Here Are Some Disturbing Thoughts:
Right now you and several other readers are surfing this site from computers or smartphones infected with malware.Right now countless numbers of sites on the web are hacked and most site owners don’t realize it.
The web is a criminal hacker’s paradise where crooks and entire organized crime groups around the world are harvesting the biggest payoff in history. The FBI’s 2016 Cyber Crime Report states that between 2012-2016 $4.63 billion was stolen from users and website owners. This is increasing every year and is only getting bigger.
First Steps To Reduce The Spread Of Malware Scams Start With Each Of Us
There’s a good chance you’re not going to read this article in its entirety. Maybe you’re short on time as a lot of us are in the modern day. If you get anything from this article, let it be these 5 points:1. Never give out your email addresses to surveys, third party sites, and everyone else in life that asks for an email address — not unless you’re absolutely sure they’re not going to send you spam. If you have to, create a second dummy email address just for those places an email address is essential.
2. Do not open email attachments from strangers — ever. Get to know everyone first and flat out tell people you don’t open attachments from strangers.
3. Do not blindly click on links that are sent to you in odd looking emails from people you know; investigate every thing first… hover over the link and see what shows up in your browser status bar (bottom left);
4. Do not blindly click on links that are sent to you in normal looking emails from people you know; investigate everything first.
5. Never blindly click on links sent by strangers or even companies you know (such as banks, ISPS, insurance providers, etc) as these could be fake emails carrying malware. In fact, a good rule of thumb, every time you log into your inbox, is to do so with the understanding that there may be more than one “innocent” looking email designed to deceive you and designed to infect your computer with malware.
These basic tips don’t stop the threat of malware, nor hacking… but they do help reduce the spread of common malware. As the months and years pass, malware is getting more sophisticated and so we need to demand that our leaders (government, the corporations, etc) do something drastically different with the way that the internet works, and even the way that banking works (more on this below), to help reduce the threat or stop criminal hacking and malware all together.
What Exactly Is Malware?
Malware is an insidious type of software that can be planted on a computer without the owner’s knowledge and transmits information it captures back to the malware creator.
Malware Can Connect To Multiple Computers
Malware can link to several computers in a series and steal information and no one realizes what has happened until intellectual property, finances, personal financial data and even State secrets are in the hands of competitors, bad actor states or terrorists. The situation is getting worse and seems out of control.
Why Don’t The Feds Use Bait To Catch Cyber Criminals?
Here’s a questions for the Feds: If passwords and credit card numbers can make their way back to malware creators, why can’t the feds follow the same path? In other words, use bait, and use it all over the web.Perhaps one easy way to catch a lot of malware creators would be for the feds to feed malware fake credit card numbers and bank accounts. When that information is accessed anywhere else in the world (bank funds are transferred between accounts), the feds could then use local authorities to arrest suspects.
How Would They Do This?
By changing international banking policies and requiring in-person visits for any withdrawals or additional funds transfers.Essentially, by forcing suspects to interact with their international deposits at a local bank (more on this below), long term this would likely result in a huge drop in online crime.
If It’s Such An Obvious Solution, Why Isn’t It Happening?
The answer may be organized crime itself. Behind the scenes, organized crime may be influencing the policy makers.
Most malware has a financial agenda. On the website side, certain types of malware are designed to hijack traffic away from website owners and force third party advertising into website browsers forcing users to either click these ads (or restart their computer / smartphones to reset their browser session and escape the forced pop up ads). Malware like that hurts websites (like ours) that depend on our readers to visit ads served by the Google AdSense network or other providers, so that we can afford to stay on the web and continue to publish week after week, year after year.
Has Your Website Been Hacked?
Try surfing your site from various computers and browsers on a regular basis as well as seek feedback from people who use your site. Ask friends and family as well to visit your site and have them report any strange events they encounter.
Has Your Site’s Traffic Been Hijacked?
If you have an average amount of daily visitors and an average amount of advertiser revenue and those numbers suddenly change, this could reflect a few different things that criminal hackers have been known to do: They may be redirecting your traffic elsewhere, they may be replacing your affiliate account links with their affiliate links, etc. In the end, you can lose a lot of business quickly and unless you realize you’ve been hacked, you could end up going out of business. The hacker doesn’t care though.
American Businesses Are Easy Victims
In fact he may be operating from the other side of the world, a big smile on his face when he looks at how easily he is ripping off Americans — it’s like taking candy from a baby. As a way to help hide his overseas operations, he may be using local mailing addresses via family and friends in the U.S. who are now collecting the advertising revenue and affiliate revenue that your hijacked traffic is generating.
Malware In The Form Of APT
The most current tool used is the APT: Advanced Persistence Threat. These programs can hide in computers, transmit data, activate programs that can attack and disable computers that run nuclear reactors and facilities or any function computers can do.
Home User / Employee Browser Malware
On the user side — we’re talking about you and your internet browser — certain types of malware place pop up advertising on your computer or smartphone that then takes you away from websites, including this one. That is not the fault of the website owner; in this case it’s your phone, computer or tablet to blame. Or the malware in question simply wants to steal your credit card information, your login information, and your entire identity if it is able.Security software is available to guard against many types of common malware.
Apps And Programs You Download Are Commonly Infected With Malware
Also, be sure to check when installing an app or program if other features, browsers, apps are installed with it. In short, read the instructions. If you can’t opt out then make sure you can uninstall. These “add-ons” often contain various malware programs and can be difficult to manage or uninstall. Most operating systems have a “pop-up” blocker; check your settings to activate this.
We Are The Victims — Cyber Criminals And Organized Crime Are Robbing Web Users, Especially Americans
As a nation, we are being robbed, our internet is being hijacked. A lot of it has also been in the form of ransomware, where company’s computers are seized by hackers and their files encrypted so they are inaccessible. If these companies don’t pay up, they are threatened and told their company files will all disappear unless their demands are met.
Cyber Crime Is On Par With Violent Crime
While no one is putting a gun to our heads and ripping us out of a car, it’s still a vicious robbery and it’s about time that something is done. That amount of money ($4.63 billion dollars as estimated by FBI) is just a financial tip of a huge iceberg of online crime and threat to our society; but ransomware incidents are not always reported for fear of repeat attacks; the amount of money being stolen annually from US companies and citizens is astronomical, according to reports.
Can We Do Anything? Yes, Let’s Start With Banks
Current banking policies enable thieves around the world to operate with anonymity (even though that’s not supposed to be the case). In other words, they have lax policies and poor enforcement. Why is that? With so much cyber theft in the modern day, no one should be able to use banks with anonymity and lax identity verification. Demanding finger prints, retina scans, and in person banking on international transactions would help international authorities connect thieves with the money they are taking or being paid as ransoms.
Don’t Let International Transations Be The Identifier — Local Transactions May Also Be Happening
Remember, some of these overseas hackers have friends and family in the U.S. they could be using as fronts for local bank transfers. We need increased in-person identification if we want to slow down some of this crime. While I’m all for personal liberty I don’t mind giving the bank my thumbprint if it will help reduce the amount of cyber crime that is happening.
Why Are Citizens Afraid Of Increased Security If It Is Aimed At Stopping Cyber Crime?
Perhaps a lot of the growls we here against stepping up security vs crime are coming from people who benefit from lax security. Remember, if organized crime has influenced certain policy makers, they can get those policy makers to growl against security protocols and give some kind of speech about losing personal liberties.Don’t fall for the speeches. Organized criminals and the policy makers they influence are clever snakes and will hiss and say anything they can to keep the policies on their sides. Hopefully the feds will start looking a lot closer at U.S. and international policy makers and some connections to organized crime — and then deal with it.
Policies And Procedures Need To Change
What it comes down to is this: A huge push should be made to change the way that banks enable cyber crime because banks enable money to be sent so easily from one account in one country to another account in another country. That is weird, to say the least. It should be obvious to policy makers that we can slow down crime by changing bank policies.
Dish Out Big Fines To Banks That Shield Criminals
Banks that do not cooperate or banks that enable thieves to rip off consumers and businesses should be made to pay fines — big fines. Perhaps that will motivate banks to enforce personal identification on overseas transactions, and especially here at home.
Website SSLs, A Small Step Toward A Big Problem
Corporate giants like Microsoft and Google are pushing the adoption of SSL Certificates. Google will actually require these in 2018 or they will flag your site as insecure in search results. SSL (Secure Sockets Layer) is the basic security technology for the online establishment of an encrypted link between a web server and a browser such as Google, Yahoo, Bing or Firefox.This technical link makes sure that all the data passed between the web server and browser stays private and within the site. If your site does not have the SSL certificate, no secure online connection can be established. In short, your company’s information will not be digitally connected to a cryptographic key.
An SSL helps searchers avoid sites (that appear in Google search results) that can contain virus, malware, unwanted adware and outright hostile programs. Google and other browsers will flag a site that does not have a current SSL. But it is only one element of a necessary need for awareness on the part of website owners, administrators and the 2 billion daily searchers of the web daily and worldwide.
Equifax Hack Brings Attention To The Dark Web
Equifax admitted that its site had been hacked and the personal financial data of literally millions of Americans had been stolen. Not only this site but numerous online merchants’ sites and even the Social Security and Dept. of Defense sites have been hacked. This information is sold on what is termed the “dark web”. This area is hidden from the view of the average user by most ISPs and monitored by law enforcement as well.You will draw attention to yourself from law enforcement if you attempt to login to it. This is the area where human trafficking, narcotics, terrorist groups and stolen information are sold. Mainstream search engines such as Google, Yahoo, etc. block sites they feel are objectionable as a policy. These are being hosted on the “dark web”.
Internet Service Providers Need Better Security
There’s another piece to this puzzle that needs to be addressed; it’s the position that ISPs have to spot hackers and cyber criminals before they can strike. How would they do that? Here’s an analogy … picture a tall skyscraper with several floors lit up at night; those lit up floors represent honest and everyday web users; the floors that are dark represent users that are using the web anonymously or from spoofed IP addresses or whatever means that hackers and cyber criminals use to access the web. What if ISPs could simply block people from surfing the web anonymously? In other words, no one should be allowed to use the web unless their is transparency — keep the bad apples from surfing the same internet as the good apples.Do we need new technology, new broadband, new satelites, new cable modems?
The person or company that invents the technology that creates transparency on the web and stops cybercrime is going to be rich.
Beware The Pedophile Policy Makers
There is a lot of child porn in the world. It’s illegal. But the pedophiles in power, pedophile policy makers hidden among the reputable policy makers, may be some of the first people to growl against transparency coming to web browsing. For the first time suddenly they can’t search out and trade / swap online child porn with the anonymity they used to have.The next time you hear a speech about how we need to protect our internet from “big brother” realize that speech might be coming from a seriously perverted policy maker with a love for child porn. He doesn’t care about protecting personal liberties. All he cares about is protecting his sick fantasies.
The Organized Crime Angle
Organized crime groups are aggressive and will continue to seek ways to get to our hard earned income and the bank accounts of small and large companies around the world. Russia has an active, violent and protected mafia within its borders. Putin uses them as tools. He has also “weaponized” Russian businesses. The recent disclosures of the alleged Trump collusion with Russia mentioned his business dealings in Russia, notably the “Trump Tower” real estate transactions. These actually involved the Trump Organization leasing its name to the Russian billionaire real estate developers, a fairly passive transaction. Trump took no active part in their activities — or at least that is what is claimed.
High Tech Gangs And White Collar Criminals Sometimes Backed By Actual Thugs
When we use the term “organized crime” we usually think of the Mafia and Don Corleone. One of the oldest tools of the Sicilian Mafia that was brought to America was the “protection racket”. Basically, if you make the payments, nothing happens. Today’s organized crime is a mix of local high-tech gangs, white collar criminals and thugs. The protection racket has gone techie. The way it works is that one work group develops the software program like ransomware (WannaCry for instance), another writes the ransom note and one collects and “banks” the money.North Korea has been tagged as the author of WannaCry recently and is now thought to be hacking sites to steal Bitcoin to fund its nuclear and missile programs.
Ransomware is particularly effective and numerous businesses and even local governments have made payments to regain access to their files and computer systems. Even random individuals are victims to this type of crime. Usually the only way to retrieve use of their computer is to pay online. Malware and ransomware criminals are very effective in masking their location through “proxy” uses of other victims’ computers and systems. Placing “hackerbots” on proxy computers makes the original source almost invisible and the “bots” transmit constantly and spread these programs.
Rich Rewards For Ambitious Hackers Who Flip Sides
Surely a future technology is coming that will put a stop to most of these common rip-offs? If an ambitious hacker wants to really make a fortune he (or she) would direct his or her energy at becoming the inventor of the technology that puts a stop to global hacking.
Top Hacking Groups Globally
The “usual suspects” are just whom you would assume: China, Russia, North Korea and Iran. But besides having military sponsored special units, each nation has groups within that nation that contribute independently as well. China has as at least 200 known, while Russia has at least 50. North Korea, using an internal group “The Lazarus Group” almost stole $1b from the Federal Reserve. The North Koreans also hacked Sony Pictures to stop showing of a movie about Kim Jong-Un, “The Interview”. Hacking is also used to blackmail victims, large and small.
Cyber Currencies Making It Easy For Criminals To Prey Anonymously
Cyber currencies like Bitcoin are somewhat untraceable and are rapidly becoming the “coin of the realm” for criminals, rogue states and other bad actors in online crime.Maybe we need some procedural changes there as well.
Other Threats Malware Presents
This is when one company goes after another company. This can be through the actions of an employee who mistakenly installs unauthorized software on their computer, opens an email with malware that infects the company’s system of deliberate espionage and theft of specific product data such as what Micron recently experienced from several Chinese nationals. China’s economy is largely State backed and the government subsidizes many industries.
Technologies, procedures, designs, and more can all be stolen through hacking and malware. While we may not care too much nowadays if the Chinese can steal Coca-Cola, a true danger exists where one government can hack into another government and potentially wreck havoc on their national defense and communication systems. What if China and or Russia wanted to tear down U.S. communications and defenses as part of a first strike attack?According to reports, countless amounts of hacking and or hacking attempts have been attributed to the Chinese and Russian governments.
Maybe the U.S. should be doing a lot more about it.
Types Of Hackers A Small To Large Business Is Likely To Encounter
Techno-gangs which are motivated by money. They often work with others in partnership to extort through threats of shutdown, ransomware and outright steal money to continue the goals of their “partners in crime”. Organized crime has been known to contract hacktivists, terrorists and others since they market their skills for hire and keep a significant part of the “take” for themselves.
These are usually employees who download company information, take home laptops or cd/dvd data to work on at home or who access company files on public Wi-Fi and do not assess their environment or log out immediately.
These are hackers with a particular social cause as their motivator. Some may have a good cause. Not all hacking is without merit. For example, if North Korea is such a threat, I personally wouldn’t be opposed to a brave group of hackers destroying North Korea’s nuclear capabilities, communications, and more, if it’s possible.If someone corrupt heads a corporation, heads a drug cartel or holds a political office, a hacktivist may have the ability to expose someone otherwise untouchable.
Noted recently is Anonymous, which has disclosed state secrets, shut down systems and made other demonstrations of their reach and power. They are just what they say, “anonymous”.
Some Hacktivists Don’t Have The Public Good In Mind
Your business could be a service, vendor or producer of a targeted cause that the political hacker has chosen and it could be that there’s nothing “bad” about your business. They may not know you personally but consider you guilty by association with a cause they oppose.
These are political activists and members of rogue states who infiltrate systems to gain personal data, finances (direct access to bank accounts) or use ransomware to support their cause.Iran, China and North Korea have already tested attacks on America’s national grid and other systems.
ISIS has been considered the cause of a breach in the Department of Defense system that gave personal and family information of military personnel and their families for use in possible attacks. ISIS has a sophisticated technical and social media section and despite losing territory, has increased its global reach across the web.
Nation State Hackers
These can be official workers in a national agency that probe, alter, and infect computers and systems of other nation’s computer systems. They can also be patriotic private citizens who see as their duty-seeking ways to access other nations’ data and communications systems. There are also specific groups within a national military that specializes in cyberwarfare. Your business can be on a target list due to being a subcontractor, being considered an access point to large contractors or for use as a proxy in sending malware to other systems. You don’t have to be big, just useful to them.
Here’s a tip for the feds: Can you create fake computer systems that have U.S. built malware waiting to be triggered by an overseas intrusion? When that overseas intrusion hacks into a certain file or line of code on the U.S. side, the U.S. government’s malware could now follow the intrusion back to the source where it destroys that hacker’s computer network?
Internet Self-Defense For Individuals
You are responsible for protecting your personal information, your website and business communications and your own privacy and there are effective tools readily available that can stop a lot of common malware and hacking (but typically not the more sophisticated kind).To start, change all passwords on a regular basis. Be methodical and creative. Password all of your computers, phones and personal devices. Be careful about downloading apps and programs. Verify the source site and read all the instructions.
Use a dependable security program and update that security program automatically.
Don’t open random emails / don’t open attachments. Do not open emails from sites you don’t recognize or from any site to which you do not have a subscription.
If you use public Wi-Fi, be sure to log off as soon as you are done.
Consider subscribing to an online personal security source to monitor any use of your information or access to financial information.
Re-consider purchase of Alexa or other “services”. Your privacy is at risk at the benefit of convenience.
Business web security – Obtain an SSL certificate for your site and keep it current; renew before any expiration date.
Review your site on a regular basis. Watch for any unauthorized changes, links added or other signs of intrusions. Since malware can change site files and launch functions from deep inside subfolders, on a regular basis (weekly, bi-weekly, etc.) it may be smart to delete every single folder from your website’s hosting account (late at night, when traffic has dropped off), change all your passwords, and then re-upload your entire site from where the original and all your webpages are stored offline (this works for HTML websites built offline; it does not work for CMS sites like WordPress that are commonly built and stored entirely online).
Consider a website security service; if you do most of your business online a service that can monitor all activity and report any suspicious traffic will save money, time and your web reputation.
Monitor your web presence. “Google” yourself and check for bad reviews or any use of your site by other parties. Have a company policy on computer use. Employees are to sign off. Computers are for business only. This also protects you in any loss/theft of clients’ personal financial data (FICO).
Develop ways to monitor your employees. One former hacker advised that companies need ways to “guard the guards”. A lot of hacking and cyber crime is coming from the employees of major web companies. These could be web hosts, web design companies, programmers, internet service providers, and the list goes on. Organized crime may be reaching out to these employees with tempting amounts of money and other rewards for acting as a mole.
Encrypting your data is an excellent idea. Approach “cloud computing cautiously”; get an objective opinion on whether or not this option is a benefit. For example, Microsoft 365 Office is vulnerable to accidental purges and intrusion. Unless you are global with your encryption, this may not be the best business option.
Staff training is essential. Have regular updates on recognizing threats and reporting them. Have criteria for use of office computers. Most intrusions come from “phishing” emails and from employees using the company computers for personal searches and email. No personal use policies or permitting discrete use of personal smartphones during business day can be possible solutions.
Block All FTP Users Except Specific IP Addresses
When researching common ways sites are hacked we found out that FTP (file transfer protocol) which is a common way for website files to be uploaded to the web, have a lot of weaknesses that in the modern day shouldn’t exist at all. Why are there so many weaknesses when it comes to securing FTP?By now it seems obvious that web hosting companies (at least in America) should make FTP a lot more secure, for example making FTP by default inaccessible to everyone. Only those with approved IP addresses (and a way to verify these IP addresses haven’t been spoofed) should be able to use FTP to make changes to a website.
If you’ve got any kind of voice with a major web hosting company, perhaps you can share this suggestion as just one step toward helping websites and users around the world make the internet a safer place, one step at a time.
We Need To Stop Taking Computers For Granted
We all take our smartphones and computers for granted. Hacking is so widespread that you may have already been hacked (several times in life) and your passcodes, identity and financial information compromised. By introduction of services such as Alexa and the intriguing convenience they offer, we are being lured into an easily monitored and controlled way of life. The wired society offers as many perils to liberty (in the wrong hands) as benefits to ease and convenience. Technology is easily perverted and used against its creators and users as we see in the epic rise of criminal hacking.Alexa maybe harmless today — but what if a future malware program turns Alexa into something malicious that listens in on conversations and in turn steals passwords, steals credit card numbers, steals itineraries, and more.
Our Technologies Need Safeguards
If we’re going to roll out new technologies, we need to roll these technologies out with safeguards.
Update: Awareness For Internet Security Is At An All Time High — This May Lead To Mass Arrests
FBI’s warning to criminals and cyber-criminals everywhere: there are consequences.When bringing down criminal enterprises, the FBI often goes silent when it’s closing in on a suspect or group of suspects. Based on historical actions and eventual successes of the FBI and their ever evolving pursuit of criminals over the decades, at some point the hacking world, and that includes organized crime, is suddenly going to find itself in a dragnet of mass arrests with some of those arrests leading to the arrests of high officials with connections to the world of organized crime.
It’s just a matter of time. In the modern day it’s the natural order of things. Statistically, it’s a numbers game. Law enforcement has more access to highly intelligent thinkers than criminal enterprises do. It’s like a game of chess, with both sides bringing in new thinkers as the game progresses. But history and statistics are on the side of law enforcement who is more than likely to win this game.
It may already be happening now, the right thinkers and strategists may already be in place for the FBI — but who can say for sure?
Arrests may already be taking place but the media will never know because the feds are good about keeping quiet while they grill suspects and dig up more connections to criminals elsewhere. That has been a successful FBI tactic on a repeat basis on many fronts in past decades.
On top of that, large amounts of money may be quietly being paid to extremely smart web security teams and former hackers to uncover cyber criminals around the world.
Word To Hackers: Take The Money And Run
Cyber criminals who come across this article are doing so at a time when government and international authorities that likely include the CIA, MI6, Mossad and other intelligence groups, all with some very smart people on their payrolls, may right now be closing in on you, your actions, your location.Maybe it’s a good time to cash out of the hacker game and go retire somewhere nice, because the odds are against you every year that passes. Unless you’re ok with prison, potentially hard prison time with gang members, one percenters, sexual predators, and the mentally disturbed — getting out of the world of criminal hacking is recommended, while you still can.