This particular story could be one of dozens (or even hundreds) of these types of incidents that occur in any given week: “government official gets social media and email accounts hacked” which then leads to highly confidential data being leaked on the internet. Except in this case it was the current US Central Intelligence Agency director John Brennan, and several other highly-ranked government officials, and the data that was leaked was data from nearly 30k Federal Bureau of Investigation and Department of Homeland Security employees. Also unusual was that the hackers charged in this breach aren’t Russian or Chinese or North Korean. Nope, at least one of the responsible parties hails from North Carolina. And the real reason I’m bringing this story to your attention was this most important facet of the attack: Brennan and the other victims in this incident weren’t compromised through sophisticated malware and technology – the attackers fooled people associated with the victims – usually service providers – through simple tools like emails and phone calls, under the guise of providing technical assistance.
What this means for you:
“Social engineering” is the digital-age equivalent of con artistry, and it is becoming trivially easy to perpetrate given our reliance on tools like email and large, impersonal corporations. In the case of the above, one of the cons included the hacker actually posing as a Verizon technician in order to fool another Verizon employee into resetting Brennan’s email password, and they just worked their way inward from there. As you should know by now, once a hacker is in your email, it’s all over but the crying. Sadly, there’s not much you can personally do to improve poor security practices at companies like Verizon, and despite impersonation being one of the oldest cons in the book, people still regularly fall for it.
It’s only a matter of time before anyone gets hacked – we are human after all, and despite what you might want to believe, there is always someone more clever than you out there, and if you are unlucky, that person is out to get you. You can practice something that is well known to outfits like the CIA and FBI: compartmentalization. Since none of us are intelligence agents (that I know of!), for our purposes this means keeping personal and work activities separate. You can execute this concept in a number of different ways:
- Keeping work and personal emails in separate accounts
- Use separate devices for social networking and financial activities like online banking
- Use unique passwords for all your important accounts
- Exchange confidential information through appropriate secure channels
- Store confidential information in properly secured and backed up locations
- Require two-factor security for your most important accounts
The key to proper execution of this practice is discipline and vigilance. It may be inconvenient and seem inefficient, but weighed against the alternatives, it will be worth the effort.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net