Camden County residents are being warned about a new scam that targets your cellphone
CAMDEN COUNTY, Ga. – We’re always on our smartphones so it’s easy to let our guard down, opening the door for scammers.
Now, our cash and identity can be at risk just by clicking on the wrong text message.
The Camden County Sheriff’s Office is warning people about a scam text message being sent to local cellphones.
“I think that(s) (what) was so great about having a home phone number — you didn’t have to deal with that during dinner time,” Autumn Spencer said.
Content Continues Below
“I probably got a list of seven (numbers) that I kept blocking,” said Christopher Peters
The Sheriff’s Office says scammers are targeting people with a text posing as their cellphone carriers.
T’onna Peters says she received a similar text message on her phone this week.
“I have and I just ignored it, I told him, and I just didn’t click on it,” Peters said.
“Where I work, they give us training on cyberscams and most of the time I get the phone calls because my cellphone number is a Tennessee number.” Peters added.
STAY UPDATED: Download the Action News Jax app for live updates on breaking stories
The text messages says there’s a billing issue and that people need to click the attached link to update their information.
Instead, the Sheriff’s Office says, the link gives scammers access to information they shouldn’t have.
This is exactly what happened to Christopher’s close friend.
“I had a shipment years ago where he we was deployed and his wife fell for one of those scams and ended up paying, like, $300 thinking she was going to get money back in return but lost it,” Peters said.
One in 10 people are victims of fraud every year according to the Better Business Bureau.
“Nine out of 10 people in my opinion are just amazing and trustworthy and friendly and looking out but you got that 1 percent that’s just sometimes isn’t nice as the nine,” Autumn explained.
The sheriff’s office says if you’re a victim to call them at 912-510-5100.
Equifax, Facebook, Capital One, Yahoo — every week seems to bring news of another data breach. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet just waiting to be exploited.
And 2019 is on track to be one of the worst years for data breaches yet. Nearly 4,000 data breaches were reported in the first half of this year, with over 4 billion records exposed, according to Risk Based Security, a research and security firm. That’s a 54% increase in breaches and a 52% increase in records exposed as compared to mid-year 2018.
At this point, it’s safe to assume that some of your information is out there. Now it’s a matter of doing what you can to protect yourself and deter malevolent actors from making you a victim of identity theft. Here’s what you can do.
Personal information includes your Social Security number, birthdate and mother’s maiden name. Among these, your Social Security number is the most sensitive, because you can’t change it and it’s often used to verify your identity.
“If you look at the companies that have been compromised, the chances are really good that your personal information is out there,” says Gary Davis, the “chief consumer security evangelist” at the cybersecurity company McAfee.
What you can do
Take three important steps to limit the exposure of your personal info and protect yourself if some data is already out there.
Limit exposure: Avoid giving out your Social Security number whenever possible. Many services ask for it to verify your identity but may offer other ways to confirm who you are. Limit the number of databases and filing systems containing this identifier.
Freeze your credit: Safeguarding your credit files is fairly easy — and free. The best approach is to freeze your credit with the three main credit bureaus: Equifax, Experian and TransUnion.
Regularly check your credit reports: You’re entitled to a free copy of your credit report from the three major credit bureaus every 12 months. Review your reports and look for any lines of credit you don’t recognize because that can be a red flag for fraud.
For an added sense of security, you might want to consider credit monitoring and identity theft protection services, which can alert you to attempts to use your personal information. But they charge a fee and can’t prevent ID theft, just alert you after the fact.
This refers to things like your email, bank account or social media login credentials. Some of your digital information may have been exposed if you use Facebook, Yahoo or Capital One, to name just a few high-profile breaches. In addition, the information you share on social media can leave you vulnerable to identity theft.
Protecting your digital information helps thwart many forms of identity theft. If your Facebook account is accessed by hackers, for example, they could tap your network and create scams targeting your friends and family. Criminals with your bank login credentials could siphon money from your account or run up charges on a credit card.
What you can do
Some fairly simple measures can help protect your digital information.
Protect your accounts: While it might sound like a no-brainer, make sure you’re using secure, unique passwords for each of your accounts. “Secure” means something that’s hard to guess; use capital and lowercase letters, and mix in numbers and special characters. “Unique” means not repeating a password, so someone who accesses one of your accounts can’t get into all of your accounts.
Use technology to help you: Password manager apps and two-factor authentication services can make it more difficult for hackers to get into your accounts.
Safeguard your smartphone: These devices can be one of our biggest vulnerabilities to identity theft. Use a passcode on your phone and consider adding a security code to your phone account. “Keep your software current and don’t delay updating it,” says Lisa Schifferle, ID theft program manager at the Federal Trade Commission. “Scammers know there’s a delay when people update, and they use that time to break into phones.”
In the long term, you can mitigate the future risk of privacy violations by being conservative with the services you use. If a company is a repeat offender, consider dropping the platform.
“Don’t reward companies for bad behavior,” says Davis. “If you hear about companies that aren’t treating our data and your privacy as strongly as they should, don’t use them anymore. Show them with your feet that you care about these things.”
Over the past three years, the “business email compromise” has become one of the most common, vexing, and financially injurious forms of cybercrime. On any given day, companies around the world and across industry sectors are finding themselves the victim, the pawn or both in cybercrime schemes that have resulted in billions of dollars in losses. Beyond significant financial loss, being targeted in these schemes carries increasing regulatory and reputational risk, as well as civil liability.
Business email compromises exploit social engineering to commit fraud
Business email compromise (BEC) schemes are at once simple and sophisticated. First, the perpetrator targets specific individuals within organizations, using social engineering techniques to gather information (often social media and company/professional data). Second, the perpetrator uses a spoofed or hacked email account and the information gathered through social engineering and the hacked account contents to fraudulently induce the targeted individuals into transferring money or sensitive data to unintended parties. A company may be the target of the fraudulent scheme, or its employee email accounts may be hacked and then utilized to target third parties (often business partners and customers). The ultimate goal is the theft of money or nearly any type of sensitive data.
Common varieties of BECs include emails sent from spoofed or hacked accounts of company executives or business partners or service providers. Perhaps the most common scheme involves a bad actor posing as a company executive, business partner or service provider and using the spoofed or hacked email account to trick the email recipients into initiating wire transfers to financial accounts that are under the control of the bad actors. Other types of data that are targeted include employee personal and tax information, intellectual property, account credentials, and other forms of sensitive business information.
BECs have exploded in volume, frequency and financial loss across industry sectors
BECs continue to be among the most successful and quickly escalating forms of computer-facilitated financial fraud. The Financial Crimes Enforcement Network (FinCEN) recently issued the latest government advisory report on the topic, noting that BEC attacks have climbed from just under 500 reports per month (averaging $110 million in attempted BEC thefts) in 2016, to over 1,100 monthly reports (averaging over $300 million monthly in total attempted BEC thefts) in 2018. Since 2016, FinCEN has received over 32,000 reports involving almost $9 billion in attempted theft from BEC fraud schemes affecting US financial institutions and their customers. The top three sectors targeted for BECs are manufacturing and construction; commercial services (professional services, retail, hospitality, education); and real estate.
The FinCEN report comes a year after a July 2018 FBI Public Service Announcement detailing how global losses due to BEC scams increased by 136 percent between 2016 and 2018. Since October 2013, the FBI has tracked more than 78,000 BECs, totaling more than $12.5 billion in fraud losses. These figures are likely just a fraction of the actual overall numbers. The FBI’s 2018 Internet Crime Report tracked over 20,000 complaints of BECs and $1.2 billion in losses in the United States alone last year.
Regulatory scrutiny and litigation risk grow
The company that suffers a BEC can be both a victim of the crime and a target of regulators and civil litigants. In October 2018, for example, the SEC released a “Report of Investigation” calling for public companies to re-assess their internal accounting controls “in light of emerging risks, including risks arising from cyber-related frauds.” The Report followed the SEC’s investigation into whether nine public companies violated US securities laws “by failing to have sufficient accounting controls” to prevent approximately $100 million in losses as a result of BECs.
Despite declining to pursue enforcement actions, the SEC emphasized its recent cybersecurity guidance, advising public companies that “[c]ybersecurity risk management policies and procedures are key elements of enterprise-wide risk management, including as it relates to compliance with federal securities laws.” Given the SEC’s attention to this issue, it can also be expected that public companies that lack such policies and procedures also could find themselves facing both private securities fraud and derivative lawsuits.
BECs are increasingly preceded by a network intrusion, which allows a bad actor to take control of a given email or company network account to target that company or a third party for financial fraud and data theft. In addition to weaponizing the compromised user account, a bad actor also may compromise sensitive, legally protected information accessible through the account. This could trigger obligations and liability under private contracts or data security and data breach notification laws. Moreover, it is increasingly common to see litigation between the companies involved in a BEC over which one is liable for network intrusions, lost funds transferred to criminals, and compromised sensitive data.
Preventing and responding to BECs
Every organization should develop and execute a multi-pronged strategy for preventing and responding to a business email compromise. When a BEC occurs, a company must act very quickly to recover lost funds, prevent further losses, contain any network compromise, and prepare for potential regulatory inquiry and civil litigation. A victim’s quick coordination with federal law enforcement and relevant banks can result in the recovery of funds. During 2018, the FBI’s Recovery Asset Team recovered 75 percent of the BEC losses reported to it within 48 hours of the wire transfer ($192 million). Each company involved in a BEC (ie, both the company suffering the financial loss and the company whose compromised account was weaponized to facilitate the fraud) must conduct a thorough, legally privileged internal investigation to understand the full scope of any unauthorized activity, as well as its rights and potential liabilities.
Never a day goes by without headlines of yet another cyber-attack, data breach or identity theft – even boardrooms have finally become familiar with terms like “ransomware” – an alien concept in the past that belonged to the “geeks in IT”.
Businesses, education institutions, and indeed all levels of government have become more aware of the damage such actions can inflict.
Criminals continue to use old-school methods such as phishing scams to lure their victims but they also have a keen eye on the next technological step where more sophisticated tools and techniques are employed to dupe people.
We’ve now seen the advent of artificial intelligence being used for cybercrime, with a recent widely reported case a flavour of what’s to come.
In March, the CEO of a UK-based energy firm received a phone call from his “boss” – or so he thought – who runs its German parent company.
His “boss” instructed him to transfer €220,000 to a Hungarian supplier, saying it was urgent and needed to be done in an hour.
The UK chief executive had no reason to question the authenticity of the call as he recognised his boss’s slight German accent and tone of voice, the company’s insurance firm, Euler Hermes Group SA revealed.
He had no reason to believe it was all a hoax, and could well be one of the first voice-spoofing cybercrimes using AI-based software.
Does this sound familiar?
Remember world-renowned hacker Kevin Mitnick? He gained notoriety after his social engineering skills landed him behind bars.
Mitnick would call big US corporations and obtain key information by gaining the trust of employees.
In fact, when he was a teenager, he once phoned the system manager at Digital Equipment and posed as “Anton Chernoff”, one of DEC’s lead developers.
“Anton” told the manager he had trouble logging in to the company’s dial-up modem (Mitnick’s friends found an old, discarded unit) and was immediately provided with login details and high-level access to DEC’s internal systems.
Voice phishing or using social engineering over the phone to gain personal and financial information isn’t new, and criminals use modern tools and technologies such as caller ID spoofing to hide their true location (and identity).
Fraudsters using AI to mimic voices – as per the European energy firm case – is just an evolution in technology: it’s akin to how modern-day layby services such as Afterpay and Zip Money have gained overnight popularity.
The layby or buy now, pay later concept isn’t new but these startups have used new technology – combining online, mobile apps and a great interface and user experience – to completely reinvent the way goods and services are purchased.
Nothing much has changed since Mitnick conned DEC some 40-odd years ago when he was 16: humans can still be gullible in this day and age.
Another information-gathering technique has been to call and hang up when a person answers – purportedly to build a voice/biometric profile for identity theft.
Some organisations offer voice as a replacement for passwords to confirm a customer’s identity by relying on hundreds of unique characteristics.
ANZ Bank’s app, for example, allows customers to pay anyone over $1000 and make BPAY payments of more than $10,000 by using the phrase “my voice confirms my identity”.
While there haven’t been widespread reports of voice phishing or deepfakes locally, criminals thrive on being ahead of the game and AI is just one of many tools in their arsenal. We cannot fight against this tide but need to urgently adopt a “trust but verify” mindset and approach.
We can trust but always verify a request – whether its someone on the other line, a friend or contact who sends through a link to click on or a text message with a call to action.
We can only manage and control our own behaviour and how we react to and protect from these scams.
Bruce Carney is the newly appointed product head at global cybersecurity firm Wontok.
He started his career as a Research Engineer at the University of Newcastle, and has had senior roles at Atlassian, Telstra and Nokia in Australia, the US and UK.
NEVADA (KTNV) — As part of Cybersecurity Awareness Month, Nevada Attorney General Aaron D. Ford advises Nevada’s youth and parents to be aware of online scams targeting minors.
Just like adults, scammers target young people through popular online platforms, such as apps, games, and popular social networking websites.
Youth are particularly attractive targets for scammers because they often have unused Social Security numbers, do not generally check their credit reports, and are used to readily sharing information online.
Scammers may pose as someone else to get young online users to share information voluntarily.
“Scammers don’t discriminate,” said AG Ford. “All users, even young adults, should be cautious about sharing their personal information. If we can help young people recognize these issues now, they can be proactive and protect their personal information, which may be their most valuable asset. The first step is to realize how much of your personal information is already in the public domain.”
Inexpensive/Free Stuff Scam:
Many ads online offer cheap or free items for sale, such as clothes, sunglasses, or handbags. In some cases, these ads prove to be a scam.
An unsuspecting young adult may send money but never receive the item or may receive a piece of lesser quality.
The fake sale may also be an attempt to get personal information, such as user names and passwords, which would allow the scammer to gain access to the youth’s account.
Before purchasing items online, complete research to ensure that the source is legitimate.
Scammers often re-post a discount offer that was previously valid but will no longer be accepted by the retailer.
Use a search engine to look at customer reviews; however, be aware that sometimes websites post fake reviews to attract more customers.
Trust your instincts if you feel that something seems wrong about the deal. Consider only purchasing from established online retailers.
Some social media accounts may promise to provide a scholarship, but are an attempt to steal your money or your identity.
Typically, these scams may promise to give scholarships to a certain number of new followers in return for a fee or personal information, such as a Social Security number, bank account information or a credit card number.
Legitimate scholarships do not charge any fees. Avoid sharing your Social Security number, password, or any financial information with someone offering a scholarship.
None of this information is needed to verify your identity or to “hold” a scholarship.
Account Deletion Scam:
Scammers may use messaging services on social media platforms to directly contact account holders and claim their accounts may be deleted or locked if they do not click on a link to update their statements.
This link may appear legitimate. Still, when users click it, they are redirected to a website asking for the user’s information, such as passwords, email or physical addresses, or other personally-identifying information.
Beware of messages that ask you to click on a link to update your information. If you think you need to update your account, do so through the settings on the online app or website.
If you believe you have fallen victim to any of these scams, officials encouraged the public to file a
with the Office of the Nevada Attorney General or with the
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what’s needed to combat phishing
As organizations begin to plan their cybersecurity strategy for 2020 and beyond, email security will certainly be high on leadership’s agenda. That’s because phishing attacks continue to increase in sophistication and frequency, and email remains the number one vector for all cyber incidents. In fact, 90% of all cyberattacks begin with email, and the breadth of phishing detection, prevention, and response has become the ultimate SOC team burden.
As such, one thing is clear: Enterprises are losing the email security battle. This unpopular truth exists partially because of the complex email threat landscape. After all, it’s almost impossible for any organization to proactively defend against 130 million phishing attacksper quarter, not to mention the tens of thousands of permutations associated with each. Another contributing factor is the proliferation of payload-less, social engineering-driven phishing, such as business email compromise (BEC) and account take over (ATO), which enable attackers to bypass traditional server-level email security tools and trick human defenses with relative ease.
Presently, when it comes to phishing mitigation, the industry is guilty of holding the same conversations that it’s had for the past several years. Comparing and contrasting secure email gateways. Evaluating both the real and perceived benefits of phishing awareness training. Debating the pros and cons of authentication and encryption protocols. While all three tactics remain popular, they are decreasing in effectiveness.
Thus, as we approach the next decade, it’s time to move away from the trivial arguments of yesteryear and focus on what’s needed to defeat the phish of 2020 and beyond. From decentralized threat intelligence sharing and greater public-private collaboration to automatic incident response and mailbox-level security, these safeguards are better suited to combat the future of anti-phishing because they rely on human and technical controls working together 24/7/365.
Evolution of email security Looking back over the past decade, email security has, admittedly, come a very long way. Eight years ago, organizations relied almost entirely on spam filters and antivirus software to protect against Nigerian scams. Eventually, antivirus products were rejected as the sole line of email defense, as attackers found creative and cost-effective ways to defeat these controls.
Phishing technique advancements prompted secure email gateways (SEGs) to enter the market, and this technology remains the most common phishing prevention method. Around the same time as SEGs, security training became part of the corporate lexicon, and employers attempted to gain some advantage over attackers by using employees to identify and corral suspicious messages.
Unfortunately, attackers responded to the increased employee awareness and SEG technology by creating new attack techniques that bypass common email security controls. In response, many enterprises have added gamification to their security training as a means to bolster employee situational awareness while also implementing authentication and encryption protocols such as DMARC.
While such counter maneuvers are surely effective from time to time, attackers continue to have the upper hand while enterprises look toward 2020 for a silver bullet. Unfortunately, one is not going to appear.
Email security challenges that elevate risk The email security industry is in the midst of an intense debate over what technology, standards and protocols can deliver the most protection and reduce the most risk. The common arguments are a bit ironic when considering that successful cyberattacks continue to cost enterprises more than $1 million per incident.
Adoption & maintenance of protocols like DMARC are essential.
Phishing awareness training should be mandatory for all organizations.
Encrypt all email messages.
Incident response requires automation.
While none of these trending arguments are wrong per se, they all assume that email security is some sort of linear challenge that can be eradicated with a singular solution driven by either technology or people. But if history has taught us anything it’s that attackers will evolve and find a way to defeat whatever human and technical controls and enterprise deploys.
That’s why, as we move into 2020 and a new decade, the conversations surrounding email security must evolve from comparing anti-phishing and email security tools, protocols, and trainings to resolving non-phishing email security challenges that are at the center of elevating risk. This includes the need to address SOC burden and educate the next generation of the cybersecurity workforce; decentralizing threat intelligence sharing so that organizations of all resources can protect their assets, promoting ubiquitous interoperability so that solutions can better integrate for analysts; and having an industry-wide agreed upon definition of what actually defines incident response.
Such a transformation of the email security industry will enable organizations to focus on effective anti-phishing techniques that actually address the root causes of the industry’s problems, and not just the effects. For example, by encouraging decentralized threat intelligence, organizations’ SOC teams can have access to hundreds of thousands of trending threats worldwide, allowing them to be proactive in defense instead of reactive. It’s a power of the pack mentality that suggests industry is stronger together than it is apart.
As it stands now, attackers will continue to have the means and motives to evolve faster and more efficiently than technological advancements. But when human controls and technological controls work together to decentralize threat intelligence, automate rapid response and encourage employee collaboration, their advantage can shrink to a much more manageable level.
Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the … View Full Bio
The WannaCry Ransomware which hit businesses including banks globally didn’t spare India, which was the second-worst affected country in APAC according to reports. It was a reality check for financial institutions as the attack was estimated to have affected more than 150 countries and caused millions of dollars in damage. The banking system often emerges as a sitting duck since it is the softest and most effective target.
In India too, cyber frauds are on the rise. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The recent frauds at Cosmos Bank and State Bank of Mauritius branch based in Mumbai are only the beginning, with rise in digital transactions and their spread to the interiors of the country, cyber frauds at banks are on the rise.
Why Financial services?
The financial services industry is naturally a lucrative target for cyber criminals. The primary targets which are usually compromised in cyberattacks on banks are the SWITCH and SWIFT systems. SWITCH is a group of servers that are responsible for sending approval request from the ATM to the core banking system. SWIFT, on the other hand, is a global provider of a secure inter-banking messaging solution.
The SWITCH and SWIFT are the most sensitive components of the banking infrastructure, as they are responsible for the authorization of fund transfers. Each piece of information hacked—whether it is the data stored on the network, competitive intelligence, access to confidential email or trading strategies–typically has different types of buyers and methods for selling. Many forums and dark web sites exist for this purpose.
It is estimated that over 90% of all successful hacking scams start with a phishing attack. CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose finance employees due to their access to company finances and other sensitive information.
Fighting the threat
The industry needs to start thinking cybersecurity from the ground-up and not as an afterthought. Organisations must act more aggressively, constructively and comprehensively to address security threats. There needs have better understanding about simple vulnerabilities such as weak endpoint security and lack of security awareness.
100 percent security is impossible for any organisation; however, the below approach will go a long way in combating financial hacking:
Installing Threat Detection: Organizations in India can improve their cybersecurity systems with more focused monitoring of critical servers and the usage of powerful detection technologies.
Automation: Automating to optimize incident response and building resiliency.
Initiate checkpoints for large fund transfers with manual inspection: As we have seen in the case of multiple financial heists, there are few common errors that could have been easily caught using manual inspection.
Train the employees: Employees are primary concern in cyber security. Lack of skilled cybersecurity professionals, unprepared security operations team are all proving to be great challenges. Training the workforce and creating awareness will help prevent a lot of cyber incidents.
The best way to fend off and respond to an attack is to internalize cyber-resiliency and cyber-agility tactics. Additionally, financial services companies must prioritize the value of information assets. Allocating additional budget towards company crown jewels is a good place to start. Leading technologies are only as effective as the company’s cyber-risk culture. Financial institutions must be aware of evolving risks and establish a plan for business continuity.
The author is Country Manager – India at Barracuda Networks. Views are personal.The Great Diwali Discount! Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only. Coupon code: DIWALI. Offer valid till 10th November, 2019 .
Approximately 70 percent of Americans use social media to connect with one another, engage with news content, and share information. Most users access social media platforms and consume content on their smartphone, just one of the many smart devices we use to monitor our health, fitness, and sleep; secure our homes; tell us the weather; and cue up our favorite songs, shows, and movies. But the convenience of smartphones and the instant connectivity of the internet and social media come at a price, namely the security risks hidden in our favorite apps and devices.
October is National Cybersecurity Awareness Month (NCSAM), an annual initiative spearheaded by the Department of Homeland Security to raise awareness about the importance of cybersecurity. To mark the occasion, we asked several BU privacy and security experts—Ari Trachtenberg, a College of Engineering professor of electrical and computer engineering and a member of the BU Cyber Alliance, Gianluca Stringhini, an ENG assistant professor of electrical and computer engineering, and Ran Canetti, a College of Arts & Sciences professor of computer science and director of the BU Center for Reliable Information Systems and Cyber Security—to shed light on the top vulnerabilities we need to know about. They discuss security and privacy threats consumers and businesses unknowingly expose themselves to, and outline best practices for protection.
Smart Devices and Social Media
BU Today: How can we protect ourselves in a connected world?
Trachtenberg: Smart devices quietly nestle well within our comfort zones and into our most private spaces: bedrooms, bathrooms, doctor’s offices, etc. At the same time, they are filled with all kinds of sensors that allow them to record and permanently store all kinds of information about our most private moments. The best way to protect yourself is to be aware of this, and keep all smart devices away from your most intimate environments. I, for example, keep most smart devices (TVs, speakers, etc.) out of my home; the few I cannot avoid (smartphones), I keep in a designated location that does not have access to my private areas.
How are we putting our personal information at risk when using social media?
Trachtenberg: I think that many users don’t realize that they are not only putting their own information at risk when they’re using social media, but also the information of their friends and acquaintances. For example, when you put up a picture of yourself with a friend at a location, you are sharing with the social media company (and, quite possibly, all of their third-party affiliates) your connection to the location—and your friend’s connection to the location—whether or not your friend wants ad agencies to know this.
The same thing goes for messages you leave on your friends’ social media accounts, or, potentially, even “private messages” that you send to them through social platforms. In short, when you are using a “free” service online, always ask yourself—how is this service making the money to pay its engineers and maintain its hardware? Often the answer is that it’s selling information about you and your friends.
Canetti: We provide online service, app, and content providers with detailed information about our whereabouts, our thoughts, our feelings, our moods, and our life patterns. Our every move is recorded, and aggregated with the moves of others. These content, social platform, and app providers sell this data to third parties who can weaponize it against us—catching us at our weak moments and manipulating our thoughts and behavior.
What are the consequences of this behavior?
Trachtenberg: I think that the top security threat today is not directly from overtly malicious actors, but rather from the huge amount of information that is accumulated about each and every one of us through all the devices that we use regularly. This information, inevitably, leaks to actors with very different interests than us (including malicious actors), and it can be harnessed very effectively to cause damage.
What can we do to avoid this risk, while still being active on social media?
Canetti: We can opt out of providing our information to content, app, and social media providers. This cuts them off from the ability to leverage our data, and share with advertisers and other third parties. This might cost a small price, but it’s more than worth it.
What is the top security threat you anticipate employees will face in the near future? What are the repercussions for both the employees and the businesses they work for?
Stringhini: Ransomware is currently the golden standard of cybercrime. Unlike other cybercrime schemes like fraud and spam, the criminals are not trying to convince their victims to purchase some sketchy good, but instead offer to give them back access to their data in exchange for money.
Unfortunately, victims often have no choice but to pay their extorters. This significantly increases the return on investment for cybercriminals, and has serious repercussions for both private citizens and companies, who are constantly being targeted.
Trachtenberg: There are many truly frightening ways malicious actors can exploit our digital trails in the workplace. For businesses, a serious example is CEO fraud, wherein criminals imitate the email or phone call of a CEO/CFO in requesting large transfers of money, or possibly the businesses’ network and data.
Both of these are exacerbated by the emergence of “deep fakes,” wherein machine learning techniques are used to craft messages that look or sound identical to the person being scammed (i.e., from a few samples of a CEO’s speech, it is sometimes possible to realistically craft different speech, which the CEO has not stated, in the CEO’s voice).
Is there an easy fix for this risk that employees and businesses should adopt?
Stringhini: To mitigate the risk of being hit by ransomware, users should constantly keep backups of their data. This can be automated—for example, scheduled to happen once a week.
Trachtenberg: It is very hard for an individual to protect themselves from CEO fraud and deep fake vulnerabilities, much like it is hard for an unarmed civilian to successfully defend against an armed criminal. Individuals should always be skeptical about any unsolicited information that they are given, and companies should have established, secure mechanisms for making significant transfers. They should also put in place prespecified protocols for dealing with and responding to security emergencies.
Best Practices for Protection
What is the most overlooked security feature?
Stringhini: Enabling two-factor authentication can help people keep their online accounts safe. With two-factor authentication enabled, it is not enough for attackers to know an account’s password to log into it, but they also need to get a hold of a second token, which is usually sent to the user’s mobile phone. This significantly raises the bar for attackers to successfully compromise online attacks, and protects users from the consequences of large data breaches and phishing attacks.
What is the most important “cyber hygiene” routine that’s easy to maintain that everyone should adopt to ensure better security?
Stringhini: Once a weakness is discovered in a program, the developer usually fixes it rather quickly. Keeping your software constantly updated drastically reduces the chances of getting compromised. Most programs nowadays provide automated updates, which is a great way for people to stay secure while at the same time not having to remember to constantly update their computers.
Trachtenberg: Actually, it is what we teach our engineering students throughout their study—understand the basis for the information that you are receiving, and be skeptical of any claims that are not substantiated in a manner that you can reproduce.
Data breaches hitting massive entities like Equifax, Facebook and Target grab headlines, but the impact on small businesses is just as severe with attacks causing bankruptcy or even forcing a firm to shutter its doors.
A report issued by the National Cyber Security Alliance, based on a Zogby Analytics survey of 1,008 small businesses with up to 500 employees, found that after suffering a data breach 10 percent went out of business, 25 percent had to file for bankruptcy and 37 percent experienced a financial loss.
Overall, 28 percent of respondents reported experiencing a data breach in the last year. Of these victims, 44 percent were from larger firms of 251-500 people, while 11 percent were companies with 10 or fewer workers.
The fact that companies live in a dangerous cyber environment is not lost on these business leaders, with 88 percent believing cybercriminals are eyeing them as potential targets and 46 percent convinced that they are a likely target. This equated to 62 percent of the respondents saying cybersecurity is a high priority. But the level of concern dropped dramatically for very small businesses, with only 39 percent making cybersecurity a high priority.
Another fact unearthed by the survey was that 46 percent of surveyed businesses feel very prepared to respond quickly and appropriately to limit impact of a data breach or other cybersecurity incident. The majority, 58 percent, of businesses have a response plan that can be immediately put into action, while 36 percent would be able to fully operate without computers.
Larger businesses (251 to 500 employees) tend to have an in-house cybersecurity team, and so it’s no surprise that 58 percent have a response plan in place, while only 37 percent of smaller organizations have a plan.
In the late winter of 2015, more than 1 million common murres—prim, black-and-white seabirds—died off the shores of Alaska. They’d been washing up all along the Pacific Coast that winter, as far south as California. But in Alaska, the die-off took over our lives, dominating the front pages of our newspapers, our back-and-forths on social media, our conversations at school pickup.
Where I live, in Homer, about 200 miles south of Anchorage, the dead birds checkerboarded the beaches so completely you could walk the wrack line on their backs. Bald eagles dismantled the carcasses in backyards and parking lots. I edged along the shoreline in wonder and horror. My daughters, 3 and 6 at the time, picked up the still-whole bodies and cradled them like dolls.
Murres are tenacious hunters, diving up to 600 feet underwater to catch fish. But these birds had starved to death, researchers concluded, likely because the so-called Warm Blob, a pool of water in the North Pacific that was strikingly warmer than normal, had made it impossible for them to find enough food. No one could say why.
I couldn’t drop it. I wanted to know exactly what was happening to the birds. In the years since, there have been other inexplicable die-offs of sea life—thousands of puffins wrecked on the Pribilof Islands, 100 million Pacific cod vanished from the Gulf of Alaska, dozens of walrus washed ashore on the state’s northwest coast, and more than 200 gray whales marooned on beaches between Mexico and Alaska. If we didn’t know what caused these phenomena, I thought, weren’t we doomed to just sit back and watch as they happened again and again and again?
So I ended up traveling to the remote Popof Island, in far western Alaska, with a scientist named Bruce Wright. Wright feels certain that he knows why the murres died. He blames a type of microscopic algae that floats in every ocean on Earth.
The skies around Anchorage were smoky when Wright and I took off aboard a 45-seat propeller plane. Alaska is warming at twice the global average, but spring and summer this year were particularly sweltering—by northern standards at least. Temperatures around the state shot up to 41 degrees higher than normal, and the heat stoked wildfires across the state. Ocean and river temperatures soared too. As my daughters and I basked in the surprisingly balmy waters in our bay, salmon floated dead on the surface of the Kuskokwim River up north, likely victims of heart attacks brought on by the heat.
The warm water also created perfect conditions for toxic algae to bloom. By early June, clams in Southeast Alaska contained 55 times the safe limit of algal poisons.
The problem of toxic algae or “red tides”—which scientists refer to collectively as harmful algal blooms, or HABs—occurs when algae that produce natural poisons grow explosively, impacting human or ecosystem health. Many different species of algae cause HABs, and they can last for weeks or longer, decimating fisheries, closing swimming beaches, and making it hard for coastal residents to breathe. In the sea and in lakes, they have killed fish, birds, turtles, whales, manatees, and even dogs. During the summer of 2018, after HABs left millions of pounds of dead fish and other sea life piled up in Florida’s coastal towns, Governor Rick Scott declared a state of emergency.
Globally, HABs are exploding. In recent years, toxic blooms have started to occur in places where they’ve never happened before, and during more months of the year. The expansion of HABs is linked to rising sea temperatures, but pollution, the dumping of ballast water from ships, and the transplantation of shellfish stocks may also play a role.
The most notorious impact of HABs is paralytic shellfish poisoning, or PSP, a disease that can kill a healthy adult with just one tainted mussel. It’s the algae that cause PSP—called Alexandrium—that preoccupy Wright. Fifty years ago, few places in the world were affected by Alexandrium. Today, a global map of PSP outbreaks looks like a case of measles.
The smoke dissipated as we flew southwest over the snow-tipped peaks of the Alaska Range, where mountain valleys held the blue ice of shrinking glaciers. The flight path took us down to the tip of the Alaska Peninsula, the 500-mile-long curve of land that separates the Bering Sea from the Gulf of Alaska. Beyond, the Aleutian island chain arced another 1,200 miles across the international date line.
Popof Island, a hunk of tundra-draped rock that stretches 10 miles tip to tip, sits at one of the most biologically rich marine crossroads on Earth. Swift currents deliver food and nutrients into submerged canyons that act as nurseries for hundreds of fish species. These rich waters also support more than two dozen kinds of marine mammals, with narrow ocean passes serving as crucial corridors for nearly all of the planet’s gray whales. Millions of salmon pass through these waters as well, on their way to the world’s largest sockeye fishery, and as the currents spill into the Bering Sea on their way to the Arctic, they fuel crab and pollock harvests worth billions.
For longer than anyone can remember, people have come to this region for the bounty of the sea. The Unangan people lived in partially underground houses called barabaras, developed a written language, and paddled sleek skin boats through the water to hunt and fish. Then the Russians and Scandinavians, and later American corporate interests, arrived to profit off the sea. Wright and I were headed to Sand Point, a village of about 1,000 people and Popof’s only settlement. Home to the largest commercial fishing fleet in the region, it is a place where a modern, extractive economy has fetched up alongside ancient traditions. As we approached the community, I could make out the tan warehouses hunkered near the harbor of the Trident Seafoods plant, which can process up to 30,000 pounds of fish an hour.
Within two generations in the village, PSP has gone from a problem no one had to think about to a summertime concern to a year-round plague. Wright hoped that with data from the edge of this far-flung island, he could help explain how this microscopic organism is poisoning our seas.
Life on Earth evolved in shallow seas, at a time when the sun shone dimly. Simple cells, messy sacs of planetary soup, figured out how to turn this glimmer into food, opening an evolutionary path for photosynthetic algae. Alexandrium are a relatively young genus of these algae, showing up about 77 million years ago, when Earth’s dinosaur party was well under way.
Since the 1960s, when a French scientist discovered a bloom in Egypt’s Port of Alexandria and named the genus accordingly, we’ve learned that Alexandrium algae can thrive all over the globe with ratlike adaptability. They can make their own food through photosynthesis, or gorge on other microorganisms. They can reproduce alone or with a mate. They can live as single-cell loners or form chains of cells that swim together like a snake. Some even glow. And when the water gets too chilly in winter, they can go into a dormant form—known as a “cyst”—and sink to the seafloor until conditions improve.
Members of the Alexandrium genus produce one of the most powerful neurotoxins on Earth, a chemical called saxitoxin that is so noxious a single sand-sized grain can kill eight people. The poison blocks sodium-ion channels in the brain, quickly paralyzing the respiratory system of its victim. The U.S. military developed the toxin as a chemical weapon, and during the early years of the Cold War, the CIA issued a saxitoxin-laced needle—hidden inside a fake silver dollar—to a U-2 pilot carrying out spy missions across the Soviet Union, in case he was taken prisoner and needed to induce suicide.
The word saxitoxin comes from the scientific name for butter clams, those beefy shellfish that have long sustained coastal peoples in my part of the world. And indeed, Alaska has a long, uneasy history with PSP. The earliest—and deadliest—recorded outbreak was in 1799, when Russians were pillaging the region for furs. That year, some 100 Alutiiq men working as hunters for Russian businessmen died from eating toxic mussels. The nautical charts of Southeast Alaska carry the scars of that PSP outbreak: Poison Cove, Peril Strait, Deadman Reach. Nine years ago, Alaska health officials reported two deaths from PSP, but numerous milder cases—where people suffer from some combination of tingling and numbness around the mouth, vomiting, diarrhea, and double vision—crop up every year.
In decades past, PSP incidents were almost entirely confined to Alaska’s most southerly shores. When I first moved here 20 years ago, I harvested clams and mussels from local beaches with abandon. When my daughters were little, we used to plan camping trips around minus tides, when acres of clam and mussel beds were exposed in our bay. We’d take some hand rakes and a few buckets and tromp around in rubber boots and bibs, digging steamers and collecting slick, black clumps of mussels. Then we’d steam up our haul right on the beach and all eat out of one pot. Eating straight from the sea like that always felt like some kind of communion.
Like moose and mackerel, songbirds and spruce, toxic algae seem to be moving poleward because of climate change. In Alaska, this means that PSP is slinking north up the state’s 34,000-mile coastline. Recent research has found PSP toxins just about everywhere in our northern waters. A study of Alaska’s marine mammals that tested 13 different species for algal toxins found the poisons at sublethal levels in every one—including bowhead whales, which spend their lives near Arctic sea ice. And a few years ago, scientists found Alexandrium cysts in Arctic waters in some of the highest concentrations on the planet.
Just outside the one-room Popof Island airport, we rented a white Chevy pickup from the woman who owns the Harbor Café. All along the newly paved road to town, golf-ball-size salmonberries dangled from dense bushes, glinting scarlet in the sun.
Before checking into rooms at the only hotel in town, Wright and I stopped by the headquarters of the Qagan Tayagungin tribe. Wright, dressed in khaki from head to toe, sat down opposite the tribal director Tiffany Jackson, a young mother of three. Her long, black hair hung down her back from a beaded barrette. Jackson’s staff sends weekly shellfish samples to Wright in Anchorage, and he’s found that they contain some of the highest toxin levels of any of his sites.
“With people not being able to get clams,” Jackson told Wright, “they’ve been relying on bidarkis.” Bidarkis are molluscs with a single plated shell that clamps tightly onto rocks. You can boil them whole and pull away the shell to get at the chewy meat. “Have bidarkis gotten a hit?,” she asked. “Yup,” he replied. Different types of shellfish process algal toxins in different ways, but now even the island’s Plan B food contained the poison, although at lower levels. “I just fed them to my family two weeks ago,” Jackson said. “We’re still alive!” she laughed.
Locally harvested foods are an important part of the culture here—and not just because a gallon of milk, flown or barged in from Anchorage or Seattle, costs $10 at the Alaska Commercial grocery.
“Subsistence is part of who we are,” Jackson told me when I stopped by her office later. Eating food from the land and the sea—the gristly humps of pink salmon, seagull eggs, urchin roe, clams—is an expression of cultural identity. It’s also how Jackson likes to spend time with family. Her father taught her how to eat bidarkis right on the beach when she was a kid. And after she and her children pick moss berries or gather bidarkis, they head to her mother’s house to prepare the harvest.
Jackson’s husband, Charlie, a commercial fisherman, is known in the village as the guy who distributes salmon to local elders. “They don’t have a way to fish,” he explained. Though it was only midsummer, he’d already put up 1,000 fish, he told me when he showed me around his shop where scores of twinned salmon filets split to the tail hung from wooden racks. Soon he’d pass the dry fish around to elders. “They love it,” he said.
Jackson grew up in Sand Point following the ‘R’ rule—digging clams and gathering mussels only during the months with an r in their name. Collecting clams was a winter ritual for her family: She remembers how they would park their truck in the dark at the edge of the beach, scuffle over ice and snow, and dig in the beams of the vehicle’s headlights. “Five years ago, I would never have believed that we couldn’t dig clams,” she said. Now, there’s no safe time of year. Some locals get clams through the school fundraiser, which raffles off bucketsful from King Cove, an 80-mile boat or plane ride away. There, by a fluke of oceanographic luck, the PSP levels haven’t been as high.
The morning after we flew in, Wright and I headed out of town on the paved road to the dump. We pulled off where a four-wheeler track tore across the tundra in a dirt stripe gilded by buttercups. The trail followed the edge of the headland down to a cove called Sand Dollar Beach, where Wright planned to collect samples of marine life for testing.
From the cliff’s edge we could see half a dozen salmon seiners, and beyond those the rocky cliffs of the Alaska mainland. Golden-crowned sparrows sang their melancholy three-note call, and kittiwakes and gulls whined over a bait ball not far offshore.
Wright got started in the field of toxic algae in the early 1980s, when he was sitting around with a bunch of guys at a friend’s house watching a football game and gorging on steamer clams they’d just collected from a nearby beach in Juneau. The friend’s cat got hold of one of the clams—and then wandered into the garage and died.
Human health drove most of the early research on Alexandrium. But Wright’s background is in top predators, including raptors and sharks, and he came to the field with an interest in the algae’s broader ecological effects. In the years since, he’s recorded the highest PSP levels in the state’s history—from blue mussels in a picturesque cove in Southeast Alaska that measured 270 times the safe limit—and has worked with coastal villages around the state to set up regular PSP monitoring.
The retreating tide had exposed a wide stretch of sand. In tall rubber boots, a black waterproof pack on his back, Wright walked across the beach with his head down, scanning the ground for clues. I stepped across the beach in a sort of reverse hopscotch, careful not to tread on the chocolate-brown, saucer-size sand dollars nestled in the sand.
At the far end of the beach, a rocky reef had emerged with the ebbing tide. It gave off that salty low-tide musk that I love. The traditional saying goes: “When the tide is out, the table is set.” Packed with high-protein, slow-moving creatures, the intertidal has always provided year-round, accessible sustenance.
Wright and I clambered across the reef with shared glee. “Check out these bidarkis,” he called. “Cool!” he shouted when I held up a coral-colored crab covered in hairs. Wright grew up landlocked in the Mojave Desert, where his father worked at the nearby naval base. In the summer, the family escaped for a couple of weeks to the California coast. “I just never got tired of being in the tidepools,” Wright said. “Now it’s my job.”
As I wandered over to a vermillion-colored blood star, Wright popped a dozen or so bidarkis off the rocks, using a knife he kept on his belt, and dropped them into a ziplock. He bagged a few limpets, mollusks with cone-shaped shells, then mussels, gunnel fish, shrimp, amphipods, sand dollars, and a fist-size, snail-like hairy triton. He sliced a single leg off a sunflower star and bagged it too.
Then Wright set across the beach in search of sand lance, finger-size, silver fish packed with protein and fat that are a favorite meal of murres, and of dozens of other marine animals, from halibut to humpbacks. Sand lance feed on copepods—minute, floating crustaceans—which feed on phytoplankton, including Alexandrium, sending algal toxins up the food chain.
Wright stopped every few paces, split his legs into a wide stance, folded his 6-foot-2-inch frame, and scraped a garden rake through the sand, rapidly turning over an area of the beach the size of a card table. Soon, the cove was a patchwork of hash marks, but again and again, he found nothing. Wright hoped to catch sand lance—and the other marine organisms—in the midst of an Alexandrium bloom. If he could get a measure of peak toxicity in the food web, he might be able to understand just how destructive this algae could be.
Finally, a flash of silver. And then another. And another.
“These are the guys we really want,” Wright grinned as he dropped the fish into plastic bags.
The impact of Alexandrium on marine ecosystems is likely a one-two-three punch. We know for certain that these algae can kill ocean fauna outright. When captive mallards are fed concentrations of saxitoxin that they could readily encounter in the wild, they die as quickly as 15 minutes after dosing. There aren’t many records of wildlife deaths from poisoning, but some researchers believe that’s because whales, salmon, and other marine animals killed by PSP simply sink to the bottom of the sea and disappear.
Alexandrium could also be an indirect killer, poisoning prey species like sand lance so that predators suffer or ultimately starve. This is what Wright believes happened to the murres. PSP wiped out so many sand lance and other prey fish, he thinks, that the birds had nothing to eat.
In addition, the algal toxins could weaken and slow marine organisms. While the kinds of low levels of saxitoxin that researchers have found in seemingly healthy walrus, whales, and seabirds aren’t killing them outright, the poison might make it harder for a murre to catch fish, a walrus to vacuum clams from the seafloor, or a bowhead to breed.
“Up until recently, I’ve been the only voice that says that saxitoxin is taking out the bottom of the food web,” Wright told me. Scientists are famously circumspect when it comes to identifying causal relationships. But Wright hasn’t been, and for years he has operated as a lone ranger, pursuing PSP research on shoestring budgets outside of any mainstream governmental or academic institutions. “I’m the only one willing to make predictions,” he said.
Now, at age 67, Wright is beginning to see a shift. “Finally, people are getting on board,” he said. Today, he maintains an email list of 1,400 people interested in his work, and he’s one of more than three dozen scientists who are collaborating on a multimillion-dollar proposal to study the effects of toxic algae on Alaska’s marine food webs. Now, when whales, walrus, and seabirds wash ashore in unusual numbers, their carcasses are routinely tested for algal toxins.
Still, no one seems as quick as Wright to point the finger at PSP. “It’s really one factor out of the bazillion that’s affecting these organisms,” Kathi Lefebvre told me. She’s a National Oceanic and Atmospheric Administration scientist who is heading up the huge, multiagency proposal. “It doesn’t mean it’s the only cause.”
John Piatt, one of Alaska’s leading seabird biologists, describes himself as an “extreme skeptic” about the role of PSP in the murre wreck and other marine die-offs. He and other scientists blame the impacts of warmer temperatures on animal metabolism: With warmer sea conditions, he explained, murres, sand lance, and other ocean organisms need to eat more, so every link in the food chain goes hungry, and every prey species is less nutritious to the predator above it. During the murre die-off, there simply weren’t enough protein- and fat-laden fish to keep the birds alive.
But Piatt has witnessed the effects of algal toxins. During a study of Kittlitz’s murrelets—black and white seabirds dainty enough to fit in your palm—he saw chicks killed by eating PSP-laden fish. “I’m coming around here,” he admits.
Wright is undeterred by the skeptics. “It’s feeling less and less anecdotal,” he told me. “PSP really explains a lot of this stuff.”
I spent four more days on the island, and at times, hanging out with Wright was a bit of a buzzkill. One morning, looking down from a wooden footbridge over a slough near the harbor, we watched dozens of Dungeness crab scuttling through eelgrass. As the sunlight illuminated the water and picked up the crabs’ every move, all I could think about was a meal fresh from the sea, tasting that sweet white flesh from those luscious claws.
“I’d like to test those suckers,” Wright muttered.
And each morning, when I emerged from my hotel room into the sour, fishy smell that wafted up from the Trident plant, Wright announced with grim triumph some new development in the world of toxic algae. A die-off of sand lance had just been discovered on Kodiak Island, about 300 miles northeast, that he felt certain was to blame on PSP. Florida and Mississippi had just closed beaches due to HABs. And a New York Times reporter was eager to talk to him about his work.
Even without Wright’s news ticker, it would have been impossible to escape the mark of PSP on the region. At the Chinese restaurant where Wright and I had dinner, a young commercial fisherman said that her 83-pound dog Sadie had died from PSP a few years back—the same year her boyfriend died when the 98-foot crabber he was crewing on flipped and sank in the Bering Sea.
Another evening, I met the school librarian at one of the two bars in town. The last time she ate local clams, she told me, her son was a baby. “Now he’s 6,” she sighed.
When I wandered through the village cemetery one afternoon, where the triple-barred crosses of the Russian Orthodox church had been fashioned out of two-by-fours painted white, it seemed as though nearly half the dead were Gundersons, a reminder of the last person around here killed by PSP—Buddy Gunderson Jr., who died about 25 years ago after eating shellfish while out on his fishing boat.
I walked down to the Trident dock one afternoon where Taylor Larsen’s 58’ F/V Temptation was tied up. Painted a perky blue, it was a gorgeous, beamy boat that can hold about 200,000 pounds of fish. Larsen fishes for salmon, cod, halibut, and pollock, but the fresh crab fishery has been eliminated by PSP.
I met Mark Patterson, a blond, suntanned pilot with the Alaska Department of Fish and Game whose personal ride is the Purple Princess, an eggplant-hued Cessna 180 parked at the edge of the airstrip. He used to eat clams, he said, until one night after a few glasses of wine and a meal of butters—he’d cleaned the guts and snipped the lips, the most toxin-laden parts—he could hardly walk home. He never went to the doctor, but he was pretty sure it was PSP.
When I got a tour of the Trident slime line, packed with Filipinos and tall Serbian men who, on shift breaks, ranged around in sweats and trainers looking like they had just stepped off a soccer pitch, the production manager Isaac Del Rio told me that a key part of orientation for new workers is the warning not to eat local shellfish.
And a few days after a local drunk asked me to fly off to Vegas with him to get hitched, I heard a rumor that he was the only one around who still harvested clams from nearby beaches. I wondered how much longer he’d be sipping Coronas at the bar.
Six weeks after Wright and I left Sand Point, he got the results back on his samples. “I missed the PSP event!” he told me. He was disappointed. Blooms are happening earlier in the year because of warming temperatures. A month before we’d arrived, the mussels had more than 200 times the safe level of toxins in their tissues. Since then, although they were still unsafe to eat, poison levels had dropped drastically. Even so, two-thirds of the creatures he’d brought back showed detectable levels of PSP.
Clearly, saxitoxin is everywhere, but is it killing our seas? Wright thinks so, even though he admits that his hypothesis is impossible to test. “There’s no way to solve it one way or another,” he said. “It seems that when you answer one question, 10 additional questions pop up.”
The mystery of the starving murres will probably never be fully solved. We can’t turn back the clocks to test whether PSP ravaged their food source, and even if we could, it would take a near-endless budget to sample the ocean waters these birds feed in to know for sure. But while we were on Popof, Wright predicted that another murre die-off would begin in a matter of months because of warmer-than-normal ocean temperatures. As signs flood in that the Warm Blob, which dissipated in 2016, is returning, I fear that he’s right.
And what about those massive beds of dormant Alexandrium cysts in the Arctic? Will rising ocean temperatures and disappearing sea ice set off those ticking time bombs of toxicity? We can only wait and watch.
Tiffany Jackson and her family may never be able to dig clams on Popof again. This is one of the tragedies of climate change: At the very moment we need to feel connected to the natural world so that we’ll actually do something to protect it, in come forces—wildfires, disease-carrying insects, PSP—that rend us from it. During minus tides at home, when the clams and mussels are there for the taking, I feel this distance acutely.
The day of our departure from Sand Point, fog sat low over the island. To kill time as we waited for the ceiling to lift, I stashed my bags and hiked along the road back to town. I waded off the pavement until I was neck-deep in salmonberry bushes, and I feasted. Then I carefully laid a few layers of the delicate, juicy orbs into a small lidded container I had in my carry-on. When ripe, these berries can range in color from the peachy gold of a fresh king-salmon filet to blood red. They fairly glowed in the box. When I landed in Homer, I handed the berries to my daughters as soon as I stepped into our tiny, hometown airport. They huddled around the fruit as if nothing else in the world existed. And for a moment, nothing did.
THE CONCERN: October is National Cybersecurity Awareness Month, and the Better Business Bureau is scaring up the latest on cyber security risks and ways to avoid them. Watch out for these spooky dangers lurking in the corners of our everyday digital lives.
HOW THE SCAM WORKS: Scary scammers can get to you right through that small screen in your hand, your smartphone. Consumers tend to be less wary in social media channels and scammers are taking shocking advantage of that fact. A new scam report based on BBB Scam TrackerSM data shows that of consumers who said they were exposed to a scam on social media, a whopping 91% engaged with the scammer and 53% of them lost money. Security analysts reported this month that over half of all social media logins are fraudulent, and one-fourth of new account applications are fake.
Hacked “smart” devices could haunt your house. The “Internet of Things” is on the rise. A wide array of inventive devices can now interconnect your home and your world: your car, your fridge, your baby monitor, your doorbell, your air conditioner — even your window blinds. In exchange for convenience, consumers are putting trust in all kinds of online smart devices, opening up new threats to security and privacy and creating points of entry for sinister hackers to exploit. Did you hear a strange voice in your house? It could be the voice of a hacker who has taken over one of your internet-connected devices.
Evildoers in disguise are on the prowl. Sneaky phishers can gather information about you and make convincing fake email accounts to pose as your boss, lawyer, realtor, or someone else you trust. Typically, they target people and organizations that may be involved in high-dollar transactions, so the risk of major monetary loss is high, too. It’s more important than ever to double-check the identity of your online contact before you transmit payments or provide personal information.
Crypto keepers may ghost you. Highly unregulated and rapidly growing, cryptocurrency markets are rich in treats for tricksters. Cryptocurrency or “crypto” is an online form of payment that can fluctuate in value. Crypto trading platforms can be high-ticket playgrounds for hackers and “pump and dump” schemers who vanish into the night after they take your money. Crypto scams can spread through — you guessed it — social media. Between Halloween 2018 and today, BBB ScamTrackerSM received 263 reports from cryptocurrency scam victims. Of these, nearly half reported losing $1,000 or more, and 15% lost $10,000 or more.
BBB OFFERS THESE TIPS: In social media, don’t be too quick to click on ads that offer improbably good deals. Research companies with BBB.org and other online sources before you buy.
Secure your smart devices and consider installing anti-malware on your smartphone. Configure and monitor app settings for privacy, encrypt your WiFi, name your router, and keep your software up to date. Ask the manufacturer or seller about smart device set up and vulnerabilities.
Get the facts before you consider investing in cryptocurrency. Tips: BBB.org/crypto
Use multifactor authentication to secure your logins — everywhere. However, using your private phone number for that purpose could expose you to some risks. Consider creating an Internet phone number for online authentication instead.
Change passwords often, and keep them long and strong. Pass phrases are more complex and may be more secure.
Never download or install files from unverified sources.
Check out the 2019 National Cybersecurity Awareness Month interactive toolkit.
Manage a business or a nonprofit? See BBB tips on the 5-step approach to strengthen your cybersecurity.
FOR BBB INFORMATION: Better Business Bureau serving Canton Region and Greater West Virginia offers tips and advice for consumers to avoid fraudulent practices. Visit bbb.org/canton or call 330-454-9401 to look up a business, file a complaint, write a customer review, read tips and more.
Cloud resources have revolutionized the way we do work today. Offices are more mobile, giving employees access to critical resources anywhere, at any time. This enables them to get work done at a faster rate than people could just 20 years ago. In addition, the quality of that work is better because cloud resources enable […]
The post Make Active Directory Work in the Cloud Era appeared first on JumpCloud.
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Megan Anderson. Read the original post at: https://jumpcloud.com/blog/active-directory-cloud/
You’re a woman in an abusive relationship with a man. Things have turned violent.
You leave the man, block his account on Facebook, and maybe even change your name legally as you want to start afresh.
You update your Facebook profile to reflect your new name.
Would you expect your ex-partner to be able to know what your new name is?
Common sense dictates that as you have blocked someone and *then* changed your name they wouldn’t be able to know that your profile has been updated to use a new name.
And yet, as one security researcher discovered, an unpatched flaw in the way Facebook handles account privacy allows precisely this to happen.
David Mathews, originally from Canada, currently based in London, contacted me a few weeks ago with his discovery that even if you block someone on Facebook your name remains dynamically linked to their profile.
In his example, demonstrated in the video below, an account with the name Daniella Smitherson blocks Jack Smitherson, and updates her Facebook profile with a new name (Sandra Halperson).
“Daniella has blocked Jack, and that should be it. However, in Messenger, her new name is displayed in Jack’s chat session with her,” says Mathews. “Also, should he request a copy of his data via the Your Facebook Information link it display her new name there too!”
Mathews contacted Facebook about the issue last month, concerned that Facebook users could be put in potential danger through the security issue, and that Facebook itself might have left itself open to accusations of breaching personal information laws:
“The block vulnerability is a serious privacy risk to Facebook users. It could disclose a client’s new identity to a stalker or someone that may wish to cause them harm. It is a serious legal and financial liability for Facebook worldwide considering new privacy laws being implemented globally.”
Facebook responded that it would not be offering Mathews a bug bounty, and did not plan to change Facebook’s functionality to prevent the leakage of users’ new identities to people they believed they had blocked:
“When considering the block functionality within our platforms the aim is to prevent the person being blocked from interacting further with the person applying the block. There are certain aspects of a profile which are always public, such as the name and profile picture. If you were to browse to the profile unauthenticated you will be able to see this information. Regarding the chat logs, blocking someone won’t limit their access to your past conversations as it is the future action we are aiming to prevent. You may be able to still send messages via these chats, however the individual on the other side should not receive the new messages.”
What do you think? Do you think Facebook could do more to protect users who change their names from people they have previously blocked? Are Facebook users likely to believe that blocking an account does more than it really does?
Clearly Facebook users who are using the block functionality in the scenario given above are not properly protecting themselves. If you worry that someone you were previously connected with via the site might be stalking you, the best advice might be to delete your account and start a brand new one under your different name.
TikTok – the Chinese-owned, massively popular, kid-addicting, fine-accruing, short-and-jokey video-sharing platform – is a potential threat to national security, US lawmakers said last week.
Senators Tom Cotton and Chuck Schumer on Wednesday sent a letter to Acting Director of National Intelligence Joseph Maguire, asking that the intelligence community please look into what national security risks TikTok and other China-owned apps may pose.
TikTok’s parent company, Bytedance, is a private startup based in Beijing that was valued at $75 billion as of July. Most of that is thanks to TikTok and its Chinese equivalent, Douyin.
The senators pointed out that TikTok has been downloaded in the US more than 110 million times. At least one Chinese doctor specializing in addiction has warned that young people are so hooked on social media approval that they’ve been risking their lives to garner likes with their 15-second Douyin clips, which have featured things like dancing in front of a moving bus or trying to flip a child 180 degrees …and then dropping her.
The day after the letter was published, TikTok defended itself in a company blog post in which it reiterated what it’s repeatedly claimed – that Chinese law doesn’t influence TikTok, given that its data is stored on servers in the US:
We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.
The senators are familiar with that line, and they don’t necessarily buy it. From their letter:
TikTok’s terms of service and privacy policies describe how it collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information. While the company has stated that TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China.
Look, guys, we’re not about kowtowing to the Chinese government. We’re dedicated to entertainment and creativity, TikTok said in its post. The company denied ever having been asked by the Chinese government to remove content and said it “would not do so if asked. Period.”
But how, the senators asked, would we even know if that were true? As it is, there’s no legal means to appeal a content removal request in China, they pointed out.
Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party. Without an independent judiciary to review requests made by the Chinese government for data or other actions, there is no legal mechanism for Chinese companies to appeal if they disagree with a request.
Schumer and Cotton pointed to security experts’ concerns that Chinese law compels its companies to “support and cooperate with intelligence work controlled by the Chinese Communist Party.” They quoted the US Intelligence Community’s 2019 Worldwide Threat Assessment report, which notes that the hometown of TikTok’s parent company, Beijing, authorizes cyberespionage against US technology sectors “when doing so addresses a significant national security or economic goal not achievable through other means.”
From the report:
We are also concerned about the potential for Chinese intelligence and security services to use Chinese information technology firms as routine and systemic espionage platforms against the United States and allies.
The threat assessment report deemed China the most active nation-state when it comes to cyberespionage against the US government, its corporations and its allies. The report also said that China is working on improving its cyberattack capabilities and its ability to “alter information online” so as to shape Chinese views and, potentially, the views of US citizens…
…That’s been a major concern in the US, following the rise of fake news operations linked to Russia and Iran, both in the 2016 US presidential election and in the runup to the 2020 election.
Case in point: On Thursday, Facebook leader Mark Zuckerberg appeared on Capitol Hill to talk to lawmakers about his pet cryptocurrency project, Libra. Lawmakers took the opportunity to grill him about, and to slam, Facebook’s policy of not removing posts that contain misleading or bogus claims.
Zuckerberg said that Facebook would “probably” allow candidates to buy ads that lie about their opponents. Facebook doesn’t fact-check such ads because it thinks that in a democracy, “people should decide what’s credible, not tech companies,” he said.
Regarding TikTok, Schumer and Cotton noted that the company reportedly censors material deemed to be distasteful to the Chinese Community Party. TikTok could serve as a platform for foreign influence campaigns like those we saw in 2016, they said.
The government has already taken steps to limit potential dangers posed by the Chinese company Huawei, the senators pointed out. In 2018, due to concerns about spying, the Pentagon banned the sale of Huawei and ZTE phones at military exchanges – only one of multiple warnings about using gear from companies that might be under China’s thumb.