Posts

NSA Angry Birds Help the Government Spy on Your Intimate Details

,

nsa birdsNSA Angry Birds are Stalking You

So you’ve had a rough day at the office.  You plop down on your couch with a cold beverage nearby, ready to let the day go.  You have twenty minutes until your chicken pot pie dings, and the thought of chicken reminds you of, well… Angry Birds. Harmless fun. NOT!

While you may be enjoying a mindless game, somewhere far off in cyber land others are just beginning to work very hard.  WHO THEY ARE: advertising companies and intelligence agencies alike. WHAT THEY ARE DOING TO YOU: gathering all of the most personal data off of your mobile device: everything from your name, age, sex, location, and perhaps even your political alignment or sexual orientation—and lots more!

All of this is according to documents provided by the former National Security Agency contractor and whistleblower Edward Snowden to the New York Times.  Snowden asserts that the NSA and Britain’s Government Communications Headquarters have been able to gather information from so-called “leaky apps” that give out all sorts of unintended intelligence.

Through these leaks, intelligence agencies and advertising groups are able to collect and store information on location and planning data through use of Google Maps, and access your address books, buddy lists, and telephone logs through use of posts to sites such as Facebook, Flickr, LinkedIn, and Twitter placed on mobile devices. 

It turns out that Big Brother is actually an NSA Angry Bird. I don’t know whether to be more upset with the NSA for scraping this information from Apps, or with the Apps themselves for scraping this information without even telling us!

This top secret NSA document (one of many released by Snowden) shows some of the activities that can be searched.

NSA top secret chart

It’s pretty much understood and accepted that apps (especially older ones) track locations and gather other data to pass on to mobile ad companies.  And we’ve known for some time that the NSA has been pursuing our mobile information, but these documents show us many more details of the “mobile surge” and the ambitious plans the agency has for using the information they gather from apps on smartphones.

Every time you use a smartphone, you need to remember you’re also really using a computer- a highly-sophisticated, highly vulnerable computer.   According to Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “By having these devices in our pockets and using them more and more, you’re somehow becoming a sensor for the world intelligence community.” In other words, we are all spies for anyone who has access to our mobile phones, which includes pretty much every app we have.

So what’t the solution? None, as of right now. Until there is legislation governing what can be captured from our mobile phones, we are open game, so to speak. And that makes me angry.

John Sileo is an author and highly entertaining speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on Rachael Ray, 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Data Privacy Expert on the Irony of Dictionary.com’s Word of the Year

,

Dictionary.com has chosen its “word of the year”. Thank the etymological gods it’s not selfie, twerk or hashtag. No, this year’s most relevant, most searched word is:

Privacy.

Call me geeky, but this is happy news to privacy experts, because it raises consciousness that this stuff (your right to keep certain information to your self) actually matters.

 And consciousness has definitely been raised in 2013:

  • Data security and privacy experts everywhere should thank Edward Snowden for exposing the NSA surveillance programs that monitor every American’s phone calls, Facebook posts and emails for signs of terrorism (and any other data they care to intercept).
  • Thanks to SnapChat for making deleted photos recoverable (despite claims they disappear).
  • Additional kudos to Google Glass for raising awareness on how easy it is to capture intellectual property as criminals videotape their way through Fortune 500 offices, record ATM PIN numbers of the bank customer in front of them and deploy instant facial recognition software in a variety of social engineering schemes.
  • And in the Coup de Grace of 2013, bonus points to Target for playing the Grinch in a massive holiday breach that exposed 40 million of their customers’ records (customers who actually shopped at Target, not online).

Here’s the ironical twist to the word of the year: Dictionary.com violates your privacy at a standard higher than most other websites. You thought you were just looking up a word, right? Wrong – you are creating a traceable behavioral profile that can be sold to marketing firms worldwide. For example, when you type a word into Dictionary.com, your “surfing profile” is immediately sold to 234 additional websites before you’ve even read the full definition. So when your daughter looks up “bankruptcy” while doing a term paper for high school, Chase Bank buys that information, scores you as a high risk candidate for financial default and, the next time you apply for a credit card, redirects you to a web page offering you a considerably higher annual APR. Brilliant, no? See more examples in my post Big Brother Lives in Your Browser.

I don’t want to look a gift horse in the mouth, however (well, maybe a little). Thank you to Dictionary.com for reinforcing the relevance of data privacy issues that quietly affect every one of us every day. Now, if privacy experts could just get Dictionary.com to include a definition of data privacy that accounts for the idea of consent (that we get a choice of what to share and who to share it with), that would be real progress. In other words, data privacy is a matter of degree, not all or nothing.

John Sileo is an author and keynote speaker on privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at the Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Does the NSA or Google Spy More on You? [Burning Questions Ep. 4]

,

Today’s Burning Question for online privacy expert John Sileo:

“Who is the bigger spy, the NSA or Google?”

I thought that was a really fascinating question.  Of course, it comes because in the last couple of months the NSA has been outed by Edward Snowden, the former NSA employee.  The NSA (National Security Agency) has been spying on our phone calls- who we’re calling and when, our emails- who we’re emailing and what about, and even our social media posts.

The latest scandal is called “Muscular”.  Somehow, the NSA has gotten between the transmissions of Google and Yahoo.  In other words, the NSA has been “sniffing” the emails going back and forth between the two largest email providers in the US and this has angered the tech giants like Google, Yahoo, and Facebook.

Recently there was an article in the New York Times about the tech companies wanting to defend their privacy.  In particular, Eric Schmidt, the chairman of Google, has gone on the record to the Wall Street Journal talking about how we need to do a better job defending our privacy.  (Watch the video embedded in our BQ video.)

Let’s take a look at a few of Schmidt’s comments.  First, he said, “You have to take a strong position in favor of privacy.  Do you really want the government tracking all of your information?”  I find it very ironic that this man whose company tracks all of our information is asking this question!  You could substitute Google’s company name for government:  “Do you really want Google tracking all of your information?”  Here he is calling for privacy on one hand and violating it on the other.

The second statement that is fascinating is, “Let’s start with appropriate oversight and transparency.  You don’t have to violate the privacy of every single citizen in America in order to find them.”  You might also say you don’t have to violate the privacy of every single citizen or track the privacy of every single user of Google in order to market to them.  It takes a lot of gumption for somebody who is so focused on collecting our private data to say that the NSA is collecting too much information!

So, the question again is, “Who is the bigger spy, the NSA or Google?”  Well, of course, the NSA is much larger and is collecting more information, but mostly thanks to companies like Google.

John Sileo is a keynote speaker and online privacy expert, as well as the CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. Recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

USA Today MUSCULUR

HoGo Document Protection: 10 Questions w/ Digital Privacy Expert John Sileo

By Mike Spinney, HoGo (Document Protection Simplified)

John Sileo is a kindred spirit when it comes to fighting the good fight against data breach and identity theft. I met John about seven years ago when we were both part of a joint project to raise awareness over the issue of physical document protection and we’ve been friends ever since. I admire what John does to help make people more aware of their personal risk and take steps to prevent identify theft. A two-time victim of identify theft, John has refused to wallow in his victimization and instead has become a privacy expert in his own right and taken his powerful, personal message to audiences around the world raising identity theft prevention awareness as one of the issues premiere speakers.

In addition to keynote speaking and his video series, Burning Questions, John is a frequent media source for stories about privacy and identity theft. He was in my area last month for to give a series of keynote presentations for the University of Massachusetts’ privacy awareness program so I took the opportunity to meet with John and ask him ten questions about his work and the issue of data privacy and information protection.

HoGo:  Your personal ID theft story is not uncommon. Is there anything that might have caused you to take better care of your personal information prior to your first experience? Continue Reading…

Privacy Expert: NSA Intercepting Your Address Books, Buddy Lists

Snowden_Leak_Tip_of_the_Iceberg_of_NSA_Surveillance_Program__141492What makes a privacy expert nervous? Glimpsing the size of the iceberg under the surface. When National Security Agency contractor Edward Snowden became a whistle blower earlier this year, I think we all knew we were really just seeing the tip of the iceberg about exactly how much information the NSA was gathering on the average American citizen.  And it was a pretty large tip to start with.

Here’s a reminder of what started the whole thing.  Snowden provided reporters at The Guardian and The Washington Post with top-secret documents detailing two NSA surveillance programs being carried out by the U.S. Government, all without the average voter’s knowledge. One gathers hundreds of millions of U.S. phone records and the second allows the government to access nine U.S. Internet companies to gather all domestic Internet usage (so they are tapping pieces of your phone calls and emails, in other words). The intent of each program respectively is to use meta-data (information about the numbers being called, length of call, etc., but not the conversation itself, as far as we know) to detect links to known terrorist targets abroad and to detect suspicious behavior (by monitoring emails, texts, social media posts, instant messaging, chat rooms, etc.) that begins overseas. As a privacy expert, I understand the need to detect connections among terrorists; the troubling part is the scope of the information being gathered. Read more

Facebook Privacy: New Data Use Policy Banks on User Laziness

,

facebook privacy 2Is there such a thing as Facebook privacy? You’ve might have heard that Facebook is proposing a new Data Use Policy and Statement of Rights and Responsibilities (formerly known as a privacy policy). No one refers to it as a Privacy Policy anymore, because there is absolutely no sign of privacy left. And if you read the email from Facebook alerting you to the changes, or even the summary of changes that they provide, you are left with no clear idea of the magnitude of those alterations (you’d have to read the actual suggested changes).

Facebook is masking privacy erosion with a deceptive executive summary. The latest changes make me very uncomfortable in three ways:

  1. It appears that Facebook has left open the option to collect and utilize your mobile phone number when you access Facebook from your mobile device. That is valuable information to advertisers who want to text, call or serve up ads to you directly.
  2. Facebook is already using, and will continue to use facial recognition software to identify photos that you are in (even if they aren’t your photos), and recommend that they be tagged with your identity. Now they are considering adding your profile photo as a benchmark for the facial recognition software. In other words, the minute any photo is put up with you in it, it can be tagged and exposed to the rest of the world. You can change your Timeline & Tagging Settings to stop non-consensual tagging.
  3. By default and unless you make somewhat complicated changes, your photos can be used in advertisements. Any photos you load to Facebook can be served up to your network in connection with items you have “Liked”, which means that your picture (or worse yet, your child’s) can show up next to the raunchy movie you just “Liked”.

As quoted in the British newspaper, The Register, Facebook is practically flaunting your addiction to their social network, knowing you will likely do nothing about it:

“You give us permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you… You understand that we may not always identify paid services and communications as such.”

Facebook is so confident that you won’t make the necessary changes to your privacy settings (let alone actually deleting your Facebook account), that they can arrogantly announce these changes without fear of reprisal. They are literally banking on your apathy.

There is good news! You have two clear options:

  1. You have 7 days to comment on Facebook’s new policies before they take effect. If there is a strong enough backlash against these erosive changes, they will rethink their position (maybe – or they might just outlast you until you’ve stopped paying attention). But the backlash won’t happen without your input.
  2. You can outright delete your Facebook account, but don’t do it until you have downloaded a copy of your data, posts, pictures and such. Even then, they reserve the right to use the data you already posted for a certain period of time.

In the coming days, I will post a video on how to do both of these items.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

 

 

Why the boss should also be the privacy expert

If you’re the head of a company, it’s your duty to be no less than a privacy expert. Cyber criminals are betting on the fact that you aren’t one, and your whole company could suffer if you don’t take action to become one.

We’ve discussed before the necessity of keeping employees well-trained against cyber attacker’s tricks, such as spear-phishing. Well, it turns out that the big bosses are actually even more likely to fall for social engineering attacks according to a recent article in the Wall Street Journal.

The article quoted a study by Verizon that indicates these executives are often exempt from company-wide security rules and are more likely to open email or click on links that expose their company’s secure information.  Especially at a time when so many are hit with phony emails, no one can afford to be lax on cyber security. CEOs and other high-level bosses are usually highly visible, public-facing, have access to proprietary information, and are often disengaged from the online security process: in other words, they are the perfect target. 

It might stem from a sense of superiority comma or simple ignorance, but whatever the cause, bad behavior is bad behavior, no matter who’s doing it. So what can a boss do to be more of an space here online privacy expert? Try these tips:

  • Encryption: Take special care to encrypt and password-protect data on your devices. All of them.
  • Attend training: Acting high and mighty can have real consequences if you don’t attend, or worse, don’t provide training for your employees. Instead, seek out and gain knowledge from a privacy expert.
  • Physically secure sensitive information: You wouldn’t leave your filing cabinet open for anyone to access. Why do the same with your data? Don’t demand special privileges because you’re the boss.  Keep your firewalls enabled and guard your personal information, especially when on social networking sites.

The sort of attacks that can take down giants won’t spare your company either. The higher up you are, the more responsible you need to be, because it’s not just your name on the line: it’s the security of everything in your organization.

John Sileo is a digital privacy expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

5 Disastrous Decisions that Destroy Small Business – and How to Avoid Them

Interactive Webinar, Sponsored by Deluxe Corporation, Featuring Privacy Expert John Sileo

ST. PAUL, Minn., Oct 04, 2012 (BUSINESS WIRE) — Cyber criminals sabotaged John Sileo’s business – and nearly landed him in jail. Now he’s determined to help small business owners prevent the disastrous mistakes that loom ever-larger in the age of identity theft, mobile computing and social media.

Sileo will share his story – and the lessons he learned – in an hour-long interactive webinar on Tuesday, Oct. 9 at 2 p.m. EST. Titled “5 Disastrous Decisions that Destroy Small Business,” the webinar is sponsored by Deluxe Corporation and designed to provide business owners with simple, actionable tools to help protect their operations and enhance their efficiencies.

RenderImage.jpg

To register for the 2 p.m. EST webinar, go to www.deluxe.com/highsecurity.

Sileo is the award-winning author of “Privacy Means Profit,” and has appeared on “60 Minutes” and “Fox and Friends.” He launched his career as a privacy consultant after thieves stole his identity and used it to embezzle nearly a half million dollars from his clients. The security breach destroyed his business and triggered a two-year legal morass.

Now, Sileo is America’s leading professional speaker on identity theft and information control. During the Deluxe’s interactive webinar, he will be joined by Susan Haider, executive director, high security product management, Deluxe Corp.

He will share insights gleaned from years of experience, including details on:

  • How Sileo’s business was destroyed by poor decision-making.
  • Mistakes other small business owners have made and how to avoid them.
  • Concrete, actionable steps you can take to minimize your risk now.Human, physical and digital threats to your business security.
  • Targeting skills you can use to design your plan of attack.We

Following the presentation, participants can get personalized advice from Sileo and Haider during a Q&A session. Participants also will receive a free copy of “Are Tax-time Identity Thieves Targeting Your Small Business? 5 Defense Strategies,” a white paper written by Sileo.

 

About John Sileo John Sileo is an award-winning author and privacy speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. His clients include the Department of Defense, Pfizer, the FDIC and Homeland Security. Watch him on Anderson Cooper, 60 Minutes or Fox Business.

His satisfied clients include the Department of Defense, Blue Cross, Homeland Security, the FDIC, Pfizer, the Federal Trade Commission and corporations, organizations and associations of all sizes.

About Deluxe Corporation Deluxe is a growth engine for small businesses and financial institutions. Over four million small business customers access Deluxe’s wide range of products and services including customized checks and forms as well as website development and hosting, search engine marketing, logo design and business networking. For financial institutions, Deluxe offers industry-leading programs in checks, customer acquisition, regulatory compliance, fraud prevention and profitability. Deluxe is also a leading printer of checks and accessories sold directly to consumers. For more information, visit us at www.deluxe.com , http://www.facebook.com/deluxecorp or http://twitter.com/deluxecorp .

What Do Mitt Romney and Duchess Kate Have in Common?

, ,

Privacy. Or lack of it, to be specific. This past week, nude photos of Duchess Catherine (formerly Kate Middleton) were published in several French tabloids. The photos were taken from hundreds of meters away using sophisticated photographic equipment to capture a moment meant to be highly private.

Also this week, Mitt Romney was secretly videotaped at a small fundraising event dismissing 47% of the electorate as victims who take advantage of government and the taxation system.

Put aside for a minute what you think of Kate or Mitt, and ask yourself what you BELIEVE about our right to privacy.

Some people say that in the digital surveillance age, you are naive to think that anything is private. Everything outside of your own walls is fair game. But Romney and the Duchess thought that they were operating inside of their own walls. Others argue that we are entering a dangerous age of constant surveillance, and that the government and corporations are gaining too much access to our images, words and thoughts.

I believe that both statements are true: the reality is that there is very little privacy left outside our own walls (and sometimes within them) and that government and corporations have too much access to our private information. But that doesn’t mean that we have to allow it to remain that way. How would your opinions change if the pictures were of your daughter rather than the Royal Family? How would you feel if your private conversation among friends showed up on CNN?

Privacy is a slippery right to nail down; it’s hard to legislate. But most of us know when it has gone too far, and by the time it has gone too far, victims like Mitt and Kate can do little to stuff the cat back into the 24/7 media darkness. Most of us will share our opinions on Kate and Mitt, but few of us will air our beliefs on privacy. If you believe in having a bit of privacy left in your life, speak out when the privacy of others is violated. Privacy will probably never be effectively governed by law, but it’s violation can be preventively discourage by social pressure. When you buy the tabloid, Google the nude photos or email blast the Romney video, you’re advocating for less privacy.

What do you think? Share your comments below.

John Sileo is an award-winning author and keynote speaker on privacy and reputation. He is CEO of The Sileo Group, which advises clients on how to defend their Privacy, Identity and Reputation. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

SCAM ALERT: Target Texting Scam

, , ,

SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.

Where do the criminals get my mobile phone number to text me in the first place?

  1. They purchase it off of black-market sites on the internet
  2. You give your mobile number away to enter contests, vote on reality shows, etc.
  3. You post it on your Facebook profile for everyone to see
  4. Data hijackers hack into databases containing millions of mobile numbers
  5. Most likely, the thieves simply use a computer to automatically generate a text to every potential mobile phone number possible (a computer can make about a million guesses a second).
What can I do to protect myself and my phone?
  • If you receive a text from any number you don’t know, don’t open it, forward it or respond to it
  • Instead, immediately delete the text (or email)
  • If you accidentally click on the link, never fill out a form giving more of your information
  • Place yourself on the national DO NOT CALL list.
  • Stop sharing your mobile phone number except in crucial situations and with trusted contacts
  • Remember when you text to vote or to receive more information, enter sweepstakes or take surveys via text, they are harvesting your phone number.
  • Resist the urge to post your mobile number on your Facebook wall or profile

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust. He is CEO of The Sileo Group, which helps organizations protect their mission-critical privacy. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation  or watch him on Anderson Cooper, 60 Minutes or Fox Business.