Cybersecurity – So Long, and Thanks for All the Data

If you ever want to experience a life overload that prevents you from blogging, I would encourage you to follow the Mark Christian approved timeline; Start a new job, have your new baby arrive 5 weeks early, and be a coach for your daughter’s softball team. I know there are people with more on their plates than me, but this was just a lot of overload for me personally.

Believe it or not, I had this entire article written months ago. I was set to make some edits and clarifications before it went out and then life happened. I almost wish this had gone out months ago though because today’s topic is now a very hot item due to the recent Facebook privacy issues we’ve been hearing about so much.

Today is a deviation from my normal content; I’m going to talk about how technology can be used against us. Most people know the obvious stuff: don’t give out your social security number, don’t give people your credit card number, etc. I’m talking about the things that aren’t so obvious and how you’re contributing to the cybersecurity issues we face today.

I consider myself to be cautious when it comes to my online security. I’m not perfect though. Like many people I have answered a few surveys or taken some of those fun quizzes we all see littered across the internet.

*waits for the plethora of incoming hack attempts now

Sometimes these quizzes and surveys are completely harmless and can be fun. I’m a blue lightsaber wielding Jedi, my spirit animal is a jaguar, and my perfect vacation spot is Disneyland. Wait, let me just take this next survey really quick… I’m actually a pistol wielding smuggler, and my spaceship is a firefly class freighter.

*Ding, new email – Your bank account has insufficient funds to complete this transaction

My foil hat is shinier than yours

The reality is that not every survey out there is specifically collecting data to hack your private life. In fact, the majority of those fun quizzes you answer don’t have ill intentions to use that data against you in any way. Well, the quiz creators themselves don’t have ill intentions. However, the data collected can still be used for nefarious purposes.

That’s how they get you, they suck you in with a few questions that are seemingly random but could actually be used for something, like your security question answers. I know this seems like I’ve jumped onto the conspiracy theory bandwagon but hear me out. I’m not telling you to stop or to never click on those links. I’m warning you to be very cautious about what you are willing to answer. Most people are smart enough to not answer these personally identifiable pieces of information, but it only takes one person to make the quiz worth it to a hacker.

 

 

 

 

 

 

 

In contrast to a single hacker we live in a world of Big Data now. Big data doesn’t need a single hacked account to make it worth while. Big data has a much bigger picture in mind. Big Data is how targeted advertisements work. Based on the history of every transaction on earth, when a person buys X, they are Y% likely to purchase Z as well. Sure, that’s great for selling but I said this is a security risk. How does Big Data translate to having my life hacked by answering a stupid internet quiz?

I don’t have any money so hack away

Just because you don’t have a vast fortune of wealth to lose doesn’t mean the data you supply is worthless. Not a conspiracy theory: did you know that if you use a credit/debit card, I can purchase a list of people that use the same shampoo as you? Again, I’m not saying you need to go crazy and pay for everything in cash and live off the grid. I’m saying that data has become very valuable and by answering those quizzes and surveys you are providing information that can be used in a nearly unlimited amount of ways.

What if I told you that, by using Big Data technology, I could tell you what your favorite color is? With Big Data, I could give you an exact breakdown and confidence level of why that is your favorite color. I’m not talking about just analyzing one area of your life either. Do you have a proclivity for purchasing silver cars, blue shirts, and khaki slacks? Do you also take surveys that ask which animal is more appealing, take photographs of sunsets, and have more than one bank account? The first set of questions seemed quite relevant to picking your color, the second set not so much. But, with Big Data, it’s completely possible to establish profiles using millions of people’s data to determine the exact shade of yellow you enjoy most.

Beyond the ability to tell you what color you enjoy, I can also tell you what movie you’re going to see, in which theater, when, and what you’ll purchase at the concessions stand. Using that data we can determine how likely you are to re-use the same username and password across which website and also the specific patterns people with your background use for their “Passw0rd!” structure. Now, quite suddenly, that random data has value. You personally didn’t provide your security question answers but the profile that has been built by millions of people just like you gave Big Data an extremely likely answer that can now be used to present a security risk.

It’s just data… You’re exaggerating the risk

Your data is just as important as money, even if your bank account isn’t sitting higher than $5. I just discussed some ways the data can be used, but nothing that really hits home as to why you need to be careful. The data you provide, free of charge, can be used to compromise your job, open new accounts in your name, or even put your family members at risk.

Your job, how is that compromised? Do you have an account with access to information inside your company? Yes, when you login to a computer and use it for work you are now exposed to the internal network of your company. If a malicious hacker was to call your Helpdesk or attempt to reset your password it’s very possible they could answer all your security questions because you willingly provided all the common question/answer scenarios during your “harmless” quiz taking. Are you a CEO or someone with huge potential in your company? Usually not, but did you know that nearly all security breaches in a company start with a non-privileged account, just like the one you are using right now? Yes, you are the security risk that your company is worried about!

New accounts or exposing your family members personal information? I only need to point to the recent Facebook privacy issue that’s going on right now. On a personal note, I’d like to say that I’m absolutely appalled at the incompetence of these people questioning Mark Zuckerberg. These exact people asking stupid questions about how the internet works are the reason Mark Zuckerberg is going to receive a slap on the hand instead of more severe punishments. These people are the same ones who will answer those quizzes without a second thought and become a security risk.

A real life personal story here too: I have an individual in my family, that does not use a computer at all. He was recently contacted by scammers claiming to be law enforcement. The family member has never touched a computer and doesn’t have any connection to technology save for a television and phone. The telephone scammer, using the widely available personally identifiable information provided by his family members and Big Data, called him to let him know his grandson was in jail and they needed him to send money to get his grandson out of jail. They were able to answer a lot of questions about his grandson, things that made it sound plausible based on what they knew and where they were calling from. Unfortunately, the family member doesn’t realize that these types of phone calls are pure scams and that law enforcement would never call to get money directly deposited into their account, via gift cards, or anything of the sort.

What kind of world do we live in where people are preyed upon in this manner? Sadly, it’s the world we live in. We need to be careful, pay attention, and realize it’s not just ourselves that we have to worry about hurting with the data we freely provide.

How do I stop it?

Great question. You can’t stop it. There is nothing we can do to stop the collection and usage of Big Data in today’s world. You can help reduce the amount of data you supply though. Why answer that quiz? Is it truly important that you figure out which Game of Thrones character you are and which episode George R.R. Martin is going to kill you in? The clickbait title draws you in and there is a scientific algorithm that can be used to determine what key words and ideas will compel you to take the quiz. Does that mean we are helpless? No, it just takes a little bit of thought and a lot of practice.

I write this article as a warning. Don’t go out and deplete your local store of all the foil on the shelf so you can make a shiny new hat for everyone in your family. Do be aware of what information you’re supplying, even if seemingly random or harmless. As always, this has been a message from your friendly conspiracy theorist who helps you demo like a pro.

Leave a Reply

Your email address will not be published. Required fields are marked *