[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Human element in security Fwd: [New post] Scam of the day – October 22, 2015 – CIA Director ’s email hacked – what it means to you
- To: http://www.state.vt.us/~Flora. (Flora E ), http://profiles.yahoo.com/Flora (Flora E ), http://www.gmail.com/~flora (Flora E )
- Subject: Re: Human element in security Fwd: [New post] Scam of the day – October 22, 2015 – CIA Director ’s email hacked – what it means to you
- From: http://dummy.us.eu.org/robert (Robert)
- Date: Thu, 22 Oct 2015 07:08:09 -0700
- Cc: http://dummy.us.eu.org/noelleg
- Keywords: ifile: nonspam -16987.66554594 spam -17688.85617924 downloaded -20200.66677094 ---------
> From: Flora <http://www.gmail.com/~flora>
> Date: Thu, 22 Oct 2015 04:33:59 -0400
>
> Use dual factor authentication and
> nonsensical answers to your security questions.
It's impossible to remember hundreds of nonsensical answers. But, if you
have a limited choice of security answers (e.g., "mother's maiden name"),
do it, but remember to put it in your password manager.
When you do have a choice, be sure to partition security questions so that
no question and answer is shared between any two different services.
(This is a pain, but I usually go through this process each time. Usually
takes several minutes.)
I like questions like "what's your favorite color" or "model of the first
car you owned" because those are usually not easily found.
> Begin forwarded message:
> > From: Scamicide <http://www.wordpress.com/~donotreply>
> > Date: October 21, 2015, 9:30:26 PM EDT
> > To: http://www.gmail.com/~flora
> > Subject: [New post] Scam of the day â?? October 22, 2015 â?? CIA Directorâ??s
> > email hacked â?? what it means to you
> >
> > New post on Scamicide
> >
> > Scam of the day â?? October 22, 2015 â?? CIA Directorâ??s email hacked â??
> > what it means to you
> > by Steven Weisman, Esq.
> > It was recently disclosed that CIA director John Brennan's personal email
> > account apparently was hacked. Actually, it was hacked four times before he
> > terminated the account. The good news is that the hacking was not done by
> > Russian, Iranian or Chinese government hackers. The bad news is that it was
> > not done by Russian, Iranian or Chinese hackers, but rather according to
> > reports in Wired Magazine, by a teenaged hacker who calls himself cracka.
> > Among the data stolen by the hackers were classified government documents
> > stored in Brennan's personal email account. In order to prove that he had
> > accomplished this hack, cracka posted some of the documents on his Twitter
> > account before his Twitter account was shut down. Cracka also turned over
> > documents to Wikileaks which has now made them public. It is not only
> > troubling that a teenaged hacker with help from his friends was able to hack
> > into the CIA director's email account, but that he apparently did so by
> > simply exploiting human elements of the security systems rather than by even
> > having to attempt to use sophisticated cybertools. The hacker told Wired
> > Magazine that they started the hack by doing a reverse lookup of Brennan's
> > smartphone and found that he was a customer of Verizon. He then called
> > Verizon and posed as as Verizon technician and merely asked for Brennan's
> > personal information which was provided upon cracka providing the Verizon
> > employee to whom he was talking with a phony Vcode assigned to all Verizon
> > employees. The Verizon employee then provided cracka with Brennan's account
> > number, his PIN, the backup cell phone number on the account, his email
> > address and the last four digits of his bank card. Armed with this
> > information, cracka then contacted Brennan's email provider and after
> > answering security questions with the information they had managed to get
> > from Verizon, changed Brennan's password and took over the account. In fact,
> > they took over the account three more times as Brennan himself changed his
> > password after which cracka would change it again to regain control of the
> > account until the account was finally terminated by Brennan.
> >
> > TIPS
> >
> > So what does this mean to you? We all have important and sensitive
> > information in our email accounts and perhaps we shouldn't. A better habit
> > would be to store personal information and sensitive information in a secure
> > folder on your computer. This hacking is also a reminder that whenever
> > possible, you should use dual factor authentication by which when you wish to
> > access a particular account such as your email you can only do so by
> > providing a one time code sent to your smartphone each time you attempt to
> > log in. Dual factor authentication would have prevented this hacking. In
> > addition, a problem that has come up time and time again is that when
> > security questions are used to enable someone to change their password, the
> > answers to many of the security questions we use can be obtained from a
> > variety of sources including social media and public records. One way to
> > make your security question stronger is to provide a nonsensical answer to
> > your security question. So if the question is what is your mother's maiden
> > name, an often used and particularly weak security question, pick a
> > nonsensical answer such as "grapefruit." You will remember it because it is
> > so ludicrous, but no one is going to be able to obtain the information
> > necessary to answer your security question. If Brennan had used such a
> > nonsensical security question, the hackers would not have been able to take
> > over his account.