As I sit down to write this article, the news is that Home Depot’s computers were hacked, and very often I get strange emails from people I know, which means their computers have been hacked.
We hear a lot about hacking today. For those of you who are not sure what it means, hacking is when someone “enters” your computer, via the internet, without your even realizing it. Target was “targeted” a few months ago, which prompted credit card companies to issue new cards with different account numbers to their customers. We’ll see if the same thing occurs with Home Depot. Either way, these incidents are not likely to go away. Breeches of computer systems will continue to affect homes and businesses large and small – not to mention government databases and computers.
Recently, JET, an organization that helps frum people in business, sponsored a fascinating talk by cyber-security expert Chaim Harris. Amid the wealth of information he presented, I thought it would be helpful to summarize some of his most important points regarding computer safety.
The Door’s Wide Open
Once upon a time, before the internet, your computer was safe, because there was no way for other computers to access your information. Today, it is a new world: Most computers are connected via the internet, which makes it possible for crooks to steal your social security number, bank and credit card records, and passwords. They can use the internet connection to take over your computer and control home automation devices like lights, locks, and baby monitors! The hackers can even spy on you via the little camera and microphone on your laptop! (Security experts cover their camera when it is not being used! You should, too.) It seems that crooks can “walk” right through firewalls, the traditional computer protection device.
Folks, there are criminals out there who can make a lot of money with your information. Mr. Harris spoke of sophisticated computer gangs who look for data that they can steal and sell. Or they use your information to commit identity theft. Posing as you, they apply for credit cards in your name and then go shopping big time. If the attacker breaks the law, the police could show up at your door and try to arrest you for what the crook did while impersonating you! You will eventually be cleared, but it does not sound like fun.
Criminals also want your tax return information. Crooks are stealing billions of dollars from the IRS by filing bogus tax returns. When the real you files taxes, the IRS rejects your form, saying that you should only file once a year. Medical information can likewise be used to defraud medical insurance companies.
Even if they don’t steal data, hackers might want to put your computer under their control and turn it into a bot (short for robot) or make it part of a network of bots, called a botnet. The crooks use the bots themselves or rent them to other criminals for nefarious purposes. These include sending spam (internet talk for junk mail) and attacking other computer systems. (For example, if business A floods its competitor, business B, with so much network traffic that B’s system goes down, a competitor has been eliminated.) They could even use your computer to store pornography or stolen software and offer them for sale. The advantage for the criminal is that he doesn’t have the illegal matter on his computer, because he has placed it on yours. Meanwhile, you are in the dark, except that you might notice that your computer is running slower because of the software running in the background.
Don’t Be Naive
Sometimes, the bad guys actually convince the victims to let them into their computers.
You could receive an email from someone you know that directs you to open an attachment or link. It looks legitimate, but the email is booby-trapped. If you open it, the crooks may be able to take over the computer controls and start impersonating you.
They could send emails to everyone you know stating that you are stuck in another country, with money and passport stolen, and need their friends to wire money.
Another clever attack involves getting a phone call from “Microsoft tech support.” The voice (often with a foreign accent) tells you that your computer is infected but that he will help you fix the problem. The trusting victim follows orders and configures the computer to allow the attacker access to the computer whenever he desires.
What Should You Do?
Chaim Harris gave the following tips for home computer users.
- Put your computer into sleep or hibernate mode when not in use, or physically disconnect from the internet. Not being available 24/7 makes your computer less desirable to hackers.
- It is estimated that over 50,000 new viruses are introduced each day! Even though hackers may be able to get around it, it is very important to use anti-virus software, making sure that it is current and scans daily.
- All software, like Microsoft Office, can have “bugs,” meaning flaws that are used by an attacker to gain entry. The software companies periodically come out with “patches” to fix these vulnerabilities, and they sometimes change the software program to add new features. Make sure to apply these fixes when they become available.
- Use common sense. If it is too good to be true, it is probably not true. If you get an email that says “Free jewelry, click here,” ask yourself, what are the chances that they are really giving away free jewelry to the whole world? Websites that offer coupons, free music, or free movies are often booby-trapped. Even honest websites can be infected, as happened to The NY Times, and people who visited the website got infected.
- Use an up-to-date browser. Mr. Harris recommends Google Chrome or Firefox over the more widely-used Internet Explorer.
- Use common sense, and constantly have your guard up.
- Be careful to shred all papers that contain account numbers, social security numbers, or other important identification. This especially applies to credit card offers. (Attackers will go through garbage to find valuable information.)
- Use strong passwords. They should comprise a mix of lower case and capital letters, as well as numbers and symbols. (See sidebar for more about passwords.) Experts like passwords that are 14 to 20 characters long. Some people change their passwords periodically.
- For information on cybercrime, check out check out the website, krebsonsecurity.com.
More on Security
This article cannot begin to explain everything about the very complicated field of computer security. The crooks know a lot more tricks than you do. There is no way a layman can completely stop a determined attacker, since most of us use computers the way we drive cars – “Never mind how it works; I just press on the gas.” Perhaps classes on the topic will one day be offered to the community. In the meantime, my purpose is simply to increase your awareness of some of the issues Chaim Harris brought up. It seems to me that only a professional computer technician can really help you, as very few people are knowledgeable enough to stop these sophisticated crooks.
Picking a Password
Chaim Harris suggests that you have a different password for each website, so that if a hacker discovers one of your passwords he does not automatically have access to all of them. I personally have a standard password. Let’s say it is 987poiLkJmnb. I would then add an A in the middle for Amazon, and it becomes 987ApoiLkJmnb. Or I add a P for my Paypal password: 987PpoiLkJmnb. A variation of this is to use gematrias instead of letters. So, instead of the letter P, you would insert the number 80, since P becomes a pay, which equals 80, to make 98780poiLkJmnb. You could garble it a bit more by taking the gematria of pay and adding the first two digits of your parents’ address. If they live at 3917 Main Street, you would insert 80+39, or 119. Hence your Paypal password will be 987poi119LkJmnb. (Note the 119 right in the middle.) The professionals do not like standard passwords but I find them very helpful.
Another idea for passwords is to use the initials of a sentence. For instance, you might say “I like to visit national parks,” which becomes ILTVNP. You then alter it for different websites by varying lower and upper case letters, and/or inserting other letters, numbers, symbols, and gematrias.
I keep my passwords listed on an Excel spreadsheet – but the file is not named “Passwords,” nor does that word appear in the file. The crooks have ways to search your computer looking for key words. Try to use codes or abbreviations, instead. For example, do not write Amazon or eBay, rather A or E.
By implementing these suggestions, your sensitive data will be a lot safer and you will hopefully avoid serious issues.