Tag Archives: internet security

To Anyone Who Wants To Avoid Getting Hacked: Use Two-Factor Authentication (And Set It Up Now)

How to Secure Your Apple Account with Two-Factor Authentication

The internet is a vast, crazy place. It’s full of wonders and horrors. It offers a wealth of knowledge, as well as an endless stream is lies, scams, and misinformation. You’ll wonderful, disturbing, beautiful, yet perverse place. You can meet all sorts of amazing people online, but you can also encounter some of the weirdest, creepiest individuals on the face of this planet.

The internet is remarkable, yet chaotic is what I’m saying. The same could be said for cars and highways. That’s why you wear seatbelts and make sure your side has airbags. That way, if something does go wrong, you have something in place that can save you.

In that same spirit, I’d like to offer an important bit of advice to anyone who uses a computer and regularly accesses the internet, which is increasing with each passing day mind you. It has to do with security, a topic that has become a lot more relevant in recent years.

It wasn’t that long ago that a single cyberattack shut down a critical pipeline that disrupted fuel supplies for the entire eastern United States. However, I feel like people have already forgotten about that incident and the lessons it had to offer.

There are a lot of things to be said about that attack and why it was successful. However, much of it came back to poor cyber security practices. That included little practices like not logging out of a secure network, using easily-guessed passwords, or using the same password for multiple logins. As more and more of our lives go online, these practices will become increasingly damaging.

I know this because I too have been guilty of doing this. Just recently, I had a few security scares for some email accounts that I still use. I didn’t make a big deal about it at first. Then, I realized just how much sensitive information I had in these accounts and I needed to be more careful.

That’s why I immediately activated two-factor authentication.

That’s also why you should activate it too.

No matter how small or large your presence is online, I cannot recommend utilizing this feature enough. Do it for your email accounts. Do it for your social media accounts. Do it for your online shopping accounts. You don’t have to do it for everything, but if you have the option, definitely take advantage of it.

It’s not that hard to utilize. If you have a cell phone that can receive texts, you can use it. Yes, it is an extra step to log in. You have to both enter a password and a code that’s sent to your cell phone. It’s a bit more tedious, but it assures that, even if someone steals your password, they still can’t log in without your phone. It’s not perfect security, but it makes a big difference.

The security at the Colonial Pipeline facility didn’t utilize it. A majority of companies don’t utilize it on a large scale. There are some legitimate reasons for that, but most people don’t use it because it’s inconvenient. It’s another step on top of having to remember a password. Some people just don’t like that.

I get it, but I also get the risks of being hacked or losing your data. If you have a choice between being slightly more inconvenienced or losing critical data, then the choice should be clear. Endure that little bit of inconvenience. It’ll protect you, your data, your money, your identity, and so much more.

I had a bit of a cyber scare recently and while I was able to fix it before anything happened, I made sure I was more proactive. Trust me. You don’t want to learn the hard way why you should utilize extra layers of security whenever you’re online.

I’ll say it again. If you can activate two-factor authentication for any or all your accounts, do it. You’ll spare yourself plenty of stress and frustration. The internet is still an amazing place, but it can be dangerous. Your password is just a seatbelt. Two-factor authentication is an airbag. Your odds of being safe are much better when you can rely on both.

Leave a comment

Filed under Current Events, rants, technology

A Cyber Attack Managed To Shut Down A Major US Pipeline: Why We Should Be (Very) Concerned

In general, fearmongering is not productive. It’s one thing to raise awareness or express concern about an issue. It’s quite another to say that it’ll lead to the end of the world as we know it and everyone should drop what they’re doing immediately to address it.

One is a serious, substantive conversation.

The other is outright panic porn mixed with doom-saying.

This is why certain alarmists are hard to take seriously. I believe that climate change is real. I believe it’s a serious issue. However, I think those who just publicly yell about how awful the situation is and how terrible it’s bound to get aren’t helping. They’re just making it easier for people to write off valid concerns as fearmongering.

I don’t want to fall into that trap whenever I talk about issues I think warrant serious concern. At the very least, I’d like to raise reasonable awareness about an issue that may very well affect large swaths of people, both locally and globally. Even if an issue is urgent, we can’t let fearmongering obscure the issue.

Having said all that, I want to state outright that we should all be very concerned about the recent cyber attack on a major pipeline in the southern United States. You may not have felt its effects yet, but it’s likely you’ll notice the next time you have to gas up your car. To appreciate just how serious this attack was, here’s the story from Reuters.

Reuters: Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed

Top U.S. fuel pipeline operator Colonial Pipeline shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack on Friday that involved ransomware.

The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how vulnerable U.S. energy infrastructure is to hackers. A prolonged shutdown of the line would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to U.S. consumers and the economy.

“This is as close as you can get to the jugular of infrastructure in the United States,” said Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab. “It’s not a major pipeline. It’s the pipeline.”

Now, before you start freaking out about the possibility of terrorists hacking major utilities, it’s worth looking at this attack in context. This was not an attack done in the mold of the movie, “Live Free Or Die Hard.” These criminals were not Hans Gruber or some super-hacker in the mold of “Tron.” This was a ransomware attack.

For those not familiar with cyber crimes, a ransomware attack is when someone gets into a network or a specific computer and installs a piece of software that effectively locks all your drives. The only way to unlock it is to pay the hacker a certain sum of money, often in Bitcoin.

In general, these cyber-criminals are out to cause chaos and destroy entire countries. They’re just looking for some money. I guess in that sense they are like Hans Gruber.

For most people, there are established procedures to protect against ransomware and to weed it out. However, that’s just for personal computers and basic IT infrastructure in an average company. This attack hit a major utility. That fundamentally changes the context of this attack.

Ransoming someone with poor computer skills is one thing. That person will only suffer so much loss and frustration if they cannot save their data. A major utility is very different by orders of magnitude. Utilities like the Colonial Pipeline are critical for the basic functioning of our infrastructure. Shutting them down, even for a brief period, can cause a lot of damage.

On top of that, you’d think that a major utility would have some pretty robust cyber security, but you’d be distressingly wrong. Major government networks are still routinely hacked and hacked successfully. While most of these attacks are after personal data, the idea of a more malicious cyber attack is not an unreasonable concern at this point.

If a simple ransomware attack can disrupt a major pipeline, then what could a more coordinated attack do? It’s a disturbing question with equally disturbing answers. Remember, those who attacked the Colonial Pipeline were just after money. Imagine if they were looking to cause serious damage and loss of life.

This kind of cyber attack is not the stuff of science fiction and sub-par Die Hard movies. It has happened in the real world, the most famous being the Stuxnet attack that crippled Iran’s nuclear weapons program. That was a government-on-government attack that had major geopolitical ramifications.

Also, that’s just an attack we know about. I don’t think it takes an elaborate conspiracy theory to surmise that there have been other attacks like this that have not been made public. Some of those attacks might be many times scarier than either Stuxnet or the Colonial Pipeline.

This is all serious cause for concern. With each passing year, the world is becoming more connected and more tech savvy. An entire generation is coming up in a world where the internet is everywhere, both in industrialized nations and in developing countries. Like every generation before it, there will be conflict. It just won’t be fought in the same ways we’re used to.

If it’s possible to shut down a country’s pipelines, electricity, and communication networks without ever dropping a bomb or deploying a single troop, then we can’t assume it’ll never happen. We also can’t assume that it will, especially if we actively work on addressing the issue.

We managed to do that with nuclear weapons. We should make a similar effort with cyber attacks. We just learned that hackers can disrupt a major utility using a type of attack that is almost a decade old. Let’s not wait for another bolder attack on a larger target.

That still doesn’t mean freaking out and trying to live off the grid. It just means doing the necessary work to improve computer security, both on a personal level, as well as a governmental level. I don’t claim to be an expert in either, but if we can all do our part by just not having such an easily guessable password, we can all make a difference.

Leave a comment

Filed under Current Events, politics, real stories, technology

Why We Should Treat Our Data As (Valuable) Property

Many years ago, I created my first email address before logging into the internet. It was a simple AOL account. I didn’t give it much thought. I didn’t think I was creating anything valuable. At the time, the internet was limited to slow, clunky dial-up that had little to offer in terms of content. I doubt anyone saw what they were doing as creating something of great value.

I still have that email address today in case you’re wondering. I still regularly use it. I imagine a lot of people have an email address they created years ago for one of those early internet companies that used to dominate a very different digital world. They may not even see that address or those early internet experiences as valuable.

Times have changed and not just in terms of pandemics. In fact, times tends to change more rapidly in the digital world than it does in the real world. The data we created on the internet, even in those early days, became much more valuable over time. It served as the foundation on which multi-billion dollar companies were built.

As a result, the data an individual user imparts onto the internet has a great deal of value. You could even argue that the cumulative data of large volumes of internet users is among the most valuable data in the world.

Politicians, police, the military, big businesses, advertising agencies, marketing experts, economists, doctors, and researchers all have use for this data. Many go to great lengths to get it, sometimes through questionable means.

The growing value of this data raises some important questions.

Who exactly owns this data?

How do we go about treating it from a legal, fiscal, and logistical standpoint?

Is this data a form of tangible property, like land, money, or labor?

Is this something we can exchange, trade, or lease?

What is someone’s recourse if they want certain aspects of their data removed, changed, or deleted?

These are all difficult questions that don’t have easy answers. It’s getting to a point where ownership of data was an issue among candidates running for President of the United States. Chances are, as our collective data becomes more vital for major industries, the issue will only grow in importance.

At the moment, it’s difficult to determine how this issue will evolve. In the same way I had no idea how valuable that first email address would be, nobody can possibly know how the internet, society, the economy, and institutions who rely on that data will evolve. The best solution in the near term might not be the same as the best solution in the long term.

Personally, I believe that our data, which includes our email addresses, browsing habits, purchasing habits, and social media posts, should be treated as personal property. Like money, jewels, or land, it has tangible value. We should treat it as such and so should the companies that rely on it.

However, I also understand that there are complications associated with this approach. Unlike money, data isn’t something you can hold in your hand. You can’t easily hand it over to another person, nor can you claim complete ownership of it. To some extent, the data you create on the internet was done with the assistance of the sites you use and your internet service provider.

Those companies could claim some level of ownership of your data. It might even be written in the fine print of those user agreements that nobody ever reads. It’s hard to entirely argue against such a claim. After all, we couldn’t create any of this data without the aid of companies like Verizon, AT&T, Amazon, Apple, Facebook, and Google. At the same time, these companies couldn’t function, let alone profit, without our data.

It’s a difficult question to resolve. It only gets more difficult when you consider laws like the “right to be forgotten.” Many joke that the internet never forgets, but it’s no laughing matter. Peoples’ lives can be ruined, sometimes through no fault of their own. Peoples’ private photos have been hacked and shared without their permission.

In that case, your data does not at all function like property. Even if it’s yours, you can’t always control it or what someone else does with it. You can try to take control of it, but it won’t always work. Even data that was hacked and distributed illegally is still out there and there’s nothing you can do about it.

Despite those complications, I still believe that our data is still the individual’s property to some extent, regardless of what the user agreements of tech companies claim. Those companies provide the tools, but we’re the ones who use them to build something. In the same way a company that makes hammers doesn’t own the buildings they’re used to make, these companies act as the catalyst and not the byproduct.

Protecting our data, both from theft and from exploitation, is every bit as critical as protecting our homes. An intruder into our homes can do a lot of damage. In our increasingly connected world, a nefarious hacker or an unscrupulous tech company can do plenty of damage as well.

However, there’s one more critical reason why I believe individuals need to take ownership of their data. It has less to do with legal jargon and more to do with trends in technology. At some point, we will interact with the internet in ways more intimate than a keyboard and mouse. The technology behind a brain/computer interface is still in its infancy, but it exists and not just on paper.

Between companies like Neuralink and the increasing popularity of augmented reality, the way we interact with technology is bound to get more intimate/invasive. Clicks and link sharing are valuable today. Tomorrow, it could be complex thoughts and feelings. Whoever owns that stands to have a more comprehensive knowledge of the user.

I know it’s common refrain to say that knowledge is power, but when the knowledge goes beyond just our browsing and shopping habits, it’s not an unreasonable statement. As we build more and more of our lives around digital activities, our identities will become more tied to that data. No matter how large or small that portion might be, we’ll want to own it as much as we can.

It only gets more critical if we get to a point where we can fully digitize our minds, as envisioned in shows like “Altered Carbon.” At some point, our bodies are going to break down. We cannot preserve it indefinitely for the same reason we can’t preserve a piece of pizza indefinitely. However, the data that makes up our minds could be salvaged, but that opens the door to many more implications.

While that kind of technology is a long way off, I worry that if we don’t take ownership of our data today, then it’ll only get harder to do so in the future. Even before the internet, information about who we are and what we do was valuable.

This information forms a big part of our identity. If we don’t own that, then what’s to stop someone else from owning us and exploiting that to the utmost? It’s a question that has mostly distressing answers. I still don’t know how we go about staking our claim on our data, but it’s an issue worth confronting. The longerwe put it off, the harder it will get.

Leave a comment

Filed under Artificial Intelligence, biotechnology, Current Events, futurism, Neuralink, politics, technology