8 ways the NSA is spying on you right now

yowasuphomeboy 11:00 AM   , , , , ,  
Five years on from the revelations that the U.S. National Security Agency (NSA) collects personal data on every American—and many more people worldwide—the storm has passed.
But, the NSA continues to monitor every American and many of its allies, with the backing of the U.S. Government and large portions of Congress. And it’s not only the NSA—their counterparts at the CIA are also spying on and hacking targets of interest.
It is important to learn about the methods the NSA uses to spy on citizens. Once you understand how your liberties are violated, you can start defending your data and reclaim your privacy.
Let’s take a look at 8 methods the NSA is using to spy on you right now, according to documents leaked by Edward Snowden and further investigation by the press.

How the NSA spies on you in America

1. They can access your phone records

In 2017, the NSA acquired data from over 534 million phone calls and text messages. Unbelievably, this tally is over triple the amount collected in 2015, when the USA Freedom Act supposedly limited NSA access to data from communication companies.

2. Your favorite internet services pass your data to the NSA

FacebookGoogle, Apple, and six other leading online services have all gone on record as having given their customers’ data to the NSA, as legally required by the “PRISM” program. Data shared includes emails, messages, and documents.

3. The NSA can hack your devices

The NSA’s hacking unit, Tailored Access Operations, has developed a whole range of hacking exploits. These enable the NSA to break into consumer electronics devices and IT systems as it sees fit. When the NSA finds a security hole in a popular consumer device, they do not, as previously intended, fix the security hole, but instead exploit it. That leaves all our devices vulnerable to hackers.

4. All your security devices are exploitable thanks to the NSA

The NSA has also made the job of hacking security devices easier for itself, by coercing many manufacturers into building vulnerabilities into products such as networking switches, firewalls, and encryption protocols. These vulnerabilities are known to the NSA, which can exploit them at any time. The NSA also intercepts shipments of computers and phones and plants backdoors in them.

5. The NSA can track you wherever you are

When you move around your town, cell phone towers can calculate your exact position. The NSA keeps records of where you are at any time, and they can read all your incoming text messages and phone calls and store them indefinitely.

How the NSA spies on you overseas

6. The NSA has tapped internet lines worldwide

The internet connects different continents via undersea fiber optic cables that carry truly massive amounts of data. In some places, the NSA has deals with local intelligence agencies to tap into these cables; in others, it does so on its own. The NSA even uses submarines to attach snooping bugs to wires deep beneath in the ocean.

7. The NSA hack foreign companies

In Brazil, Germany and other countries, the NSA has broken into the internal networks of major telecommunications providers, intercepting the data they gather and weakening the security of their systems. They collect every email and phone call they can.

8. The NSA knows exactly what you own and buy

The NSA has access, through agreements and hacking, to major credit card networks, payment gateways, and wire transfer facilities. This allows them to follow every cent of your money, where it comes from, and what you are spending it on.

Protect yourself from government surveillance

While the NSA’s reach extends across the globe, there is still a lot you can do to safeguard your internet privacy. Check out this list of top privacy tips and always be conscious of what you’re sharing, with whom you’re sharing, and how you share it.

What College Students Need to Know About Password Attacks

yowasuphomeboy 11:42 AM   , , , , , ,  
Welcome to Cyber Threats 101! This is the fifth chapter in our A Busy College Student’s Guide to Online Security.  We’ll begin by defining what are password attacks and share expert tips on how to avoid becoming a victim to these attacks.

What are password attacks?

Password attacks are methods that take advantage of stolen, weak and/or reused passwords used to protect online accounts. In fact, 81 percent of hacking-related breaches in 2016 was the result of an attacker leveraging stolen and/or weak passwords.
Hackers can use one or more strategies to “guess” or crack encrypted passwords, including brute force attacks, dictionary attacks, and keyloggers. Before we get into these attacks, you must first know what encryption is.

What is encryption?

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. It transforms data that you send across the Internet into a format which is only readable when in possession of a decryption key, which provides the code to decipher the encryption.

If you want extra credit, you can learn more about encryption here.

What are brute force attacks?

Brute Force Attacks take a “try-try again” approach to guess password possibilities using automation software. Starting with one-digit passwords, the program will continue to guess longer combinations of letters, numbers, and symbols.
To get a better idea of how brute force attacks work, take a look at this short video from Lynda.com:

What are dictionary attacks?

Dictionary Attacks are based on the idea that we love to use names, places, sports teams, slang, etc. in our passwords. This method also uses automation software to guess different password combinations based on commonly used words that could be found in the dictionary.

What are keyloggers?

Keyloggers are malicious programs hackers implant on a target’s computer system–commonly through phishing emails–and are used to track and record every keystroke you make. It can record passwords, social security numbers, phone numbers, and even your credit card information.

Why shouldn’t I reuse a password on multiple accounts?

You should avoid reusing the same password on multiple accounts because hackers are known to use stolen or weak passwords from a massive data breach or from a password attack to deface your public profiles, commit identity fraud, steal your financial information, or send malicious messages or emails under your name.
Learn from the mistake of Facebook CEO Mark Zuckerberg who’s LinkedIn credentials were compromised in a massive data breach from 2012, which lead to a hacker group also compromising his Pinterest and Twitter pages; not to mention his password was “dadada“.

How do hackers use your stolen or weak password? Learn how “credential stuffing” attacks are used to exploit reused passwords

So how do I create a strong password?

Here are 5 tips to help you create a strong password:
  • Create a password that is–at a minimum–8 characters long. Ideally, your password should be between 12-15 characters.
  • Create a memorable, yet complex password by using a password mnemonic or a passphrase. You can start with a phrase, sentence, song lyric, etc. that is meaningful to you, but wouldn’t make sense to an automated computer program. You can also add a few numbers and special symbols for complexity.
  • Use a mix of case-sensitive letters, numbers, and symbols, but you won’t get away with replacing an “S” with a “$” or changing an “A” to “@”. In reality, hackers and automated password attack programs are already one step ahead of you and can easily pick up on these patterns.
  • Struggling to remember your new password? Write down a hint–not your password–that will jog your memory, but will be meaningless to anyone else. Then, keep it in a safe place.
  • Pro Tip: Use a password generator tool to create a strong password and then store it in a password manager like Dashlane!
Subscribe to: Posts (Atom)