Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: ID Theft

5 ways to keep your data safe right now

Christopher Soghoian is a TED Fellow, and the principal technologist at the American Civil Liberties Union, where he monitors the intersection of federal surveillance and citizen’s rights. Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commission’s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Soghoian is also the creator of Do Not Track, an anti-tracking device that all major web browsers now use.  “There seems to be a new data breach in the news every week — a major company hacked, millions of usernames, passwords or credit card numbers stolen. There isn’t much that you, as an individual, can do to stop hackers from stealing the data you entrust to companies. However, there are some easy things you can do to significantly reduce the harm from such breaches.

  1. Outsource your passwords to a robot – The human brain can only remember so many passwords, not to mention we’re actually really bad at picking good ones. So, too often we just reuse passwords across multiple sites. This is a Very Bad Idea. Once hackers break into a website and steal a database of email addresses and passwords, they can then try to use those same passwords to login to other sites. This is a huge problem, because so many of us use the same password for our Facebook, Google, Twitter and online banking accounts. The solution instead is to use a password manager, a software tool for computers and mobile devices, which will pick random, long passwords for each site you visit, and synchronize them across your many devices. Two popular password managers are 1Password and LastPass.
  2. Get a U2F key — and use two-factor authentication wherever possibleOne other way to protect your accounts is to make sure that even if someone learns your password, they won’t be able to log in. To do this, you’ll want to enable two-factor authentication, an additional security feature that can be added to many online accounts. For some sites, this additional step can take the form of a random number sent to your phone by text message, or running a special app on your smartphone that generates one-time login codes. A relatively new, and even easier form of two-factor authentication is a U2F security key, a device that looks like a thumb drive, which you insert into the USB port when you login to an account from a new computer. These devices, which cost about $15, can be used to add a significant boost to the security to your GMail account. Over the coming months and years, it is likely that other major tech companies will add support for the U2F token.
  3. Enable disk encryptionIf you lose your laptop or your phone and it doesn’t have disk encryption enabled, whoever finds the device can get all your data too. On the iPhone and iPad, disk encryption is turned on by default, but for Windows, Android or Mac OS you need to make the effort to switch it on. It’s a big deal, essentially the difference between buying a new laptop (bummer) and having to put out an identity theft alert.
  4. Put a sticker over your webcamThere are software tools used by criminals, stalkers and generally creepy dudes that allow them to turn on your webcam without your knowledge. Granted, this doesn’t happen millions of times a year, but the horror stories are real and terrifying. One simple sticker means you use your webcam when you choose to use it.
  5. Encrypt your telephone calls and text messagesThe voice and text message services provided by phone companies are not secure and can be spied upon with relatively inexpensive equipment. That means that your own government, a foreign government, as well as criminals, hackers and stalkers can listen to your phone calls and read your text messages. Some Internet-based mobile apps that you likely already use are much more secure, enabling you to talk privately to your loved ones and colleagues, and don’t require that you do anything or turn on any special features to get the added security protections — Apple’s FaceTime and WhatsApp on Android are both good. If you want an even stronger level of security, there is a fantastic, free tool called Signal available on Apple’s App Store.”

Cisco 2015 Annual Security Report

New Threat Intelligence and Trend Analysis – “Despite advances by the security industry, criminals continue to evolve their approaches to break through security defenses. Attackers are realizing that bigger and bolder is not always better. The Cisco 2015 Annual Security Report reveals shifts in attack techniques, emerging vulnerabilities, and the state of enterprise security preparedness.Continue Reading

Worldwide Threat Assessment of the US Intelligence Community – 2015

Statement for the Record Worldwide Threat Assessment of the US Intelligence Community, Senate Armed Services Committee, James R. Clapper, Director of National Intelligence February 26, 2015. Cyber Strategic Assessment – “Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threat actors, methodsContinue Reading

Annual Report to Congress: Federal Information Security Management Act

Annual Report to Congress, February 27, 2015: “As cyber threats continue to evolve, the Federal Government is embarking on a number of initiatives to protect Federal information and assets and improve the resilience of Federal networks. OMB, in coordination with its partners at the National Security Council (NSC), the Department of Homeland Security (DHS), andContinue Reading

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis. N. Eric Weiss, Specialist in Financial Economics. February 23, 2015. “Data breaches, such as those at Target, Home Depot, Neiman Marcus, JPMorgan Chase, and Anthem, have affected financial records of tens of millions of households and seem to occur regularly. Companies typically respond by trying to increaseContinue Reading

Identity Theft Tops FTC’s Consumer Complaint Categories Again in 2014

News release: “Identity theft topped the Federal Trade Commission’s national ranking of consumer complaints for the 15th consecutive year, while the agency also recorded a large increase in the number of complaints about so-called “imposter” scams, according to the FTC’s 2014 Consumer Sentinel Network Data Book, which was released today. Imposter scams – in whichContinue Reading

IRS – Identity Protection: Prevention, Detection and Victim Assistance

“Identity theft places a burden on its victims and presents a challenge to businesses, organizations and government agencies, including the IRS. Tax-related identity theft occurs when someone uses your stolen social security number to file a tax return claiming a fraudulent refund. The IRS combats tax-related identity theft with an aggressive strategy of prevention, detectionContinue Reading

New GAO Reports – Defense Nuclear Facilities Safety Board, Flood Insurance, Identity and Tax Fraud

Defense Nuclear Facilities Safety Board: Improvements Needed to Strengthen Internal Control and Promote Transparency, GAO-15-181: Published: Jan 20, 2015. Publicly Released: Feb 19, 2015. Flood Insurance: Status of FEMA’s Implementation of the Biggert-Waters Act, as Amended, GAO-15-178: Published: Feb 19, 2015. Publicly Released: Feb 19, 2015. Identity and Tax Fraud: Enhanced Authentication Could Combat RefundContinue Reading

Analysis: It’s surprisingly easy to identify individuals from credit-card metadata

MIT News release: “In this week’s issue of the journal Science, MIT researchers report that just four fairly vague pieces of information — the dates and locations of four purchases — are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users. WhenContinue Reading

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis

CRS – Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis. N. Eric Weiss, Specialist in Financial Economics. December 11, 2014. “Data breaches, such as those at Target, Home Depot, Neiman Marcus, and JPMorgan Chase, affecting financial records of tens of millions of households seem to occur regularly. Companies typically respond by trying to increase their cybersecurity by hiring consultants and purchasing newContinue Reading

CIGI-Ipsos Global Survey on Internet Security and Trust

“The CIGI-Ipsos Global Survey on Internet Security and Trust, undertaken by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, reached 23,376 Internet users in 24 countries, and was carried out between October 7, 2014 and November 12, 2014. The countries included: Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain,Continue Reading

Experian Data Breach Resolution releases second annual data breach industry forecast

“Preventing and managing data breaches have become two of the highest priorities facing businesses today. To help executives plan ahead, Experian Data Breach Resolution announces the release of its second annual Data Breach Industry Forecast, a complimentary white paper outlining key issues and trends to watch for in 2015. Many evolving factors such as new threats, regulatory changesContinue Reading