By: Center for Internet Security
The Center for Internet Security (CIS) recently published their monthly Cyber Tips newsletter, The Harm in Password Reuse.
Below is the content provided in the newsletter published by CIS:
From the Desk of Desk of Thomas F. Duffy, Chair
Every day malicious cyber actors compromise websites and post lists of usernames, email addresses, and passwords online.
It used to be that hijacking was something only done in person, but as we discuss in this blog post, online hijacking—where someone or some service takes over an individual’s online account—is now a growing occurrence. Not all forms of online hijacking are “criminal”; for example, browser hijacking— when your Internet search function is diverted to websites you never intended to visit or when advertisements are misleading and redirect you from the main website—may be a nuisance,
Much of the data individuals provide is assumed to be protected because it is anonymized—stripped of any information that identifies who those individuals are. Such anonymized data is everywhere. But how safe is the underlying assumption that individuals can’t be reidentified through such data? Unfortunately, as we discuss in this blog post, there is repeated evidence that this underlying assumption is not holding up—something that raises real concerns that people can be victimized through information they release that can be traced back to them and that makes this an emerging law enforcement issue.
On Twitter, the “#” sign refers to a hashtag—a way to group conversations together and make topics of discussion easier to discover and search. Our blog topic of discussion is #Greenbirds—which involves social media influencers on Twitter supporting the Islamic State (also known as ISIS or ISIL).
#Greenbirds: Measuring Importance and Influence in Syrian Foreign Fighter Networks—is a report from London-based researchers at the International Centre for the Study of Radicalisation and Political Violence who are studying foreign fighter networks.
What are bots, and why should lawyers be concerned about them? For this blog topic of discussion, bots are considered “a device or piece of software that can execute commands, reply to messages, or perform routine tasks, as online searches, either automatically or with minimal human intervention.” For law enforcement, such bots are an emerging threat because they are being programmed to carry out online tasks that sometimes can cross the line into illegal activities.
You may have heard of the terms “phishing” or even “spearphishing”—they both refer to attempts by bad actors to gain personal information to pilfer bank accounts or damage reputation. Phishing is a broader term for wide-reaching untargeted solicitations, whereas spearphishing concerns attempts to target a particular population set like veterans, the elderly, or employees of a particular company for example.
This type of targeting will be familiar with law enforcement, but what you may not know is that early hacking routines were known as “phone phreaking” and the word usage stuck.
“Doxing” is the publication of personally identifiable information (PII) of someone to the internet, generally for malicious purposes. The kinds of information disclosed may include the victim’s home addresses, family members’ information, and financial information.
Hacktivist groups dox government officials in response to perceived injustices with the objective of embarrassing the victim, or providing the information so others may target the victim for malicious activity. In some cases, organized cyber criminal groups and criminals may take advantage of information released during doxing incidents but are not known to conduct the activity themselves.
