The virus of numbers invisibly kills our privacy
News

The virus of numbers invisibly kills our privacy


Alexey Lukatskiy

The other day I saw the movie Text, quite depressing in nature, but very well showing the impact of information technology on our lives. The main character receiving his smartphone
the offender, began to “live” his life, communicating with his parents, with his superiors, with his beloved girlfriend. A few days later, they did not notice the difference between the protagonist and the murdered offender. AND
all you had to do was just messaging. If you distance yourself from the social nature of the film and look at its technological stuff, then immediately arises
some storylines that could make the main character even more different from the person who ruined his life. This also includes fingerprints that would allow access to
internet banking (and one-time codes or push and so would come on this smartphone), and work in social networks, and calls on the phone with voice-over with deepfake technology … So many more turns
a scenario could be devised. But this is not about it now. The film showed how addicted we are to the mobile devices that lie in our pocket or purse.

Lessons Learned After Watching the Text Movie:

  • set a long password on your smartphone (at least eight characters if the password is character);

  • use TouchID or FaceID biometric technology;

  • use multifactor authentication in applications, including email, messengers, social networks, online banks, game services, etc;

  • do not use the same passwords in different services;

  • change your passwords regularly.

Another movie I also watched with professional interest was the American Search, produced by Timur Bekmambetov. In the picture, the protagonist disappears daughter and he
starts searching by first guessing the password from her computer, and then, by going to different social networks and the internet bank of her child, she receives small but important clues and evidence,
which eventually allows the father to find the girl alive. And here digitization helps not only the protagonist to find his daughter, who is not familiar with the recommendations for digital prevention and
but also shows how much you can learn about us through our web footprints and geolocation.

Lessons to Watch After Watching a Movie:

  • Disable geolocation for most apps on your mobile devices, except for the ones that really need your location (such as a navigator)

  • include geolocation only for application needs;

  • check your browser history regularly and clean it;

  • prohibit Google, Facebook from collecting information about you (if you can) and accessing it and removing all personal information collected about you.

Swindlers on social networks

Moving on to more down-to-earth things. I guess I’m not mistaken if I assume you have a social media account, such as Facebook. I will also assume that you, as well
me, annoyed by the ad that shows there. Once in the social network of Mark Zuckerberg, tired of the utterly ridiculous advertising, I set out to set it up so that I would get
some benefit (FB has the ability to personalize advertising). But the result turned out to be zero – it’s like fighting windmills. After reducing one ad serving, I got another array,
mainly fraudulent. It has revolved (and continues to be) around three themes:

  • A unique investment “Durov platform” that helps to earn as much as the average Russian earns in a month.

  • Sberbank, which pays money for polls.

  • Various payments from the state provided for such a recently passed law.

The scale of such fraud in FB, of course, is impressive. In the last three months, I have seen three or five such messages a day, which have completely different authors but exploit one entirely
specific topic: we will help you make money quickly or get a lot of money. Several hundred fraudulent accounts that no one deletes. For each such advertisement I send a message to
Zuckerberg administration about the breach, but Facebook, unfortunately, is not particularly responsive to reports of fraudulent advertising. Whether they lack people (or louis), they are deliberately not removed
spam regarding Durov’s platform, which competes with their Libra (and maybe they just don’t care about Russia and knowingly ignore complaints). So far all my requests for them are gone
any response – in three months, I received only one response to several hundred complaints, in which I was thanked for being vigilant and promised to sort it out.

I must say, none of the domestic regulators or law enforcement agencies do this either, leaving ordinary users alone with fraudsters, well aware of how
to hook users who have become too trusting of any “news” on the Internet and who have lost their critical thinking. The most annoying thing is that unlike phishing sites and
Clone sites that can be detected and blocked on FB are hard to do: you don’t know what’s hidden behind the fraudulent message (and you can’t blacklist them, even if you have them
home URL filtering solution), and Facebook itself does not fight such posts.

Advices:

  • Develop critical thinking and do not trust the “earn fast, no effort” offers. Remember, free cheese only comes in mousetrap.

  • Enable anti-malware mechanisms in your browsers.

  • Use integrated cybersecurity tools for your personal devices – smartphones or computers – to help prevent them from infecting or stealing personal information.

sale of data

In preparation for another performance on one social network, I came across a group (and a mini-investigation showed that such groups and channels are full in Telegram and other messengers), which
traded access to camcorders installed … And well, if they were at the facilities of the CFI (and they are, for example, in the control airports) – let this FSTEC with the FSB deal with – ordinary citizens
nothing directly threatens. But open to all comers full of cameras in apartments, offices, country houses, medical centers, strip clubs, kindergartens, brothels, etc. And you can see there
completely different things – from the sexual life of tenants or housekeepers to medical procedures, from striptease to dressing, from poking in the nose to features of behavior interest people.

These data are for sale (the cost of access is from 150 to 200 rubles for one object), or they can be found on their own using specialized search engines. I tried to do it already
after a couple of minutes he was looking at a working shop in St. Petersburg, and another one, at someone’s garage in a country house. Even special programs are offered, scanning the Internet and
trying to pick up passwords to cameras. In this case, it is the users themselves who forget to change their default passwords on the cameras or set easy-to-guess passwords. but
can they be blamed for this? Only partially. But social networks could more closely monitor such actions, identifying groups, channels and chats where there is a lively (and inexpensive) trade in access to
cameras and archives from them. And this is a direct invasion of privacy that comes under the Criminal Code. But no one is struggling with it, and law enforcement agencies somehow have little concern for it
of this occasion 🙁

Advices:

  • By implementing a “smart home”, change the manufacturer’s default passwords (and generally refer to the safety documentation section).

  • Use a secure remote connection to your devices so that it cannot be eavesdropped and your administrator password is intercepted.

digital footprints

Well, it is not necessary to use social networks, says the paranoid reader, and it will be in its own right. But, unfortunately, it is almost impossible to implement this advice today. Social networks, smartphones, the Internet, smart homes and
other manifestations of the digital virus have long infected us and are not treatable by becoming part of our immune system. Even worse is the case with today’s youth. According to the conducted
research, she sees nothing wrong with exposing her personal life and personal information to the public on social networks, her own sites, blogs, virtual worlds and
etc. Moreover, the closure of such information makes rogue youth in their environment. According to the authors of many studies, providing such information about yourself is digital
identity (perhaps not the most successful translation of the term online or digital identity) of a teenager or a boy / girl. In addition to forming the identity of the disclosure of their personal data
provides membership to a group of peers who also freely disclose information about themselves and share details of their privacy. And people of the older generation are no strangers to that
habit. Just look at what Facebook users post about themselves and how they make contacts. An empty profile is almost unlikely to be accepted into a group or to receive / accept an invitation
Friendship. But if for the people of the 1980-90’s generation their disclosure of their PDN is more likely an inevitable evil for online communication, then for the 2000-2010 generation it is a matter of course and there is no doubt
and questions.

Prevention and hygiene

What are all these not-so-good examples of the use of digital technology we are so used to? They show that the problem of protection against the “virus of the number” lies at all where
the concentrated efforts of our legislators and regulators. They are focused on technical protection and developing responsibilities for organizations (we don’t have cyber security for citizens at all
doesn’t care if it’s not the big officials or the stars of the show business); while raising awareness and educating contemporary youth, children, the elderly and other categories of people in
issues of securing your protection in the online space. If Internet users are less mindless about spreading their personal data right and left, they will start using simple, but
effective digital hygiene practices, will critically evaluate everything they are offered on the Internet and will cease to mindlessly monitor there, the effect of this behavior will be much higher than that of
the use of certified security, certified objects of information and obtaining all licenses for activities in the field of information security.

The most unpleasant thing in this whole story, which is not quite clear as adults, namely they are 99% interested, learn what they need to do to improve their information
security? Instructions for purchased cameras or mobile devices do not emphasize this. Courses? So they are not (almost), and in any case it is still necessary to think of what to do on them. General culture
IB in the country? It also does not, and regulators as a whole do not care what it does (the attempt to create the foundations of state policy in the field of culture formation in Russia failed). If you add up the stories below
together, it turns out that the huge layer of users we have absolutely not protected from modern cyber threats, which, in the conditions of digital transformation, is growing. Run somewhere?
Nowhere. An application to make? No one, and the result is predictable. Learn yourself? Where? Give up the Internet and gadgets? Already impossible. Deadlock? ..


In fact, the “number virus” can be defeated. But not by the efforts of the state (he has other interests) and not by the independent efforts of the citizens themselves (they simply do not think about the risks of their behavior,
which leads to “digital cold” or “digital pneumonia”). A business that is not in words but in actuality engaged in digital transformation can help to realize that without proper training
people who do not make a quality leap forward. Over the last year, I had to take part not only in various in-house professional development activities, but even write down a whole
a course on this topic, which discusses the risks described above and the methods of neutralizing them. And it is natural. Considering that the weakest link in corporate IB is people and
attackers often launch their attacks from ordinary users and their home computers and social media accounts, then training is not only helping to protect the digital business
but also makes the whole world safer. This is the key to the success of the fight against the “digital virus”.

informational security

IT-Manager Magazine [№ 01/2020],


Alexey Lukatskiy

Alexey Lukatskiy

Cisco Security Business Consultant.

Leave a Reply

Your email address will not be published. Required fields are marked *