[The following post about cybersecurity was stolen by the creator of Hacked .com and CryptoCoinNews .com in March of 2017. It is my original work. The creator of those sites stole it from me without payment. Do not visit Hacked .com or CryptoCoinNews .com.]
Your most important information exists within cyberspace.
With each passing day, that information becomes more valuable, as well as more vulnerable. Cybersecurity also becomes more important.
There are two main parties that want your information: cybercriminals and overreaching government spy agencies. The former want financial information first and foremost. The latter wants everything.
According to William Binney, a former high-ranking official at the National Security Administration (NSA), everything you do online – email, banking, credit cards, surfing the web, etc., all get recorded and archived by spy agencies such as the NSA.
Why do they want this information? For criminals, the answer is simple: to profit. Either through direct theft or by selling bulk information to third parties, cybercriminals seek to make a quick buck for relatively little effort.
Government spy agencies, however, have even more nefarious intentions.
All stored data can be used against you at any time, for any reason. Sound paranoid? It has happened before.
The Importance of Privacy
The United States Federal Government (USFG) used such data in order to direct IRS agents toward impeding the actions of conservatives within the Tea Party movement. The IRS targeted members within the movement with increased scrutiny, in some cases auditing them for no apparent reason.
When this information came to light, the presiding Acting Director of Exempt Organizations, Lois Lerner, was eventually put on trial in front of a congressional committee for her alleged crimes. In the end, she would face no criminal charges. Her infamous testimony consisted of only four words: “I plead the fifth” (referring to the fifth amendment of the constitution of the United States of America, which defends against self-incrimination).
Unlike corrupt politicians such as Lerner, pleading the fifth may not always be an option for the rest of us everyday citizens. Everything you do, when watched and recorded for years, can amount to self-incrimination. It has been estimated that the average person commits about three felonies a day, just going about their daily life. This has occurred as a result of an explosion in federal laws and regulations, as well as those laws becoming more and more vague and malleable.
If you become a target for whatever reason, your data can be sifted through, and within it, something will be found to charge you with. This occurred with members of the conservative Tea Party movement, as well as members of the liberal Occupy Wallstreet movement. This shows that the state does not take sides in terms of politics. Anyone disrupting the status quo can be labeled a threat and dealt with.
Perhaps the best speech ever given on the subject of privacy comes from Glenn Greenwald, the journalist at The Guardian who first broke the Snowden story:
In addition to so-called “privacy” concerns (which have more to do with potential government overreach and protection of individual rights than just wanting to be private), cybersecurity has shown to be of the utmost importance in recent years.
Historic Hacks Shed Light on The Value of Security
A number of high-profile hacks have happened in the recent past. Among them are the Yahoo hack (largest in history), hacking of several large retailers and their customer’s data, and a laundry list of cloud-hosting companies such as Dropbox being compromised (do a search for “cloud data break” or “cloud hacking” - you’ll be shocked). That's not to mention the recent Meltdown and Spectre revelations, which dwarf everything else in terms of cyber security flaws.
Now that you’ve been terrified by the insecurity of the Internet and the potential misuses of your data (if not, you should be), this brings us to the question: what can be done about it?
Fortunately, there are several steps that anyone can take in order to make the vast majority of one’s online activity, including financial data, both secure and private. And as we will see, they are simple, easy, and affordable.
Let’s begin with something most people do every day: email.
Cybersecurity Basics
All of your emails can be accessed and viewed by the company that holds them. The company can also be required to hand this data over to government spy agencies. This isn’t very secure at all, and it’s definitely not private by any means.
Alternatives to the many mainstream email providers do exist. One of the most popular is Protonmail. Protonmail uses advanced encryption on all of its servers. This makes it much more difficult for your messages to be intercepted. In addition, even the company itself cannot access your data.
“ProtonMail's zero access architecture means that your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client-side using an encryption key that we do not have access to. This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. With ProtonMail, privacy isn't just a promise, it is mathematically ensured. For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data.”
This also ensures that ProtonMail cannot hand over your information to spy agencies, even if it wanted to. In addition, your most sensitive information, such as financial communications, will be far more secure.
ProtonMail provides free accounts with a 500-megabyte storage limit. For a small monthly fee, you can also upgrade to accounts with additional storage and features. If you can afford it, I definitely recommend this option. Not only will you support their efforts, but you also get added features such as using your own domain, access to aliases, and priority customer support.
If for some reason you don’t like Protonmail, alternatives do exist, but won’t be covered in detail here. If you’re interested, just do a search for “ProtonMail alternatives”, or something similar. (Side note on search engines – for privacy concerns, do not use Google - they keep an archive of everything you search for and click on. Consider as an alternative https://www.startpage.com. They use Google’s results, but do not track your movements. In addition, they allow you to view external links using a proxy server, meaning your activity will appear to be coming from a server other than your personal computer or mobile device.). Duckduckgo.com is also a reasonable alternative.
Your email can be made secure and private with relative ease, but what about your browsing habits and IP address? Options exist there as well.
Tor and VPNs
The two most common options for securing and protecting what you view and do online include the Tor network and Virtual Private Networks (VPNs).
“Tor (The Onion Router) - The largest implementation of onion routing, which is a method for transmitting data anonymously over the Internet. Run by volunteers, there are approximately a thousand Tor proxy servers on the Internet that provide the routing paths.”
In essence, Tor works via a network of proxy servers. When you utilize Tor, the network makes it appear as though your device is communicating with one of their servers, rather than whatever you are really doing. This provides anonymity and some measure of cybersecurity (although the Tor network has proven to be vulnerable in the past).
While Tor is a free service, VPNs come with a small price. For as little as three to four dollars per month, you can both encrypt your activity and cloak your IP address. VPNs are a great step to take toward better cybersecurity, and an easy one to use.
The following definition of a VPN comes from whatismyipaddress.com:
“A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network."
"A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world.”
For a list of popular VPN services, search for “Top Ten VPNs”. Shop around for the best deal.
When using a VPN, you can typically install it on up to five devices. So your laptop, smartphone, tablet, and two other devices can all be made secure and anonymous. It’s simple enough that if you can access this webpage and read this article, you can install and use a VPN.
You can choose between a number of servers to route your IP address through, located in locations around the globe. Most often, a server in your home country will have the least delay. When using foreign servers, you may experience a slight lag time in browsing.
To be sure, securing your communications and computer system will not mean much if your accounts do not have the appropriate safeguards in place.
Encrypted Passwords & 2FA
Now let’s turn our attention to more local aspects of cybersecurity. One of the first things to do that is even easier than what has been described so far involves using encrypted passwords and two-factor authentication (2FA). Most financial institutions (e.g., Paypal and Bank of America) now provide options for two-factor authentication.
2FA works by requiring (you guessed it) two factors in order to verify your identity. First, you will need a password, which I’ll tell you how to encrypt in just a moment. Then, you will be sent either an SMS text message or email containing a six-digit numerical code. You will enter this code before gaining access to your account.
Now, when it comes to passwords, what is considered secure? Hackers can use sophisticated cracking programs in order to try millions of potential character combinations in a matter of seconds. To defend against this, you must create a complex password. A few simple methods exist to do this (side note – remember when John Podesta had his email account hacked and the data released to Wikileaks? Believe it or not, his password was: p@ssw0rd. Hah! It’s no wonder he got hacked!)
First, take a word. Let’s try: security.
Let’s add some special characters – secur!ty&.
Now throw in a few numbers – 1s3cur!ty&
Finally, add capital letters – 1S3cUr!Ty&.
Now you have a far more secure password. Yet it can be made better still.
This example is only ten characters long - a bare minimum. I recommend at least twelve to fifteen characters or more. This can be done either by adding random characters or creating a physical pattern on your keyboard.
For example N^B%v4c3X@Z! looks random and very secure. But if you type these characters, you will see a pattern. The pattern alternates between a letter on the bottom line and a number on the top. The first four holding Shift, the next four without Shift, and so on.
This is just one example out of an infinite number of such patterns that can be created. If someone looks over your shoulder, they may decipher the code with ease. But in this digital age, that’s not our main concern.
Now that we’ve covered the basics, allow me to mention a few random facts. Let’s briefly look at Secured Socket Layer (SSL) tech and Google account options.
Websites can obtain an SSL certificate. This encrypts the data sent between the site and its visitors. For most sites, the simplest version will do. For e-commerce sites, however, a more elaborate (and expensive) version will be required. When you see the padlock symbol in the URL bar of your browser, along with https:// instead of HTTP://, you can be assured that no one will access anything you submit to that website (email address, credit card numbers, etc.). This blog does not have an SSL certificate for the simple fact that readers don't enter any information here other than an email address (because you subscribed to my mailing list, of course).
Even having taken all the steps above, Google can still track much of the moves you make online (in some online communities, Google gets referred to as “Big Brother”, and for good reason!). They do this by tracking your Google account, connected to your Youtube, Gmail, and Google Plus accounts. If you don’t use those three sites, just delete your Google account. But if you do use them, you can either go into your account or click the arrow displayed on a Google Adsense ad. You can then access your options and turn off many of the tracking features (this takes a bit of poking around, but if you’ve read this far, I trust you’re more than capable of getting there on your own). In addition, you may want to delete what has been tracked up to the present.
Summary
So there you have it. If you do everything described above, you will be taking some serious action toward making your activity online more secure and private. The more business you conduct online, and the more wealth you store within the digital realm, the more vital cybersecurity becomes.
We should all feel a personal obligation to take this matter into our own hands. We must not allow spy agencies to do as they see fit with our data, violating our rights in the process. And we must remain vigilant against the ever-growing threat of hackers and cybercriminals. One can work toward accomplishing this by utilizing encrypted emails, VPNs or the Tor network, SSL certificates, and encrypted passwords combined with two-factor authentication.
As a disclaimer, keep in mind that the author of this article has no formal education in matters of cybersecurity or computer science. What has been described results from little more than self-education and is only the tip of the proverbial iceberg.
There’s more to cybersecurity than one article can hope to describe, as one might imagine. Protecting your data from all manner of digital predators grows more vital with each passing day.
I encourage you to educate yourself on the elementary aspects of cybersecurity. It will be worth it.
No comments:
Post a Comment