Anonymous vs Russia Hacktivism for Ukraine

Who thought that Anonymous vs Russia would be the top billing cyber event of the Russian invasion of Ukraine? We watch in horror and disgust as Russia continues its assault on the Ukrainian people. Tanks roll down streets, missiles are launched, neighborhoods are shelled and innocent civilians are killed. Some things never change in war.

As each new conflict begins in our modern age, in addition to military weapons being used, it is inevitable that we also now must consider the other weapon at the disposal of Vladimir Putin: Cyber Warfare.

Russian Cyberpower

Russia, which has a history of launching cyberattacks against other countries, particularly Ukraine, could shut off power (as they did previously), disrupt communications, destroy technology capabilities (as the NotPetya malware attack did) and cause further chaos and hardship in the lives of Ukrainians. At this writing, there have been some Distributed Denial of Service (DDoS) and malware attacks, but the effects have not been as devastating as past attacks.

In addition to the government-sanctioned hackers, cybercriminals and hacktivists have become involved. This includes the infamous hacker collective known as Anonymous, who has claimed credit for several cyber incidents in the Anonymous vs Russia battle. This includes DDoS attacks that have shut down Russian government websites and Russia Today. The hackers were able to post pro-Ukraine content, including patriotic songs and images from the invasion – something the average Russian citizen would never see on the state-backed news service.

Russia Today openly attributed the problems with its website to Anonymous, and claimed the attacks came from the US. Of course, the major concern is that Russia will not only turn their cyber sights on Ukraine, but on any country imposing sanctions or otherwise openly supporting Ukraine. So far, the cyber activity has been limited, but that could change and many warn that the US and others should be on high cyber alert, especially for those in critical sectors such as finance and health care.

Social Media Giants Get Involved

A slew of other players have entered the field, from Facebook, YouTube and Twitter banning content by Russian state media to outsiders providing satellite internet access to Ukraine via his Starlink satellites to Ukrainian citizens forming an “IT Army” to launch digital attacks that take down sites sharing Russian propaganda.

There are two major longer-term concerns about the “open season” for hackers this has created. One is that due to the urgency of this crisis, there is a strong possibility of digital errors and unintended consequences, such as excessively destructive malware or unintended collateral damage. Hacking events by non-governmental entities could also be mistaken for government-backed hacks and lead to escalating retaliation that could force the United States (and Allies) into a larger, ongoing cyber conflict with Russia.

The most eye-opening aspect of the conflict is the realization that cyber warfare is being used in a hostile act of war for the first time. In addition to theaters of war on land, in the air, on the water and from space, there is now the additional arsenal of cyberattacks that will change warfare forever.

_____________________________

John Sileo is a world-recognized keynote speaker, author and expert on cybersecurity. His clients include the Pentagon, Amazon and Charles Schwab. He has appeared on 60 Minutes, Anderson Cooper and Good Morning America. John specializes in entertaining your audience as he educates on how to avoid the disastrous cybercrime headlines that destroy performance, profits and reputation. Call directly on 303.777.3221 to learn more.

Ransomware Attacks in 2022: What You Need to Know

Every company is vulnerable to cyber attack — and I mean every company, small and large. Are you responsible for delivering half of the East Coast’s fuel supply? Vulnerable. Are you the largest beef supplier in the world? Yep, still vulnerable. The alarming surge in ransomware attacks has put a target on every company’s back, including massive organizations like Colonial Pipeline and JBS.

And small businesses, contrary to media coverage, are even more vulnerable.

So, you might want to pause before you think, “Ransomware attacks? That won’t happen to us!” After the events of 2021, it’s safe to assume that hackers didn’t just level the playing field… they decimated it. Fortunately, there are still several ways for businesses to fight back and protect their data, their clients and their livelihood.

Take a look at what we know so far about the coming ransomware attacks in 2022 and how your organization can kick off their culture of security with an action-oriented cybersecurity keynote speech at their next gathering.

What are Ransomware Attacks and Why Are They Exploding?

Let’s start with the basics: What is a ransomware attack, anyway? Put simply, a ransomware attack occurs when a type of malicious software, called malware, is downloaded onto any single computer in an organization’s network. Typically, this occurs when one employee unwittingly clicks on a malicious link and thrusts the company into attack-mode.

Once the malware has been downloaded, hackers are free to roam about your systems and wreak havoc unchecked. The culprit behind the ransomware attack often blocks access to data or every computer system in the business, usually by encrypting it, until a ransom has been paid. In the latest cases, hackers also threaten to publish the breached data if they don’t quickly receive the ransom. The prospect of destructive news headlines, reputation damage and fines for data exposure are often compelling enough to convince the victim company to pay up without seeking out the advice of a cybersecurity expert.

2021 proved to be not only the most dangerous, but also the most costly year on record for ransomware attacks. There were upwards of 700 million attempted ransomware attacks in 2021, a figure that beats last year’s totals by a whopping 134%. Curious as to what led to such a spike in ransomware attacks?

A blend of geopolitical and cybersecurity factors is to blame. For one, global organizations have become increasingly reliant on digital infrastructure, like the cloud-based computing that exploded in usage with the rise of remote work. Not to mention, today’s payment methods are simply more friendly to criminals — crypto currencies like Bitcoin are essentially untraceable once a ransom is paid, letting cybercriminals off the hook.

What You Should Know About Ransomware Attacks in Coming Months

Though you’re prepared with a basic definition of ransomware, vocabulary alone won’t exactly protect you in the case of cyber attack. The key is to move beyond awareness to action. To better prepare, here is some of what you can expect of ransomware attacks in 2022.

The Timeline for Paying a Ransom Has Shortened Dramatically

Once a ransomware gang has you under their thumb, they’re going to treat you like Amazon — in other words, they’re going to want same-day delivery for their demands. Hackers today are putting organizations under extreme pressure to pay a ransom quickly to unencrypt their computer systems or protect their data, often with devastating consequences if the ransom is not met.

In recent cases, a ransomware gang will expose an organization’s sensitive data in retribution, then alert the media and report the breach to the authorities — so, the company has to pay fines and weather bad publicity. Talk about a double whammy, right? Well, for ransomware gangs, it’s easier to extort money from one organization than to sell the data one record at a time on the dark web.

Take a look at the JBS cyberattack, for example. Hackers with the REvil gang threatened JBS that their $22.5 million ransom would double if it wasn’t paid quickly enough… and they would post the company’s data publicly if they weren’t paid within three days (generous, right?). JBS ultimately paid an equivalent of $11 million in ransom to ensure the company’s facilities remained operational.

Government-Issued Playbooks Are Available for Review

The United States is currently #1 for ransomware volume in the world, coming in with more than 203 million ransomware hits in just one year. This amount is more than 13 times the volume of ransomware in South Africa, the second-highest country; and in total, the U.S. had a higher volume of attacks than the other top nine countries combined… times four.

So, it should come as no surprise that President Biden recently signed a $1.2 trillion infrastructure package packed with cyber measures — after all, ransomware isn’t exactly something at which you want to rank number one. The Cybersecurity and Infrastructure Security Agency (CISA) has also published Cybersecurity Incident Response Playbooks for federal agencies to respond to vulnerabilities and hacks, which private companies are urged to review as well.

Don’t Know Who to Call After a Cyber Attack? Neither Does the FBI

If the U.S. is number one in the whole world for ransomware volume, can you believe that even the Federal Bureau of Investigation doesn’t know who to call in the event of a cyber attack? Just ask about the Colonial Pipeline ransomware attack, where Colonial employees had to contact at least seven federal agencies before they could find the right point of contact — seven!

Could you imagine being responsible for nearly half of the East Coast’s fuel and having 2.5 million barrels of fuel per day stuck in Texas, and the FBI has not a clue what to do about it when you call? The initial email Colonial Pipeline sent about the ransomware attack was ultimately forwarded between multiple people in the FBI before they could even start to provide guidance.

Realistically, there is no singular point of contact for organizations to call when they have been hit by cybercrime, either federally or locally. Even worse, most organizations haven’t established a relationship with the proper agency prior to getting attacked. You know ransomware response is in disarray when even the agencies tasked with solving attacks don’t know whose responsibility it is.

How to Fight Back Against Cybercrime in 2022

In 2022, small businesses will be just as, if not even more, vulnerable to cyber attacks than large-scale corporations. We must anticipate that ransomware gangs will act aggressively and that anyone — and I mean anyone — can fall victim to blindly launching malware onto a company network.

Here’s how you can fight back to not only protect your business and livelihood but also minimize the fear and confusion surrounding these attacks.

1. Manage User Accounts and Passwords

I’ve said it before and I’ll say it again: One weak password can bring an entire organization to its knees [watch the video]. The Colonial Pipeline attack? Operations were shut for six whole days and a $4.4 million Bitcoin ransom was paid due to one lone password. To safeguard against cyber attacks in 2022, do yourself a favor and clean up old user accounts and passwords.

Step 1: Encourage employees to set a totally unique password that does not match credentials on other websites. Using a password manager like 1Password, Dashlane or LastPass is a much stronger way to create and protect long and strong passwords that you don’t have to remember.
Step 2: Deactivate old user accounts and ensure previous employees no longer have access to company data.

2. Require Two-Step Authorization for Accounts

As more employees dial in from home, you must cyber secure your virtual office. I recommend starting with two-step authentication for all accounts. In the case of the Colonial Pipeline attack, a “complicated password” was felled by a legacy VPN with single-factor authentication. Two-step authentication, either with a text message or a dedicated authentication app, can minimize the impact of poor passwords and act as a second layer of protection for strong login credentials.

3. Create and Test an Off-Site, Offline Data Backup

An off-site, offline backup of your data is a must-have to restore after an attack. An off-site backup is a method of encrypting and transferring company data to a remote server that is geographically separate from the local system. This can centrally protect your company’s data in the event of an attack, and also ensure you will not lose crucial information if an attack does occur.

4. Construct a Long-Term Game Plan

The above tips will not be effective without a company-wide effort to enhance cybersecurity. Like I’ve mentioned before, just one password or one employee can kickstart an attack that spirals into millions of dollars of damage. Your cybersecurity is a continuous effort, so make a long-term game plan and document proper protocols to share with all relevant stakeholders in the event of a malware concern or ransomware attack.

5. Bring in a Cybersecurity Keynote Speaker to Motivate the Human Element

Now more than ever, cybersecurity relies just as much on human decisions within the company as it does the technology to protect the company’s data. To fight back against cybercrime in 2022, continue educating yourself and your team on the evolving cyberthreat landscape. To increase effectiveness, bring in an entertaining cybersecurity expert or dedicated cyberthreat speaker to keep your people engaged. Boring training does nothing to improve your culture of security.

A cybersecurity keynote speaker can help your company easily navigate the otherwise confusing and overly-technical components of cybercrime, network security, mission-critical data, and the human decisions that impact it all. In a fun and engaging manner, a cybersecurity keynote speaker unravels the layers of cybercrime to not only educate your team but also encourage them to take actionable steps towards effective data protection.

Now is the time to protect your data, your clients, and your livelihood. To avoid becoming the next disastrous data-breach headline, bring in a trusted cybersecurity keynote speaker like myself to help guide your long-term game-plan against cybercrime. Contact The Sileo Group today to initiate a crash course in cybersecurity, identity theft prevention, security awareness training, online privacy, and ultimately, to protect your bottom line.
_____________________________

John Sileo is a drastically different keynote speaker who focuses on the human element of cybersecurity. His clients include Amazon, the Pentagon and Charles Schwab, but he gets his deepest satisfaction from helping smaller organizations and associations protect their data, profits and repuation. John books out many months in advance, so please call 303.777.3221 to learn more.

Ransomware Attack: What if this were your Billion $ mistake?

No one has ever heard of your company. Let’s call it, COMPANY X. And you like it that way. In 57 years, you’ve never once shut down your mission-critical operations that fuel the US economy. YOU are an honest, satisfied employee of Company X, and although your security team hounded you with preachy posters in every ELEVATOR to never use the same password twice (because passwords are like dirty underwear), you still did. You used the same totally UNGUESSABLE 10-character password for your work login and hotel loyalty program. Which got breached. You changed the stolen password on the hotel website, but forgot about your work login. And your company doesn’t require two-step logins, even though they bought the technology after a dashing keynote speaker SCARED the crap out of them.

In mid-February, you receive a promotion, and with it, a new login to the system. In spite of a $200 million per year IT budget, your company never decommissions your old login credentials, leaving access as wide open as the BACK DOOR into a college-town liquor store.

On April 27, DARKSIDE, (yes, even hackers have a sense of humor) a ransomware attack ring protected by EMPEROR PUTIN, buys your stolen loyalty credentials for approximately five cents and uses artificial intelligence to insert them on every login page on the Company X website, which they know you work at from your snappy LinkedIn profile. While outdated on the hotel site, your username and password still work for your vacated role at Company X.

By April 29, DarkSide has loaded ransomware onto your computer, which happens to be in the master control room of Company X. Company policy states that any sign of ransomware triggers an automatic shutdown of all operations, which suggests that Company X isn’t clear on how closely their business I.T. systems are tied to their operational or O.T. systems. PARTY FOUL.

And that’s how Colonial Pipeline, supplier of 45% of the East Coast’s fuel supply, shut down all operations for 6 days. 2.5 million barrels of fuel per day, stuck in Texas because of your single password that opened the company to ransomware attack. Ok, I realize this isn’t really your fault, but what if it was? What if you were the one who caused FLORIDIANS to queue at gasless gas stations as if KRISPY KREME and In & Out Burger had just merged?

Colonial chooses to defy the FBI DIRECTIVE to never pay a ransom (research says that doing so just invites the cybercriminals to come back for seconds) and pays DarkSide $4.4M dollars in untraceable bitcoin to get their pipes back in the game. Well, not totally untraceable, as the FBI HELPS Colonial retrieve half of its bitcoin. But don’t expect them to come to your rescue, as you probably don’t supply the East Coast with half of its carbon emissions. Even after the blackmail is complete, fuel doesn’t flow for 6 more days. Which causes Billions in damage to the US economy and Millions in reputational damage to Colonial. Because of a password. From one person.

Here’s what this ransomware attack means for you:

Every employee matters: One weak password can bring an organization to its knees
Don’t let your company get cocky, because it CAN happen to you.
The ransomware get-out-of-jail price tag is now often in the tens of millions.
Security is an obsessive, continuous pursuit, so make a long-term game plan.
Never forget to deactivate old user accounts.
Require two-step logins to minimize the impact of poor passwords.
Have a foolproof, off-site, offline backup of your data.
None of this works without a healthy underlying culture of security.

If you’re confused about how to prepare for a ransomware attack, consider a leadership crash course in cybersecurity. Because one small cyber mistake, and everyone will know your company.

_____________________________

John Sileo hosts cybersecurity crash courses that target the human element of cybersecurity. His clients include Amazon, the Pentagon and Charles Schwab, but his most fulfilling engagements are for smaller organizations and associations that can affect immediate change. 303.777.3221

SolarWinds Hack: What Vladimir Putin Wants Every Business To Ignore

Summary of the SolarWinds Hack

Russian hackers inserted malicious code into a ubiquitous piece of network-management software (SolarWinds and other companies) used by a majority of governmental agencies, Fortune 500 companies and many cloud providers. The software potentially gives Russia an all-access pass into the data of breached organizations and their customers.

Immediate Steps to Protect Your Network

I would recommend having a conversation with your IT provider or security team about the following items, as much for future attacks as for the SolarWinds hack:

After reading through this summary, take a deeper dive into this WSJ white-paper: The SolarWinds Hack – What Businesses Need to Know
For small businesses, it is important that you check with any cloud software providers to make sure they have resolved any problems with affected software.
Patch all instances of SolarWinds network management software and all network management, security and operational software in your environment.
Make sure your security team keeps up with the latest fixes for the Sunspot virus.
Configure your network assets to be as isolated as possible so that your most confidential data caches are separate from less confidential data.
Review the security settings of every category of user on the system to tighten user-level access.
Make sure employees know the proper procedures for connecting remotely to your network. Verify that they aren’t using a free personal VPN to connect.
If you utilize Microsoft products, keep up to date with their Investigation Updates.
If there is a chance you have been affected, have a full security audit done of your network.

Details of the SolarWinds Hack

During the worst possible time – a contentious presidential transition and a global pandemic – dozens of federal government agencies, among them the Defense, Treasury and Commerce, were breached by a cyber espionage campaign launched by the Russian foreign-intelligence service (SVR). The SVR is also linked to hacks on government agencies during the Obama Administration.

Senator Angus King said Putin “doesn’t have the resources to compete with us using conventional weapons, but he can hire about 8,000 hackers for the price of one jet fighter.”

In addition to internal communications being stolen, the operation exposed hundreds of thousands of government and corporate networks to potential risk. The hackers infiltrated the systems through a malicious software update introduced in a product from SolarWinds Inc., a U.S. network-management company. This allowed unsuspecting customers of their software to download a corrupted version of the software with a hidden back door allowing hackers to access their networks from “inside the house”. SolarWinds has more than 300,000 customers world-wide, including 425 of the U.S. Fortune 500 companies. Some of those customers include: the Secret Service, the Defense Department, the Federal Reserve, Microsoft, Lockheed Martin Corp, PricewaterhouseCoopers LLP, and the National Security Agency. (Note: more recently, it has been discovered that SolarWinds wasn’t the only primary software infected.)

A Solar Winds spokesperson said the company knew of a vulnerability related to updates of its Orion technology management software and that the hack was the result of a highly sophisticated, targeted and manual supply chain attack by a nation state. Like the FireEye breach, this was not a broad attack of many systems at once, but a stealthy, patiently-conducted campaign that required “meticulous planning and manual interaction.”

SolarWinds Hack was a Supply Chain Attack

These supply-chain attacks reflect a trend by hackers in which they search for a vulnerability in a common product or service used widely by multiple companies. Once breached, it spreads widely across the internet and across dozens or even hundreds of companies before the compromises are detected. Many companies have increased their level of cyber-protections, but they do not scrutinize the software that their suppliers provide. This is a concern because corporations typically have dozens of software suppliers. For example, in the banking industry, the average number of direct software suppliers is 83. In IT services, it’s 55.

To understand the severity and national-security concerns of this breach, think of this as a “10 on a scale of one to 10”. The Cybersecurity and Infrastructure Agency ordered the immediate shut down of use of SolarWinds Orion products. Chris Krebs, the top cybersecurity official at the Department of Homeland Security until his recent firing by Trump, stressed any Orion users should assume they have been compromised. Other investigators say that merely uninstalling SolarWinds will not solve the threat and that recovery will be an uphill battle unlike any we have ever seen. While the hackers may not have gained complete control of all companies, all experts agree that it will take years to know for certain which networks the Russians control and which ones they just occupy and to be assured that foreign control has been negated. Because they will be watching whatever moves we make—from the inside.

John Sileo is a cybersecurity expert, privacy advocate, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences virtually and in person around the world. John is the CEO of The Sileo Group, a business think tank based in Colorado.

Nancy Pelosi Laptop Stolen for Sale to Russia by Capitol Rioter

And my prediction about the hidden risk in the capitol riot appears to be coming true…

“There are growing concerns that U.S. adversaries may be seeking ways to benefit from the Capitol assault – and that some of rioters may have been looking to work with them.

The FBI is investigating claims that Riley June Williams stole a laptop or or hard drive from the office of House Speaker Nancy Pelosi (D-Calif.) and intended to sell the device to Russia’s intelligence services by way of a friend who lives in the country.

“The idea that a group of so-called ‘patriots’ would sell a government computer to the Russians should tell you everything you need to know about the people who assaulted the Capitol,” Sen. Mark R. Warner (D-Va.), incoming chairman of the Senate Intelligence Committee, said in a statement. “There are real counterintelligence concerns associated with a breach like the one that occurred on January 6th.”

Keep Reading about the stolen Pelosi laptop in The Washington Post.

The Massive U.S. Capitol Attack We’re Ignoring

https://www.youtube.com/watch?v=dIdPk25c93M’ format=’16-9′ width=’16’ height=’9′ custom_class=” av_uid=’av-mo9up3′

Capitol Attack Could Go Way Beyond a Physical Breach

When Trump supporters occupied the US Capitol last week, hundreds of rioters gained unrestricted access to the offices of our Representatives and Senators . You can see one such invader sitting here in House Speaker Nancy Pelosi’s office. But we have to ask ourselves, did the breach stop there?

What we see in these images is not just a physical petentration of the very symbol of our democracy, but potentially a coordinated cyberbreach as well. In addition to ransacked filing cabinets, exposed desktops and confidential documents waiting to be shredded, it’s nearly certain that laptops were stolen, mobile devices pocketed and malware-enabled USB devices plugged into the same computers that run our government. From years of studying organized crime, let me assure you that any mob that has so premeditated an attack that they bring chemical agents and pipe bombs to the riot, has likely planned a corresponding cyber intrusion as well. In fact, physical destruction in corporate cybercrime is often just a diversionary tactic to keep investigators from focusing on a far more damaging digital takeover.

What if the rioters had access to and were reading all of the emails between Congress and the Capitol Police prior to the inauguration? What if they have the ability to freeze congressional computers during an impeachment procedure or transitional handoff?

As the FBI and Secret Service investigate members of the seditious mob attempting insurrection on American soil, I implore them to not forget the hallowed DIGITAL ground that underlies our legislative branch of government – and our way of life.

Twitter Hack Reminds Us That David Can Still Fell Goliath

The twitter hack began as a quiet scheme to steal and sell unusual user names, which carry high currency in gamer and hacker circles.

But as the day wore on, the attack took over dozens of accounts belonging to corporations like Apple and celebrities like Joe Biden, Barack Obama, Bill Gates, Elon Musk and Kanye West. The hackers used the celebrity access to appeal to their followers for funds:

At least $180,000 worth of Bitcoin flowed into the hackers’ accounts.

By the time the hackers were done, they had broken into 130 accounts and dramatically exposed gaping holes in Twitter’s security.

What organized Goliath cybercrime ring was responsible?

Seventeen-year-old Florida resident, Graham Ivan Clark (David, for the purpose of this metaphor).

From the affidavit:

Graham Ivan Clark, 17 without authorization gain [sic] access to Twitter Inc.’s Customer Service Portal. Clark used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal.

Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if Bitcoins are sent to accounts they will be doubled and returned to the victim.

Despite the hackers’ cleverness, their plan quickly fell apart, according to court documents. They left hints about their real identities and scrambled to hide the money they’d made once the hack became public. Their mistakes allowed law enforcement to quickly track them down.

If Twitter, a company that spends millions on security ever year, can be hacked by a 17-year-old, so can your organization. But it wasn’t the technology that was hacked, it was the people.

It is no surprise that the twitter hackers used the same tool that leads to a majority of damaging corporate breaches: social engineering. Twitter says that a few employees were targeted in a phone spear phishing attack, which suggests that hackers called Twitter employees while posing as members of the Twitter’s security team, and got them to reveal the credentials they use to access internal systems.

Once inside the system, they had free rein to do anything they wanted with any Twitter account. The next time this breach happens, the criminals will be more organized, and will use their access to launch a much more devious, lucrative scheme.

I hope Twitter invests as readily in their security awareness training and social engineering defenses as they do on their technology. And I hope you do as well, as it’s no fun to be beaten by David.

John Sileo is a cybersecurity expert, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences virtually and around the world and is the CEO of The Sileo Group, a technology think tank based in Colorado.

Don’t Be Naive: Obama/Biden “Twitter Hack” Not What It Seemed

I’m betting that the recent Twitter hack of prominent political and celebrity Twitter accounts was politically motivated and nation-state operated. But that’s not what “the investigators” say. And that false narrative could have massive implications for your privacy. Here’s the background in a nutshell:

Approximately 130 high-profile Twitter accounts were hacked on July 15 in what the company is calling a “coordinated social engineering attack”. Victims included politicians like Barack Obama and Joe Biden, heads of mega companies like Tesla CEO Elon Musk, Amazon CEO Jeff Bezos and Microsoft CEO Bill Gates, and company accounts like Apple and Uber. Ironically, Donald Trump’s account has “extra security” protecting it from access, which begs the question, why don’t we all get added security if it’s possible?

Using various angles (“feeling grateful”, “giving back to my fans”…), hackers posted tweets on the compromised accounts saying that if followers sent Bitcoin to a wallet address then they would receive double the amount in return. No one falls for those scams anymore, right? At least 363 transactions occurred and the account received more than $118,000 in just a few hours.

Investigators believe the people behind the twitter hack appear to have come from the “OG” community, a group interested in original, short Twitter handles such as @a, @b or @c, for instance. It is thought that they worked with at least one Twitter employee to gain access to an internal tool that allows staff to change email addresses associated with accounts; the hackers were able to reset the passwords of 45 of the accounts. The OG Community is not known to be tied to any nation state and their motivation is supposedly a mix of financial gain, hacker bragging rights, and disruption. So let me get this straight:

Experts are saying that cybercriminals got their hands on the Twitter accounts of 45 of the most powerful people on the planet and the best they could come up with was a tired Bitcoin scheme that made them $118,000? That’s pocket change to cybercriminals, and might be the lamest attribution for a hack I’ve ever heard.

The key words above are “The OG Community is not known to be tied to any nation state” which is exactly why a nation-state like Russia would use technological tools like TOR’s Onion Router and trumped up OG user accounts to hide behind a plausible, alternative hacking group that would take the attention off of the real motivation. I can’t tell you how many historical cyberattacks I have seen that have been digitally disguised behind a highly-attractive alternative reality.

Here is a fundamental law of cyberattacks: Hacker attribution (who actually performed the hack) and hacker motivation (why the hack was performed), is an exceptionally difficult puzzle to solve, and often manipulates outsiders in exactly the opposite direction.

Twitter says no passwords were stolen, but they have not yet been able to confirm whether direct messages were compromised. I’m guessing that it will come out down the road that both passwords and direct messages were compromised. That’s how the corporate publicity machine works: the first message claims little damage and the truth comes out subsequently when we have all stopped paying attention (e.g., Target, Equifax, Marriott…).

So What Was the Point of the Twitter Hack – $118,000? NOT!

Clearly, nation-states don’t need $118,000 in Bitcoin, right? The twitter hack was simply a dry run for political disinformation attacks, cyber blackmail and campaign IP eavesdropping that will manifest closer to our presidential election. Nation-states that have a horse in the U.S. presidential race were testing the waters and covering their tracks by pointing to a plausible alternative explanation.

Yes, this hack raises questions about Twitter’s ability to secure its service against election interference and misinformation ahead of the U.S. presidential election, but those questions have existed for at least four years now. It also threatens the confidentiality and privacy of direct messages sent through Twitter; incredibly powerful information in the race for power. Politicians, business leaders and individuals alike should migrate their private messages to apps like Signal or even the less secure but better than Twitter option of Apple Messages.

Cybersecurity Experts Fight for Your Encryption Rights

Cybersecurity experts and privacy advocates like myself are stepping up to protect strong encryption standards, which are facing an all-out legislative assault from the current administration and the Senate. But we need the help of business leaders like yourself to maintain the privacy of your data. Here is an excellent excerpt from Joseph Marks of The Washington Post:

“The bill, called the Lawful Access to Encrypted Data Act, is the harshest among a number of efforts to weaken encryption across the Justice Department and Congress.

It would effectively require tech companies to weaken access to their secure systems to ensure law enforcement with a warrant can track terrorists, sexual predators and other criminals. But that would also make it far easier for cybercriminals and adversary nations to hack into troves of government, financial and health records,“ (emphasis mine).

C-level executives, board members, business managers and entrepreneurs, here is what I have learned from 15 years in this business: you can either listen to and evaluate the overwhelming consensus of cybersecurity experts before the damage is done, or you can attempt to recover once it is too late. Most leaders choose to pay attention to these topics only after they have been directly affected, which is a far costlier and more painful path. If I were advising your board or executive leadership team, I would recommend that you contact your Senator and Representative and swing as much weight as possible to dissuade this bill from passing.

Nothing is more important than catching criminals and protecting our children, but this bill is a wolf masquerading in sheep’s clothing.

John Sileo is a cybersecurity expert, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences around the world and is the CEO of The Sileo Group, a technology think tank based in Colorado.

iPhone Security Crash Course: 13 Hacker-proofing Tips

iPhone Security In the Mid/Post-Pandemic World

We are no longer just addicted to our iPhones; we are officially in a committed relationship, thanks to the pandemic. We mobile office from them, bank from them, attend doctor’s appointments, kids’ classes and Zoom happy hours from them. And in the midst of all of this critical and effective use, we are dropping our guard when it comes to iPhone security.

But there is good news! Changing your default privacy and security settings keeps you from being shark bait (because hackers usually go for the easy kill). Even for iPhone users, who often mistakenly believe that all security is taken care of by Apple. Spoiler – it’s not. Smartphone security takes mindful tweaks on your part – even if Apple does a good job of rooting out malicious apps. Here is a short description of what steps I would take first to to defend your phone (other than never losing it).

Too much reading? Check out the webinar – in less than an hour I’ll walk you through HOW to do it all for less $ than an Apple dongle!

iphone Security Webinar: Wednesday, June 24 @ 1pm ET

Cost: $29

Register: Sileo.com/webinar

Course Description: iPhone Security – See Below (Note: Android OS will not be covered)

The Lucky 13 – iPhone Security & Privacy Tweaks

Prune Your Apps. You have far more apps on your phone than you use regularly. Outdated and extraneous apps are a backdoor into your privacy. Delete those you don’t use often (Apple can help automate this) and reinstall when needed. Before you install a new app, find trusted reviews online to determine the company’s privacy and security record.
Auto-Update Your iOS. Turn on automatic updates for your iOS operating system so that security patches are installed immediately upon release. This protects you from something called zero-day exploits, which I will explain as I demo how to turn this on during the webinar). Safari is part of the operating system, and just as vulnerable to hacking as on your computer, making these updates even more critical.
Hide Your Location. Your flashlight app (not the Apple one) may be spying on you.Third-party apps often request access to iPhone features and data they don’t really need, like your location, camera, contacts, and microphone. Turn off location sharing on most apps, and set it to “Only While Using App” on most of the rest. Bring your app-specific location questions to the webinar.
Hide Your Contacts, Photos & Conversations. Many apps have access to your contacts, calendar, photos, Bluetooth, microphone, camera and health data. Customize these settings to only allow access to apps that you trust or that have to have access to work.
Robustify Your iPhone Passcode. Four digits is not enough! Six-digit numeric codes are still vulnerable to cybercriminals. Even if you conveniently unlock your iPhone with a thumbprint or facial recognition, the passcode behind the biometric is what gives it all of its strength! Lengthening codes is a bit confusing, so I will save it for the online demonstration.
Password Manage Your Online Accounts. Mobile password aggregators help you create unique, long and strong passwords for all of your online accounts. The iPhone integrates with many common password managers to make logging in to critical sites faster and safer than the old fashioned way. Happy to make “endorsement-free” product recommendations if you need them.
Double Your Passcodes. When you turn on two-step logins (aka, two-factor authentication), a hacker’s ability to break into your online accounts plummets. Having a passcode you know (the one you memorize to get into your phone) and a passcode you have (from a passcode authenticator app or text message), makes you exponentially safer. Enable this on every cloud service you use, from email to banking, health sites and business logins to social media. And make sure you turn it on for iCloud, which stores a backup of everything on your phone.
Backup Your Phone. Whether you back up to a physical computer or to iCloud, this is the best way to recover from ransomware or a lost, stolen or hacker-scrambled phone.
Stop Brute Force Logins. If you’re worried about your device falling into the wrong hands, you can prevent an attacker from brute-force break-ins using the “erase data” option. This automatically deletes all data on your phone after 10 consecutive failed login attempts. Just don’t ever forget your code, and be careful that your kids don’t erase your data by entering the wrong code too many times!
Shut Down Eavesdropping Advertisers. Many websites use cross-site tracking to monitor your surfing habits so that marketing companies and advertisers can push products and services tailored to your interests. This can be turned off in Safari for iOS. It is also possible to block pop-ups, enable fake website warnings, disable location-based and interest-based ads and switch from Google’s search engine to a more private source like DuckDuckGo.
Enable Location Tracking and Wiping
Secure Your Free Wi-Fi Hotspots (VPN)
Disable Creepy Photograph Tracking

If you are looking for a bit of hand/phone holding, join my webinar, where I will walk you through HOW to implement all 13 iPhone Security Steps.

Webinar: iPhone Security Crash Course: 13 Ways to Keep Hackers & Advertisers Out

Every website you visit, location you frequent and app you use on your iPhone can be tracked, hacked and abused. By default, your smartphone is open to cellular providers, digital advertisers and cybercriminals. Until, of course, you proactively take steps to minimize how your private data is being captured, shared and sold.

In this iPhone-specific workshop, John will perform a live demonstration of 13 critical iphone security and privacy settings. Bring your iPhone to the webinar, as you will be actively changing settings during the presentation.

Smartphone Privacy & iPhone Security Tools Covered Will Include:

App pruning and vetting
Operating system patches and automatic updates
Limiting location tracking performed by Apps
Keeping hackers out of contacts, photos and voice recordings
Hack-proof passwords (almost)
Implementing a password manager
Turning on two-step logins on vital online accounts
How to back up your phone in case of loss or ransomware
Eliminating brute-force logins
Disabling advertising tracking and sharing
Enabling location tracking and wiping in case of loss
Installing and utilizing a VPN to protect Wi-Fi usage
How to disable creepy photo location tracking
If time permits:
Evaluating of the Pros/Cons of biometric passwords (fingerprints and facial recognition)
A discussion on the security of Apple Pay and Wallet options
Banking and investing vulnerabilities on you smartphone

By the end of this webinar, your iPhone will be 99% more secure than the average smartphone user. Time for Q&A with John will be provided at the end of the demonstration.