In 2017, nearly 1 billion people became the victims of cyber crime.
Protect Your Privacy (Because No One Will Do It For You)
Let that sink in:
One billion people.
To put that in perspective, the population of the United States is only 325.7 million people. That means cybercrime victimized more than three times the population of the United States in 2017 alone.
Cybercriminals steal our most precious data, from our bank account information to our social security numbers, and they do it by exploiting online vulnerabilities to gain access to our networks.
By understanding where you are vulnerable, you can fight back against this looming online danger and make the web a safer place to browse.
So what are the biggest online vulnerabilities, and how can we protect ourselves when using the internet?
Data is money on the internet.
It is the currency of large online corporations. They buy and sell data on your spending habits, likes, dislikes, and more, allowing advertising agencies to personalize the selling process to each individual.
That means companies you’ve never heard of (and never consented to sharing information with) have a ton of data and know everything about you.
Information gathering now extends beyond website activity and into the realm of mobile applications. By granting apps permissions on your phone, you’re giving them the power to gather your data.
Take Google Maps for instance. It’s one of the most popular GPS apps on the planet. But it also tracks your real-time location and travel trends. In essence, this “free” service is nothing more than low-key cyber stalking.
All of the data gathered on you is fragmented and scattered across the web. Some may scoff and say that those tiny bits can’t possibly provide an accurate picture of your life and preferences. But not only can this happen, it does happen on a daily basis.
IP leaks threaten your security, and WebRTC leaks are one of the most common occurrences.
A lot of people use a VPN to hide their online activity. VPNs tunnel your internet connection to a server somewhere else in the world while encrypting all of your activity and information.
It’s a great way to shield yourself from cybercriminals and government agencies alike.
But a VPN is only useful when it’s airtight. VPNs anonymize your activity by assigning you a new IP address. If your VPN is ‘leaking’ your original IP, it’s a useless waste of time.
WebRTC leaks can cause a VPN to fail. But it’s not a malicious piece of software. WebRTC is actually a technique created to improve real-time communication video chat services within popular browsers like Google Chrome and Firefox.
An unfortunate side effect of WebRTC is that it can expose a user’s original IP address while connected via a VPN. That’s because WebRTC can read all registered IP addresses within a network card.
The silver lining is that this is more problematic for hard-wired computers that are plugged into a modem. So basically your parent’s ancient HP sitting in their office next to real, live, books. (I bet that thing still has the black screen and green text, too.)
Anyone connecting via a wireless router should be safer.
A VPN is a great way to shield yourself by encrypting your activity. But it’s only useful if it’s airtight.
The internet’s traffic control centers are known as Domain Name Servers.
When you enter a website address into a browser, it flows through the internet into a DNS server. Once there, it is converted into a numeric code that corresponds to a specific website. Once that is recognized, you’re pushed along to the site that you’re visiting.
It’s a pretty simple concept.
And like most internet functions, cybercriminals have found a way to exploit it and use it against you.
When you’re attempting to access a target server that does not exist, you’re normally shown an error message. But sometimes a provider will forward you to a search service, hijacking the DNS server. This example is harmless, typically referred to as a ‘non-malicious’ redirect.
Others replace valid addresses with fake landing pages that will ask for your personal information. You enter it thinking you’re communicating with a trusted service but you’re really handing it over to a hacker.
That is called a ‘malicious’ redirect, my friends. And it is not ideal.
Internet Protocols Vulnerabilities
Internet Protocol version 6, or IPv6, was created to replace the previous protocol, IPv4.
Its mission was to overcome the issue of finite numbers of available internet addresses. Because it is so new, a lot of VPN companies are slow to integrate it. That means they’re still using IPv4.
When your connection is using both protocols, private information could leak out into the IPv6 interface, parallel to the IPv4 tunnel. This vulnerability won’t place your financial activity at risk, but it would allow malicious actors to sniff out your internet history as well as comments you’ve left throughout various websites.
We’re happy to report that CyberGhost has accounted for IPv6, so this issue does not affect our users.
In Europe, the GDPR passed aims to regulate the data tracking activities of digital companies.
Web tracking doesn’t just refer to the hackers and criminals who are tracking you around the internet.
It also applies to most of the companies you do business with online.
Let’s use Google for example, one of the largest companies on the planet. We trust Google with a slew of information, and their AdWords platform uses our trust to give advertisers access to the websites we visit.
Advertisers create their ads with Google and select their target audience and keywords. Google then uses our data, obtained through web tracking, to match us up with those ads.
Google’s remarketing system is at play here too. If you’ve ever visited a website and then noticed ads popping up everywhere for that site, you’ve been a remarketing target. They track your activity and show you ads for sites you’ve visited, trying to urge you to go back to them and spend money.
One popular form of web tracking is IP tracking. When you connect to a web server, you send over a packet that contains the server’s IP address and yours. That tells the server where to send all query replies.
IP tracking records your IP address during these exchanges. It is then logged in the server, both for diagnostics and research. By doing this, companies can tell not only your individual IP, but your city, zip code, area code, device model, and operating system version too.
While IP tracking can’t tell a company your name or any other kind of identifying information, that kind of thing could easily be looked up by your Internet Service Provider. (This is one of many reasons to use a VPN.)
Website cookies are also a popular form of web tracking. These programs log your visits to specific websites, can see what you did there, and tell how much time you spent. They track trends in your internet browsing.
What are your interests? What are you spending money on? While this can be annoying to the more security-minded among us, the real danger comes when cookies are hacked by cybercriminals.
Some other common tracking methods are MAC address and account tracking. These are most often used to uncover history.
What’s scary about data tracking is that most of it is done by default with no real consent needed. Data is aggregated and correlated across platforms without the user ever knowing or suspecting anything.
The European Union sought to curb and regulate this unchecked level of power when they passed the General Data Protection Regulation, or GDPR, in 2018. This new set of privacy laws gives Europeans more control over what data companies are gathering on them.
Under GDPR, users have the right to request a full accounting of what information a company might have on them.
That company would then have to turn over the information digitally and at no cost to the user. Consumers also have the right to erasure, which means that they can at any time withdraw consent and force companies to get rid of all gathered intel on them.
We’ve all been there. You’re at an airport or a library and your mobile carrier is giving you nothing but 3G, so you connect to the public Wi-Fi system in order to get some work done.
What’s the harm, right?
Public Wi-Fi connections are like a hacker’s favorite hunting ground. Because they have limited-to-no security, hackers can use them to uncover every last bit of data that you enter.
This vulnerability is even worse when you’re traveling, as it adds to how vulnerable you are to compromise while distracted and on the move.
But what information can hackers get their hands on?
Think about what you use the internet for…
They can access your bank account numbers, credit cards, passwords, and more. That’s all of the data needed to rob you blind and steal your identity.
Many public wi-fi networks also gather information on you. Some of them require you to enter your email address or social media information, which could unwittingly subscribe you to email newsletter spam.
If you really need to connect to the WiFi for something, oftentimes you can’t use it without providing this information.
At worst, you should be extremely careful with the sites you’re visiting. At best, you should lock-down the entire connection with a VPN.
Your phone could be a liability.
I know what you’re thinking. “Not my phone! We’ve been through too much together! It would never betray me!”
The idea of a smart home is great in theory, but when all of your devices are connected, your entire life is spying on you.
Smart devices can tell when your lights are turned on or off, they record your conversations, how much electricity you’re using, when you leave the house, what kind of coffee you drink, what kind of music you listen to, and they send all of this information back to their home servers.
Some common smart device vulnerabilities include:
- Weak or no encryption
- Infrequently updated
- Often left with factory setting usernames and passwords (which hackers know)
- User error – People don’t understand how much of their personal information is at risk when using services like Alexa or Google Home.
Think about all of the information stored on your Alexa, or in your smartphone. Now, imagine that information falling into the hands of a hacker and you’ll begin to see your smart devices as a potential threat to your personal security.
States like California are trying to pass legislation calling for reasonable security features on smart devices. While that’s a step in the right direction, it is not an overnight process.
So buckle up. Because it’s about to get worse before it gets better.
The HTTP protocol was once the standard for all internet activity. All websites once began with “http://.”
Emphasis on once.
Anyone who now tries to access an HTTP site through Google Chrome will see a message saying that the site is not safe to use.
That’s because Google prefers the infinitely more powerful HTTPS protocol, which adds an extra layer of encryption.
HTTP has no encryption, which means that your data can be monitored or stolen easily by outside parties.
When combined with unsecured Wi-Fi connections, weak passwords, and a lack of security apps and features, you have a lethal cocktail of security vulnerabilities. And trust me, you do not want the kind of hangover that can give you.
We know that the US government spies on its people.
But the US is not alone in their snooping ways. And it’s not just the authoritarian regimes like China, Russia, and North Korea you’d expect who openly spy on their people, either.
Even countries like the UK have a history of domestic spying. Britain’s Investigatory Powers Act allows the government to spy on the internet browsing habits of its citizens.
ISPs collect metadata on users and hand that over to the government if they produce a warrant. On top of that, the 5, 9, and 14 Eyes Surveillance Alliances allow 14 different nations to pool all of their espionage data together. So not only might your government be spying on you, but they could be sharing that information with other governments.
What can you do about this Big Brother descending on your internet activity, dissecting it without your consent?
The simplest way is to obfuscate (that means mask) your data with a secure, end-to-end connection. (Hint, hint.)
Social Media Websites
In 2010, there were 970 million social media users worldwide.
By 2019, studies show that more than 3.02 billion people will be logged onto some form of social networking site. That’s nearly half the global population.
Users who keep their profiles open to the public are asking for trouble. This makes it easier for outside parties to gain access to your information and invites the potential for cyberstalkers.
Photos are another potential open door for privacy snafus.
Google Photos is a powerful tool, but not understanding how it can be used, can lead to some problems. For instance, if your photos are tagged incorrectly Google can pop into your account, access the geotags associated with every image, and post them to Google Maps.
Sounds like it could never happen, right? Well it did.
Every photo you post is geotagged. Granting social applications access to your photos also grants them access to those tags. That means Twitter can keep track of where you’ve been and what you’ve been up to.
Activating privacy settings on your various accounts can help to curb this issue, but it does not solve the problems associated with:
- Fake profiles
- Data aggregation
- Companies altering of the Terms and Conditions of a site at will
You couldn’t go anywhere this year without hearing about the Facebook & Cambridge Analytica scandal. An odd couple if there ever was one.
A bit like Bert & Ernie. Just with less fun learning and more data exploitation.
In 2018 there are 3.6 billion people using cloud technology to backup their information.
A cloud is a common central server shared by users to store data. Some examples of this are Dropbox, Google Drive, and the Apple iCloud. Cloud-based information can be accessed anywhere on the planet, which means it can be accessed by other people looking to steal your data as well.
A lot of cloud backups happen automatically, so it’s important to check your settings.
Hackers have accessed cloud information to commit some very high profile breaches over the years.
Some of these include:
- A hack of Apple’s iCloud system which saw the personal photos of a number of celebrities, including Jennifer Lawrence, released onto the internet. Many of these photos were sensitive in nature.
- A hack of Dropbox back in 2012 in which hackers broke into over 68 million accounts. They retrieved personal information on these individuals and sold them on the dark web.
- A 2010 hack of Microsoft’s Business Productivity Online Suite, where unauthorized users were able to access information on the company’s employees.
- The National Electoral Institute of Mexico was hacked in 2016, leading to the compromising of 93 million voter registration records. The hack, along with a poorly maintained national database, saw most of these records lost.
Cloudflare is amazing.
It optimizes the security and performance of more than 5.5 million websites. But a bug in Cloudflare’s system created a huge vulnerability, inadvertently exposing the sensitive data of users such as cookie tracking, authentication tokens, and passwords.
There were two contributing factors to this bug’s seriousness:
- The leaked memory contained a lot of private personal information
- The data had been cached by search engines
Luckily, there was no evidence of anyone exploiting these leaks. It seemed to have passed undetected by the cybercrime community.
However, bugs such as these are a constant threat when it comes to internet security. In an instant, a service you thought was safe and secure can become a massive liability.
Malicious Software (Malware)
Malicious software is the door through which hackers walk into your system.
There are so many various forms of Malware. Seriously:
One of the most dangerous types of malware is Ransomware.
- Trojan Horses
This harmful software enters your system, combining various technical means with social engineering techniques to gain access.
Hackers then have a backdoor to access your personal information and financial records.
Some malware is introduced accidentally through another program. Trojan Horse programs gain access this way, piggybacking off of some kind of incentivized download to gain access to your system.
Phishing and Pharming attacks occur when you enter your information through a fictitious website. This is a fairly common attack on personal data.
Keyloggers keep track of every keystroke you type, including account numbers and passwords. That information is then shot back to the hacker.
Spyware is a favorite of smartphone hackers. It collects information through your phone’s camera and microphone.
Ransomware encrypts all of your files and sends them to a hacker, who then holds that information for (you guessed it) ransom. They can demand any amount of money, usually payable through cryptocurrency, or they will release your sensitive information to the public.
Cyberthreats are constantly diversifying. They are complex and difficult to detect because they attack with a winning combination of stealth and multiple attack vectors to capture and leak as much data as possible.
The key to thwarting all these various types of malicious software are to prevent them from happening in the first place.
Protect Your Privacy (Because No One Will Do It For You)
We’re all vulnerable to invasions of privacy.
Every time you open up a laptop, snap a photo on your phone, or buy a new refrigerator.
Each and every device you use will soon capture all kinds of personal data.
And unfortunately, that data is often used against you.
It is the trade-off of living in a connected society.
But a combination of education, vigilance, and the use of robust privacy-focused software tools can help to keep your information safe and secure while avoiding the ever-growing threat of cybercrime.
You can’t avoid it. You have to accept it. And prepare for it.