Hackers – How To Protect Yourself Online

hackers2

Rami Malek plays a hacker in Mr Robot

These days, you probably give out your personal information to websites on a regular basis and feel comfortable doing so. Anything you register for requires at minimum an email address and a password. Once you have given out that information to a website, you have zero control over it. If that website gets hacked, what information have you provided to the hackers simply by registering there?

Consider the users of that terrible website Ashley Madison. A lot of data was compromised. Some of the site members had used work email addresses, a lot of those email addresses had their full names clearly visible.. Now you might say – those people deserved what they got. I could argue both sides of that case.

Just recently a British phone provider was hacked, and British Gas customer login info was put online. Here in Australia recently, David Jones, Kmart and Patagonia were hacked. And these are only the companies we *know* about.

The Bigger Point Is –

What will happen if a website that you use regularly gets hacked? What information of yours will suddenly be available to the dark web?

In years gone by, I spent some time in email inboxes of the Nigerian Scammers. Law enforcement would hand over seized email accounts so that we could contact and warn the scam victims contained inside. I learned how to use the information provided inside those accounts to identify other email accounts the scammers were using so those accounts could also be seized. I learned to search the web for phone numbers, fax numbers, names, phrases used.

I can tell you how easy it is to follow the breadcrumbs that people leave online because I have done it many times myself. Sometimes it seemed to me to be like unpicking a thread sewn into the web – this email account leads to that email account which leads to that online dating profile which leads to this Facebook profile which gave me their mobile phone number and searching for that gave me 5 other email addresses that scammer is using.

Below you will find my top 10 tips for protecting yourself from hackers online.

You will absolutely be doing at least one of these things I mention below right now. I’m not saying quit doing that, or go and undo everything you have ever done. I’m saying going forward from now on- for your own safety – you might want to reconsider doing these things.

1. Do Not Use Your Real Last Name

Never. Not ever. Not on Facebook. Not on Linked In. Not on any website. Not on your blog. Keep your real life separated from your online life. There are a lot of great reasons to do this and they far outweigh any reasons you might want to use your real last name online.

You might pick a last name from a favourite character in a book or TV show. You might choose a colour, a word in another language, the name of an animal – but not a pet name! I recommend you avoid using your pets names online, not even for secret questions and especially not for passwords!

It is easy for people to ask you – what is the name of your pet – and if you have used it as your secret question they might have everything they need to get into your email account, depending on what email service you are using.

If you have used your real last name on Facebook, you can change it and I suggest you do so as a matter of urgency. Their “name standards” might say “The name you use should be your authentic identity” – that is all very well but not especially realistic given the world we now live in. You can add a hyphen and another word to the end of your name if you prefer. EG Sipowicz-Simone

Alternatively, if you do want to use your real last name on Facebook – let that be the ONLY place that you use it. Some people use their middle name as their last name – I frown on that concept a little but if it suits you, to each their own. :) How to change your name on Facebook.

2. Avoid Using Your Real First Name

This one I am a little more relaxed about – if you want to go by your first name online, on your blog, Facebook and Linked in, that is cool. But when you are signing up for mailing lists on websites, I usually do not recommend using your first name in that venue.

First up, the company is going to use your supplied first name mercilessly in their mailings to you. It is a lot more fun to go into your inbox and see “Hi Tiger, blah blah” “Hello Snake, blah blah” “Good Morning Bat, blah blah”

Secondly, if a hacker hacks in to the company, they can’t do a lot with Tiger Sipowicz or Snake Morgan or Bat Sorenson. Especially if you are not using that name on Facebook, Linked In, etc.

Thirdly, this is the chance you have been waiting for! You can give yourself that first name you always wanted, like Veronica, Natasha, or Beyonce. Using an Alias or a Pseudonym online is perfectly fine and sensible.

3. Do Not Use Your Real Address

Your first and last names, your home address and your birthdate are four key pieces of information that identity thieves need to steal your identity.

If you can, use a PO box for your mailing address. This means nobody can steal your mail, and you have a non-street address you can use for the web. Nobody is going to rock up at your PO Box as a surprise to yourself unless you have done something truly terrible to them. If you’ve given out your street address, people know where you *live*.

4. Do Not Use An Email With Identifying Info

Workplaces tend to use firstname.lastname for email addresses which if you think about it, that is a very stupid concept. They’ve given people more information than they need about you when you simply send them an email. If you have a Facebook account with that same name, you have a linked-in account or use your name on your blog, people can find out more about you just by searching.

For email online, you want to use a name that has nothing at all to do with you personally. I’m going to give you a new option for firstname.lastname which you can try if you like. Animal Name, Colour, Number. So you might have an email address like TigerBlue99 or SnakePink888.

NEVER use your work email address to register for a website. Some people found that out the hard way with the Ashley Madison hack. BE CAREFUL which email address you use on Facebook – do not use the same one you used for signing up on websites.

5. Choose Good Passwords

The better your password, the more protected you are. Never use pet names, birth dates, names of your family or partner, or any piece of personal information that someone could gather from your Facebook or other accounts online.

I recommend similar to the email name, you choose two different words and at least 3 numbers. Always make the first letter of each word a capital. But how will I remember that, Snoskred? Me personally I suggest a small paper notebook that you can keep somewhere safe and write them down, or use a spreadsheet or text file which you also password protect.

NEVER, EVER, NOT EVER, use the password for the email account you sign up with as the password on that website. Take for example the British Gas customers – if one of them used one password for every site on the web, the hackers can now get into their email account.

My advise is to use a two layer password system – use one password for your email account ONLY, and use another passwords for every other site. Whether that is one password for all the other sign ups you use, or a new password for every single site, that is up to you.

If you do use just one password for all other sites, I would suggest using different usernames, so that if a hacker got your password for Kmart, they can’t go to Woolworths and type in the same username and password. You could make the usernames different by just one number – eg TigerBlue87, TigerBlue88, TigerBlue89.

hackers3

Rami Malek plays a hacker in Mr Robot

6. Be Careful With Your Birthdate

I personally use a fake birth date online. Your birth date is one of the key pieces of information identity thieves need to pretend to be you. Change at least one of the details – whether it be year, month, or day.

7. Be Careful With Your Bank Info

All that a scammer needs to create a fake cheque – also known as check or bank draft – is your name, BSB and account number. If you have the funds in your account, the payment WILL clear. It won’t be until you notice the money missing that you will know your details are being used in this way.

All that a scammer needs to deposit stolen or fraudulent funds into your bank account is your BSB and account number.

8. Remove Or Falsify Facebook Info

Just because Facebook asks for information from you does not mean you should provide it. Information I would not want to list on my Facebook would include – my phone number – my real full name – my real address – my postcode – which school I went to – where I am originally from – my current relationship status – where I was born.

Go and take a look at your profile and think – does this need to be here, or does it make it easy for people to know TOO much about me? Also consider this – do you have any of these things set as answers to secret questions somewhere on the web? EG the name of your primary school, your postcode, pet names, etc. Then do the same thing for other “profiles” you have on the web.

9. Search Yourself

Search engines can show you exactly what other people could find out about you online. I suggest you regularly search for your real name, address, email address and phone numbers. In fact you might want to set up google alerts for these things.

10. Use Prepaid Credit Cards Online

cardy
Screenshot from the Australia Post Load & Go Prepaid Visa

There are a lot of very good reasons to use prepaid credit cards online, but here are just a few –

– they do not require you to provide your name or address in most situations – thus making it easier to use a fake name and PO Box with websites.

– you control how much money is on them, so if your card number is stolen the damage will be limited to the amount you have prepaid onto it

– If the website is hacked, all the hackers will have is “Valued Cardholder” and a card number, plus the fake details you may have provided. This means only limited damage can be done. If you have given a website your name and your visa card with a $10,000 limit – and that website is hacked – criminals could run up a huge sum on your card before you can blink an eyelid. Plus you’ll have to cancel that credit card and get a new one.

There are plenty of different prepaid cards available in Australia now, you can likely pick one up when you do your grocery shopping. The Australia Post Load and Go one is pretty decent if you have any travel plans coming up. All of them will have some kind of costs involved but those costs are worth it when you consider the risks of using your own personal card online.

Guidelines

As I said at the start of this post, these are just some general guidelines I would recommend for consideration. Everyone has to live their life their own way, to each their own. Nobody wants to have their identity stolen – you may not know this but identity theft can be an enormous problem for years upon years if that happens to you.

One thing is very clear – we can no longer trust companies and websites to protect our information, so our only option is to be more careful with it.

Over to you –

what steps do you take to protect your identity online? :)

anonymity, Internet Safety

Keeping Confidences.

Some of you would know that I’ve been involved with AKMuckraker and The Mudflats since September, 2008. We’ve been through a lot in the past few years, many stressful situations which we have worked through together as well as the rest of The Mudflats Admin & Moderation team. I consider her to be a good friend.

AKMuckraker (Jeanne Devon) and her good friends Ken Morris and Frank Bailey (A former aide to Governor Palin) have collaborated together on a book. It was released yesterday in the USA.

51jmkbufu9l

Also released yesterday were several “tweets” from Rebecca Mansour, a current aide of Sarah Palin.

What a top aide to Sarah Palin really thinks about Mitt Romney, Bristol Palin, Erick Erickson and more

Though whether she is still an aide remains to be seen – Palin has a habit of throwing people under the bus for much less than Mansour is guilty of.

During the time I have worked with AKMuckraker, there have been times when she has shared confidences with me. Never in a million years would I think to share those with anyone else, not even the admin & mod team, without her express permission. Certainly not with someone I’ve never met whether or not I trusted them.

When someone tells me something and tells me to keep it in the vault, with me, it is LOCKED IN THAT DARNED VAULT and it isn’t coming out until that person tells me otherwise.

Mansour betrayed Sarah and her family, and thoroughly deserves to be thrown under the bus. When someone trusts you and allows you to be a part of their “inner circle” you have a responsibility to keep your mouth firmly zipped..

Even worse – if this is what she was saying to someone she never met, what the heck is she saying to people she knows?

Apparently the person who was tweeting with her had 122 tweets from her which he was willing to sell. The people he ended up giving them to (nobody would buy them) have not shared all of them but you can view the ones they did share here and here.

My personal favourites with the irony in bold –

19:23:35: Listen: I tell you things I wouldn’t tell anyone tho I have press hounding me for the info I tell you. I trust you even tho I’ve never met u

19:28:55: Nothing we can do when someone behaves stupidly.

Ain’t that the truth!

Angry Snoskred, anonymity, internet, Internet Safety, Sarah Palin, The Mudflats, The Vault, Who Is Snoskred

Welcome Slash Dotters..

I’ve read through the comments here, and I just have a couple of things to point out.

In the case of AKMuckraker, previous to Doogan outing her, there was no connection between her real life identity, and the identity of AKMuckraker. You couldn’t google and find a link between the two. It simply was not possible.

He spent three months obsessively asking people who AKMuckraker was. He did this because she posted this blog post – Are You People Nuts? Lessons In Email Etiquette – this post came about as a direct result of his own actions.

The actions? Rep Mike Doogan replies to emails in a very inappropriate manner as a matter of course, it seems. But in that case he had collected up 30 or so different email addresses, and then emailed them ALL with the email addresses viewable to everyone. That is a clear breach of the privacy of those people who wrote to him.

Now AKMuckraker had a right to inform people about that, in my opinion. If you write an email to your representative, you expect there to be a level of privacy. Apparently this sent Doogan quite over the edge and began his obsession with her.

He chose to send out her identity in a newsletter to his constituents, many of whom may never have heard of AKMuckraker at all. That is the part which is most inappropriate in my opinion.

There are many reasons people want to remain anonymous on the internet. Alaska is a quite a small place in the scheme of things and like a lot of small towns to have true freedom of speech you don’t want to use your real name.

Other reasons someone might wish to remain anonymous –

* Because it is a standard identity- and privacy-protection precaution
* Because they have experienced online or offline stalking, harassment, or political or domestic violence
* Because they wish to discuss sexual abuse, sexuality, domestic abuse, assault, politics, health, or mental illness, and do not wish some subset of family, friends, strangers, aquaintances, employers, or potential employers to know about it
* Because they wish to keep their private lives, activities, and tastes separate from their professional lives, employers, or potential employers
* Because they fear threats to their employment or the custody of their children
* Because it’s the custom among their Internet cohort
* Because it’s no one else’s business

Bear in mind also – remember Kathy Sierra? Remember Dooce? Remember Abby Lee? What person in their right mind would knowingly put themselves out there for the kind of treatment those people went through?

Would you put your hand up to be fired from your job because of your blog? To receive death threats – and the people sending them know where you live? Who knows how far those people who do not like what you wrote might go?

The bottom of the bottom lines is – AKMuckraker would never have written about Doogan if he were acting in a sane manner. He is the politician who was sending the crazy emails to 30 people at once. If he had been doing the right thing and treating the people who elected him professionally and with respect, AKMuckraker would not have exposed his behavior. And NOTE – It is actually his JOB to listen to what the people are saying, and respond appropriately.

I haven’t had time to collect links today but here are some from yesterday – I would like to highlight these –

Picture of Mudflats’ AK Muckraker Posted! <-- do not fear, just go and read it. ;) I would not be posting a link if it infringed on AKM's privacy, and AKM has commented on the post too. Lorelle Van Fossen, who to me is famous but may be unknown to many of you, is writing a series on this event - The Outing of a Blogger: Social Transparency or Violation?
The Outing of a Blogger: Is it Legal to Reveal a Blogger?
The Outing of a Blogger: The Fear of Being Found Out

More links will be added to this post once I work out what hasn’t been posted. Apologies for any double ups.

Dear Mr. Doogan (Don’t feed the bears)
A Final Thought About Rep. Doogan and Mudflats
“All tyranny needs to gain a foothold is for people of good conscience to remain silent.” ~ Thomas Jefferson
alaskan dem legislator outs blogger
Exposed
Mike Doogan- own version of 1st ammendment
Anonymous bloggers, journalism and politics
The pertinent point
Alaska Legislator Mike Doogan: A Tool Of The First Order
Headline Does Not Match Story, Part 14: “Anti-Palin”?
Mike Doogan was wrong!
Take action on behalf of MUDFLATS
Mike Doogan Fell
My Letter to The Ethics Committee
Anonymous blogging
Open Letter to Alaskan Rep Mike Doogan
Please look for a new book by Alaska writer Mike Doogan: “Indecent Exposure.”
Know Your Blogging Rights and Help Protect Anonymous Bloggers Everywhere
Suck. Suck. Blow.
ADN’s Ear Siding With Doogan – The World Has Gone Mad
Politician Outs Blogger
…it begins.

Angry Snoskred, anonymity, internet, Internet Safety, The Mudflats, US Politics

Politician Outs Blogger

I honestly cannot believe I am typing this..

Some time ago Alaskan Politician Rep Mike Doogan was sending some crazy emails to people who emailed him and AKMuckraker was one of the bloggers involved in exposing his craziness.

Apparently this did not sit well with Rep Doogan. He has been trying to find out who AKMuckraker was for several months now and he has finally managed to do it. He then sent out a message to people on his mailing list via his official legislative newsletter, advising them of the real name of AKMuckraker. It is possible that when he did this, he broke the law.

Whether or not people support AKMuckrakers opinions, I believe most people would support her right to remain anonymous. I feel it is a right that everyone on the internet is entitled to – people make the decision for their own reasons, some because they have been cyber stalked in the past, some to prevent being cyber-stalked in the future.

This may be the first known case of an anonymous blogger being cyber-stalked by a politician determined to find out their real identity and out them, though!

You can read the full story here –

In Exposing the Identity of Mudflats, Rep. Mike Doogan Exposes Himself.

There are also some other blog posts on this subject –
Progressive Alaska
Shannyn Moore
The Immoral Minority
Mamadance
Palin Gates
Think Alaska
We’re Not That Stupid

I have been supporting AKMuckraker for almost 6 months now – we have been hosting her blog and forums – we have a team of mods and admins who keep the forums running smoothly. I did not need to know her real name to do that (and in fact did not know her real name until today) nor did I care what her name was. I understand anonymous blogging – I do it myself for the reasons explained on my about page.

My support will not change – other than to do whatever it takes to make sure Rep Mike Doogan never wins an election again, and to also inform the worldwide media of what he has done. It is highly inappropriate.

Epic Fail, Rep Doogan. Epic Fail.

I may not be around much for the next week or so, I’ll be busy taking action on this. ;)

Angry Snoskred, anonymity, internet, Internet Safety, politics, US Elections

What you need to know about scambaiting.

So as you may have heard, a little article was published in the Sydney Morning Herald as well as The Age..

It’s the same article as far as I can tell. And yes, I am the Taryn responsible, though of course Taryn is not my real name and may I just point out, if you’re using your real name on the internet, that’s not a good idea. People can track you down. Seriously. Don’t do it. It’s dumb-itty dumb and very dangerous.

Someone linked to the article on a discussion forum I hang out at and for some reason a mod there thinks it’s not ok to scambait so therefore has denied discussion which encourages scambaiting or tells people how to do it. Which is akin to handing people a loaded gun and refusing to give them instructions on how *not* to shoot themselves, in my opinion. If you want to scambait, you need to be doing it safely, and if you want to do it but nobody is allowing you to find out how to do it safely, that’s putting people’s personal safety at risk. And so the reason for this post. Sorry if the mod concerned doesn’t like it, but this is my blog and you have no power here. ;)

Scammers are criminals. They have been known to kidnap, torture, and murder victims. If you give them any personal information that they could trace you with, you could be in danger. So you need to make everything up. Fake names, fake addresses, and in fact make them somewhere far from where you really live. When I first started out baiting, I was pretending to be in the USA.

Secondly, the internet uses things called IP addresses (our little anonymous friend from yesterday will enjoy this bit) and those can actually identify your computer. For example – click here – every time you send an email your IP address goes with it, and someone who knows what they are doing can look at the headers of the email, and see your IP address.

But wait, there’s more, because every time you visit a website, your computer tells that website all kinds of information – such as your browser type, what kind of operating system you use, even right down to your screen resolution. People like me use trackers which take a copy of all of that information each time you visit here. That’s no problem if you’re a nice person who just wants to read my blog, but if you want to leave a nasty comment, you’re screwed, because all that info is right there just waiting for me to send it to your ISP. ;) which of course, I already have. So look forward to what Karma is bringing you, my little anonymous mate. ;) So you don’t visit scammer websites without knowing how to *hide* all that information.

Scambaiters need to know a few technical things in order to be able to do what we do. We’re pretty smart, it’s really not a good idea to mess with us.

Angry Snoskred, anonymity, internet, Internet Safety, scambaiting

Exposure.

I’m not sure if you’ve heard of the girl with the one track mind saga. It’s a blog on the internet where a girl has been pretty intimately blogging details of her life. Somehow it got turned into a book and the girl decided to release it under a pseudonym – however, she may have forgotten for a moment that she lives in the UK, and that is the home of tabloid journalism. A newspaper found out her real name, who she really was, and then published those details.

I feel really sorry for her – I can’t imagine blogging that sort of stuff, let alone having everyone from your parents to everyone in your entire country then finding out you wrote it, and reading that kind of personal stuff.

That and another incident which I have been reminded of have led to this blog about baiters and our potential exposure. I personally would feel *safe* if my real information got out on the net, because I live in a country where there’s not too many lads, but I would be plenty not happy all the same. For some of the baiters reading this who live in the US, Canada, UK, Amsterdam and possibly even South Africa, there’s a lot more potential for harm actually finding its way to a baiter who is exposed.

So when any of us tell other people information about ourselves, we *trust* that information won’t be given to others. There’s been a couple of occasions where I have *deliberately* led fellow **baiters** astray about who someone actually is. Once it was for a joke, which the baiter himself came up with, and several of us went along with. I believe there are still some baiters who are completely unaware that it was a joke – I do not believe the baiter involved ever got a chance to dispel the myths about himself. Not because he didn’t want to, but because he got busy. And they *were* brilliant myths.. that was a heck of a lot of fun, that joke.

Once it was because unknown to other baiters, we have an incredible secret in our midst, which myself and only the baiter involved are actually aware of – as far as I know. There’s very good reasons to keep it secret and I certainly do not intend to share the secret here but the reason I mention it is.. underlying everything there has been a fear that it will get found out somehow. Looking at the One Track Mind blog, I cannot imagine the aftermath if it were to be exposed.

Those of you thinking you know what it is, you’re dead wrong. To make sure you realise this, I will now state that the secret is who someone is in real life, not who they are on the internet. Just so you know.

And now to other topics of lesser import.

1. Pride and Prejudice. I read it again. What a surprise, huh? I love this book. I actually have a big book with all Jane Austen‘s books in there – Sense and Sensibility, P&P, Emma, Mansfield Park, Northanger Abbey, Lady Susan and Persuasion. I bought it for $20 a couple of years ago. The amount of times I have read it, I would hate to think. This is the book I always read in between other books. This is the book I always pick up when I go to bed, want to read a little, but am too tired to start a new book. The language is so soothing. It is almost as good as Shakespeare but my Shakespeare book is way too heavy to hold up in bed. :(

2. Indiana Jones and the temple of doom. I was playing this at work today and a kid who was about 8 years old got scared by it. Hello? What closet has this kid been sheltered in? So his Mother says to me “You should have something a bit more kid friendly on”. I said, this IS kid friendly, it’s PG rated, and most of the other movies I have which “look” kid friendly are packed full of swearing. I can’t play animation because it makes the screens look terrible and we’d never sell any. So while I was doing the invoice, she kept telling this kid not to look but he was mesmerized, and he was starting to get a bit freaked out, so I said to him, hey mate, don’t worry, he’s Indiana Jones and it all turns out fine in the end. It makes me wonder what kind of movies (if any) this kid is allowed to watch at home. It was the bit of the movie where the little kid has the voodoo doll and is stabbing it while Indy is fighting some guy. If something as simple as stabbing a voodoo doll makes this kid freak out.. I fear for his future in this world. BTW I am gonna order this, too.

3. I just watched Girl with a Pearl Earring. There’s never enough Colin Firth. Even the 6 hour Pride and Prejudice did not contain enough of him. The movie was good though.

That’s it for now, off to bed. Night all.. :)

Angry Snoskred, anonymity, books, internet, Internet Safety, movies, pseudonym