Practical Techie: ’20 Russian hack alerts businesspeople to the frailties of the system
The suspected epic cyberattack, or spy operation into the US government apparatus opens our eyes even wider to the vulnerabilities of the internet spectrum.
The news reports say American officials suspect a Russian spy agency has carried out what they describe as a “distressing feat of espionage into dozens of state corporations and government agencies.”
Historically, the Russian regime has been shameless about its cyber operations against the United States since the initial days of the Cold War. Satellite communication disruptions, laser ray attacks on sensitive radar installations in the Middle East, alleged radiation attacks against the US embassy in Moscow and Havana, Cuba… are just a few of the clandestine servings of Russian cyber operations.
ON GUARD — As much as the news media has raised the issue of data espionage by the security agencies of the United States and other industrialized countries, has made many businesspeople consider how to protect their confidential communications. Even against its own and competitors. Certainly, the scrutinizing eye of the federal government is deep. And there is not only military and political espionage, but a large slice of this activity includes industrial sniffing.
The reason for this is that nations with scientific advancement fear the unfair theft of their technologies for which a lot of money and human resources have been invested. The United States has never denied that it spies on multinational companies. The CIA is even known to be involved in many commercial espionage operations. Unlike Russia or China and other countries with centralized economies, the US swears it does not share its secret data outside its national security operations. So also say the Russians.
SKEPTICISM — Believing that requires a great leap of faith. However, there are several reasons the governments give to justify their shadow incursions into private data. The great slice of their espionage is directed against foreign companies of the military complex, to see what they are up to. All for the sake of national security.
The depth of scrutiny is sometimes so layered that military intelligence experts spy on industrial spies, and industrial spies, in turn, target political and law enforcement cyber spies. The circle repeats itself almost to infinity.
BIZSPY – It is known that one of the ways to collect business intelligence is to infiltrate spy executives in key positions of multinationals. The international dealings of these top executives make it almost impossible to protect the contents, unless with super sophisticated mechanomes that cost millions.
However, small businesses can protect their data with tools accessible on the Web. Not only protect internal messages, but detect the theft of intellectual property, detect internal corruption and theft of goods. The first and cheapest thing is caution. Much of a business’s confidential data falls into the wrong hands due to careless handling.
AVENGERS — A top security gap is the lack of company policy on what employees can and cannot post on social media. There should also be a policy to dispose of old memory disks, disabled phones, unusable USB, damaged credit card terminals, etc. In terms of protecting equipment (hardware), a careful business must install a protective digital fence (firewall) in its internal network, antivirus and the access to its Wi Fi streams. Most of all, obsessively secure its pass and code words. Its healthy not be paranoid but companies must be aware of an angry employee that is about to be fired.
IMAGES — Every company, large or small, must be jealous of how its visuals run through the public digital spectrum. Take care which photographic images or videos circulate on the networks. For example, photos of the storage systems, goods not yet marketed, proposals for shop window designs or a new advertising campaign. Include customer lists, future business or sales plans, privileged internal communications, or confidential accounting reports. Private meeting material must remain private.
SOCIAL — Photos from Instagram, Flickr, Picasa, and other photo archives on the Web almost always have geotagging, or data on the location of the image. Therefore, every photo that is placed on the Web contains metadata very useful to malicious intent. Procure that this info is out of any business visuals.
OFF — It is easy to do through the tech called EXIF (Exchangeable Image File) data. Turn it on when posting company images. There are ways to make it even more invisible. On PCs, the Microsoft’s Photo Tool allows you to manipulate the EXIF to eliminate aspects such as location, equipment used to take the photo, or any link. On Apple computers, you have to purchase specialized applications, including PhotoToolCM or Photoshop Elements, among others.
TECH ‑ Another way to handle this data is to edit in the camera itself when taking the image. The most advanced cameras allow editing the metacode managing its content. As for the texts, there are other applications. One is Tiger Text. I mentioned it because it does something that other apps don’t. On command, it deletes any writing from the Web, both from the computer or a cell, both of the sender and the recipient. You just have to put an expiration date on the message.
It works this way. The text does not go through the user’s networks, but by a Tiger Text server from which it is removed permanently. It is not a free service, but it is useful to maintain confidentiality and it is less expensive than the encryption systems used by multinationals.
Many companies in health services use it to remove content that contains medical information about the patient.