Trump and Kanye West Bring Emphasis to #CyberAware Cybersecurity Awareness Month With Password Example

October is National Cyber Security Awareness Month in the United States. There is excellent cyber awareness content available by going to #CyberAware and #CyberAvengers hashtags on Twitter and visiting The #CyberAvengers Website for free resources, including this free Good Cyber Hygiene Checklist.

President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.

Politicos will spin this a million ways. Security folks will go back and forth between laughing and crying — and maybe do both at the same time. But, the important thing is that we learn from this and use it as an example to help educate others. I thought there was no better way to do that than by putting “Trump”, “Kanye West”, “Password”, “Cybersecurity”, and “#CyberAware” in the title — how’s that for getting a wide range of attention? 🙂

All joking aside, what are the most important lessons you take away from this example and can you use this lightning rod example to help educate your team, family, and friends about good cyber hygiene?

Did hackers record you watching porn? New scam using key elements of phishing and shame hacking

Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above and you can learn more details about how they do it in this article: Don’t Fall for This Scam Claiming You Were Recorded Watching Porn

For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.

This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cybercriminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used in many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.

Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here.

If you are the victim of shame hacking or any other type of cybercrime, you can easily report it online at the FBI’s Internet Crime Complaint Center (IC3).

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

spring2018In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free:

What does it mean to “hack back” and is it a good idea?

There is more and more talk about companies hacking back against those who attack them in cyber space and whether allowing them to take such measures is a good idea. Right now, hacking back, or active defense, as it is often called, is illegal under the federal unauthorized access law, the Computer Fraud and Abuse Act. There are current federal efforts to change this, along with some woefully misguided rumblings by some state legislators (who do not seem to understand that the CFAA supersedes anything they pass to the contrary).

So, the question is whether hacking back a good idea or will it cause more harm than good? Shawn Tuma was a guest on the KLIF morning show to discuss this issue. Go here to listen to what he had to say about it.

What are your thoughts?

Can your company do business without its computer system? Let’s ask Atlanta!

Atlanta RansomwareIn the world of cybersecurity and data protection, we tend to think about most cyber incidents as being “data breaches” because that’s the term de jour that occupies news headlines. Because of this, far too many companies think that if they do not have valuable data that hackers would want to “breach,” so to speak, they do not need to be concerned about cybersecurity. While this is wrong on one level because all data has value to hackers, it is even more wrong on a much greater level.

There is a lot more to cybersecurity and data protection than just breaches of the confidentiality of data (i.e., “data breaches“). Hackers have shown a strong trend over the last couple of years of attacking the computer system itself and, as some call it, “bricking” company’s computers and/or data and demanding an extortion payment in exchange for their promise to honor their word and undo the damage (if they even can). This is the process underlying what is often called ransomware.

Do you see where I’m going with this? If not, let me see if I can simplify this process for you a bit with the question below: (1) If you still think your company does not have data that is valuable to hackers, and (2) You still think that means that your company does not need to focus on cybersecurity,

Can your company continue to do business if it is not able to use its computer system?

If you’ve seen the news today you see that the City of Atlanta has had many of its computer systems bricked by ransomware and those business operations that require the use of those systems are now shut down.

Now, let me ask you, “how many days can your company go without doing whatever it is that it does before it really begins to hurt?”

Still need more convincing? Ok, I addressed this issue in more detail in Chapter 5 of The #CyberAvengers Playbook (free to download) — go give it a read.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.