Tag Archives: hackers

To Anyone Who Wants To Avoid Getting Hacked: Use Two-Factor Authentication (And Set It Up Now)

How to Secure Your Apple Account with Two-Factor Authentication

The internet is a vast, crazy place. It’s full of wonders and horrors. It offers a wealth of knowledge, as well as an endless stream is lies, scams, and misinformation. You’ll wonderful, disturbing, beautiful, yet perverse place. You can meet all sorts of amazing people online, but you can also encounter some of the weirdest, creepiest individuals on the face of this planet.

The internet is remarkable, yet chaotic is what I’m saying. The same could be said for cars and highways. That’s why you wear seatbelts and make sure your side has airbags. That way, if something does go wrong, you have something in place that can save you.

In that same spirit, I’d like to offer an important bit of advice to anyone who uses a computer and regularly accesses the internet, which is increasing with each passing day mind you. It has to do with security, a topic that has become a lot more relevant in recent years.

It wasn’t that long ago that a single cyberattack shut down a critical pipeline that disrupted fuel supplies for the entire eastern United States. However, I feel like people have already forgotten about that incident and the lessons it had to offer.

There are a lot of things to be said about that attack and why it was successful. However, much of it came back to poor cyber security practices. That included little practices like not logging out of a secure network, using easily-guessed passwords, or using the same password for multiple logins. As more and more of our lives go online, these practices will become increasingly damaging.

I know this because I too have been guilty of doing this. Just recently, I had a few security scares for some email accounts that I still use. I didn’t make a big deal about it at first. Then, I realized just how much sensitive information I had in these accounts and I needed to be more careful.

That’s why I immediately activated two-factor authentication.

That’s also why you should activate it too.

No matter how small or large your presence is online, I cannot recommend utilizing this feature enough. Do it for your email accounts. Do it for your social media accounts. Do it for your online shopping accounts. You don’t have to do it for everything, but if you have the option, definitely take advantage of it.

It’s not that hard to utilize. If you have a cell phone that can receive texts, you can use it. Yes, it is an extra step to log in. You have to both enter a password and a code that’s sent to your cell phone. It’s a bit more tedious, but it assures that, even if someone steals your password, they still can’t log in without your phone. It’s not perfect security, but it makes a big difference.

The security at the Colonial Pipeline facility didn’t utilize it. A majority of companies don’t utilize it on a large scale. There are some legitimate reasons for that, but most people don’t use it because it’s inconvenient. It’s another step on top of having to remember a password. Some people just don’t like that.

I get it, but I also get the risks of being hacked or losing your data. If you have a choice between being slightly more inconvenienced or losing critical data, then the choice should be clear. Endure that little bit of inconvenience. It’ll protect you, your data, your money, your identity, and so much more.

I had a bit of a cyber scare recently and while I was able to fix it before anything happened, I made sure I was more proactive. Trust me. You don’t want to learn the hard way why you should utilize extra layers of security whenever you’re online.

I’ll say it again. If you can activate two-factor authentication for any or all your accounts, do it. You’ll spare yourself plenty of stress and frustration. The internet is still an amazing place, but it can be dangerous. Your password is just a seatbelt. Two-factor authentication is an airbag. Your odds of being safe are much better when you can rely on both.

Leave a comment

Filed under Current Events, rants, technology

A Cyber Attack Managed To Shut Down A Major US Pipeline: Why We Should Be (Very) Concerned

In general, fearmongering is not productive. It’s one thing to raise awareness or express concern about an issue. It’s quite another to say that it’ll lead to the end of the world as we know it and everyone should drop what they’re doing immediately to address it.

One is a serious, substantive conversation.

The other is outright panic porn mixed with doom-saying.

This is why certain alarmists are hard to take seriously. I believe that climate change is real. I believe it’s a serious issue. However, I think those who just publicly yell about how awful the situation is and how terrible it’s bound to get aren’t helping. They’re just making it easier for people to write off valid concerns as fearmongering.

I don’t want to fall into that trap whenever I talk about issues I think warrant serious concern. At the very least, I’d like to raise reasonable awareness about an issue that may very well affect large swaths of people, both locally and globally. Even if an issue is urgent, we can’t let fearmongering obscure the issue.

Having said all that, I want to state outright that we should all be very concerned about the recent cyber attack on a major pipeline in the southern United States. You may not have felt its effects yet, but it’s likely you’ll notice the next time you have to gas up your car. To appreciate just how serious this attack was, here’s the story from Reuters.

Reuters: Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed

Top U.S. fuel pipeline operator Colonial Pipeline shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack on Friday that involved ransomware.

The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how vulnerable U.S. energy infrastructure is to hackers. A prolonged shutdown of the line would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to U.S. consumers and the economy.

“This is as close as you can get to the jugular of infrastructure in the United States,” said Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab. “It’s not a major pipeline. It’s the pipeline.”

Now, before you start freaking out about the possibility of terrorists hacking major utilities, it’s worth looking at this attack in context. This was not an attack done in the mold of the movie, “Live Free Or Die Hard.” These criminals were not Hans Gruber or some super-hacker in the mold of “Tron.” This was a ransomware attack.

For those not familiar with cyber crimes, a ransomware attack is when someone gets into a network or a specific computer and installs a piece of software that effectively locks all your drives. The only way to unlock it is to pay the hacker a certain sum of money, often in Bitcoin.

In general, these cyber-criminals are out to cause chaos and destroy entire countries. They’re just looking for some money. I guess in that sense they are like Hans Gruber.

For most people, there are established procedures to protect against ransomware and to weed it out. However, that’s just for personal computers and basic IT infrastructure in an average company. This attack hit a major utility. That fundamentally changes the context of this attack.

Ransoming someone with poor computer skills is one thing. That person will only suffer so much loss and frustration if they cannot save their data. A major utility is very different by orders of magnitude. Utilities like the Colonial Pipeline are critical for the basic functioning of our infrastructure. Shutting them down, even for a brief period, can cause a lot of damage.

On top of that, you’d think that a major utility would have some pretty robust cyber security, but you’d be distressingly wrong. Major government networks are still routinely hacked and hacked successfully. While most of these attacks are after personal data, the idea of a more malicious cyber attack is not an unreasonable concern at this point.

If a simple ransomware attack can disrupt a major pipeline, then what could a more coordinated attack do? It’s a disturbing question with equally disturbing answers. Remember, those who attacked the Colonial Pipeline were just after money. Imagine if they were looking to cause serious damage and loss of life.

This kind of cyber attack is not the stuff of science fiction and sub-par Die Hard movies. It has happened in the real world, the most famous being the Stuxnet attack that crippled Iran’s nuclear weapons program. That was a government-on-government attack that had major geopolitical ramifications.

Also, that’s just an attack we know about. I don’t think it takes an elaborate conspiracy theory to surmise that there have been other attacks like this that have not been made public. Some of those attacks might be many times scarier than either Stuxnet or the Colonial Pipeline.

This is all serious cause for concern. With each passing year, the world is becoming more connected and more tech savvy. An entire generation is coming up in a world where the internet is everywhere, both in industrialized nations and in developing countries. Like every generation before it, there will be conflict. It just won’t be fought in the same ways we’re used to.

If it’s possible to shut down a country’s pipelines, electricity, and communication networks without ever dropping a bomb or deploying a single troop, then we can’t assume it’ll never happen. We also can’t assume that it will, especially if we actively work on addressing the issue.

We managed to do that with nuclear weapons. We should make a similar effort with cyber attacks. We just learned that hackers can disrupt a major utility using a type of attack that is almost a decade old. Let’s not wait for another bolder attack on a larger target.

That still doesn’t mean freaking out and trying to live off the grid. It just means doing the necessary work to improve computer security, both on a personal level, as well as a governmental level. I don’t claim to be an expert in either, but if we can all do our part by just not having such an easily guessable password, we can all make a difference.

Leave a comment

Filed under Current Events, politics, real stories, technology