Scam of the day – September 15, 2014 – ISIS cyberthreat

Recently on the anniversary of the September 11th attacks on America, former Vice Chairman of the 9/11 Commission, Lee Hamilton commented that while the terrorist group ISIS represents a serious threat to the security of the United States, a greater threat may be posed by a cyber attack on the United States through hacking of our infrastructure including government agencies, banks, transportation systems and energy companies.  The unfortunate truth, however is that ISIS already is looking to expand its attacks against America to cyberspace.   ISIS is well funded and has already proven adept at using social media as a recruiting tool and posting professionally produced videos on YouTube.  British hacker Abu Hussain Al Britani, also known as Junaid Hussein is an ISIS member who is, according to intelligence sources, attempting to recruit hackers into ISIS  Al Britani was jailed in 2012 for hacking into the personal email account of former British Prime Minister, Tony Blair.

TIPS

The development of cyber-warfare capabilities by ISIS is not to be taken lightly and hopefully, the United States as well as Britain and other countries joining in the battle against ISIS are actively working as a part of their anti-ISIS strategy to degrade their cyber capabilities as well as their military capabilities.  Interestingly, there already are groups already taking cyber action against ISIS.  Among these groups are the international secret group of hackers known as Anonymous as well as the Syrian Electronic Army, a group which has, itself, hacked American institutions such as the New York Times.  However, the Syrian Electronic Army supports the regime of Syrian president Bashar al-Assad, which is an enemy of ISIS and so for once, the United States and the Syrian Electronic Army have a common enemy.

Scam of the day – February 19, 2014 – Syrian Electronic Army hacks Forbes.com

The Syrian Electronic Army (SEA) , about whom I have reported to you many times (you can go to the archives of Scamicide to see these stories) has struck again.  This time its victim is Forbes.com, the website of Forbes Magazine.  For those of you unfamiliar with the Syrian Electronic Army, it is a group of hackers sympathetic to Syrian President Bashar al-Assad.  Forbes was targeted by the SEA because of what it called Forbes’ hatred for Syria.  Along with planting a false story on the Forbes website, the SEA also stole user names and email addresses of Forbes.com customers, raising the possibility of “spear phishing” attacks against Forbes.com’s customers.  The SEA has threatened to make the information available on the Internet to identity thieves.  Identity thieves who send phishing emails and texts often do so in large numbers without knowing the names of the people to whom the phony messages corrupted with keystroke logging malware are sent.  However, in spear phishing the identiy thief knows the name of the intended victim and can make the communication look more legitimate by containing the victim’s name.  In addition, the spear phishing text or email can be made to look as if it comes from Forbes.com or some other entity that is trusted and used by the victim which also can lead the victim to be less skeptical of the message and make the victim more likely to click on links in the message or download attachments to the message corrupted with malware.

TIPS

Again, the lesson is that you are only as secure as the places with the weakest security that hold your personal information.  If you are a subscriber to Forbes.com, you should change your password.  If you use the same password elsewhere, change it too.  For convenience many people make the mistake of using the same password for all of their accounts, which means that when your password is stolen from one place, all of your accounts using that password are in jeopardy.  This is a good lesson for all of us regardless of whether or not you were a victim in this particular data breach.  This hacking once again raises the question as to why major corporate websites, such as the many who have been hacked by the SEA are not doing more to keep their computers secure.  Finally, as I always remind you, never click on links in emails or text messages or download attachments unless you are absolutely sure that they a legitimate and have confirmed this to be so.

Scam of the day – December 27, 2013 – Syrian Electronic Army update

I first reported to you about the Syrian Electronic Army last summer when this organization hacked into the New York Times, the Washington Post and a number of other major American companies.  More recently, in October I told you about the SEA’s hacking into President Obama’s Twitter and Facebook accounts.  In perhaps its most disruptive attack, the SEA hacked into the Associated Press’ Twitter account this past April and sent out a phony tweet about explosions at the White House.  The response to this phony and false tweet included a temporary drop in the stock market as the market responded to the fake news story with panic.  This group, which may or may not be sponsored or controlled by the Syrian government of President Bashar al-Assad, certainly is philosophically aligned with his government.

Earlier this week, the FBI warned many companies about new cyberattacks being made by the SEA at this time.  The cyberattacks begin with an innocuous looking email that purported to contain a link to a CNN article about the Syrian revolution.  The email also directed the recipients of the email to a phony Google log-in page which required the person receiving the email to input his or her username and passwords.  This phishing type scam appears to be how the SEA manages to gain access to the websites and data bases of their targets.  Once the SEA has the usernames and passwords, it is able to often use that information to infiltrate the computers of the companies of their victims.

TIPS

The lesson here is not just for major companies that may be targets of the Syrian Electronic Army, but is one for all of us.  This tactic used by the SEA is also used by scammers and identity thieves whose goal it is to get access to the information in your computers, laptops and smartphones for purposes of identity theft.  By luring you to click on a tainted link or download or tricking you into providing usernames and passwords, these identity thieves and hackers manage to get you to turn over the keys to your kingdom.  As I often say, “trust me, you can’t trust anyone.”  Never click on links or download attachments which may be riddled with malware unless you are absolutely sure that they are legitimate.  Merely because a link or attachment is in an email that appears to come from someone you know, you cannot be sure that your friend’s email has not been hacked by an identity thief.  Always confirm that a link or attachment is indeed accurate before ever clicking on the link or downloading.  Also, jealously guard your username and passwords.  Again, make sure that anytime you are asked for them, that the inquiry is legitimate and not just a cleverly worded phishing attempt.