Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    Researchers Say Office of Personnel Management Hack Leads to Ransomware

    Monday, March 27, 2017, 10:41 AM [General]
    0 (0 Ratings)

    In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

    Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

    The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

    Now, those who have become victims of this attack have found themselves being the target of ransomware.

    Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

    These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

    Who was Really Behind This Hack?

    Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

    Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    How to Digitally Secure The Remote Teleworker

    Thursday, March 23, 2017, 9:12 AM [General]
    0 (0 Ratings)

    If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.

    New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.

    Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:

    1. Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
    2. Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
    3. Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
    4. Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
    5. Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
    6. Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
    7. Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
    8. Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.

    Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    The Mind of the Misunderstood Cybercriminal

    Friday, March 17, 2017, 10:25 AM [General]
    0 (0 Ratings)

    There are a number of misconceptions about cybercrime and those who engage in it. To a cybercriminal, there is no target that is special unless they have a grudge or beef with a particular entity, and as a rule, they will often cast their net wide and then move to attack the easiest prey they find.

    Securityspecialists must never underestimate the actions of a cybercriminal. Records are easily shared and sold, and they are highly valued. This is especially the case when personal and medical information is the focus.

    Any plan that the security professionals design must be focused on these types of crimes. They must also be aware of any upcoming threats and ensure that all proper backups of data are in place.

    What are the Common Misconceptions Associated with Cybercrime and Cybercriminals

    The most common misconception about cybercriminals that is often observed is that these people have diverse experience and skills, which allow them to initiate a huge range of cyberattacks. This would mean that they would earn a large amount of money as a result. However, the truth is, many of the cybercriminals out there use automated software, which means they don’t require much training at all. According to a recent survey, the vast majority only make from $1,000 to $2,000 a month. But as many as 20 percent of cybercriminals are making more than $20,000 a month.

    Who are the Criminals Behind Cyber Crimes?

    For the most part, those who commit cybercrimes have a clean criminal record and do not have any ties to any organized groups. These criminals usually also have a stable job during the day and participate in these cybercrimes in their free time. Often, these people are introduced to cybercrimes during college, and many remain active in the industry for several years after they begin.

    The other cybercriminals have a bit of a different background. These people belong to cybercriminal syndicates that work within a hierarchy. There are highly skilled members of these groups, and each have certain responsibilities to ensure the success of their organization.

    Generally, these groups are controlled by a “boss,” who is the mastermind. They are typically highly educated, intelligent, and some are often connected with the banking industry, as they must arrange for things like money laundering. Additionally, these groups often include people who are professional forgers, as they often require fake documents to serve as paperwork to “prove” their schemes, and then the group needs those skilled in hacking, software engineering, and other technical operations. Some of the groups also include those familiar with law enforcement, as they are skilled with things such as gathering information and counter-intelligence.

    What is often so surprising is that members of these groups are often highly respected members of their communities, and many are seen as successful people in business. These people are also often connected to hospitality, real estate, or the automotive industry.

    These people do not think of themselves as regular criminals, and they rarely cross paths with others whom the general public might deem as “criminal.” They usually hide in the shadows and avoid any actions that might bring attention to them.

    To avoid all of this, it is best to use the assistance of a professional. They are familiar with how these communities run and how they react to certain actions. There are a number of way to research the dark web in a secure and safe manner without risking the integrity of your organization, but the professionals are best for this job. It is also important for businesses to utilize security teams. This ensures that they are capable of obtaining the data and stimulating the environment.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Woman Chained Like a Dog, Man Killed

    Tuesday, March 7, 2017, 9:14 AM [General]
    0 (0 Ratings)

    Back in August, 2016, Kala Brown and Charles Carver arrived to a 100-acre property in South Carolina for a cleaning job. Charles Carver never made it off the property, and Kala Brown spent more than two months in a metal shipping container, allegedly held captive by Todd Christopher Kohlhepp.

    In November of 2016, detectives were searching the property of Kohlhepp when they heard banging coming from the inside of a shipping container. When they opened it, they found Brown chained “like a dog.” According to Brown, she saw Kohlhepp shoot Carver, killing him, and then he took her hostage, chaining and locking her inside of the crate.

    Carver’s body was found on the property, and Kohlhepp is suspected of being involved with six more murders.

    Brown described her captivity as “hard,” and she said she remained chained for the duration of it. She also says that he did let her walk around a bit, and he fed her one time each day. She was finally found when authorities were searching the property after she was reported missing. Her cell phone was pinging on the property, but it took about two weeks before they could get a search warrant.

    Police reported that they had no indication that there was foul play when they began searching. The cargo container was located on the middle of the property next to a garage. After finding the body of Carver, the investigators brought in cadaver dogs to search the property. Additionally, ATV’s, backhoes, and even a helicopter circled the property. The cadaver dogs picked up some scents, and the excavation of the property, began. The investigation found two more bodies, that of Meagan McCraw-Coxie and Johnny Coxie, who had gone missing in 2015.

    Since his arrest, Kohlhepp has admitted to killing seven people in total.

    Public records show that Kohlhepp is both a licensed pilot and real estate agent. He does, however, also have a record. As a teen in Arizona, he was convicted of kidnapping and crimes against children, and he spent some time in prison for these crimes. He is also on the sex offender registry in South Carolina. This is due to a kidnapping in 1986, which coincides with the incident in Arizona. In total, Kohlhepp served 14 years in prison. According to sources, Kohlhepp kidnapped a girl, aged 14, took her to his home, bound her with duct tape and raped her. He was released in 2001.

    As is the case with many serial killers, most people who knew Kohlhepp were shocked by these allegations. One real estate agent that worked with Kohlhepp said that she had known him for a decade, and they had met in college. They had even been study partners for a statistics course. She was in disbelief when she heard that he had admitted the murders.

    She also said that most people in the area knew that he was a registered sex offender. However, he told people that it was due to exaggerated charges after he and a girl had gone joyriding and the girl’s father, who was a local official, became angry.

    Kohlhepp also had a second home in the area, and neighbors describe his as “private” but “pleasant.” He was also described as “a likable guy.”

    All in all, Kohlhepp was charged with a total of seven counts of murder and two counts of kidnapping. He was also charged with three counts of possessing a weapon while committing a violent crime. The relatives of other victims will reportedly file wrongful death lawsuits against Kohlhepp, and Brown has said that she will file a civil lawsuit. Kohlhepp is due in court on January 17th.

    Oh, and Jeffrey Lionel Dahmer, also known as the Milwaukee Cannibal, was an American serial killer and sex offender, who committed the rape, murder, and dismemberment of seventeen men and boys between 1978 and 1991. Apparently he was a likeable guy too.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Humans are Natural Predators

    Tuesday, February 28, 2017, 9:37 AM [General]
    0 (0 Ratings)

    According to a new study, genetics and evolution have made an impact on the murderous behavior of the human species. However, becoming civilized has tamed some of these instincts.

    Scientists have looked at the homicide rate of more than 1,000 species that kill their own, and noticed that there are similar rates of lethal acts. Essentially, this means that the evolution of these species can tell us a lot about how violent the species is.

    This study, which was published in Nature, says that humans lie in the middle of a quite violent group of mammals that have all evolved together…and these mammals have a very violent and murderous past. What does this mean for us? It means that humans have likely inherited violent tendencies from our ancestors.

    Let’s look at the numbers. When looked at as a group, the rate of all mammals murdering their own is about three in 1,000. However, when we look at our ancestors, and many primates, for that matter, this number is closer to about 20 in 1,000. In certain periods of time, this number even rose to about 120 in 1,000, such as during the medieval era, which ran from around 700 to 1500 A.D. Fortunately, we have seen these numbers fall, and when you take humans, alone, the current rate is about 13 in 1,000. So, we are now much less violent than we were just 1,000 years ago.

    It’s true that we, as humans, are killing each other less than we used to, but we are still not as peaceful as some of our mammalian cousins. For example, killer whales, which are one animal that has a high level of intelligence, has a rate of violence against its own of around zero. In fact, most whale species are quite peaceful to their own kind.

    So, we are more violent than whales, but when compared to mammals such as baboons, cougars, and lemurs, we are far less violent, as these animals have murder rates closer to 100 per 1,000.

    Since this study examined violence in a way that compared closely related species, it’s not a surprise that these species had similar levels when looking at violence. Furthermore, the more closely related a species is to another, the more similar their levels of violence.

    It is difficult to calculate rates for lethal violence for our ancestors, but we can get a rough idea based on looking at archaeological findings. What was found after looking at thousands of these sites is that things such as culture and government lower the rates of lethal violence. This also suggests that the level of murder among species is reversible, and that it might increase or decrease based on social, ecological, or cultural factors. These findings are similar to a previous study from Harvard that looked at the history of violent crimes, such as rape, as well as war, murder, and bigotry.

    When we look at all of these facts, humans are social, territorial, and naturally violent. But, as modern society has become developed and we have engaged in more civilized activities, the rates of violence have fallen. What’s really interesting is that this study shows that most mammals are not murderous towards their own kind, but others, such as wolves, lions, and primates, including humans, actually do engage in this behavior. What it could come down to is that mammals that are murderous towards their own kind are both territorial and social.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 39  •  1 2 3 4 5 6 ... 39 Next