CWT Blog

Apple Breached?

Story:
On March 21st of this year, Motherboard released an article about a possible security breach to Apple and its iTunes’ accounts.  According to the article, a hacker group calling themselves the ‘Turkish Crime Family’ has acquired a cache of iCloud and other Apple user names and passwords and are attempting to extort Apple for $75,000 in bitcoin or $100,000 in iTunes gift cards.

Apple has stated that there have been no breaches to any of their systems.  According to an article from Wired, Apple has stated, “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services. We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.”Apple has gone on to say that they do not perceive the hacker group as a credible threat.

Apple has gone on to say that they do not perceive the hacker group as a credible threat.  In some ways, it is easy to see why they feel that way.  I’ve honestly waited until now to write about this because the more that is published and I read, the story seems to change and the group even changes their story.  Even in the first article, there was a discrepancy in the number of accounts the group claimed they had in their position.  Now, from all that I’ve read, they’ve either upped their demands or the story keeps changing.  Now the threat includes everything from locking people out of their accounts to wiping 250 million iPhones.  They have even apparently given a deadline of April 7, just 3 days away, for Apple to comply with their demands.

Recommendation/Solution:
Regardless of the threat credibility, the solution for everyone is actually quite simple.  The simple answer to this problem if you are worried is . . . change your iTunes password.  I know it sounds so repetitious of me, but it really is that simple.  If what the hacker group has is truly active credentials for iTunes/iCloud, then we can all just take away the threat by changing the passwords so that whatever the information they have is no longer any good.

My personal recommendation is to do just that.  I have already changed mine.  I suggest you change yours.  Now, I know that many of you have multiple Apple devices that will require you to update your password once you change it.  I am not different.  I have 4 devices that will need updating with my new password, but it seems a small price to pay to protect myself and my data.

Remember, the group has given a date of April 7, so I suggest changing your password as soon as possible if this worries you at all.  For the sake of fair play, below I’ve provided three links to different articles to let you decide for yourself.  My opinion is still the same though.  It’s a simple fix versus rolling the dice.

Motherboard Article
Wired Article
Fortune Article

As always, be safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

Kids, Technology, and Security

Being the father of teenage twin daughters, I’m continually surprised and impressed at the amount of technology they use in school and in their lives compared to when I was a teenager.  Over the course of the last several weeks I have had the privilege of speaking to several classes at my daughters’ high school about cyber security and identity theft.  The classes that I have been speaking to belong to the school’s “LIFT” program.  This special set of classes prepares and competes in a really innovative event called Future Problem Solving or FPS.

While I love everything about this concept and event, especially with the subjects that they choose to tackle, I wasn’t sure what to expect when I was asked to come speak on these subjects.  Usually these kids have done tons of research and are very informed on their topics.  To be fair, they had just started researching this one, but the most amazing part to me was the lack of basic security knowledge and understanding inside a group of very intelligent teenagers from a generation that has been completely saturated with technology their whole lives.

Don’t get me wrong, there were some things that they knew.  However, when I started on the discussion of passwords and best practices surrounding them for protections, they were as surprised as the adults I often speak to.  They had a general idea of what malware is, but no real understanding of how it works, spreads, or how dangerous it is.  When I discussed social engineering, they hadn’t really heard of even the most basic and oldest concepts.  I was very shocked.

To their credit, they did have some understanding of social media dangers, which makes sense and made me breathe a small sigh of relief.  The most amazing part was that as I started connecting some of the dots for them and teaching about some of the real dangers out there and how identity really gets stolen digitally as well as just basic cyber security practices everyone should be aware of, they latched on and soaked up most of what I had to say.

Don’t get me wrong here.  I am not knocking these kids.  They were all great and let’s be honest, the reason they didn’t know a lot of what I spoke about is because we, the generations ahead of them, have not taught them.  Again, to be fair, I do this for a living and so I do take my own knowledge for granted sometimes, but many of the things I discussed were things that in my mind everyone should know and be on the look out for.

Honestly, speaking in front of these classes opened my eyes even further to the need for general education and training for everyone so that they can simply protect themselves.  It was also a nice confirmation that the services we offer as a business are just as needed as I have suspected.

I do ask this of you, my readers.  If you have kids, teenagers especially, please start teaching them good cyber security practices, password hygiene, and responsible social media usage as soon as you can.  Also, please start using them yourself.  Protect yourself! Your online presence has so much more information about you out there than you realize and you need to take care of it.

Remember that if you need help, advice, or services to help protect you, that is what Cyber Watchtower is here for.  We are here for you and your family to make sure that you stay as safe online as you possibly can.

Austin Bynum
Chief Watchman
Cyber Watchtower

Yahoo! . . . Again and Again and Again

If you have been reading my blog entries, you know that Yahoo, one of the first and largest dot coms, has been having a lot of security headaches over the past few years.  Most recently you may remember that a breach originally reported to have exposed 500,000,000 user accounts was updated to twice that many, 1 billion user accounts.

Oddly enough, with all of the media coverage on this huge issue, another, more disconcerting issue was reported by Yahoo in December of 2016, largely flew under the RADAR.

This new issue had nothing to do with user names and passwords being compromised, but according to Yahoo, they “believe an unauthorized third-party accessed the Company’s proprietary  code to learn how to forge certain cookies”.  What does this mean?  It means if your account was a victim of one of these “forged cookies”, the malicious parties didn’t need your user name or password to access your account.  The new cookies allow them the access accounts without credentials.

According to Mohit Kumar, CEO of The Hacker News, “Yahoo began warning its customers just last month that some state-sponsored actors had accessed their Yahoo accounts by using the sophisticated cookie forging attack.”

He does go on to say, “However, the good news is that the forged cookies have since been “invalidated” by Yahoo so they cannot be used to access user accounts.

Below is a link to the full article:
Yahoo Reveals 32 Million Accounts Were Hacked Using ‘Cookie Forging Attack’

While it is a great thing that the issues was discovered and the cookies were invalidated, there are still major questions and issues that linger for me.  It might not seem like as big of an issue since it only affected 35 million users.  However, what is most disconcerting to me is that an “unauthorized party” was able to access “proprietary code” from the company.  That is usually the most protected asset of any company like Yahoo.

The other major issue is that the compromise completely circumvents normal authentication, i.e user names and passwords.  This means that even if users changed their passwords or other security measures, it likely would have little impact on the malicious party’s ability to access the accounts.

What does this mean for you?
First, if you have one of the accounts that could have been compromised, you should have received an email from Yahoo regarding it in the last month.  Follow the advice that they gave you, but I would also change every bit security with them that you can.  This means, your password, your security questions, and even turning on any form of secondary authentication they have available.  If you are more daring and can, I’d say close any affected Yahoo account you have and change services.  Things are not looking good for Yahoo and they are about to be sold and split up anyway.

Second, as always, keep a close watch on all your security surrounding any online account access you have.  Your email accounts, believe it or not, are just as important as your bank accounts.  Why?  Because, if your email is compromised, then a malicious party can issue password resets on your accounts and get into your email to complete them.

Summary
Honestly, as important as cyber security is in today’s world, and considering the size and penetration of Yahoo, I am seriously worried about anyone who uses them for anything now.  Yahoo just can’t seem to get things together or protect anyone anymore.  Perhaps that is unfair, but hey, 3 strikes and all.

As usual, I strongly encourage you all to keep a close watch on everything you do online from banking to email and from social media to online purchasing.  Be careful out there and remember that Cyber Watchtower is here if you need us or our help with any of these issues, Yahoo or otherwise.

Austin Bynum
Chief Watchman
Cyber Watchtower

2016 – The Good, The Bad, and The Scary

2016 was quite a year in regard to the internet and its usage, not to mention users’ increase in security awareness.  While those things are positive, we also saw an increase in security breaches as well as an increase in the complexity of attacks the hackers and other malicious parties are using.

According to Gina Smith from anewdomain.net and Internet World Stats, 2016 saw an increase to the tune of just under 3.7 billion internet users world wide.  The increase represents roughly a 10% increase from the previous year, but more astoundingly, mobile usage saw an increase of roughly 17% by adding over 280 million users.

I promise, I’m not trying to bore you with stats.  I just think the numbers help to fully understand why all of our lives are so much more at risk online than they used to be.  What’s more fascinating is that while North America only represents 8% of the internet users, the United States itself leads the world in overall online spending.  It’s no wonder we make exceptional targets for malicious activities like identity theft and credit card fraud.

The malware that is responsible for so many of data loss and security breaches continues to become more and more complex, almost by the week.  These days, most security professionals will tell you that a simple anti-virus program just isn’t enough anymore for your protection.

What’s amazing is that even with the increase of users and the increase of awareness of those users, the bad guys are still finding their way into our systems and devices by using the same old tricks most of the time.  According to TrendMicro, 91% of system infectious of malware are still coming from successful PHISHING attacks.  That means that users are still clicking on links and opening files in emails that are infected and they are not from who they say they are from.  To be fair, the PHISHING emails themselves have become very, very good and look very official most of the time.

TIP:  As always, don’t open emails from people you do not know or you are not expecting.  If it is from an official site or company, remember to be skeptical, especially if you are not expecting the email.  For example, this time of year, the bad guys like to use emails the appear to be from the IRS, but they end up asking you for information then stealing your identity.

As much as you need the proper tools and services to protect you, remember that you are your best protection agains these issues.  Use the internet and your email wisely.  Pay attention to ANYTHING that seems out of the ordinary on your computer, your phone, your bank account, your credit cards, or anything else that could mean a breach of your security and information.  Even a hack of your social media (i.e. Facebook, Twitter, etc.) could mean the beginnings of a larger attack on you as a person.

2016 was a growing year in many ways, but not all of them good.  Remember that Cyber Watchtower is here to help you with information and services to help keep you life more secure.    The internet is going to get more crowded as the years go on, so let us help keep you safe online.

Austin Bynum
Chief Watchman
Cyber Watchtower

New Year’s Cyber Revolution Resolution

Well, here we are.  It’s January, 2017 and it’s another new year.  Now is the perfect time to start seriously thinking about your passwords and your overall online security.  Cyber Watchtower stands ready and willing to not only help you get this process started, but to do it for you!

“What?”, you ask.
“There’s a company that will do these things for me?”

The answer is “YES, absolutely!”  There is a company cares more about your security than anything else.  We will partner with you, help you assess your real needs, and be your advocate and security expert.  We are Cyber Watchtower and we want to stand guard for you, your family, and even your business.

In this new year of 2017, we want to help you by:

  1. Increase your password security
  2. Protecting your children from cyberbullying and inappropriate content
  3. Keeping you and your family’s online presence secure
  4. Securing your business while helping it stay efficient and productive.

Cyber Watchtower offers a suite of customizable services to not only help make your digital life more secure, but to keep it secure.

Our services include:

  • Comprehensive Password Management
  • Social Media Monitoring
  • Web Presence Monitoring (Business)
  • Web Filtering
  • Device Management

We have been consistently developing, testing, and refining our services for months and now stand ready to partner with you to greatly increase your online and cyber security posture.  Our average user comes on board with a security score of around 50-55%.  Within 1 to 2 months we are able to increase that security to 90%.  Our ultimate goal for all of our customers is to keep them above 90% while keep a close watch on their ongoing online presence.

We would love the opportunity to get to know you and help protect your life with our services.

Contact us NOW, to learn more.  Please don’t let another year go by without truly protecting yourself online.

Austin Bynum
Chief Watchman
Cyber Watchtower

Internet of Things – 2017

Happy New Year!

With arrival of a new year, I thought I’d start a new discussion on the Internet of Things.  You may or may not have heard this term before, but it involves a lot more of us than you may think.  The Internet of Things, or IoT as it is commonly called,basically refers to any physical object connected to the internet.  The IoT is made up of everything from light bulbs to pace makers to vehicles.  The most common devices are things like smart home devices like light bulbs, TV’s, and thermostats.  Other devices on the rise are centralized home devices like the Amazon Echo or Google Home.  We now have refrigerators that connect to the internet for TV or to just keep up with maintenance.

Regardless of the type of device(s) you or someone you know may own, the simple truth is that all of our lives are becoming increasingly more connected.  Unfortunately, that also means that there is an ever-increasing threat to the security of our lives.  As I’m sure you’re aware, being connected to the internet in any way brings its own set of risks and these IoT devices are no exception.  In fact, most of them have their own inherent security holes that aren’t usually found till they’ve been on the market for a while.

What most people do not know is that there have been all kinds of reported issues and cases around these devices.  Some of them have been found by security experts testing the devices and others by actual instances of devices being compromised.  There are some common issues out there and research continues to take place and the device manufacturers themselves continue to try and fix the issues as they’re found.

What most people do not think of is that while these devices provide us with a never before seen level of convenience in our lives, they also, sometimes, provide a less than secure gateway into our homes and lives.  They can be compromised and used to do all sorts of things from send SPAM to even giving attackers full access to any connected device, including computers, in your home.

I do not write this to scare you, but more to warn you and, like we always do at Cyber Watchtower, educate you as much as we can so that you can protect yourself.  Right now, the best advice I can give you is below in a few easy points.

  • Do your research on any device you plan to purchase and buy from known manufacturers with a known good history.
  • Patch and upgrade firmware on all devices when it’s available (including internet routers).
  • Periodically check online for news or updates on your devices to make sure there haven’t been any major issues with their security.
  • Pay close attention to anything out of the ordinary in the function of your device or anything else they may be connected to.

I have no doubt that we will continue to see exponential growth in the use of these devices over the next few years.  The manufacturers are already catching on will and have started building better security into the devices too.  We at Cyber Watchtower love technology, but we want your security intact above all.  So, enjoy your IoT devices, but just be careful and cautious.

Protect yourself and have a great new year!

Austin Bynum
Chief Watchman
Cyber Watchtower

Secure Your 2017

2016 was a rough year in so many ways.  We saw one of the fiercest elections in memory and we lost countless amazing artists.  In the world of cyber security, we saw an unprecidented number of security breaches to companies like Yahoo! and LinkedIn, with record-setting account information lost.  We also saw an ever-increasing number of cyber bullying incidents to both celebrities and average teens.  Overall, a very big year.

As we are such a digital society, we must look forward and try to do a better job all around.  Many people still take for granted the importance of good password security.  I will say however, I am starting to see some improvement in people’s understanding and habits when it come to managing their passwords and online credentials.  While I’m encouraged by what I see, I fear these breaches will just continue and the best defense users have is solid password hygiene.

Just like user credentials being so much a part of our daily lives, so is social media.  Most of us spending any time online belong to some sort of social media network.  Whether it be Facebook, Twitter, LinkedIn, Instagram, or one of the many other networks, social media impacts not only our individual lives, but sometimes how society even gets their information and the speed at which it travels.  Now, while many of us will never experience cyberbullying in a detrimental capacity as some have, the fact remains the problem has become an epidemic and not just a nuisance.  There were countless celebrities in the news fighting this issue.  Prince William has even been so appalled by what he has seen in the realm of cyberbullying that he has made his own mission to fight it.  GuardChild reports that over 25% of teens have been threatened by some sort of electronic means.  Cyberbullying isn’t just limited to social media.  It sometimes may just be taking place via text message or private chats.  Regardless of the way the bullying takes place, it remains an ever-increasing issue.

There’s no doubt that as we continue to increase our online dependence, security of our information and protection of ourselves will become more and more important.  No matter how much of your life is online, I beg you, please make a resolution this year to protect yourself and your loved ones online.  We here at Cyber Watchtower wish you a very happy new year and we hope that you make 2017 a great year

Austin Bynum
Chief Watchman
Cyber Watchtower

Protection vs. Spying – Where do we draw the line?

I am often asked by our parent clients if they should let their kids know that they are using our services and that they are being monitored.  My response is always the same.  “Yes!”  I, of course, move on to explain that we believe that the best protection a child can have is an open and honest relationship with their parents and knowledge of the dangers that keep parents up at night with worry.  I also explain that Cyber Watchtower was not created to spy on anyone, but our job is to protect our clients.  In every client home I am in, I make sure that the client knows we are here to help them keep up with what is going on and to protect their children.

The truth is, we do live in a day and age where it is much easier for kids to live a life outside the realm of their parents knowledge and most of that is thanks to the ever-increasing advances in personal technology.  Most teens today have their own cell phone, tablet, or laptop.  Many have more than one personal device like these that allow them an element of privacy and communication with the outside world that was unheard of in any previous generation.  Therefore, it is not an outlandish thought that parents would like to have some visibility into these devices and what they hold so that they have an idea of what their child doing and being exposed to, as well as protecting them from it.

The debate however, still stands about how much spying on one’s children can damage the parent-child relationship.  Consider this: If a parent were to just use our monitoring and protection services without talking to their children, it very easily can be construed as “spying”.    This is where the communication comes in.  The best thing you can do for your children is talk to them.  Educate them.  We will even offer advice as to how to begin the conversations about our monitoring so that people can feel comfortable initiating the talks.  That’s how important we see this part of the process.

Research shows that once a child thinks he/she is being spied upon by their parents, trust is broken in that relationship and breaking trust is the exact opposite outcome most parents want to see.  From what I’ve seen though, most parents are so concerned about protecting their kids and knowing what is going on, that becomes their focus.

Kirsten Weir, a freelance writer from Minneapolis, wrote an article this year talking about this very issue.  The article, Parents Shouldn’t Spy on Their Kids, had in it some fascinating research centered around the invasion of privacy and personal space by parents and how that impacts the ultimate development of our children into adults.

There is no doubt in my mind that parents need some visibility into their children’s lives.  After all, it is our job to protect and educate them.  As they grow however, it is also our job to teach them about trust and that begins with we the parents having a certain element of trust in their kids.  Not just trust to go into the world and behave how we’ve taught them, but trust in their ability to understand the dangers they will face in the world.  Remember, whether they admit it or not, they trust us to protect them.

Austin Bynum
Chief Watchman
Cyber Watchtower

In addition to running Cyber Watchtower, Austin Bynum is also the proud father of teenage twin daughters.

Tis the season to be careful

Today is Cyber Monday.  While most consumers will use the day to seize the opportunity for the amazing deals out there online, you can bet that cyber criminals are ramping up and poised to try to take advantage of the average consumers’ complacency with security.

I know how easy it is to get so caught up in the deals and your own holiday shopping that security takes a back seat.  However, this holiday season it is more important than ever to make sure you follow the best and most basic security practices to ensure your own safety.  I promise you that following good security won’t hinder your shopping too much as it’s more about a little preparation followed by simply being careful and watching out for things that don’t look right.

Staysafeonline.org has issued a good article detailing some things you can do to make sure your Cyber Monday shopping, and the rest of your holiday shopping are safe and secure.

Article:
TOP TIPS FOR SAFE ONLINE HOLIDAY SHOPPING

This article details 8 different things that you can do to keep yourself protected, as well as a great 3-word, 3-step process to remember. “STOP. THINK. CONNECT.”  This is a great way to remember to keep your guard up while shopping and help you not succumb to those things the cyber criminals out there try to dupe you with.

Here’s wishing you safe and secure holiday shopping and a wonderful holiday season from the Cyber Watchtower family.

Austin Bynum
Chief Watchman
Cyber Watchtower

Please Don’t Reuse Your Passwords!

If I’ve said it once, I’ve said it hundreds of times to so many people.  Please don’t reuse your passwords!  Whether it’s changing your existing password with some simple variation of the old one, or, more commonly, using the same password for almost every site, the reusing of passwords is actually one of the biggest issues when it comes to security risks to your online accounts.

In the course of what I’ve seen, a reused complex password is much more common than just multiple weak passwords.  This means that so many of those users that had their account credentials stolen in breaches such the Yahoo or LinkedIn breaches, had their credentials to other online accounts compromised  as well.

Bradley Barth, a senior reporter for SC Magazine recently published an article entitled, “Guessing passwords of targeted users easier than you think, warn researchers“.  In this article based on an academic report, Barth reports that, “Researchers were successful at guessing an average user’s account password 73 percent of the time when they had at least some personally identifiable information on the victim, plus a ‘sister password’ that was used at another website and likely reused or modified elsewhere.”

The report this article is based on is just even more proof that when users do not follow even the most simple of password management strategies, they can and most likely will fall victim to some sort of online breach.

I implore you to please follow sound password management practices.  For more specific information on these practices, see our post from September, Passwords! Passwords! Passwords! part 2.

Austin Bynum
Chief Watchman
Cyber Watchtower