Tags: wannacry | ransomware | government | hacking

WannaCry: Just When You Thought Government Couldn't Get More Dysfunctional

WannaCry: Just When You Thought Government Couldn't Get More Dysfunctional
A technology company in Sichuan province released software to recover files encrypted by the virus ''WannaCry'' in Chengdu city, southwest China's Sichuan province, May 15, 2017. (Imaginechina via AP Images)

Thursday, 18 May 2017 10:54 AM Current | Bio | Archive

The New York Times stated the problem imperfectly: "Since August, when a mysterious group calling itself the Shadow Brokers announced that it was auctioning off highly classified National Security Agency hacking tools, a low-grade panic has seized the nation’s largest intelligence agency."

I don’t know about you, but I was struck by the word choice. Low-grade panic? Doesn’t that seem — I don’t know — perhaps too calm?

It’s important to face facts here. The public release of the agency’s software exploits was a cybersecurity disaster of whatever’s worse than "epic" proportions.

Consider Shadow Brokers. It’s obvious that the "mysterious group" behind the release of our nation’s spy cookbook for data mayhem is not concerned about anyone’s cybersecurity. It was clear this was a serious data dump making powerful hacking tools available to absolutely anyone and everyone.

Additionally, you would have to be beyond bad at connecting the dots to not see the immediate fallout: Within the past week an exploit based on those very same agency tricks spread to hundreds of thousands of machines in more than 150 countries.

Still feeling that low-grade terror? Not bad enough for you? Shadow Brokers has since talked about creating a sort of "Hack of the Month" club, for a subscription fee — the perfect gift if you’re at a loss for what to bring to the "You Now Own the United States of America" parties that Vladimir Putin and Kim Jong-un have been wanting to host.

You really need to reflect upon the fact that when Shadow Brokers dumped the data online, it was available to anyone. Roll that around in your mind for a moment. That would include our nation’s enemies, which of course we have in spades these days. So, you really would have to believe that the N.S.A.’s level of concern about the theft of their tradecraft was, to say the least, insufficiently hysterical.

The Washington Post reported that there were officials at the N.S.A. that expressed grave concern about the power of the tools that were liberated by Shadow Brokers, and specifically about EternalBlue, the Microsoft exploit that became world famous after the WannaCry attack. Yet for five years that included several serious breaches, they continued to use the exploit and obviously did not protect it sufficiently.  

Low-grade concern? Makes sense. I mean, after all, there are only some indications that a hacking group linked to North Korea took advantage of the stolen software exploits and were behind the WannaCry attack.

That’s right. How’s that settling in? Panicked perhaps? No matter how you look at the N.S.A.’s face-plant, "Oops," doesn’t quite cover it.

One thing that — unfortunately — now know to be true is that if the government is able to crawl into something, it is highly likely that bad guys will too. That’s why you have to hand it to Apple chief Tim Cook for standing up to the Feds and denying their request to get a backdoor past Apple’s security in the San Bernardino case.

Backdoors are not safe. If you read about one, make sure you spend a little extra time reading about the solution to the cybersecurity issue that you now have as a result.

Here are a few starter tips to make your world a little more cyber secure in the meantime:

1. Install updates

When you are trying to find something online or use an app, those update notices can be like a mosquito overly interested in you, but the last thing you should ever do is swat those notices away. They are often the only thing standing between you and the bad guys out there who are forever looking for a way to exploit weaknesses in the security features that come standard with the devices you use on a daily basis.

2. Use Standard Encryption

Both Apple and PC now offer a way to protect the content stored on your hard drive, and it’s so easy there’s no reason not to use them. It’s called FileVault on Apple and BitLocker on PCs. It is easy to set up, and it renders everything on your machine unreadable by a hacker who gains access to it.

3. Back Up Your Digital Life on an External Drive

For less than $60, you can purchase an external hard drive large enough to store an immense amount of data. That’s where you want to keep your most sensitive personal information. The reason is simple. It is air gapped (not connected to the internet) most if not all of the time. There is no need to be online to backup you hard drive to an external drive. Extra points if you encrypt your data.

4. Use a Password Manager

If you’re not using long and strong passwords, or you are still using the same password across multiple platforms and website, you need to read this. For those who get over that rather low bar, it’s time to improve your game. It used to be that people made cheat sheets with their passwords and stored them on an encrypted thumb drive. It’s no longer necessary. Password managers take away the risk associated with having your passwords written down where they can be found and used. You only need to remember one. As far as services go, there are many—all of them are better than older methods of managing passwords.

5. Read the URL Address

There are more spoof sites out there than you may realize, and they are there to do harm not good. Always look at the URL to be sure that you are on the site you intended to visit and not a clone — the clone will often have a very similar address, so look closely. For an additional layer of security you might want to consider downloading HTTPS Everywhere, a plug-in/add-on that works on Chrome and Firefox that enables HTTPS encryption automatically on sites that support it.

6. Think Before You Click

The number one way people get got is thoughtless clicking. Whether it is a bad website designed to plant malware on your device or phishing email that looks like it came from a friend, but is in reality from a cyber fiend, you must have a pause in place — and it has to be automatic — when it comes to clicking on anything that comes your way from "out there," even or especially if it looks like a friend or family member sent it.

7. Make Your Security a Seamless Part of Your Day

If you see a story about a data breach or a security compromise on a device you use, consider that an action item for your day. Just take a second to find out if you are affected and then take whatever precaution you can. The 40 minutes that average person spends on personal grooming is a good rule of thumb. Think of your cyber hygiene like a glance in the mirror.

8. Use Two-Factor Authentication

Increasingly, two-factor authentication is available on the accounts we use daily, and it is essential that you set it up. It means that if a person hijacks one of your accounts, there isn’t much damage they can do without also having possession to your mobile phone or access to you email account. It’s an easy measure anyone can take to improve personal cybersecurity.

In my book "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves" I go into greater detail about the various ways your information can be got, and what you can do to protect it. The main lesson there: practice what I call "The Three Ms."

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.

Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every two weeks on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.

Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises — oftentimes available for free or at minimal cost through insurance companies, financial services institutions and HR departments.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Mr. Levin is Chairman and founder of CyberScout and co-founder of Credit.com. Adam Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." He is the security and credit expert for ABCNews.com and writes a weekly column for The Huffington Post, Inc. Magazine, The Hill, and Newsmax. Mr. Levin is a go-to expert appearing on many national TV programs including "The Today Show," "Good Morning America," "MSNBC Live," "Fox and Friends," "NBC Nightly News," "ABC World News Tonight," "Cavuto Coast to Coast," "Bloomberg Surveillance," as well as national radio throughout the country. Read more of his reports — Go Here Now.

© 2019 Newsmax. All rights reserved.

1Like our page
You really need to reflect upon the fact that when Shadow Brokers dumped the data online, it was available to anyone.
wannacry, ransomware, government, hacking
Thursday, 18 May 2017 10:54 AM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved