Previous ◁ | ▷ Next

Minutes of Y's Men Meeting of January 26, 2017
Vanessa Richards and Jeremy Tendler

There are two types of cybercrime.  One is computer enabled, which reaches out to people using available systems like Facebook.  Often these criminals try to befriend their targets eventually requesting money. The other type involves computer intrusion.

Computer intrusion covers a number of areas.  Hacking is a common form.  Criminals remotely break into your computer seeking personal and financial information.  They can use this information directly to obtain money from your bank accounts or other financial accounts, or they can sell the information over the Dark Web to others who then try to get your money.

Hacktivism is another form of intrusion.  This form is intent on pushing forward information or propaganda in order to convert you to their beliefs.

Both hacking and hacktivism may be used to fund and support terrorism.

Phishing is a criminal enterprise that works off of e-mails.  Thousands of e-mails are sent out in hopes of obtaining one or two responses. Some of these e-mails may be disguised to appear to emanate from a known and trusted source such as your bank or a friend.  They may seek money directly, or personal information that would expedite access to your financial accounts. Typically, these are initiated by foreigners for whom English is not their first language.  Consequently, errors in grammar, spelling or syntax may alert you to their bogus nature. Connecticut is the sixth ranking state in losses due to phishing.

Spear phishing is related to phishing, but targets a specific group rather than any audience.

Malware is another common approach.  In this instance a virus is inserted into your computer when you click on a carrier e-mail.  This virus collects information, key stroke history, shuts down your computer, encrypts the computer contents or anything else it is instructed to do by its criminal controllers.

Botnet is a form of malware that connects your computer to thousands of others, which may all respond to the commands of criminals for their own purposes.

Ransomware is becoming increasingly common.   Here malware is introduced and encrypts all the information in your computer making it inaccessible to the computer owner.  The criminals then demand a ransom to provide you with the key to unencrypt your computer.  You should never pay such a ransom as there is no guarantee that they will provide you with the key, or even that they have the key as they have may have purchased the right to make the demands from others.  Also, the malware will remain on your computer and can be reactivated at any time.

Another form of malware is called Spy Eye, which again collects personal information that can be sold on the Dark Web.

All these cybercrimes are difficult to investigate and prosecute for the following reasons:

·       Tracing to the criminals is very difficult

·       These criminals hide their IP addresses

·       These criminals request virtual currencies like Bitcoins, which they then sell off on the Dark Web making it a form of money laundering

·       Most of these criminals are foreigners often from countries with no extradition treaties so we can only get them when they travel

To protect yourself you have to be cautious.  If you receive a message from your bank, call the bank to verify it.  Don’t open suspicious e-mails.  Monitor your credit.  Don’t respond to e-mails or calls purporting to be from the IRS.  They never call or e-mail.  Update your computers frequently.  Consider getting robust anti-virus and anti-malware software.  Back up your data frequently.  Educate yourself by going to “ic3.gov and FTC.gov”.  Pay attention to warnings from your local police.

Q&A

Q.  How safe is a password vault?

A. It is better to diversify then have everything in one place.

Q.  Can you ever unlock ransomware?

A.  Sometimes, with the help of the FBI, or post-office.  This is liable to get better in the future.

Q.  Can criminals send out phishing e-mails without showing the country of origin?

A.  Yes.  There is software that allows them to pick the country of origin.

Q.  Should you call the police as well as your bank if you get a phony bank e-mail?

A.  If you clicked on it you should.  If not, calling the bank is probably enough.

Q.  Does a back-up also back up the malware?

A.  Yes it does so you should have strong anti-virus and anti-malware systems in place and keep them updated.

Q.  If you use a land-line telephone can that be tapped by cyber criminals?

A.  Yes, because we live in a digital age and eventually even land-line transmissions get digitalized, but it would be expensive and is therefore unlikely.

Q.  Does most malware go through the same digital portals?

A.  Yes, but things keep changing and now even nanny cams and cell phones can be used.  Anything with an Internet connection is vulnerable.

Q.  If I keep getting regular contacts should that be reported to the police?

A.  Yes, but your best bet is to report it to ic3.com.

Q.  Is using a Mac better protection than using a PC?

A.  Right now it is probably safer, but for how long we can’t tell.

Q.  Why aren’t IRS pin-numbers sent to every tax payer?

A.  The IRS doesn’t make policy.  If you think that’s a good idea contact your legislators.

Q.  Are multi-step security systems better?

A.  Yes they are.  For some reason the U.S. is even slow in adapting chip credit cards without a magnetic strip on the back, which still keeps them vulnerable.

Q.  Why not shut down the Dark Web?

A.  It is not controlled by one company or entity.  It is accessed through software that is easily available.