Mikko told the BBC, “One of the reasons spammers are moving to the web is that email filtering is getting better and better. Spam is being sent more than ever in history. Yet people see less of it.”
Everything old is new again. That's a key point our chief research officer Mikko Hyppönen keeps making when discussing the current online threat landscape. And it's especially relevant when it comes to one of the most controversial stories of the 2016 United States presidential election -- the hack of the Democratic National Committee. If it turns out that a foreign government is actually attempting to meddle a domestic election, this would not be something history has never seen before -- even if the methodology, brazenness and scale of the meddling might feel new and ominous. F-Secure cyber security advisor Erka Koivunen points out that nation states have long been involved in "information warfare and the age-old use of misinformation, deception and false flag activities." Hacker Andrés Sepúlveda says says he traveled throughout Latin America "rigging major political campaigns." Sepúlveda claims that he "led a team of hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and installed spyware in opposition offices, all to help [Mexican president] Peña Nieto, a right-of-center candidate, eke out a victory." And the idea that our growing reliance on information technology makes democracy uniquely vulnerable has been inspiring rumors of attempts to hack U.S. presidential elections for more than a decade, even sparking the imagination of those who believe that Anonymous may have prevented the hack of the 2012 election. Koivunen explained before that if you're involved with politics in 2016 that has international import, you have to assume you're being hacked. Hacking of high level political officials especially during a presidential election is now as predictable as the cyber attacks that inevitably pop up around every Olympics. But "hacked" is such a broad term it's important to distinguish the degrees of hacking. "Owning an election is gold; being able to influence it is silver; knowing the outcome in advance is bronze," Erka says. We have no idea if someone is trying to hack the election systems of a crucial U.S. swing state. But it seems that someone is trying to influence the 2016 election. Wikileaks, the organization that released the data from the DNC hack, has admitted that it timed this leak to do maximum damage the Democratic party nominee Hillary Clinton. And certainly every country in the world is trying to get all the intelligence they can that will help them prepare for the first new U.S. president in eight years. Certainly, the United States would be doing the same thing. What makes the DNC hack particularly newsworthy is that evidence of Russian cyber espionage -- including F-Secure Labs investigation into "The Dukes" gang -- makes is easy to accuse Russians of meddling in the election. And what's even stranger is that one of the U.S. major party candidates seems to be welcoming Russian involvement, at least as a sarcastic jest. So did the Russians hack the DNC, as some experts claim? This is why nation states love cyber attacks: attribution is very difficult to pin down. "Were the Russians in the DNC network? Sure," Mikko tweeted. "Did they plan to do this hack to support Trump? I don't think so." The goal is simply to capture as much information as possible so you can at least win a "bronze," as Erka calls it. "I think the Russians are in the network of the Republicans as well," Mikko added. "They wouldn't be doing their job if they weren't." So why did the information come out? Perhaps they saw a chance to win a "silver." Since they'd already been outed, they decided that they emails were "too good not to use." With the leap from bronze to silver the potential rewards and risks grow exponentially. So does this mean they might go for the gold? Wouldn't you, if you had the opportunity?
You might know what a VPN (Virtual Private Network) is. But if you’re like many people out there, you probably don’t use one. You should though. And when you finish this blog post, you’ll know why. A VPN is a private network established over the internet. That might sound complicated, so simply put, a VPN provides security for your device’s internet connection. The layer of security VPNs provide is how you make sure that data you send and receive is encrypted and safe from trackers, hackers and anyone else trying to intercept your data while it’s in transit. Companies and schools use VPNs to let people connect to local networks from anywhere. And you can also use a VPN to stay anonymous whether you’re at home, at work or school, or using an untrusted public network. And as an added bonus, of course, a VPN also lets you change your virtual location, which can mean unrestricted access to a whole world of content. So why is online anonymity so important? Who better to answer that than two real Freedome VPN users. And while we can assure you these guys are both real, in keeping with the theme of anonymity, let’s just call them “John” and “Doe”. “Anonymity is important because I really see it as a human right. Like if I’m looking for things that are really personal, I have the right to stay private and keep that information private,” says John, a university student who’s been using Freedome VPN for three months and counting. Doe, who is 29 and in the IT industry, has used VPNs before, but recently switched to F-Secure’s Freedome. For him, using a VPN isn’t just about protecting himself today: it’s an investment in the future. “I’ve never had problems myself, but we know for a fact that there are organizations and people out there right now who are looking to get their hands on our information and identities for whatever reason. This is definitely going to be a bigger problem in the future, and I want to be prepared,” says Doe. Both John and Doe say that most of their friends in the tech industry are using VPNs right now. But unfortunately, there are lots of people out there who aren’t. “I really wish people were more aware of the fact that they’re potentially giving away parts of their identity and privacy every single time they go online without a VPN,” says Doe. John agrees. “If you think about how people are feeding more and more of their personal information into a wider and wider range of sites, services etc., it’s obvious that the potential risks to our privacy are also increasing,” he says. John and Doe definitely know what they’re talking about and we couldn’t agree more. There’s never been a better time to take control of your online anonymity. So check out the Freedome VPN site for videos and more info. And don’t forget to tap or click to get yours! [Image by Blue Coat Photos | Flickr]
Many people feel that some platforms are more secure than others. And while there may be some truth in that, what’s far more common is that operating systems offer users security features that people choose to use, or ignore. As Micke has pointed out in the past, behavior is often more important for security than product features. So someone with an Android device that updates all the software, sets it up to keep the device and data in their control, and knows how to avoid risky behavior that hackers look for will keep their data safer than an iPhone user that’s never even looked at the settings for their device. And based on what we saw at AltConf2016 – a developer event that mirrored Apple’s last WWDC – it looks like many iPhone and iPad users are making some pretty basic security faux pas. So here’s a few tips iPhone and iPad users can use to protect their devices and data. Don’t forget to forget Wi-Fi networks Unlike Android and Windows Phone, iOS devices don’t let you see your Wi-Fi history. It might not seem like it, but periodically cleaning out your Wi-Fi history is important. We’ve shown in the past that many people configure their devices to automatically connect with Wi-Fi hotpots they’ve connected with before. This leaves them exposed to hackers spoofing Wi-Fi hotspots (which is surprisingly simple and inexpensive to do). So if you’re an “auto-connector”, you should always remember to “forget” public Wi-Fi networks that you use in the odd café, hotel, or restaurant you visit. Because iOS devices don’t let you see your network history, you can’t pick and choose old networks you want to forget. So iOS users have two options: either forget a Wi-Fi network before you leave and walk out of range, or do a periodic network reset to clean out your entire network history. Don’t name your device after yourself During AltConf2016, F-Secure set up a Wi-Fi hotspot to see whether or not people would connect to any available free Wi-Fi. And as we’ve seen in the past, people take their Wi-Fi wherever they can get it. While many people connected and disconnected frequently, it was clear that lots of those people seem to name their device’s after themselves – approximately 80% of the devices that connected included a first name as part of the device identifier. And out of that 80%, 70% of them were iOS devices (Android and OS X devices constituted the remaining 30%). Now, hackers won’t really need this information to “pwn” their victims. But little tidbits like these are great for scams that use social engineering. Fraudsters and tricksters can use something as simple as this to manipulate people as part of a larger scam. It’s tough to say why personalizing devices seems more popular among iOS users than their Android/Windows counterparts. And having unique device names helps keep them separate on, say, a family’s Wi-Fi network that can have multiple people using it at any one time. But using initials or some other way to differentiate them is a better way to personalize your device without necessarily giving tech-savvy fraudsters the opportunity to learn something they can use to scam you. Use app restrictions (they're not just for kids) Earlier in the year, F-Secure Security Advisor Sean Sullivan recommended people change their iOS settings to take advantage of the various restrictions you can use. You can check out his blog post about it here, but basically, using iOS’ restrictions can create safeguards against malicious apps or attacks that try to trick your device into sharing information without your knowledge. Attackers use apps and processes that can run without requiring direct action from users (such as cloud storage services) to steal data. It’s something often seen as part of corporate cyber attacks, so it’s especially important to do this if you use your iPhone or iPad for work. And as my colleague pointed out in this recent blog post, you should already be using two-factor authentication and strong, unique passwords. [Image by Kārlis Dambrāns | Flickr]