Cyberwarfare 101

Cyberwarfare is real. Governments are pouring billions into making sure they can fight battles on the internet, and you might just get caught in the crossfire. Here’s what you need to know.

Executive summary

  • What it is:Cyberwarfare is the use of digital attacks to damage the networks or computer systems in another nation state.
  • What it does:State-backed hackers aim to disrupt civilian and military services and potentially create real-world effects, like shutting down power grids.
  • Why it matters:Most developed economies are now entirely reliant on web-based services: undermining confidence in these systems and networks could do serious damage.
  • Who it affects:Potentially anyone who relies on digital infrastructure in their lives, regardless of location.
  • When is this happening:There have already been a few incidents that could be labelled as cyberwarfare, more will follow.
  • Where is this happening:Electronic attacks have taken place in Ukraine, Iran and eastern Europe: more may have taken place but secrecy makes it hard to be sure.
  • Who is making it happen:Many governments are building a cyberwarfare capability: among the most advanced countries are the US, Russia, China, Iran and South Korea.
  • How to get it:Find yourself in conflict with a major power, or annoy a dictator.

What is cyberwar?

At its heart, cyberwarfare involves digital attacks on the networks, systems and data of another state, with the aim of creating significant disruption or destruction. That might involve destroying, altering or stealing data, or making it impossible to access online services, whether they are used by the military and broader society. These digital attacks may also be designed to cause physical damage in the real world – such as hacking into a dam’s control systems to opening its floodgates.

Such attacks can form part of a more traditional military campaign or be used as a standalone attack.

A wider definition of cyberwarfare could also include some elements of what is also known as information warfare — including online propaganda and disinformation, such as the use of ‘troll armies’ to promote a certain view of the world across social media.

There is no settled legal definition of what cyberwarfare is and there are no laws that specifically refer to it. That doesn’t mean the concept isn’t covered by international law, or that it is considered trivial. Among western states there is a general consensus that an online attack on a state can – if it is severe enough — be the equivalent of an armed physical attack.

NATO has, for example, updated its rules of engagement so that an electronic attack on one of its members could be considered an attack on all of them – triggering its collective defence clause. Increasingly it is seen as another potential battlefield alongside land, sea, air and space.

But cyberwar remains a shifting concept, one that describes a shadowy world — the domain of spies, top secret military projects and hackers often working at arms-length from their own governments.

Want to be more productive? Try these Chome extensions!

If you’re a Chrome user, you know well how the extension architecture can expand functionality and make Chrome more than just a browser. In fact, with the right collection of extensions, Chrome can become a means to a very productive end. Don’t believe me? Just take a gander at the Productivity category on the Chrome Web Store. But which of the plethora of extensions are best suited for getting your life in order and your work done? Of course, this will depend upon what exactly you need to accomplish, but certain extensions can help just about anyone. Let’s take a look at 10 of them and see if they appeal to your needs.

1: QuickDrop

QuickDrop is one of the best tools for interacting with Dropbox from within Chrome. With this extension you can navigate through your Dropbox account (with a single click on the extension button), upload images directly to your Dropbox account (through a right-click context menu), and much more. You can also create a special upload folder from within the QuickDrop settings so all uploaded files can be found there.

2: StayFocused

StayFocused is the extension you need if you tend to waste too much time on websites (Facebook, Twitter, etc.) and want a third party to control your usage. If you restrict your Facebook usage to one hour a day, that’s all you’ll get. StayFocused can block specific pages, entire domains, and even apps and games. With the help of this extension, you’ll stay more focused and get more work done.

3: Dayboard

Dayboard replaces your new tab page with a daily to-do list. You can view these tasks in what’s called Focus Mode, which displays the tasks in your to-do list one at a time. Dayboard will also give you a history of your completed tasks, allows you to connect teams to your lists, and keep your tasks in sync with all your devices. The developers are always working on new features (such as the coming-soon ability to archive tasks and turn off reminders when the workday is over).

4: Auto Text Expander

Auto Text Expander is an extension focused on saving you time on phrases you repetitively type. You simply add shortcuts for text snippets. Every time you type the shortcut, Auto Text Expander will automatically insert the text associated with it. Not only will you save time, but you’ll save the extra work associated with typos. Auto Text Expander allows you to import and export your shortcuts (which you should always do, to be safe).

5: Save to Pocket

Save to Pocket offers an efficient way to save articles or bookmarks for later viewing. Instead of creating a Temp folder on your Bookmark bar, just add this extension and be done with it. Save to Pocket offers one-click saving from the toolbar, from a context menu, and from a keyboard shortcut. Everything you save will appear in your Pocket account and be synced across all of your devices.

6: OneTab

OneTab is the extension for anyone who keeps too many tabs open at one time. When this happens, those tabs can become so small, you have no idea which tab is associated with what page. OneTab provides a single tab that lists all your currently open pages. This will also help save memory on your PC (as all of those tabs have been reduced to a single instance). When you need access to a tab, you can either restore them individually or all at once.

7: LastPass

LastPass is a free password manager that should be considered a must-have for anyone who needs to remember passwords across devices. If you are concerned about security (and you should be), those passwords shouldn’t be easy to memorize. So you want a good password manager to take on the task. You can’t go wrong with LastPass.

8: Note Board

Note Board is a corkboard for your computer screen. Yes, it’s a bit cheesy. But if you prefer to work by visuals (as opposed to lists), this tool will help you keep your cluttered mind a bit less cluttered. With Note Board you can drag and drop content from other tabs or images from your local file manager onto a board. You can also create popups with notes and even have public boards.

Other favorites?

The list of productivity extensions for Chrome seems to be never-ending… and somewhat overwhelming. If you don’t know where to start, give some of these a try and see if your daily grind is a bit less grindy.

Do you have a favorite productivity extension that’s not on this list? Share your recommendations in the comments below.

How to Encrypt your Text Messages

If you use SMS to communicate sensitive information to contacts, you might want to take advantage of one of the many encrypted SMS services available. One such service is Signal.

With Signal you can communicate via SMS or voice using advanced end-to-end encryption (called TextSecure) with other Signal users. That is the one caveat to using Signal: In order to send encrypted texts with your contacts, they must also be using the app. You can send unencrypted texts to users who are not using Signal, but if you want to take advantage of the offered encryption, those users need to jump on board.

Installing Signal

  1. Open the Google Play Store on your Android device.
  2. Search for signal.
  3. Locate and tap the entry by Open Whisper Systems.
  4. Tap Install.
  5. Read the permissions listing.
  6. If the permissions are acceptable, tap Accept.
  7. Allow the installation to complete.

When the installation finishes, you’ll find the launcher for Signal on your home screen or within your App Drawer. Tap the icon to launch the app.

Note: Signal does not allow the taking of screenshots from within the app.

Using Signal

The first thing you must do is verify your device phone number. When prompted, make sure your phone number is correct and tap Register. Double check your phone number when prompted and then tap CONTINUE.

Once the number is verified, you will be prompted to use Signal as your default SMS app. Tap Use As Default SMS App and then tap YES when prompted. (Remember, you can still send unencrypted texts, so it’s fine to select this app as your default SMS app.) You will then be asked if you want to import the system SMS messages; this will copy all of your phone’s previous SMS messages into Signal’s encrypted database.

When you send an unencrypted text to a user, if that user isn’t using Signal, a message will appear at the top of the chat for you to invite them to use Signal. Tapping that message will enter a text with the download link to the Signal app. Tap Send and the message will go to the contact in question; that contact can easily install Signal to enjoy the offered encryption.

If you decide not to use Signal as your default SMS app, go to Settings | Application Manager | Signal | Open By Default and tap Clear Defaults

The next time you open the app you want to use as the default SMS app you will be prompted to set it

To Signal or not to Signal

If you need to communicate sensitive information via SMS, you should be using Signal.

http://pcesolutions.ca

The Business of Hacking

Hewlett Packard Enterprise (HPE) released a new report titled “The Business of Hacking,” which examined the underground economy surrounding cyber-crime and criminal hackers, and explained how businesses can protect themselves.

Many of the conversations had with security professionals in IT organizations quickly become very technical. As such, some business leaders often relegate security as something to be spoken to exclusively by security professionals.|Some business leaders often relegate security as something to be spoken to exclusively by security professionals.

But, by explaining how the cybercrime underworld economy works, hopes are that it will help business leaders understand that criminal hacking is a business, and it operates like a business.By explaining how the cybercrime underworld economy works, hopes are that it will help business leaders understand that criminal hacking is a business, and it operates like a business. By doing this, it gives business leaders a much better appreciation of what’s happening.

According to the report, cybercrime can take many forms. Criminals can be acting in the interest of organized crime, corporate espionage, hacktivism, cyber warfare or terrorism, or just people who want to make some money. The report itself focused on the criminal exploits that could be monetized.

In terms of the way criminals make money through cybercrime, the report identified 10 ways criminals use hacking for financial gain.

Ad fraud
Credit card fraud
Payment system fraud/Bitcoin mining
Bank fraud
Medical records fraud
Identity theft
Credential harvesting
Bug bounty
Extortion
IP theft
Ad fraud, or setting up adds to bolster fake website traffic, are one of the easiest forms of cybercrime and have the highest payout potential. Extortion and IP theft, while almost as profitable, are far more difficult to pull off.

Hacking, in and of itself, is not necessarily a bad thing. In fact, many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated.|Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. HPE’s report, though, focused on the “bad guys.” Although it’s less about hackers being the bad guys and more about criminals becoming hackers.It’s less about hackers being the bad guys and more about criminals becoming hackers.Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. It’s less about hackers being the bad guys and more about criminals becoming hackers.

Not all hackers are driven by financial gain. The HPE report identified five different types of bad guy hackers:

  1. Nation-state backed – Driven by patriotism or military duty. Often highly skilled and going after major targets.
  2.  Hacktivist – Ideologically driven. Wants to {disrupt or bring|bring or disrupt} down a system or institution.
  3. Cybercriminal – Motivated by profit.
  4. Ego-driven attacker – Wants to be famous, or recognized for their work. Often taunt their victims.
  5. Hobby hacker and the professional – Simply loves to hack. No set skill level, but typically less anonymous

As business leaders begin to study cybercrime organizations, they will see just how similar they may be to their own organization. Cybercrime organizations have markets and supply chains, they think about talent when gearing up for a big job, and they have margins to think about when selling their information.

Some groups build their own tools, but others use tools they’ve purchased in online marketplaces. Anonymity is critical in the cybercrime industry and, just like in the movies, everyone is known by their online handle. Still, there are specific roles filled in every organized group. The “mastermind” pulls the attack together, builds the team, and plans the approach. The “spiders” are black hat hackers who perform the attack and are typically contracted out by the mastermind. Then, there are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.There are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.Anonymity is critical in the cybercrime industry and, just like in the movies, everyone is known by their online handle. The “spiders” are black hat hackers who perform the attack and are typically contracted out by the mastermind. There are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.

When most people think of cybercrime, they immediately picture the technically proficient hacker. But there are a host of non-technical jobs in the industry as well, including: tool development, guarantor services/background checks, escrow services, recruiting, cyber laundering, sales and marketing, and legal professionals.|here are a host of non-technical jobs in the industry as well, including: tool development, guarantor services/background checks, escrow services, recruiting, cyber laundering, sales and marketing, and legal professionals. HR, marketing, outbound logistics, operations, and technical development all play into the industry.

So, how do companies combat this sophisticated criminal industry?How do companies combat this sophisticated criminal industry?Because it’s a business, potential victims must take away the criminals’ ability to sell the goods (data) or make it cost too much for them to procure it in the first place. Get rid of the low-hanging fruit.

For starters, do the due diligence. Patch your servers, enable two-factor authentication, and make sure your applications are designed to be resilient from the ground up, which makes it more expensive for them to hack.

There’s a maturity curve for each type of cyber attack, but you can not rely on the novelty of an attack type to know what to protect against. Invest in your security tools but, enterprises also need to invest in educating their workforce.
The report itself focused on the criminal exploits that could be monetized.

Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. It’s less about hackers being the bad guys and more about criminals becoming hackers.

When most people think of cybercrime, they immediately picture the technically proficient hacker. Because it’s a business, potential victims must take away the criminals’ ability to sell the goods (data) or make it cost too much for them to procure it in the first place.

http://pcesolutions.ca

 

Cyber-Crime is No Joke. Not Even The DNC Can Avoid It.

We simply can’t argue it any more. Cyber-crime is becoming a BIG problem.

According to the New York Times article two groups of Russian hackers were able to penetrate the Democratic National Committee’s network, and were able to steal emails, chat histories, and a “trove” of research against Donald Trump. Apparently this had been going on for a year according to the Cyber Security firm that was brought in by the DNC to investigate.

So how exactly did this happen?

We can’t be certain and perhaps we’ll never know completely, but based on their early findings this was likely a result of BYOD (Bring Your Own Device) which is increasingly becoming a problem in the work place.

As political campaigns are commonly supported by volunteers that commonly bring their own cell phones and laptops, it is suspected that malicious software may have been introduced to their network by one of these devices.

The BYOD problem has worsened. Especially as companies have become more relaxed with allowing employees to use personal devices at work due to flexibility of access created by the Cloud, which was not as easily achievable in the past with Local Area Network based applications.

On one hand a company might be tempted to allow their staff to use their own devices due to the hardware cost savings, but on the other hand the risk you expose your company to is seldom worth it, especially if you have valuable Intellectual Property that could be dangerous in the wrong hands.

Sadly, this security risk (like many others) could have easily been avoided by having a proper IT Security Policy with strict rules on BYOD as well as some simple network security best practices.

However on the bright side, the bad guys only got away with some dirt on an orange man with a wild comb-over this time around 🙂

http://pcesolutions.ca

PayPal pushes into mobile commerce with new app for business users

PayPal just became more useful for SMBs: On Tuesday, the company launched PayPal Business, a mobile app that allows businesses to keep track of account activity, send invoices, and view customer information in one platform.

The app aims to prepare SMBs for the growth of mobile, said Arnold Goldberg, vice president of global merchant product and technology at PayPal, in a blog post announcing the app. On Cyber Monday alone, PayPal saw more than 50% year-over-year growth in global mobile payment volume.

“For many small businesses, the ability to keep track of their operations—invoices, payments, refunds, withdrawals, customer lists, balances—amidst a large spike in activity, is critical and increasingly mobile,” Goldberg said.

According to the post, the PayPal Business app will allow companies to get paid more easily, with the ability to create and send customized invoices. It will also allow for managing account activity while on the go, and viewing customer information in one place.

The app also allows business users to create, send, and attach photos to invoices directly from their phone. Users can “monitor sales activity, withdraw funds, issue refunds, and send payment reminders,” as well as “manage customer lists, import contact, view customer history and more,” Goldberg said in the post.

Last year, PayPal processed 4.9 billion transactions. There are currently 192 million active customer accounts on the platform, according to the post. The company will continue adding new features to the business app as time goes on, the post stated, to ensure enterprise users have flexibility and control in managing their business.

PayPal Business joins the PayPal Consumer app and the PayPal Here app, which helps small business owners manage in-person, online, and mobile payments through one central account. It also allows small businesses to accept payments on a mobile device via a card reader.

The payment platform has rolled out several new features recently, including voice-activated payments via Siri and integrations with Facebook Messenger. The addition of the business app could help position the company for more use in the enterprise, though it may see increased competition from Apple Pay, as reported by Larry Dignan at ZDNet. It also marks a move for the company to catch up with small business offerings from FreshBooks and Square, which recently reported strong third quarter growth.

PayPal Business is currently available in the US on iOS and Android. It will be available in other regions in 2017, the post stated. Users can download it from the Apple Store and Google Play.