Commercial cybercriminals sometimes spread “adware,” a software infection that seizes control of a computer limiting the user’s ability to operate software that used to work well. Criminals are paid by advertisers for the deluge of involuntary “clicks” from adverts that are usually of no interest to the computer user. A barely legal version of cyber home invasion is cookie placement and site tracking that shapes which advertising fed to the users screen. There are settings that can control cookies and tracking. They work provided the advertisers dishing out cookies and if tracking is are honorable. Believe them if you are inclined.
A militarized version of adware monitors and controls everything in the computer, reporting back to cyber-control central. One example of that is “Ouroboros” software (presumably Russian) that infested the Ukraine government’s computer and communications systems. Another military grade example is the Stuxnet software that led many of Iran’s uranium centrifuges into self-destruction.
Some criminals operate more like cat burglars – sneaking into computers and stealing specific files or defacing website for egocentric and political reasons (typical of LulzSec and Anonymous). Only a handful of these criminals are caught, and restitution to victims or holding a meaningful, a lawful job seems to be the last things that courts order.
Even though these rapier-like attacks are not aimed at consumer computers, consumers are damaged. eBay took 3 months to admit it suffered theft of customer information for more than 145 million customers. Earlier, Target suffered a massive theft of information for 70 million customers. In both cases, the damage is allegedly limited because customer passwords were encrypted and it appears the thieves did not steal the decrypting keys. Edward Snowden was not impeded by encryption issues in his massive grab of NSA secrets, and his pretentious frolic exposed information on NSA’s surveillance targets.
There appears to be no truly effective blockade to cyber burglary and cyber home invasion, except for an “air gap” – i.e. never connecting your computer to a network. That means no cable connections, no wireless connections, no infrared, no pre-recorded CDs or DVDs, and no thumb drives that haven’t been thoroughly cleansed or better yet brand new. Facebook reminds us that over the network, a stranger can turn on the microphone on our laptop/smartphone – capturing conversations of those around us.
Email heists are almost always the work of “insiders” or government agencies unwillingly abetted by firms in the security or communications business. NSA built a catalog of US domestic communication transactions saving information on who exchanged communications with whom at what date and time. When those parties fit a FISA court-authorized profile, NSA may record and inspect the content of communications.
Although the public has voiced strong disdain for this surveillance, and politicians have promised it will be curbed, the official security apparatus continues surveillance because politicians believe their perceived obligation to protect us slightly outweighs our right to privacy.
For anyone who insists on email privacy, ProtonMail is a promising option. As a reaction to NSA’s widespread surveillance, some physicists and mathematicians at CERN (European Organization for Nuclear Research) designed a system for email communication that would be unbreakable for even NSA. The resulting “ProtonMail” attracted 20,000 users. End-to-end encryption makes the system surveillance resistant, and it is located in Switzerland, a country that purportedly does not “seize servers or tape conversations.” ProtonMail is free, uses open-source software, does not read your emails, nor does it track its users.
There is no straightforward and comprehensive cyber protection for consumers. Proper password selection and management, email encryption, firewall and antivirus software will address some vulnerabilities, but we are outmatched by NSA, by maladjusted hackers, and by state-sponsored hackers who seem able to take control of any network attached computer. The safest option — keeping a computer incommunicado, defeats many of the goals behind having a computer. We are left tolerating a very imperfect state of privacy protection.
Alan Daley is a retired businessman who writes forThe American Consumer Institute Center for Citizen Research