Weaponizing Your Privacy

So this was the funniest War of the Roses on the Kane Show that I ever heard. 


They use the Alexa personal assistant from Amazon (voiceover) to call the cheater. 


In this skit, we really see the potential power of these home computing devices. 


Alexa hears and knows everything that goes on in the house (including the cheating).


Alexa confronts the cheater and calls him a few descript names for his infidelity.


Alexa punishes the cheater by going online to purchase items with his credit card. 


Alexa betrays him by calling his girlfriend and telling her about the cheating. 


Cheating aside, maybe this is a great lesson how we should all be considering our privacy in our homes and on our persons before we install Alexa, Siri, Cortana, the Google Assistant or any other personal or home surveillance systems. 


With all the bad actors out there and people that want to steal everything from your money, identity, secrets, and maybe even your wife–these devices are a direct line into your personal life.


This is called weaponizing your privacy!


Tell me, do you really believe that no one is listening or watching you?  😉

Modesty And Privacy Of Body and Information

Modesty.jpeg

So modesty and privacy is very important in terms of propriety and security.


Both are intimately connected. 


Already as children, we learn not to show or talk about our “privates” to others. 


And as adults, we understand that there are certain things about ourselves that we don’t just talk about or divulge to others indiscriminately. 


Not being discrete with these and showing either your private parts or your personal information can get you in a load of trouble by giving others the opportunity to take undue advantage of you. 


Both open you up to be ridiculed or even raped of your person or information identity. 


That which is yours to use with others in propriety is instead disclosed for taking out from your control and for use against you. 


Security demands modesty of body and of information, and if not taken seriously, then no amount of lame covering will keep that which is private from public consumption. 😉

The “Real” OPM Data Breach

Stealing
A lot has been made and should be made of the theft of over 21 million federal employees’ sensitive personnel records and security clearances. 



Everyone rightly, although somewhat selfishly, is worried about identity theft and the compromised privacy of their information.



The government is worried about hostile nation states using the pilfered information to bribe or coerce military, intelligence, high-level politicals, and others to turn and work for them or otherwise to use against them. 



But what is grossly missing in this discussion is not what information presumably the Chinese stole and how they will use it against us, but rather what information they inserted, altered, or otherwise compromised into the OPM personnel and security databases when they got root access to it.



Imagine for a moment what could hostile nations or terrorists can do to this crown jewel database of personnel and security information:



– They could insert phony records for spies, moles, or other dangerous persons into the database–voila, these people are now “federal employees” and perhaps with stellar performance records and high level security clearances able to penetrate the depths of the federal government with impunity or even as superstars!



– They could alter personnel or security records taking prominent or good government employees and sabotaging them to have questionable histories, contacts, financial, drug or criminal problems and thereby frame or take-down key government figures or divert attention from the real bad guys out there and tie our homeland security and law enforcement establishment in knots chasing after phony leads and false wrongdoers and villains.



Given that the timeline of the hack of OPM goes back to March and December 2014, this was more than enough time for our adversary to not only do to our data what they want, but also for the backup tapes to be affected by the corrupt data entering the system. 



The damage done to U.S. national security is unimaginable. As is typically the case with these things, “An ounce of prevention is worth a pound of cure.” Instead of investing in security, now we can invest in “credit monitoring and identity theft protection” for a very sparse three years, while federal employees will go a lifetime in information jeopardy, and the federal government will be literally chasing its tail on personnel security for decades to come. 



With the price so low to our adversaries in attacking our systems, it truly is like stealing and much more. 😉



(Source Photo: Andy Blumenthal)

18 Million–Change The SSNs

SSN

So, maybe one of the most detrimental hysts of information from the Federal government in history. 


Now involving over 18 million current and former federal employees, including military and intelligence personnel. 


No getting around it, but we are major screwed here–this is a treasure trove of personal and privacy information ready to use for identity theft, blackmail, assassination/decapitation attacks at home and work addresses, kidnapping of family members, and literally attacking our national security apparatus from the very inside out–it’s people. 


Imagine, if at the time of its choosing, an adversary attacks our nation, but preempts this with sophisticated and coordinated attacks on our critical government personnel–generals, spy masters, political kingpins, and other key decision makers–thereby distracting them from their duties of safeguarding our nation. 


This is our new Achilles Heel and overall a security disaster bar none!


Well, we can’t go back and put the genie back in the bottle–although wouldn’t it be nice if such critical information (if not encrypted–already unforgivable) would have a self-destruct mechanism on it that we could at least zap it dead.


But for the people whose personal identities are at risk–whose social security numbers (SSNs) and dates of birth (DOBs) have been compromised what can we do? 


While we can’t very well change people DOBs, why not at least issue them new SSNs to help thwart the adversaries peddling in this information in the black markets. 


If we can put a man on the moon, surely we can issue some 18 million new SSNs and mandate government and financial institutions to make the necessary updates to the records. 


This is not rocket science, and certainly we owe this much to our people to help protect them.


Will our government be there for it’s own employees and patriots? 😉


(Source Photo: here with attribution to Donkey Hotey)

Data 4 Ransom

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 


Once the hacker has control of it, with or without exfiltration, they will attach malware to it–like a ticking time bomb.


A simple threat will follow:


“I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history.”


So how valuable is your data to you?  


– Your personal information–financial, medical, legal, sentimental things, etc.


– Your corporate information–proprietary trade secrets, customer lists, employee data, more.


How long would it take you to reconstitute if it’s destroyed?  How about if instead it’s sold and used for identity theft or to copy your “secret sauce” (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 


Data is not just inert…it is alive!


Data is not just valuable…often it’s invaluable!


Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 


When the time comes, how much will you pay to save your data?


(Source Comic: Andy Blumenthal)

Driving Identity Theft

Driving Identity Theft

It’s been only about 4 months since my mom passed, and now my dad becomes very sick from chemotherapy and ends up in the hospital for a week.

His red and white blood count were extremely low, but thank G-d, the doctors were able to save him.

However, he is in a drastically weakened state and now looks like he will need regular assisted living just to get by every day.

This has been horrible to see someone who has always been so strong, smart, and there selflessly for all of us, to be in this condition.

We found a nice place for him, but even the nicest place isn’t his place and doesn’t allow the independence he (and we all) always cherish.

On top of it, I get a letter in the mail with more than half a dozen tickets on his car.

It’s impossible, because he hasn’t been driving due to his illness.

We run down to check his car, and sure enough someone stole his plates (and replaced them with another set).

They did this to his car that has handicapped tags.

In the meantime, they are driving around through tolls and doing G-d knows what.

The police were helpful–they came as soon as they could–took a report, the plates that were switched onto his car, and dusted for fingerprints.

I will never forget standing there just after my joint surgery–when not three hours before, I thought to myself, maybe things are finally calming down.

Hopefully, the police will catch whoever did this.

In the meantime, I take comfort knowing that G-d is the ultimate police force. 😉

(Source Photo: Dannielle Blumenthal)

Newspaper, Identity Thief

Newspaper, Identity Thief

So, true story.

I know identify theft is a serious matter, but really…

I’m heading out of the driveway and I see the newpaper delivery guy just pulling up.

He’s running a little late, but I figure I can still get the paper in time for morning reading on the Metro.

I walk over to him and ask if I can get the Journal that he’s deliverying to me.

He says, “No, I only deliver the Wall Street Journal and the Post.”

I say, “Yeah, the Wall Street Journal, can I get it, since you’re running a little late this morning.”

He says. “I’m never late!”–actually, he is and sometimes doesn’t deliver at all (the other week, I got 3 papers in one day).

I say, “OK, but I can take it from here.”

He says, “No, I only deliver to the door.”

I say, “But I’m right here.”

He says, “How do I know you are who you say you are?”

I say, “I am, and thank G-d, I really don’t need to steal a $2 newspaper from you, Sir.”

He says, “Okay, but I’ll need to see an id!”

I say, “Are you serious?”

He says, “Yeah,” pulling back to safety the pile of newspapers he is holding is his arms.

Reluctantly, I flip open my wallet and flash my license to him.

Not good enough…he insists I take it out so he can read it.

I finally got the paper, but we wasted what seemed like 5 minutes between the negotiation and proof of identity exercise.

Don’t get me wrong, I appreciate his diligence, but I think this type of scrutiny over access and identity would be better placed squarely on our cyber assets–somewhere where we really need them! 😉

(Source Photo: Andy Blumenthal