Posts

Massive Healthcare Provider Anthem Hacked: How to Protect Yourself

Probably one of the more dangerous hacks so far in 2015, healthcare-provider Anthem has been breached by hackers and its data accessed. The breach may have provided the hackers with up to 80 million sensitive customer records, including Social Security numbers, dates of birth, and much, much more.

protect yourself

Like any other major data breach, this particular one could also have easily been avoided. Apparently, the second-largest healthcare provider in America doesn’t see a need for data encryption. They just left all of its sensitive information for millions of Americans practically in plain sight of hackers. This is naturally a cause for concern, as the information stolen could lead any number of fraudulent activities, including identity theft, credit fraud, and more.

What can you do to protect yourself? Here are some thoughts from ZDNet’s Violet Blue.

Put a Credit Freeze Into Effect Immediately
One of the best ways you can protect yourself from identity theft is to place a freeze on your credit. The freeze allows you to keep others from accessing your credit information. If someone tries to access your credit without your permission, they get blocked, and you’ll be notified of the occurrence.

This isn’t to be confused with a fraud alert, which should also be set up. A fraud alert is basically to let credit reporting companies know that you suspect credit fraud. They can then take steps to keep you safe from any trouble.

Enable Two-Factor Authentication
If you haven’t already heard about two-factor authentication, it’s when you set up extra precautions to ensure the security of your account. This can be integrated through a number of different methods, like connecting your smartphone to your email account. It might be a good idea to look into enabling two-factor authentication for your banking account and credit cards, if possible. This puts one more roadblock in the path of hackers trying to steal your identity.

Change Passwords and Login Credentials for Anything Associated with Anthem
Like most health insurance agencies, Anthem has your email address on file. Therefore, it’s logical to assume that this email address will become a target for hackers, and that you should take measures to protect yourself from threats. Take the opportunity to change all passwords and usernames associated with your account, and be sure to make them as secure as possible. Use several different numbers, letters, and special characters for maximum security. Using a password manager can make this process much easier.

Set Alerts for Your Credit Cards
Credit card information wasn’t among the data stolen from the heist, but one can never be too careful, especially in light of the hack. Inform any accounts of the breach, and they will monitor for any suspicious charges. The options might vary, but the fact remains that you need to inform them. Charges outside of your country, or those of an exorbitant amount, are fairly certain giveaways that you’re the target of fraud.

These are just a few ways to protect yourself from credit fraud caused by the Anthem hack. Be sure to stay vigilant and take preventative action to keep hackers away. Hacking in general is something which your business should be concerned with.

If you want to keep the latest threats out of your system, Michell Consulting Group can equip your business’s network with a Unified Threat Management (UTM) solution. You don’t want to be left vulnerable in the face of threats, especially when you deal with sensitive information. Give us a call at 305.592.5433 ext.2601 for more information on how to secure your network and keep your business compliant.

Even the 911 Address Database Can Get Hacked

People dial 911 when they’re in some sort of trouble or in the event of an emergency. If not for the hotline, who knows how many lives could be lost daily. Sometimes, however, help doesn’t come, even when dispatchers have received the call and responded. This generally isn’t the fault of the dispatchers, but rather the criminals who have undermined the rescue efforts thanks to some unorthodox hacking.

WIRED magazine reports that the 911 address database could potentially be susceptible to an online hacking attack. At its time of creation, the 911 system was meant to streamline operations for those who needed immediate emergency assistance, and its security suffered in response. Rather than concentrate on network security, more emphasis was put on training the operators to deal with common problems, like coaching those on the other side of the line how to perform CPR if necessary. So, what happens if someone were to hack the database and mess with its contents?

Complete and total chaos. Hackers can potentially alter the addresses that are contained in the database and make it difficult to administer aid when it’s needed most. Depending on which type of phone is used, there are different ways in which the system works:

  • Landlines: The operators must determine the location of the caller. If they’re using a landline phone, they use a database of addresses which are tied to particular phone numbers.
  • Wireless Phones: A slightly different method is used if the caller is using a cellphone. These phones are equipped with GPS chips which send out coordinates after a cellphone tower processes the call.

In response to these troubling discoveries, ER physician Christian Dameff and pediatric doctor Jeff Tully, both seek to improve the quality of 911’s network. Both were involved in streamlining the system when it was first created. With the help of IT security manager Peter Hefley, the trio hacked into the system itself to look for potential vulnerabilities. In order to create a world where hackers don’t rule the Internet, they presented their findings at the DefCon hackers conference in Las Vegas.

A 911 hack is much different from the type of hack which we normally see in the business world. Ordinarily, a hacker might break into a network in order to find some sort of sensitive information or steal personal credentials. Instead of ruining someone’s credit history, stealing their identity, or charging money to their credit cards, hackers make responding to other crimes much more difficult by swapping addresses around in the database. They can also launch irritating denial of service attacks, which can potentially prevent calls from even reaching the center. Furthermore, operators might be trained to ask the callers for their current address, but they often don’t know where they are. If the addresses in the database aren’t accurate, people in need may not receive aid when they need it most.

Swatting with Landlines
One particular method a hacker tends to use to interfere with emergency deployment is called “swatting.” In essence, it’s basically a fake 911 call. A hacker calls the 911 operator using a fake or stolen phone number or caller ID, then proceeds to report fake home invasions or hostage threats (depending on how creative they’re feeling). What’s worse is that these types of techniques are so simple that even an inexperienced hacker can pull them off.

Furthermore, if the swatter calls a local public safety hotline rather than 911 itself, they can completely bypass the system and simply provide the address of their target. The last thing anyone wants is the police knocking on their door due to nothing but a hoax. While the public safety hotline numbers aren’t generally available to the public, a hacker can find the number through a tone extraction technique on recorded 911 calls.

Swatting Mobile Phones
Thanks to the mobile device using a GPS chip rather than a physical address, you would think that it would be more difficult to pull off a swatting attack. The GPS chip provides both the latitude and longitude rather than the owner’s billing address. This information is stored temporarily in the address database upon making the call, and is then switched over to the public security line.

Thanks to another quirk in the system, it’s simple enough for callers to fool the emergency responders. By using a prepaid phone which isn’t connected to an account, hackers can use the phone without being detected. The issue lies in the fact that phones must, by law, be able to contact 911.

Swatting with VoIP
Voice over Internet Protocol systems can also potentially be tampered with in the event of an emergency. It doesn’t help that the process by which a VoIP user calls 911 is a long process. VoIP users manually place their address in the VoIP system database. They must then configure it to route their calls from 911 to the public safety number. As with any database, if a hacker gets access to it, they can mess with any address on file or steal information from it to use for other tactics.

On a more platonic level, poor security and poor communication can have unfortunate consequences. If someone can’t reach your company’s support when they need to most, you’ll either have an angry client ripping your business practices apart, or a former client hanging up the phone on you. This is one reason why Michell Consulting Group (MCG) puts emphasis on security over all else. With our powerful security solutions, you can know your business is equipped to handle both inside and outside threats. Our Unified Threat Management solution can keep your business’s network as secure as can be.

At MCG, you won’t find your IT emergencies falling on deaf ears. Give us a call at 305.592.5433 ext.2601 to learn more.

Reset to Factory Setting Is Not Enough. Be Aware of Hackers

When it comes time to upgrade, many smartphone users will sell off their old device in hopes of making extra cash. However, if the phone’s memory is improperly wiped, an experienced hacker can use advanced tools to recover sensitive data off the used phone. Let’s talk about how this happens and what can possibly be recovered by a hacker. Reset to factory setting in not enough.

The extent of what can be recovered off an old phone was determined by Avast. They recently did an experiment where 20 used Android phones were purchased off of eBay (phones that were wiped and reset to factory settings). Avast then used software like Oxygen Forensic Suite and AccessData’s Forensic Toolkit to see what they could find. This simple experiment turned up a shocking amount of personal data.

  • 40,000 photos
  • 750 emails
  • 250 names and addresses
  • The identities of four previous owners
  • One completed loan application

That’s a crazy list in and of itself, but it gets crazier when you consider exactly what kind of photographs Avast were able to find. According to Jude McColgan, Avast’s president of mobile, the recovered photos included “more than 750 photos of women in various stages of undress, and more than 250 selfies of what appear to be the previous owner’s manhood.” Ay caramba!

A hacker that’s obtained nude photos of their victims can seriously mess with their lives. Once the identity of the unclothed person is determined, the hacker can get what they want by using the pics for blackmail. Or, the situation can take a scary turn if the hacker takes a personal interest in their victim and stalks them…at night…from outside the bedroom window, or on Facebook (which can be just as bad).

In the same way, businesses selling off their used mobile devices without taking extra precautions to properly wipe their data, make themselves vulnerable to a breach. If sensitive company files were to end up in the wrong hands, a hacker would be able to do some serious damage, leaving your business with feelings of shame and embarrassment.

Let’s say that you don’t have anything to hide on your phone, but that you might have personal family photos. Photos often store metadata that includes information like where the photo was taken. This could reveal personal family information, which could be risky in the wrong hands.

Before you trade in your old Android device, you will first want to wipe its data with tools beyond what comes preloaded on the phone. Here are some solid apps from the Google Play store:

  • Anti-Theft app (by Avast)
  • Nuke My Phone
  • Cerberus anti theft
  • Vipre Mobile

These apps aren’t free, but it will be worth it to know for sure that, whatever you delete (especially those super-personal pics) will be permanently erased.

To get the ultimate piece of mind that your company’s deleted data is gone for good, reach out to Michell Consulting Group at 305.592.5433 ext 2601. Our techs can give your old phone a professional wiping, and we can offer your company enterprise-level security solutions for your active mobile devices that will protect your business from hackers and viruses. Call us today and make sure that what’s meant to be unseen, will never be seen again!

Anatomy of a Hacker

If you have ever been the victim of a computer virus or cyber attack you know how bad it can hurt. You know the pain of having your data compromised or even your business operation completely shut down. You feel violated, and to add insult to injury, you have no idea who did this dirty deed.

Cyber criminals are always anonymous and clearly the bad guys, which would make us at Michell Consulting Group the sheriff in town, we are here to serve and protect you. Today, we want to pull back the curtain of anonymity, tack up a big wanted poster, and show you their ugly mugs.

These perpetrators have no regard for the law, or may even rationalize how the law does not apply to them. They obviously have technical knowledge and enjoy using their skills to manipulate and outsmart others. Some cyber criminals do it simply for the thrills and enjoy the risk and chaos they create, while others have more specific intentions like monetary gain. Additional cyber criminal motivations include: emotional reasons like revenge, political and religious loyalties, and even reasons that are sexual in nature.

We might picture cyber criminals huddled in groups, working in a dark warehouse, but a majority of the crimes would be classified as “petty” and are carried out by normal individuals acting alone. Part of the problem of cyber crimes is found in the variety of criminals it draws. Within the hacker community a class system exists based on an individual’s technical expertise and the potential damage one can cause.

  • Toolkit Newbies. Technical novices who generally download illegally from the internet.
  • Cyber Punks. Capable of writing programs able to deface websites. Spamming and phishing for identify theft also falls within their skill set. They are usually boastful of their hacking success.
  • Coders. Write code solely for the purpose of damaging other systems. Their motives are ulterior and spyware and Trojans are primarily used.
  • Old-guard hackers. Hacking is a sport for the old guard, they treat it as a mental exercise. They are highly skilled and do not cross the criminal line.
  • Hacktivist. This group is the fastest growing and they can cause big damage. They are politically or socially motivated and receive funding from other groups who share their agenda.

Due to the complexity of computer networks, cyber criminals are particularly hard to catch, the crimetrail usually ends at a computer. In fact, only five percent of cyber criminals are actually caught and prosecuted. This leaves them with a 95% chance of getting away with it, which only goes to embolden their actions.

Simply because a cyber criminal is hard to catch, does not mean it has to be easy for them to succeed. You can protect yourself by keeping your antivirus software up-to-date and training everyone who uses your network to know what to look for with email phishing scams and scareware popups. Having a sheriff on your side to watch your back is the best defense against attacks from these cyber creeps, at Michell Consulting Group we want to be your sherriff. We can manage your antivirus software, identify weaknesses in your firewall, as well as provide you with other defensive techniques. Give us a call at 305-592-5433 and let us serve and protect you.