Throughout your journey through the business world, you may have heard rumors, hushed whispers of a deep, dark world beneath the surface of the Internet. Well, it’s real, and it’s known as a hotbed of corruption, where hackers can sell stolen credentials and personal records. However, contrary to popular belief, the Dark Web isn’t as mysterious as it’s made out to be.
Here are four things that you (probably) didn’t know about the Dark Web.
Anyone Can Access the Dark Web
You would think that it would be difficult to access the Dark Web, but in all actuality, it’s quite easy. You only have to download a couple pieces of software. Why would you want to access it, though? Surprisingly enough, the Dark Web is teeming with legitimate purpose. Some web companies have a big presence on it, while others--typically journalists and others who deal with sensitive information--share knowledge across it. One of the biggest reasons, though, is a business’s IT department checking for sensitive data that has been stolen from them.
This goes without saying, but if you really want to access the Dark Web, you’ll need to do everything in your power to secure and back up any mission-critical data that you might have. You’ll be heading into some sketchy territory.
Nobody Knows Who You Are
If anything has been made clear over the past few years, there’s nothing anonymous about using the Internet. Even on the Dark Web, anonymity is an enigma. It’s true that encrypted sites that utilize the domain “.onion” can only be accessed by those who are using the Tor web browser, but by doing some digging, you can unmask just about anyone on the Dark Web. Supposedly, the FBI has malware that can track IP activity, but that’s not information we’re exactly privy to.
TechRepublic explains how Tor masks the identity of users while on the Dark Web: “Tor works by creating a secure connection between the user's web browser and a network of machines, then tossing the originating IP address through several disparate relay points within the network. In theory, these "onion layers" mask the browser's point of origination.”
The lesson: even with Tor and SSL, nobody is safe and secure on the Dark Web.
The Dark Web Is Bigger Than You Think
Even without the Dark Web’s biggest market, Silk Road, the deep dark Internet still has plenty of marketplaces that have sprung up in its absence. Illegal eCommerce is still a major concern, especially because user interfaces have become more streamlined to the point where basically anyone can purchase stolen financial credentials or personally identifiable information. Additionally, in the wake of this surge of illegal online activity, many reputable vendors have introduced services that can help users identify if their credentials have been stolen and put up for sale on the Dark Web. Some even offer security services and threat mitigation for those who do want to navigate the Dark Web, for whatever reason.
The Dark Web Isn’t All Illegal, or Disturbing, or Both
Believe it or not, the Dark Web is filled with more than just illegal content and sketchy marketplaces. Surprisingly enough, the Dark Web has quite a few features that can be found on the surface web. Facebook’s Dark Web site is quite popular, sporting over 1 million visitors every month. There’s also a search engine called Not Evil that’s similar to Google, and Deep Web Radio, that works like any music streaming service. There’s even OnionWallet, a bitcoin wallet service where we suspect you would need to go in order to convert real-world dollars into cryptocurrency.
Of course, the danger of using the Dark Web cannot be underestimated. It might be accessible for users, but that doesn’t mean that you should allow them to go there. The Dark Web is, by far, too dangerous for the average office worker to navigate. A content management system can keep your employees from visiting dangerous websites that could either land themselves or your business into hot water. But, we think the thing you have to worry about the most is the loss of productivity that comes with it.
You might recall getting a notice from your bank that you’ve been issued a new debit and credit card, one with a chip built into it for enhanced security. There are ATMs out there created specifically for use with these chips, but the same technology created to protect user credentials is now being used to steal them for fraudulent withdrawals.
Weston Hecker, a senior security consultant at the cybersecurity firm Rapid7, spoke at the Black Hat conference in Las Vegas, and demonstrated the technique. It can reportedly steal up to $50,000 out of a single ATM in under 15 minutes. While there had been problems with ATMs running older operating systems, like Windows XP, this is an entirely different problem. The reasoning: these ATMs are brand spanking new, and designed to take advantage of the latest chip-security technology. So, you can understand why there’s such a cause for concern in this case.
The exploit requires a $2,000 kit to install, but compared to the potential gains, this is a small price to pay. Hackers can alter an ATM by adding a device to the terminal. Specifically, it’s placed in between the ATM user’s card chip, and the roof of the area where the card is inserted. This data is then read--including the PIN--and transferred to the criminal, who could be hundreds of miles away. The hacker can download this data to their smartphone and use the card details to withdraw money from any ATM system.
Once this has happened, the hacker can order the machine to constantly withdraw funds to steal an exorbitant sum. Granted, they have to do this near an unattended machine, or one which is remote enough that nobody would notice (or care) that someone was messing with it, but the point stands that the hacker can steal huge amounts of money with relatively little effort.
There are some drawbacks to this method, though. For one, a hacker probably won’t be able to use the spoofed credentials for a very long time; at least, not until the user has caught on to their scheme and thwarted it by contacting their bank. Second of all, the hacker needs to find a way to bypass the security cameras that are inevitably located within each and every ATM they’ll encounter, and that’s not mentioning all of the other security cameras in the area that are monitoring the ATM.
Still, despite the challenges, hackers could have a field day with this vulnerability. Rapid7 has fully disclosed the details of the vulnerability to the manufacturers, but hasn’t made the details public, out of fear that the details could put more people at risk. The idea is to give the manufacturers time to resolve the issue, before hackers find a way around these fixes.
In general, it’s a good practice to always monitor your bank accounts, and to report any suspicious behavior to your bank. Additionally, it’s important that you never hand over your banking credentials to anyone for any reason--particularly a sketchy email from your “bank” asking you to confirm your credentials. These are known as phishing scams, and they try to use your trusting nature against you.
Additionally, never input credentials into unsecured websites. Any websites that you need to use your credit card credentials on should have encryption protocol in place to hide your information from hackers. You need to be very deliberate about avoiding websites that look like they may be trying to steal your data.
Everyone knows that it’s beneficial to upgrade your company’s technology and use the latest and greatest solutions. As much we all enjoy using new technology and shiny gadgets, is there a point when upgrading goes too far?
In situations like this, the phrase “too much of a good thing” applies. There comes a point in the upgrading process when new additions become frivolous. Technology being purchased solely for the sake of having new technology is counterproductive, seeing as the entire point of upgrading is to adopt new solutions that will save you money.
To prove this point, there are several examples of extravagant technologies that we could cite. However, since grilling season is upon us, let’s venture outside of the office and examine one of mankind’s favorite technologies, the barbeque grill!
The barbeque grill is a technology designed for one basic purpose: cooking food (generally meat). In order to perform this task, grills utilize a fuel source to produce an open flame, such as charcoal or propane. Additionally, every grill requires a metal grate of sorts for the food to rest on as it’s being cooked.
These are the most basic components required in order for a grill to be a grill. Yet, over time, backyard chefs around the world have innovated and upgraded the barbeque grill, turning it into an overly complicated piece of technology.
The technological evolution of the grill can be clearly seen at your local department store. On one side of the grill section is the cheapest, most basic grill (some assembly required), and on the opposite end of the aisle are the hulking, stainless steel masterpieces, complete with built-in thermostats and LED light-up gauges. Despite the dramatic differences, each unit performs the same task.
For fun, let’s take this barbecue grill illustration to a ridiculous, 345-horsepower extreme.
The OldSmokeyBoys have provided us the impressive specs behind this grilling behemoth, “With the power and torque of the 5.7-liter V-8 HEMI engine, this grill can cook 240 HEMI dogs in three minutes and is covered by more than 330 square feet of steel.” As a general rule, your barbeque grill shouldn’t cost more than your car and require regular oil changes.
Maxing out the credit card to purchase a fancy barbecue grill is often less about functionality and more about showing off. While impressing others at your backyard party may be a good enough reason to splurge on a grill, it makes less sense to spend money on unneeded technology upgrades for your business; especially when that money could be better spent to further profit-generating initiatives.
For example, a basic workstation only needs 4-8GB of RAM; anything more is overkill. Also, having an office full of the latest iPhones may make you feel like a hip and trendy business owner, but there are alternative brands that can perform the same job for far less money.
That said, if outfitting your office with gadgets to boost your image is a priority for you, then we can certainly provide you with recommendations. However, for the average SMB owner, technology is seen as a means to an end. Therefore, Net It On can assist you in selecting solutions designed to provide maximum efficiency for as little money as possible. For most business owners, boosting ROI like this is the entire point of purchasing technology. Whatever the technology goals of your business, we can help.
Like barbecuing, using the right technology is an art form; one that’s all about using the right ingredients. Call Net It On at (732) 360-2999 for recommendations on cooking up the perfect solutions for your business.
The last time you tried to wake up before 6:00 a.m., how did it go? Dragging yourself out of bed can be a huge pain, and when you realize that you have to work for eight, ten, or even twelve hours, you might get the urge to just crawl right back into bed and drift back to sleep. Even though it seems tortuous at best, getting into the routine of waking up early can set the tone for a productive workday.
However, it’s important to remember that you can’t jump into this routine without jumping over some relatively painful hurdles. At first, you’ll feel tired, but once you can get past the difficult step, you should be able to build a quality routine that helps you be productive in the wee hours of the morning.
Wake Up with an Upbeat Alarm If you don’t have kids or a pet to let you know that it is time to wake up, you probably use an alarm clock to wake yourself up in the morning. You can make it easier to get out of bed by using a song that makes you want to get pumped up and ready to go. A good heavy metal song will work, or you could just go with a funky-fresh track that makes you want to get up and dance.
Keep Your Phone Away from the Bedside If you’re using your smartphone as an alarm clock, chances are that you keep it right by your bedside and charge it overnight. This makes it awfully tempting to just hit the snooze button and go back to sleep. If you keep your phone on the other side of the room, you’ll be forced to get out of your comfy bed and welcome the morning with open, if somewhat reluctant, arms.
Keep a Glass of Water Nearby When you sleep, your body goes without water for several hours - this is why you might feel dehydrated in the morning. Jumpstart your system by downing a tall glass of water, conveniently left by your bedside overnight. Just make sure that your cat doesn’t knock it over first.
Go Outside and Get Some Exercise Even with a glass of water rejuvenating your system, you’ll need to get your body moving if you want to accomplish anything important. Get your blood pumping with an invigorating jog around the block, or go for a walk down the street. You’ll find that you can focus better on what’s important.
Do Something - Anything Now that you’re ready to get something done, get to it… in a little while. One of the best ways to get going in the morning is to start with something that’s not necessarily important, but rather, something that you particularly care about. Maybe you could take your dog for a walk around the block and enjoy the scenery; you could knock out two birds with one stone, so to speak. Then, when you get back, try to get something important done.
Eat Breakfast Do you eat breakfast every day? If not, your mood and your health could be at risk. In order to feel your best and get the most work done throughout the day, you need to eat breakfast in the morning, be it a simple bowl of cereal, or a lavish meal of steak and eggs. Ideally, you want something that’s quick and easy but still packed with protein and other important nutrients.
What are some of your favorite ways to get the day started the right way? Let us know in the comments, and subscribe to our blog for more great tips and tricks.
The man who, between 2008 and 2009, stole the log-in credentials of Facebook users to spread his credential-stealing web links, has been sentenced to some hard time.
Sanford Wallace, a habitual spammer with a long history of spreading the irritating garbage to unwilling recipients, will be spending two and a half years in prison in addition to paying a fine of $310,629.
Wallace’s modus operandi involved sending his victims a link to an external site that would steal both their credentials to log in as well as their compiled friend lists. To do so, he utilized the aliases of David and Laura Frederix and 1,500 falsified domains. Once he claimed their data, his message could be sent to members of the friend list from the victims’ accounts, creating a system that expanded exponentially as more and more fell prey to the spammer’s trap. This trap, by the way, turned Wallace a profit; he was able to send links to other websites and was then paid for generating traffic to them.
This system resulted in a total of 27 million spam messages being dispersed to over 550,000 Facebook users.
While this was Wallace’s first conviction, it was not his first spam-related offense. His experience with the widely-reviled junk mail reaches back to 1995 when he established his company Cyber Promotions as part of a junk fax campaign. He also had lost multiple civil cases from bigwigs such as Facebook, the FTC, and others. Wallace was held in contempt after he failed to abide by three court orders issued in 2009, barring him from ever again visiting Facebook.
Upon his release, Wallace faces an additional five years of probation, along with court-ordered mental health treatment. And, almost certainly for the best, Wallace has been barred from owning or using a computer without the express permission of his probation officer, although only time will tell if that ultimately makes a difference.
Lessons From the Spam King Hackers and malware distributors can be frustratingly persistent in their attempts to cause grief. As a result, you need to stay just as persistent in your defense and vigilance against these threats. Here are a few tips on how to do just that:
Condense your friend list: While Facebook and other social networks can be great tools for remaining in contact with people you know, there probably isn’t much need to stay friends with the guy you shared a class or two with in college and never really spoke to. If it isn’t someone you will likely need to keep in touch with in the future, there isn’t much reason to add another point of vulnerability to your account. After all, one more friend is one more possible victim of an attack like Wallace’s.
Keep your private details private: Despite the option to fill in numerous personal details as a part of your account, it is strongly recommended that you refrain from doing so as much as possible. Otherwise, you are handing out the details needed for crimes like identity theft or spamming. If nothing else, at least be certain that these details are set to private viewing only and check back periodically in case an update to the website has reset your selections.
Avoid strange or unusual links: Keep an eye out for a few warning signs of social network malware. Is the message coming out of the blue from a contact that, besides this sudden message, you had more or less fallen out of touch with? Is the message misspelled, with odd grammar mistakes that are out of character for the alleged sender? Is the “personal” message vaguely worded, making it applicable to any reader but still tempting to click on? Chances are it is not actually from the supposed sender, and clicking the link will only serve to allow your account to be jeopardized as well.
Nobody likes being spammed, so it’s everyone’s duty to avoid helping spammers like Sanford Wallace in their attempts to do just that. For more tips on this and other IT matters, subscribe to our blog.
If you made use of Acer’s online store to purchase a device between May 12, of 2015 and April 28, 2016, we have some bad news for you: There’s a chance you received a letter from Acer to inform you that your card’s credentials were stolen.
If you have not received any letter, congratulations - you may have avoided being one of the 34,500 customers whose information was stolen. This information included the name and address of the cardholder, the card number itself, as well as the expiration date and security code for the card - in short, everything an identity thief would need to make fraudulent purchases on your dime. Fortunately, the social security numbers of the victims have been left untouched by the theft. Those who were affected are contained to the United States, Canada, and Puerto Rico. As an added precaution, any in-store customers would be wise to check on their account information, to be sure that they were not also involved.
Acer has remained mum as to the cause of the breach, quite possibly because many breaches of this nature occur because someone on the inside - usually an employee - falls victim to a malicious email.
While Acer is an obvious target, due to their relatively large customer base, that does not mean that your company is safe from such breaches. In the current online environment, there are dangers lurking in seemingly innocuous places. The best defense is to ensure that both your company and your employees have a comprehensive working knowledge of the threats that plague businesses, and of the best practices that will help you avoid them.
These best practices include:
Utilizing judgement upon opening email: Very likely the cause of Acer’s troubles, an employee naively opening an email can lead to catastrophic consequences for your business. A favorite method of infiltration, phishing attacks send malicious links to email recipients in hopes that some will shortsightedly click on the link and subject their computer (or entire system) to whatever attack was set in place. To avoid this problem, emphasize the importance of examining every email with a critical eye before clicking through to anything.
Emphasizing security: While many aren’t likely to admit it, there is a shockingly frequent use of over-simple passwords despite the overwhelming danger in using them. Discourage your employees from using words like “password” as a password, or (if possible) block it as an option entirely. You should also reinforce the importance of never sharing your password with anyone, and not recycling it over different accounts. Set a schedule to have employees change their password after a given period of use.
It’s very possible that Acer is facing the troubles they are because they failed to enforce similar policies with their employees. Take their example as a cautionary tale and implement practices such as these to preserve your security.
For more help in keeping your data protected, reach out to Net It On. We can help you implement the practices and procedures to keep your critical data protected.
Having an Internet connection is an important part of your business’s operations. Why are we stating something so obvious? Sometimes you might be experiencing network issues that could be caused by heavy or unexpected traffic, technical difficulties, or worse. Depending on the problem, it could be as simple as restarting your modem. We’re here to help you figure out why your Internet connection is less than optimal, and what you can do about it.
Here are three questions to ask when troubleshooting your Internet connection.
Does Everything Appear to Be in Order? Before you start to worry that there’s a problem with your Internet, you should first check to make sure that everything is plugged in and accounted for. Has a breaker tripped and caused your modem and router to turn off? Are any ethernet cords unplugged? Check with your coworkers to see if they’re also experiencing a problem. If it’s just you, it might be due to a hardware or software issue on your machine. If everyone is experiencing a problem, chances are that there’s a problem with your network on a large scale.
Are You Using Wireless Internet? Generally speaking, a wired connection is going to give you a more stable Internet connection than a wireless signal would. Either way, you need to ensure that your devices have the proper credentials to access the Internet, and that your devices have a clear path to the connection. This means keeping the devices relatively close to the router, and with a minimal amount of obstacles in their path (like walls, objects, etc). If you’re having specific troubles with wireless Internet, try restarting the router and modem to see if this fixes the problem.
Do You Have Other Devices Eating Your Bandwidth? If you’re having trouble connecting to the Internet, consider how many devices you currently have trying to access the network. Are there several workstations and servers that are all communicating with the network? Do you have Voice over Internet Protocol phones making outbound calls? Are your team members doing any music streaming or receiving video calls? All of this combined can be contributing to your Internet connectivity problems. Therefore, you should adjust your Internet connection’s bandwidth to both meet and exceed the demands of your users. Always prepare for extra network traffic; this way, you’ll never be caught off-guard.
The biggest threat that a poor Internet connection can produce is in the form of downtime. This is classified as any time when your systems aren’t operational and your business can’t function as it needs to. In general, it’s a best practice to avoid downtime as often as possible. Doing so can minimize the amount of time and revenue wasted in the long run, and improve your bottom line.
If your organization continues to suffer from network connectivity problems resulting in expensive and wasteful downtime, Net It On would be happy to help. Our trusted technicians have the skills and tools necessary to troubleshoot your wired and wireless connections, and to help you get the best signal possible for your office. To learn more, give us a call at (732) 360-2999.