? Participants at Blackhat 2017 also learned about how the bad guys are hacking the wind. Well, not actually the wind, but the systems that create wind energy. The main motivation here is money. Just one hacked turbine can cost anywhere from $10,000 to $30,000 per hour. That’s a lot of leverage for hackers who only need to hack a single turbine to demand ransom to set the turbine free.

    Hacker Masquerade

    Hackers are also using a savvy technique to hack phones. Chinese hackers are switching from targeting high tech LTE networks to slow 2G technology. This means, when our phone switch to a slower network, which happens if the signal isn’t strong, even if you have great security, your phone can still be hacked.

    Facebook Bounties

    These are some of the scariest hacks we saw at Blackhat 2017, but never fear, white hat hackers are on it. In fact, companies like Facebook are offering cash, up to $1 million, for developers who create software to keep users safe. OK, not scary. But good.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Black Hat 2017 was an Amazing Event

    Saturday, July 29, 2017, 11:44 AM [General]
    0 (0 Ratings)

    In July, more than 15,000 security pros, hackers, hobbyists, and researchers met in Las Vegas for the Black Hat Conference 2017 at Mandalay Bay in Las Vegas. This was the 20th year that the security conference was held, and both black and white hat hackers joined together to discuss security.

    For two decades, Black Hat has gained a reputation for demonstrations of some of the most cutting-edge research in information security as well as development and industry trends. The event has also had its share of controversy – sometimes enough to cause last-minute cancelations.

    Launched in 1997 as a single conference in Las Vegas, Black Hat has gone international with annual events in the U.S., Europe and Asia.

    Black Hat 2017 was almost a full week of everything having to do with IT security. There were hands-on training sessions, a full business hall where vendors gathered with swag and products, and of course, parties. I hit 5 parties in 3 nights. I’m totally spent.

    This is a conference that attracted some of the brightest people in the world of security, and has a reputation for bringing together all types of professionals and amateurs interested in hacking, security, or the latest in encryption.

    What’s interesting about Black Hat 2017 is that there is something for everyone. From hackers trying to hack hackers to remaining “off the grid,” you never know what you might find. In fact, most people who attended this conference decided to stay away from electronic communication all together. Let’s just say leaving devices in airplane mode, shutting off Wi-Fi, using VPNs, and always utilizing two-factor authentication for critical accounts is the norm during the conference for veteran attendees.

    One of the most popular parts of Black Hat 2017 was the briefing on business protection. It’s important to note that many companies have employees that simply don’t comply with security policies. Additionally, these policies aren’t governed enough, and it is costing millions. In her presentation Governance, Compliance and Security: Three Keys to Protecting Your Business, the speaker from HP, Sr Security Advisor, Dr. Kimberlee Brannock, during her 16-year tenure at HP, Dr. Kimberlee Brannock has used her extensive education and experience in compliance and governance to shape HP’s security standards. shared why it’s not always enough to secure business networks and why governance and compliance really matters. With 25 billion connect devices by 2020, maintaining proper network and data security compliance is an important concern for any business, as noncompliance costs businesses an average $9.5 million annually through fines, lost business and lawsuits.

    Another very popular briefing at Black Hat 2017 was Staying One Step Ahead of Evolving Threats demonstrated on average, an organization has more than 600 security alerts each week, and over 27,000 endpoints leading to 71% of data breaches starting from the endpoint.

    Most put in thousands of hours, and dollars, for that matter, on securing servers, laptops, and data centers, but many companies are ignoring other areas of security vulnerability. One of the best things about this briefing was that the leader, Michael Howard from HP, Chief Security Advisor, as Worldwide Security Practice Lead, Mr Howard is responsible for evolving the strategy for security solutions and services in Managed Services. He gave a lot of information on printer security, something that most businesses fail to address. He used real-world examples of how some of the most secure organizations are still lagging in their print security and share how he uses a proven framework to secure the print infrastructure.

    Overall, Black Hat 2017 was an eye-opening experience, and with the world of network security changing all of the time, all in attendance surely learned something new. I met a ton of very cool characters, partied hard, drank too much, ate too much, slept none and to keep my data secure, I’m considering moving off grid to a cave in the Outback of Australia.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Blackhat Hackers Love Office Printers

    Friday, July 28, 2017, 10:50 AM [General]
    0 (0 Ratings)

    The term, or in this case the word “blackhat” in tech generally refers to a criminal hacker. The opposite of black is white and a “whitehat” is a security professional. These terms originate from the “spaghetti western” movies when the bad guy cowboy wore a black hat and the law wore white hats. Fun huh?! Blackhat is also the name of the largest conference on the planet for information security. The conference itself is 20 years old and as Alex Stamos who is the CSO for Facebook and also Blackhat 2017’s keynote speaker said “Blackhat isn’t even old enough to drink” That statement reflects just how far we’ve come in information security and also how much more there is to do.

    One of the presentations at Blackhat discussed printer security called “Staying One Step Ahead of Evolving Threats” by Michael Howard Chief Security Advisor of HP and painfully demonstrated just how much more there is to do.

    Do you ever feel as if your office printer is dangerous? Most of us don’t. In fact, more than half of businesses don’t even bother adding printers to their security strategies. Mr Howard stated only 18% of IT security managers are concerned about printer security where as 90% are concerned about PC’s. That stat is one reason why ?92% of Forbes Global 2000 companies experienced a breach in 2016 which in part resulted in 4 billion records breached worldwide.

    Hackers know this, so office printers are the perfect target for them. Remember, printers are connected to the network, and if unprotected, they are easily hacked. According to the Ponemon Institute, 60% of data breaches reported by companies involve printers. So, why do hackers love printers? Here are a bunch of reasons:

    Networks are Vulnerable

    Even if you have a firewall, there are several devices that might be on a network that are access points to that network. When you don’t add your printer to your security plan, it becomes a welcome access point to hackers. Once they get in, the consequences could be terrible for a business.

    Hackers Can Get Useful Data

    The data that hackers can get from printers that are not protected is unencrypted. If one of your staff members sends sensitive information to the printer, yet it is unencrypted, the hackers can read it. Mr Howard shared how one universitys unsecured printers led to students hacking tests days before they were taken, giving the students a significant advantage. Do you really want your company’s data to be open like that? All hackers have to do is take it if the printer isn’t protected.

    They Know They Can Access Other Devices

    Hackers also love office printers because they know that once they are in, they can access other unprotected endpoints on the network. Mobile devices are an excellent example of this. It is quite challenging to secure access to all of these devices. The more devices that are connected to the network, the easier it is to access it.

    Information Leaks

    How many times have you printed something at the office and let it sit in the tray for a while? This happens often. Hackers know this, too, and they can essentially print anything once they have access to the printer and retrieve it at any time. This easily opens up the business to compliance issues.

    Finally, hackers love office printers because they get inside access. ?Once the printer is compromised, so is the rest of the network.

    • Change the printers default passwords.
    • All computing devices including printers need encryption.
    • Printer hard drives have lots of data. Destroy hard drives prior to recycling or reselling.
    • Printer firmware and software needs to be regularly patched and updated.
    • Use “fleet management” tools to ensure all of the companies devices are protected.

    When businesses implement security policies and procedures that directly address endpoints, including printers, they significantly reduce risk and maintain proper network and data security compliance.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    ISPs invading Subscriber's Privacy

    Wednesday, July 26, 2017, 10:52 AM [General]
    0 (0 Ratings)

    It’s hard to keep track of the news of politics these days, and even if you can, how do you know it’s even real? The political landscape has greatly changed since January, and there have been a lot of laws passed that will affect us all, including the repeal of a law that protected your privacy on the internet. Basically, with this repeal, your internet service provider, or ISP, can sell your browsing history to anyone.

    If you use the internet, you will be affected by this law. Not only will this change allow your ISP sell your browsing history to the highest bidder, it could also make it easier than ever before to access information about your family, your finances, and your health. Your ISP can now sell this information to companies, and they don’t need your permission to do so.

    So, what does this mean for you? After all, you might not think it really matters that much. In simple terms, it means that your ISP can collect data about your browsing habits, create a record of this, and then sell it to advertisers. Think about your browsing history yesterday. If you want, open it up right now from your browser. One minute, you might have been buying dog food on Amazon, and then next, reading the latest news from the Kardashians. Regardless of if you want advertisers to know that you are a Kardashian fan, or not, to them, your data is a gold mine.

    Now, think about your browsing history over the past few weeks or months, and then consider that your ISP knows each and everything you have searched for. It knows about that weird smell coming from your laundry room that you checked out online, and it knows that you have listened to that catchy new pop song a few times. It also knows your deepest worries, your sexual preferences, your political leanings, and what you are feeding your family. This information is invaluable to advertisers, but do you really want it getting out?

    Luckily, you have options, one of which is called a VPN, or Virtual Private Network, which will encrypt data. Some of these, such as Hotspot Shield VPN, a client, is a good option. Also, start paying attention to those cookies and delete them.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Protect Your Mobile from Hackers

    Wednesday, July 19, 2017, 11:24 AM [General]
    0 (0 Ratings)

    If you are like most of us, you probably have a password, antivirus program, and a firewall for your home computer to protect it from hackers. Are you doing the same thing for your phone?

    From 2015 to 2016 malware infections on smartphones swelled by 96%, and about 71% of the smartphones out there do not have any software at all to protect them. What does that mean for you? It means the odds are against you when it comes to getting your phone hacked. Luckily, there are some things you can do to protect your mobile phone from hackers:

    • Update Your Operating System – Many people skip updates for some reason. Don’t put it off. Most of these updates contain security fixes that your old operating system didn’t have.
    • Put a Lock On It – If your phone doesn’t have a passcode on it, it’s like leaving the front door of your home open for burglars. Hackers will get in; it’s just a matter of time. If you can, use a biometric method, like a swipe or finger tap. In addition, set up a good passcode. Make sure it’s totally unique and nothing a hacker can guess, like your address or birthday.
    • Use Caution with Public Wi-Fi – Public Wi-Fi is great, in theory, but it can also be dangerous, as it is very easy for hackers to access your info. It’s usually pretty safe to use a public Wi-Fi connection for things like catching up on the news or watching a movie, but don’t put any personal information into your device such as your banking password or credit card number.
    • Check Up On Your Apps – Hackers often use phone apps to access data. So, to make sure you are really safe, make sure to delete any apps that you aren’t using regularly. An outdated app can be dangerous, too, so make sure to always update when one is available. Also, only download apps from reputable sources like Google Play and iTunes.
    • Use a VPN – Finally, use a VPN, or virtual private network. This will encrypt your information when you use it over a public network. They are free or cheap, usually $5 to $30, and that small investment is definitely worth it for your safety.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    7 Ways to Prevent Getting Locked Out of Your Home

    Wednesday, July 12, 2017, 9:23 AM [General]
    0 (0 Ratings)

    Be honest. Do you have a key to your house under your doormat or a flowerpot? If you do, you might as well put a sign out that says “Come rob me.” This isn’t to say you shouldn’t have a key somewhere, though. After all, you might need it one of these days. However, there are better places to hide your house key:

    • In a Lockbox – A key lockbox is a good idea. These have a combination that you will need to get into it, but, of course, you have to remember that combination.
    • In Your Car – You also might consider leaving an extra house key in your car. The glove compartment or under a floor mat are good options. Even if someone breaks in, they aren’t going to be looking for a house key.
    • In a Fake Rock – You can also use a fake tock to hide your house key, as long as it looks like a real rock, and as long as it blends in. If the fake rock stands out like a sore thumb, it’s not one that you should use.
    • Under the Siding – Hiding the house key under your siding is another method to consider. Tie thin wire or strong string to the key, and then push the key under the siding so that only the string hangs out. When you need it, simply pull the string.
    • At Another Home – Do you have neighbors that you trust? If so, consider hiding the key at their house, and then offer to allow them to hide their key at yours. Even if their key is discovered, it won’t work in your locks.
    • Upgrade to an Automatic Garage Door – If you can access your home through the garage door, consider a keypad for the garage. Then, you can simply use a code to open it. Just be cautious that you aren’t sharing the code with anyone and everyone.
    • Ditch Your House Key – Finally, consider upgrading your locks to a key-coded lock. These programs can be programed at anytime and anywhere, and they aren’t super expensive. The simplest locks are about $35, and go up to a couple of hundred, depending on the features. This will definitely solve all of your house key problems.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Are you Scam Aware or a Sitting Duck?

    Wednesday, July 5, 2017, 10:24 AM [General]
    0 (0 Ratings)

    You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

    One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

    Do You and Your Staff Know What To Avoid?

    Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

    • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
    • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
    • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

    Reporting Scam Attacks

    It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

    It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    How to Delete Yourself from Social Media

    Wednesday, July 5, 2017, 10:22 AM [General]
    0 (0 Ratings)

    Have you been thinking that it’s time to make the drastic choice to remove yourself from social media? Most of us were quick to join the social media bandwagon, but these days, you might have worries about privacy. Though it’s possible to delete yourself from social media, the process isn’t easy, and it might not be totally foolproof.

    Why Do You Want to Leave?

    Before getting into how to delete yourself from social media, it’s important to ask yourself why you want to leave. Experts say totally deleting yourself might not be the best move. For instance, a potential employer, who will more than likely search for you on social media sites, especially LinkedIn, might wonder what you are trying to hide. There is also the fact that removing yourself from social media can make you look boring, unhip, or illegitimate.

    Deleting Your Accounts

    If you are sure that you want to delete your social media accounts, there are sites that you can use to find out how. These include:

    • Deseat.me
    • Accountkiller.com
    • Justdelete.me

    Are Deleted Accounts Really Deleted?

    Even if you have deleted your social media accounts, it’s important to make sure that you are fully deleting them or simply deactivating them. Some sites, even after you delete the accounts, will continue to retain the data you supplied.

    Delete All Social Media, Not Just The Big Four

    If you are serious about deleting your social media account, make sure that you are looking beyond the big four: Facebook, Twitter, LinkedIn, and Google Plus. Other sites have your data, too, including sites like Flickr, dating sites, blogs, support forums, Amazon, eBay, etc. There are also old social media sites you might not use anymore, like MySpace. Whether you have signed in lately or not, your old MySpace could be lurking out there.

    What You Will Lose…and Gain…From Deleting Social Media Accounts

    You will lose and gain when you delete your social media accounts. You stand to lose your marketing presence, for one, and you might not be able to go back. You also might lose touch with friends and family, or your sense of community. On the flip side, though, you will gain more time and probably have less anxiety.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Half of American Adults on FBIs Biometric Database

    Wednesday, June 21, 2017, 10:32 AM [General]
    0 (0 Ratings)

    Here’s a bit of a shock for you: about half of all adult Americans have a photograph stored in the FBI facial recognition database. What’s even more shocking, it is that these photos are being stored without the consent of the individuals. Approximately 80 percent of the photos the FBI has are of non-criminals, and might take the form of passport or driver’s license photos. Furthermore, there is a 15 percent rate of inaccuracy when matching photos to individuals, and black people are more likely to be misidentified than white people.

    You can’t deny that this technology is very powerful for law enforcement, but it can also be used for things like stalking or harassment. There is also the fact that this technology allows almost anyone to scan anyone else. There are no laws controlling it, either.

    If you think that’s scary, consider this: The technology to do this has been used since around 2010, and the FBI never informed the public, nor did they file a privacy impact assessment, which is required, for five years. Where is the FBI getting this information? From the states.

    Basically, the FBI made arrangements with 18 different states, which gives them access to driver’s license photos. People are not made aware that the FBI has this access, nor are they informed that law enforcement from across the country can access this information.

    Just last year, the GAO, which is the US government accountability office, took a look how the FBI is using facial recognition and found that it was lacking accuracy, accountability, and oversight. They also found that there was no test for a false positive nor racial bias.

    What’s even more interesting is that several companies that develop this technology admit that it should be more tightly controlled and regulated. For instance, one such company, and the CEO, has said that he is “not comfortable” with this lack of regulation, and that the algorithms that are used commercially are much more accurate than what the FBI has. But, many of these companies are not willing to work with the government. Why? Because they have concerns about using it for biometric surveillance.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Getting Owned or Pwned SUCKS!

    Tuesday, June 13, 2017, 3:27 PM [General]
    0 (0 Ratings)

    A well done New York Times article recently re-introduced this topic to the masses. Being “owned” isn’t new, but the term is not becoming part of popular culture. If you use the internet or are often on social media, odds are good that you have been OWNED. Whether you are called out for a misspelling on your latest Facebook post, or you were proven wrong after sharing a “fact” or post from another site…you have probably been owned.

    The word “owned” comes from the hacker world, and real “ownage” is not just about proving you wrong. You might also see it as “pwned,” which is pronounced “poned.” It is actually about stealing your private information, and then shaming you or diminishing your worth as a person. The best at “owning” can actually control your virtual presence.

    Take a look at the email hacking scandal that Hillary Clinton went through during the 2016 presidential campaign. Though there was nothing of consequence found in those emails, the act of being hacked, or owned, alone, could have been the reason she lost the election.

    Take a look at President Trump, too. You have surely noticed that he is doing his best to own as many people and even foreign governments as he can. Owning is a form of “one upping” and it can get nasty.

    Getting owned is nothing new. In fact, Aristotle even talked about similar acts. Today, we just do it virtually.

    In the case of hacking, when a hacker owns someone, they are showing that they have superior abilities. The word is also used in the gaming community to describe the act of mastering game play or besting opponents. Of course, we also use the word owned in the real world, when we drop a well-timed joke or have the opportunity to prove another person wrong. You might have even owned someone yourself.

    Ownage equals power, and the concept of ownage is constantly evolving. The most successful owns are those that target the know-it-all; people who think they know more than they actually do. However, if you start owning, you simply set yourself up to be owned…and that really SUCKS.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 22  •  1 2 3 4 5 6 ... 22 Next

Blog Categories