You’ve Been Hacked!

You’re asleep, dreaming about all of the money effortlessly flowing into your bank account because of your years of hard work and determination to succeed as an e-commerce business owner.

Suddenly your eyes jerk open to the sound of your partner’s ringtone. He’s the only person that you let call you after hours.

You turn over to reach for your phone. Your alarm clock shows you that it’s 3:30 in the morning. You begin to get nervous, asking yourself what could possibly be so important.

You answer the phone searching for explanations when your partner, with almost palpable stress in his voice exclaims: “We’ve been hacked!”
You've Been Hacked!
Not really knowing what that means, you get him to calm down and tell you what happened. He explains that he found out earlier that night that one of your longstanding customers had her credit card information stolen and linked the theft back to your site.

He was just going to talk to you about it the next day, but then he received another notification of identity theft linked to your website, then another, and then another. This started to really scare him. Then, right before he called you, your programmer called to tell him that a hacker had taken control of your website.

That’s a lot of bad, life-changing, gut-wrenching information to take in – especially at 3:30 in the morning.

You take a minute to try to make sense of it all. Finally you respond to your partner. “So, what you’re saying is that we no longer have access to our website and that we are probably responsible for the identity and credit card theft of all of our customers.”

You hear your partner take a long, deep, concerned breath before answering with a lump in his throat “Yep.”

And to think that all of this could have been avoided by using Trust Guard’s security monitoring services.

What Victims of Identity Theft Can Do

If you haven’t heard, Equifax, one of the three big credit reporting agencies in the United States, announced that it suffered a massive data breach. More than 143,000,000 records were compromised, including email addresses, names, social security cards and credit card numbers.

If you believe you were the victim of identity theft, here’s what you can do:

  1. Close the accounts that you believe may have been tampered with or opened fraudulently. Use the government’s Identity Theft Report, which can be found at www.identitytheft.govIdentity Theft
  2. File a police report and get a copy to submit to your creditors and others who may require proof of the crime. If you have proof of identity theft, be sure to take that proof with you when you go to file your police report.
  3. File your complaint with the FTC at www.consumer.ftc.gov. The FTC maintains an identity theft database that law enforcement agencies use for investigations. Filing a complaint also helps the FTC better assist you, as the commission learns more about online theft of identities and the problems it creates.

If you are a business owner with an SSL certificate but without protection from hackers, contact Trust Guard, the leader in website security to protect you and your online visitors from hackers.

What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

Website Security Threats and Solutions

What is website security? Is it really important? Well, if you are a business owner and you have a website or you are responsible for managing or maintaining your company’s websites, then it is definitely important that you know website security threats and solutions.

Not all IT people know everything about securing a website. Just like not all doctors know how to cure every sickness. Believe it or not, when you go to school to study programming, computer engineering, or web development, you’ll find that there’s not much in the curriculum that would tell you how to create secure codes. You are simply taught to create a code that will run a software and later in life, as you experience failures in your newly developed software, you begin to think of a solution. You then create another software or a code to combat the weak link in your existing software.

Website Security Threats and Solutions
In other words, no one is truly secure online until someone finds a 
security tool or creates a new code better than the previous one.

For beginners, learning about web security may look like an intimidating feat because of the technical verbiage and profound coding involved. But once you get an understanding of its importance and why you need to know at least the basics, you’ll love every jargon!

So what are the problems of ignoring website security threats?

  • It can put your business or personal information at risk.
  • It can jeopardize your customers’ computers if you are running an e-commerce website or your readers’ if you are running a blog. This is because viruses and malware follow loopholes in the system. They see one, they get in, then move to the next, and so forth, infecting every computer they get into until someone finally figures out something is wrong and finds a solution for it.

Where do you start?

  1.   Always make sure your website’s software is up to date.
  2.   As much as possible, do not allow uploading of files to your website as this can be a total security risk.
  3.   Use an HTTPS protocol instead of just HTTP (SSL certificates).
  4.   Use web security tools like Trust Guard’s security scanning services to check for holes used by hackers.

 

Jonna LindawanArticle written by Jonna Lindawan
Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Cyber Security Can Get Personal!

In 2013, Brian Krebs taught someone a lesson in cyber security. He had earned the unwanted attention of a man calling himself The Fly, or Flycracker, later revealed to be a 26-year-old career thief named Sergey Vovnenko. Krebs tracked Vovnenko to a forum where he brokered the sale of credit card information. Krebs found out that Vovnenko was going to do his best to damage Krebs’s reputation – maybe even land him in jail.

The plan was to have heroin delivered to Krebs, then to call the police. It didn’t work out that way. Krebs called the police first, notifying them of Sergey’s plan. The heroin came a few days after he gave his statement to law enforcement. Krebs turned it over to the cops and went to work, trying to find Vovenko.

Cyber security can get personal

Vovnenko fits a profile Krebs says applies to many in the world of information crime: young, arrogant and frankly sadistic, with a chip on his shoulder. Investigators are prone to boil down credit card stealing operations and mass identity thefts to simple greed. But often, it’s much more than that. “These guys have such huge egos,” he said. “What are they after? How much is enough? You make $100 grand a month, is that not enough?”

Krebs thinks some hackers just really enjoy messing things up and attacking people or doing it as a power trip.

After Vovnenko failed to frame him, Krebs wrote about the experience in a blog post, which the Guardian republished. He says he thinks the post embarrassed Vovnenko, who then sent Krebs’s wife a funeral flower arrangement. Says Krebs, “He had it delivered to our house with a note to her, just to her, saying, ‘Dear Jennifer, you married the wrong guy, but we’ll always take care of you. Rest in peace, Brian.'” And at that point, Krebs was so mad that he really wanted to know who the jerk was.

It didn’t take Krebs long to find out that Vovnenko, just like the people he stole from, shared passwords between the administrator account on his identity theft forum, and the Gmail address he used to do his dirty work. After a little digging, Krebs learned that Vovnenko didn’t trust his fiancee and had her every keystroke logged and secretly sent to the Gmail account; in those messages was every possible personal detail about Vovnenko’s life.

Here are some of those details: Vovnenko lived in Naples, Italy. He had a son and he married his one-time untrusted fiancee. Vovnenko bought stolen Italian credit card information. He also printed and embossed credit cards on machines he owned himself and cashed out the cards through high-end Italian retailers in the fashionable city.

Krebs decided to get in touch with Vovnenko. Running organized crime was one thing; a Ukrainian running an identity theft ring and printing stolen credit cards in the Camorra’s backyard was another. The Camorra is an Italian Mafia-type crime syndicate, or secret society, located in the region of Campania and its capital Naples.

“I just reached out to him and said, ‘Hey, how’s Italy? How’s your son Max?’” Krebs recalls. “And he said ‘Ahahaha, I wait for FBI.’

“I said: ‘It’s not the FBI you have to worry about.’” Should the Camorra be displeased with Vovnenko, bad thinks were sure to happen.

Vovnenko fell afoul of Italian authorities and spent “a while” in what he called “Naples’ worst prison” in a letter of apology he wrote to Krebs. Krebs thinks Vovnenko was in a 12-step program. Vovnenko told his victim that he “forgave” him for posting a picture and Vovnenko’s address on the website “Krebs on Security” when Vovnenko was arrested.

There are many times that hackers outfool security professionals. Daily security scanning can help. And all it takes is for people like Brian Krebs and Trust Guard to help take down these criminals – even if it is one at a time. The key is to find them before it gets personal.

 


 

Special thanks to The Guardian for supplying much of the information found in this article.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.