Is “Biohacking” our future?

The term “biohacking” has developed several definitions over the past several years.  It has, however, increasingly come to refer to implanting of devices into one’s body in order to interface with technology.  e.g. the implanting of microchips for payment and other services.

From my perspective, I really dislike this term, especially because many people in the technology arena are advocates of this practice.  To me, it seems silly to take a word that typically has a negative connotation to people, like “hack”, and apply it to something you see as positive.

Regardless of the terminology, the real question lies in whether or not we should go down this path at all.  The debates range from technological advancement and the natural progression of technology to moral questions and even apocalyptic omens.  I’m not sure where you might fall in this, but for me, it is somewhere in the middle.

If you read my blogs at all, by now you should know that I love technology and have built my career around protecting people from the misuse of technology and trying to make to productive to increase the efficiency of our lives.  While I do understand that there is a natural progression to anything, including technology, I do think we forget to ask ourselves if the next step is really one we should take.

According to a recent article from Hacker News, “Marketing solution provider Three Square Market (32M) has announced that it had partnered with Swedish biohacking firm BioHax International for offering implanted microchips to all their employees on 1st August, according to the company’s website.  I encourage you to read this article and truly develop your own opinion on the subject as I think we will start to see this trending more and more.

As an IT professional, I totally see the benefits and security of this type of access control and monitoring.  They refer in the article to things such as door and computer access as well as vending machine purchases.  This is, in many ways, an IT Director’s dream.  One of the first positives that I see is that we essentially are eliminating the need for passwords on our computers if the access is controlled via these devices.  We, therefore, take the human element out of the equation of computer access which will always make IT people happy.  Or will it?  Let’s think about the new security concerns and other questions that will arise.

Security and other concerns:

  • How do you handle these devices once the employee has moved on from the company?  Do they keep it or do you have to have it removed?  What is the expense either way?
  • The devices use RFID to communicate.  How easy are these devices and/or their frequencies to copy, manipulate, or duplicate?
  • What are the long term health implications of these devices inside the body?
  • Are there other health concerns such as pace makers, defibrillators, etc?
  • Can the device or frequency be tracked off-premise or even via GPS?

These questions make up just a few of the concerns that will inevitably arise.  As with the case of introducing any new technology, we introduce an entirely new set of concerns and avenues for security breaches, many of which we are unable to see until we have implemented said technology.  Many times, it is near impossible to foresee all of the new issues and attack vectors that will arise from new technology implementation.

The hardest part for me is that I am such an advocate of new technology and where advancements are taking humanity.  I appreciate them and usually “geek out” over them initially.  However, I find myself having an ever-increasing reticence with things like biohacking and biometrics.  On the surface, they seem to just provide convenience and more peace of mind.  I contend, however, that many of these new technologies, especially authentication technologies, should be carefully examined and tested before implementation.  If there is one thing history has taught us, it is that if someone wants into something bad enough, they will get in.

Some food for thought for us all I suppose . . .

Stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Austin Bynum has spent the last 18 years working in IT and network security.  His passion is to ensure everyone stays safe online and digitally.  His belief is that everyone has the right to be safe online without having to be their own expert.

Cybersecurity and You (Pt. 2)

In Part 1 of this series, we discussed some current general internet statistics and how they show us why we, as users, need stronger security practices as well as a better understanding of how best to protect ourselves against the growing number of threats out there.  We also discussed good password management practices and how best to avoid common pitfalls that create weak passwords.

In this segment, I want to discuss some of the common threats that exist out there and how you can best protect yourself from and avoid them.

Problem: Malware
The first thing I want to discuss is Malware. Malware is essentially any malicious program created by some intended to do harm to you, your computer, and/or your data. Many times it is intended to steal your data for identity theft purposes.

The most common types of malware are things that you’ve probably heard of such as viruses or worms.  Other, more malicious forms include things like ransomware.

Ransomware is malicious software that once it infects your computer, it encrypts all of your files keeping you from accessing them. A message will then display on your screen essentially extorting you for money if you want to get your files back. Some people pay and some don’t.  Regardless, the damage is done and some businesses never recover after one of these infections.  You may recall an attack in the new recently about “WannaCry”.  This is one of the most recent and worst examples of this type of attack that we have seen.

Solution: Defense and DON’T OPEN/DON’T CLICK strategy
So how do you prevent these things from happening to you?  To answer that, we have to look at that the most common way that malware infects computers.  Statistics show us that 91% of all these infections come through some sort of PHISHING attack.

What is PHISHING? Well, it is officially defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”  They can also be used to infect your computer via bad file attachments or links to infected websites.

So the simplest solution here is to pay close attention to the emails that you open.  The best rule is DO NOT open ANYTHING that is from someone you do not know or that you are not expecting.  Along with that, if it looks fishy (or PHISHY), delete it.  The biggest thing to pay attention to here is that with a stat like 91% you can see that if you’re going to get an infection of some kind, it will more than likely come via email.

Of course, another important solution is to protect your computer/equipment with anti-virus/anti-malware software or these days referred more to as security protection suites.  Having some sort of protection on your machine like this will also go a long way in preventing or helping to prevent your data from being compromised by these malicious programs.

Problem: Social Engineering
When I speak to audiences, I make sure to talk a little about social engineering.  One of my friends once put in the form of a trick question.  What is the least secure operating system?  The answer is the Human Operating System.  US.  We are the weakest link for malicious parties to exploit.  I define Social Engineering as “hacking the human OS (Operating System)”.

It is basically is the oldest trick in the book.  It’s the con game.  It’s the selling of snake oil.  There are a lot of ways these malicious parties attempt to get your information.  They will do anything from stage fraudulent phone calls posing as a representative of a company with which you do business to PHISHING email campaigns.  That’s right, PHISHING that we just discussed is another form of social engineering.

Regardless of the method, social engineering has one goal, to do you harm in a way that also benefits the person initiating it.  Whether they are attempting to steal your personal data or infect your computer, their ultimate goal is financial gain at your expense.

Solution: Be wary.  When in doubt, don’t give out your information.
The best thing you can do in any situation is to trust your gut.  If something feels wrong, it most likely is. Whether in email, on the phone, or even in person, trust that feeling inside that says, “I really don’t feel right giving any information to this person.”  I’ve been known to ask very pointed questions on that phone that either get good answers or make the person hang up.  The hang ups are obviously people who realize I’m more in tune with their intentions than they expected, so they move on to the next target.  Remember that these people are looking for the easy game, so when they meet resistance, it’s easier for them to just move on.

So, ask questions.  Ask them why they need your full social security number, or why they need you to give them your password.  These types of questions are not ones typically asked by legitimate businesses.  They should already have the data and not need you to provide it, especially if they called you.  Also, watch for lack of professionalism.  Some of these people will get belligerent when you question their need for information.

I know this has been a bit of a long post, but I wanted to get you as much information for your own protection as possible.  Be cautious and protect yourself the best you can.  Equip yourself with knowledge and tools to keep you, your business, and your family safe from these ever-increasing dangers online.  As aways, we at Cyber Watchtower are here if you need us.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Cybersecurity and You (Pt. 1)

I travel state-wide here in Texas and speak to as many people who will have me.  I try to keep my audiences diverse and open because cyber security affects everyone, even you.  Whether you’re a 25-year-old IT professional spending most of your life online or a retired grandmother with 15 grandchildren who may only use the internet once or twice a week, your life is somehow impacted by this ever-growing concern in our modern world.

In this short series of blogs, I am going to discuss several different and important ways that you can make some minor changes to make your digital life more secure.

Now, when I present to audiences, I love to give statistics so that people can see just how important it is to have good cybersecurity practices.  Some of the stats I give really shock people and while my goal is not to cause fear, it is to bring awareness to the criticality of the situation and then personalize it so they can see how it can potentially affect their lives.

We discuss the growing rate of internet usage and how just over 50% of the world now has internet access.  This growing environment not only increases available targets for the malicious people, it is giving the malicious people room to grow and recruit.  Below are some of the other current stats that I use:

  • 130 – Average number of online user accounts per person in the US
  • 91% – The percentage of malware infections that happen from PHISHING
  • Asia has the most internet users at nearly 1.9 Billion but that is only 45% of their population
  • North America has 320 Million users and makes up 88% of our population

Passwords:
We usually discuss password hygiene and security as it is such a huge part of our overall security as a society.  I even explain to them the trends that are growing in password hacking technology such as pattern recognition.  Those malicious parties now look for common password patterns such as:

  • All numbers in the password being together (i.e. “hereismypassword1234”)
  • The most common used special character is the “!” and it is usually at the end. (i.e. “hereismypassword1234!”)
  • When a capital letter is required people just usually make it the first letter of the password.

Here are some recommended adjustments that while minor will still help take the security of your passwords to the next level.  Essentially make adjustments to your existing passwords around the few things I mentioned above.

  • Start your password with a lower case letter or special character
  • Mix up your numbers
  • Place capitals at random
  • Substitute some letters with numbers

Example:
“h3re1sMyp@ssw0rd”

Internet access exists all over the world and let’s face it, it’s not going to lessen anytime soon.  Anyone reading this blog most likely has plenty of online presence including at least 10 user names and passwords online.   Hopefully, the above information has been helpful to you and will be a good starting place in you having a better understanding of cyber security and how you can flex some of your own security muscle in your digital life.

Keep watching here.  Next time I will discuss some specific threats to your digital life and how you can protect against them.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

“I Give Up!”

Cybersecurity. Ransomware. Antivirus.

If you own any sort of electronic computing device, these are just a few terms that have become a part of your daily life.  With all that is out there in cyberspace and the news, it’s a wonder that we still have any trust in technology at all.  Honestly, some people are getting quite fed up and are ready to throw in the towel, but reality won’t even let them.

The truth is that technology isn’t going away.  The other truth is that neither are the security risks.  I know at times it must seem that the world is falling apart around us electronically, especially after the last week with the WANNACRY ransomware attack.If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you’d like more specifics about the infection I’m including several links to other, more detailed articles for you to read.  The short of it is that a weakness in an older, outdated and unsupported version of Windows (XP) was exploited.  The worst part, other than the outdated operating systems, is that the infections came via PHISHING attacks.  PHISHING involves people receiving infected emails they think are legitimate and it is the most common method of distributing this type of attack.

I don’t want to get bogged down in the details of this today though.  What I want to do is acknowledge that there are so many of you out there that just want to live your lives and trust the technology you have to increase the efficiency and quality of your life.  That, after all, is its intended purpose.  Nothing new comes without risk, but I know many of you ask why you should be a technology expert just to stay safe online.

The truth is that you shouldn’t have to.  You should be able to trust that the technology you use is safe, for you and for your family.  That is mainly why we created Cyber Watchtower.  We want you to be able to just enjoy life and use these technological tools without fear of all the risk that comes with it.  I make it my mission to educate and help people with these issues as much as I can because I know they scare and intimidate most of you.

We will try to keep you as informed as we can.  Just remember, we are here for you if you need us.  Do not hesitate to even just ask us questions if you need a better understanding of something.

Take care of yourselves out there.

As always, stay connected. Stay safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

Cyber Watchtower Turns ONE!

Here at Cyber Watchtower, we are excited to be celebrating a full year of protecting our customers with our suite of cybersecurity services.

One year ago, we set out with a goal to provide a comprehensive collection of full-service cybersecurity protection options for individuals, families, and companies.  We are a team made up of people who not only understand cybersecurity but we also see the overwhelming need for everyone to have some level of protection and education when it comes staying safe online.  Our services focus on total online security and range from password management to cyberbullying protection.

We started by researching and testing product after product in order to figure out what was out there that would provide the best protection and monitoring for our potential customers.

Several months later we began engaging a small group of individuals to test the services that we had chosen.  This WONDERFUL group of people has really helped to shape our services as we’ve gone through some changes, growth, bumps, and bruises.  I cannot thank these, our test users, enough for all they have done for us.  THANK YOU! THANK YOU!

Starting at the beginning of 2017 we went full bore into service mode and now have a steadily growing client base.  We are constantly working to improve and expand our services to make sure that we keep all of existing and future clients protected from the dangers online.

Today our current services are:

  • Password Management
  • Social Media Monitoring
  • Web Presence Monitoring
  • Web Filtering
  • Device Management
For a full description of all of our services visit our Services page.

If you are one of our current customers, thank you for your business and we promise that we will continue to provide you the best support and protection possible.  If you are not out customer, we truly hope you are doing your best to stay safe online, but we’d love the opportunity to help you ensure that you and your family or business are staying as safe as possible.

As we here at Cyber Watchtower love to say . . .
Stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Cyberbullying laws making headway

If you follow my blog at all, you know by now that I am passionate about eradicating cyberbullying and protecting our children against it in any way possible.  While I believe that protection and education are our best lines of defense, I also think that amending our laws to help combat and deter people from cyberbullying is another tool we should bolster to help us in the fight.

In Texas, Senate Bill 179, or ‘David’s Law‘, will soon be up for a vote on the state’s senate floor.  According to an article by KGNS news, “If passed, bullies could soon be seeing consequences and school district’s policies could change.”

If passed, the bill would cause the following changes:

  • School Districts would have to add cyberbullying and online harassment into their policies
  • School Districts would be required to anonymously report incidents
  • School officials would have 24 hrs to notify victim’s parents
  • The bully’s parents would also be notified of any incidents
  • School Districts would be empowered to investigate off-campus bullying if it impacts the school environment
  • Establishment of criminal offenses for the most severe cases
    • The offense would start as a Class B misdemeanor and develop to a class A misdemeanor in a case of multiple aggressors.

Frankly, I am glad to see our lawmakers taking this problem seriously.  I wish more states were being proactive in this fight against bullying and cyberbullying.  It is a problem that cannot remain ignored by our society and its government.  According to the Cyberbullying Research Center, many states have not made changes to their bullying laws in almost a decade.  They have a very informative and interactive chart that help to stay up on what each state is doing.

As I said before, I think that our legislatures do pay a crucial role in helping us combat this problem, but I think the biggest role is the one we play as parents.  Please, talk to you kids.  Take the time to know what is going on in their lives.  Also, use a service like ours at Cyber Watchtower to help you guard and protect the most precious and important people in your lives, your children.

Remember, stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

In addition to running Cyber Watchtower, Austin Bynum is also the proud father of teenage twin daughters.

Who are you?

Even after all I have seen I am still amazed at how oblivious and trusting people can be.  Don’t get me wrong, I very much appreciate people trusting me, especially when it works in my favor.

Recently I was back in my home town which is a rather small place.  I need to set up a new PO Box for myself so I went to the local Post Office and filled out the application.  It is a relatively easy process but does require two forms of ID, one with a picture and one without.  I used my driver’s license and my car insurance.  The person working the counter did not know me but did know my mother.  I mentioned that and all of a sudden, I did not need to actually show my forms of ID.  I did list them on the application, but the person behind the counter did not even look at them.

I’m not complaining and I understand how small towns work.  I lived in one for a very long time.  I was still very shocked that my IDs were not even given a quick glance.

You may be asking, “Why is the Cyber Security guy blogging about this?”  The reason is simple.  Regardless of all that we do to protect ourselves online, people still miss the ever so simple, low-tech things that malicious people do to steal identities and get away with a crime.  Opening a PO Box in someone else’s name is one of the first things someone can do to establish a new and/or fake identity.

In this case, I know that the person at the Post Office was trying to be helpful and speed things along for my sake.  I know that it was done out of kindness and not apathy or anything like that.  What is disconcerting is the complacency that rampant in our society regardless of everything in the news.

My advice to those of you who work in any field where it may be part of your job to verify ID is to please do so.  I’m begging you from the perspective of a security professional, a consumer, and just a member of society.  Don’t make it easy for the bad guys to steal someone else’s identity.

My advice to everyone is to be careful.  Always be on the lookout for these types of situations.  I’m the kind of person who is thankful for the clerk at the department store who actually looks at my ID, then looks at me, then verifies the ID matches the credit card I am trying to use.  Why? Simple! I appreciate someone looking out for my wellbeing especially when it doesn’t take long to do.

So the next time you call customer support to someplace and they ask you questions to verify your identity, don’t get frustrated.  Be glad they have such procedures in place for your protection.  Also, if you are reading this and you are like me, spread the word to your friends and family.  Let’s all work together to help take the easy things away from those criminals and other malicious people out there who don’t care about our well being.

As always, stay connected but stay protected.

Austin Bynum
Chief Watchman
Cyber Watchtower

Tornado Sirens? What’s Next?

As always, I try very hard to write about things that I think are important and pertinent in most people’s lives.  In my opinion, the following incident I’m going to discuss constitutes another major attack on Internet of Things (IoT) devices that are intended to help our society be safer.  The major incident that happened the night of April 8th in Dallas I believe has a much broader implied impact than just to the residents of that city.

18 minutes before midnight on April 8th, 156 tornado warning sirens went off for roughly an hour and a half.  The city had recently suffered some severe inclement weather including 3 tornadoes just days earlier so you can imagine residents’ initial reactions were mainly comprised of fear.

The culprit, however, was not bad weather, but rather a compromised network of sirens that, for some unknown reason, hackers decided to mess with.  While some find it harmless and humorous, it had adverse reactions to some city services and infrastructure.  According to an article from the Washing Post, “Not everyone cracked jokes. ‘We had people asking if we were being attacked because of what’s going on overseas,’ a city spokeswoman said the next day. And thousands of people flooded the Dallas 911 system (which has had its own technical problems), she said, leaving people with real emergencies waiting on the line for long minutes.”  This obviously shows how something that might have seemed like a harmless prank, can have a real impact on people.

Last year, Dallas suffered a different hack where attackers compromised highway information signs and posted mischievous messages.  I’m not sure this one caused as much pandemonium, but it still shows the vulnerability and accessibility to all of these connected devices we have in our society.

So why do I write about this?  It is a way that I keep you informed about what is going on but also doubles as a way to show the increasing dangers of connected devices that are not secure and unmonitored.

I love technology! I love what it has and can do for us as a society!  However, I constantly battle these malicious parties that seem to want to do nothing but wreak havoc and dismay by compromising technology.  Sometimes it’s simple mischief like the highway signs and then it escalates to tornado sirens.  Your personal IoT devices are at risk too, just by people who want to cause damage. See article.

My job is to try to stay ahead of these people, but it is increasingly difficult.  The best advice I have for you is to make sure that any devices you may have in your home or business are secure.  If you don’t know or don’t know how to find out, contact me, or at least some local security professional who can help you determine that.  Contact manufacturers and ask them about the security built into their devices and make sure you are doing everything they recommend to keep it safe.  Don’t be scared to use technology, but please make sure that whatever tech you do use, you secure it and yourself as best you can.

Stay connected but stay protected.

Austin Bynum
Chief Watchman
Cyber Watchtower

Apple Breached?

Story:
On March 21st of this year, Motherboard released an article about a possible security breach to Apple and its iTunes’ accounts.  According to the article, a hacker group calling themselves the ‘Turkish Crime Family’ has acquired a cache of iCloud and other Apple user names and passwords and are attempting to extort Apple for $75,000 in bitcoin or $100,000 in iTunes gift cards.

Apple has stated that there have been no breaches to any of their systems.  According to an article from Wired, Apple has stated, “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services. We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.”Apple has gone on to say that they do not perceive the hacker group as a credible threat.

Apple has gone on to say that they do not perceive the hacker group as a credible threat.  In some ways, it is easy to see why they feel that way.  I’ve honestly waited until now to write about this because the more that is published and I read, the story seems to change and the group even changes their story.  Even in the first article, there was a discrepancy in the number of accounts the group claimed they had in their position.  Now, from all that I’ve read, they’ve either upped their demands or the story keeps changing.  Now the threat includes everything from locking people out of their accounts to wiping 250 million iPhones.  They have even apparently given a deadline of April 7, just 3 days away, for Apple to comply with their demands.

Recommendation/Solution:
Regardless of the threat credibility, the solution for everyone is actually quite simple.  The simple answer to this problem if you are worried is . . . change your iTunes password.  I know it sounds so repetitious of me, but it really is that simple.  If what the hacker group has is truly active credentials for iTunes/iCloud, then we can all just take away the threat by changing the passwords so that whatever the information they have is no longer any good.

My personal recommendation is to do just that.  I have already changed mine.  I suggest you change yours.  Now, I know that many of you have multiple Apple devices that will require you to update your password once you change it.  I am not different.  I have 4 devices that will need updating with my new password, but it seems a small price to pay to protect myself and my data.

Remember, the group has given a date of April 7, so I suggest changing your password as soon as possible if this worries you at all.  For the sake of fair play, below I’ve provided three links to different articles to let you decide for yourself.  My opinion is still the same though.  It’s a simple fix versus rolling the dice.

Motherboard Article
Wired Article
Fortune Article

As always, be safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

Kids, Technology, and Security

Being the father of teenage twin daughters, I’m continually surprised and impressed at the amount of technology they use in school and in their lives compared to when I was a teenager.  Over the course of the last several weeks I have had the privilege of speaking to several classes at my daughters’ high school about cyber security and identity theft.  The classes that I have been speaking to belong to the school’s “LIFT” program.  This special set of classes prepares and competes in a really innovative event called Future Problem Solving or FPS.

While I love everything about this concept and event, especially with the subjects that they choose to tackle, I wasn’t sure what to expect when I was asked to come speak on these subjects.  Usually these kids have done tons of research and are very informed on their topics.  To be fair, they had just started researching this one, but the most amazing part to me was the lack of basic security knowledge and understanding inside a group of very intelligent teenagers from a generation that has been completely saturated with technology their whole lives.

Don’t get me wrong, there were some things that they knew.  However, when I started on the discussion of passwords and best practices surrounding them for protections, they were as surprised as the adults I often speak to.  They had a general idea of what malware is, but no real understanding of how it works, spreads, or how dangerous it is.  When I discussed social engineering, they hadn’t really heard of even the most basic and oldest concepts.  I was very shocked.

To their credit, they did have some understanding of social media dangers, which makes sense and made me breathe a small sigh of relief.  The most amazing part was that as I started connecting some of the dots for them and teaching about some of the real dangers out there and how identity really gets stolen digitally as well as just basic cyber security practices everyone should be aware of, they latched on and soaked up most of what I had to say.

Don’t get me wrong here.  I am not knocking these kids.  They were all great and let’s be honest, the reason they didn’t know a lot of what I spoke about is because we, the generations ahead of them, have not taught them.  Again, to be fair, I do this for a living and so I do take my own knowledge for granted sometimes, but many of the things I discussed were things that in my mind everyone should know and be on the look out for.

Honestly, speaking in front of these classes opened my eyes even further to the need for general education and training for everyone so that they can simply protect themselves.  It was also a nice confirmation that the services we offer as a business are just as needed as I have suspected.

I do ask this of you, my readers.  If you have kids, teenagers especially, please start teaching them good cyber security practices, password hygiene, and responsible social media usage as soon as you can.  Also, please start using them yourself.  Protect yourself! Your online presence has so much more information about you out there than you realize and you need to take care of it.

Remember that if you need help, advice, or services to help protect you, that is what Cyber Watchtower is here for.  We are here for you and your family to make sure that you stay as safe online as you possibly can.

Austin Bynum
Chief Watchman
Cyber Watchtower