We have received numerous requests for a focus piece regarding cyber-defense for Democrats, especially right now as we are going into the midterms. In it is an introduction to a number of the techniques we can use to defend ourselves going forward. Knowledge is power. Pass it on.
Regular readers of Millennial Democrats will not require a lot of explanation as to how and why the threat of Russian hacking is real. We have been up against it for years. The time has come to soberly and objectively assess Russia’s cyberwarfare capabilities, and examine how we plan to fight back.
But it’s important not to overstate the case. It is not accurate to attribute cybernetic omniscience to the Russians and their zany bots and fake news.
They had the element of surprise back then. Most people had no idea what they were doing(and rolled their eyes at those who were trying to warn them, but that’s another subject). These days things are very different.
Regardless of the lies of the great orange malignance, America knows the Russians are out to get us. Trump is sticking his head in the sand on this and will do nothing to help us, so we’re going to have to learn to help ourselves, and each other.
It’s too bad we’ve got no national leadership on this, but it is what it is. We’ll get by on our own.
In starting out, the most important thing to keep in mind is this: Hackers rely on our mistakes, and mistakes are most often made when we don’t know we are making them. They need to catch us off guard, and their job is to find creative ways to use their tools to get us to slip up.
The first place a smart hacker will look is outside the box, so to speak. They’re always looking for ways to burrow in that you wouldn’t think to look for.
Employing a given system, be it a human being or a PC, for a purpose it wasn’t designed for is what hacking means. However, if you’re careful, neither you nor your computer will end up thus employed. It’s all about being careful.
Hackers are clever, be they Russian or from elsewhere, but they are far from invincible. We’ve already stopped a number of Russian cyber-assaults directed at Democrats this year, such as the ones aimed at our Claire McCaskill.
Without the element of surprise, hackers have many limitations. It’s not that easy to brute-force open a website. Just ask these guys:
Basic cyber-hygiene techniques would cut down on more than 80 percent of cyber attacks and cyber thefts, according to Herbert Lin, senior research scholar for cyber policy and security at Stanford University’s Hoover Institution. It will benefit us to learn a few.
There is a great deal of white-hat(ethical hacking) work that can be done to defend America in this realm, and most of it has to do with how careful we are.
We repeat- It’s all about being careful. This cannot be repeated too often.
In this piece, we’re going to talk about a few common mistakes made by end-users(that means us, the consumer) and how they are exploited by criminals. We’re also going to talk about some of these cyber-hygiene measures and assign them three rules of thumb.
- Don’t open strange emails.
- Don’t click on strange links.
- Don’t accept chat messages from people you don’t know, particularly on Facebook.
Before we get started, think for a second about all your other social media accounts. Are they just as secure as your Facebook or Twitter? Make sure they are! That’s the first place a hacker will go to collect more data about you. You’re particularly vulnerable to having your account on the ones you don’t often use pried open.
As an aside, this is also why you don’t want to use the same passwords for everything. Passwords are obviously critical, as somebody who’s got them has got all your information at his fingertips. Be careful!!
A great deal of a hacker’s job revolves around getting the passwords of their victims. Their most popular tools are all various ways to apply “spear-phishing” hacks, designed to steal passwords and personal data. The unlucky “phish” who opens one has become a victim and is now open to all kinds of trouble.
There are all kinds of ways to go spear-phishing. A brand new one showed up not long ago when U.S. government agencies recently received letters via snail mail.
They came with CDs inside, and they contained malware, according to cybersecurity researcher Krebs on Security. The infected discs were accompanied by a Chinese-postmarked envelope and a “confusingly-worded” letter.
That is just like what they do on Facebook. Hackers make links that look like YouTube videos and various other innocuous things, and they write you some goofy little messages. They look like some cute little harmless thing. Actually, they’re viruses. And you’re hit.
One example that all readers of this blog will vividly recall took place on March 10, 2016, when the first volley of malicious e-mail messages hit the inboxes of thirty people who were closely associated with the Hillary Clinton campaign. Inside them were links that were actually viruses, like worms on a hook.
Nearly all of them were failures. All but one, actually. But one was enough.
Within nine days, a horrendous amount of critical data had been stolen and passed along to Wikileaks, to be strategically released in a way they figured would hurt us. It did.
Those leaked e-mails, in which Debbie Wasserman-Schultz was seen to be fussing over Bernie’s lack of ability to fill out campaign finance forms correctly, were spun up into a narrative that Bernie(who lost by four million popular votes) had been cheated.
Bernie or Bust bought it, there were riots in the streets of Philadelphia, and a rift was torn in the Democratic Party that still has yet to heal.
All of that was made possible, with just a few phished passwords.
To combat phishing is to make sure everyone knows how common and damaging these attacks can be. Everyone should keep their guard up when checking emails, and they should report any email they find suspicious.
It’s necessary to point out here that Facebook phishing in particular is horrendously easy. They can hack you right through your chat box. We recommend in the strongest possible terms that you put as little of your personal information as possible on Facebook.
Why risk it?
Facebook presents about a million added vulnerabilities to all of us that use it. When Edward Snowden was asked what to do to keep your data safe on that platform, his response was, “Delete your account.”
We can’t recommend that, as Facebook gives us access to 2 billion people, but we can recommend this much. If people you don’t know send you strange messages on Facebook, don’t accept them.
Facebook was made to brief congressional aides just last week Tuesday about the newest outbreak of anti-Democratic disinformation, which is already said to be evolving into something more sophisticated. Excerpts from that briefing are shown below.
“We are looking at just some of the malicious material that already may be circulating or will be released before the midterms. It also bears repeating that we know the campaign of Sen. Claire McCaskill (D-Mo.) was targeted.”
Cyber-intelligence experts see this as being major, and with clear reason.
Moving on, it isn’t only Facebook and social media you’ve got to be careful with. Websites too are vulnerable.
Anecdotally, the webmaster of this site has seen hackers from all over the world try to take us down, from Beijing, China to Lviv, Ukraine, from Adelaide, Australia to Beauharnois, Quebec. They use all kinds of tricks, but they’ve never gotten in and they never will.
This is not because I’m a cyber-genius who speaks binary code, but because WordPress is awesome. Sucuri, the plugin that keeps safe all of us Millennial Democrats, is likewise excellent. They care about their clients and they hold the same liberal values sacred that we do.
Wordpress users should strongly consider using Sucuri, not least for the reverse IP trace it automatically performs. This has the benefit of letting you know a lot more about who’s trying to hack you. Sometimes it will tell you everything.
Once a flower store owner from Adelaide, Australia tried to hack us. By using a reverse IP trace, Sucuri let us know who she was as soon as she had done so. Then we went to a site called WhatismyIPaddress.com, put it in, and voila.
We were able to get the name of her business by looking at the name of her domain. We then used that to look her up, and jackpot. We found the store’s address, website, and owner. We also found far-right garbage smeared all over her life.
I could put her on blast right here with a screenshot like this one:
Luckily for her, I’m not that mean. But the next guy might be. It’s a dangerous game for newbies (noobs- learn your hacker-ese) to play. It’s easy to run into trouble.
Change your life, would-be hacker flower store owner! Mend your wicked ways, before it’s too late.
Speaking of WordPress, using the two-factor authentication feature they offer as part of their platform is another good idea. This is a highly effective security measure and is available for Facebook, Gmail, WordPress, and many other major platforms.
Using this feature means a second device’s input will be required to access email accounts or websites on new computers, usually by prompting you and sending an SMS code to your phone or whatever. This can prevent scammers from accessing compromised accounts.
In addition to good cyber-hygiene, which amounts to common sense, caution, and our three rules of thumb, there are some tools we can use to make our online experience safer still. You may find this necessary, from time to time.
A VPN, or virtual proxy network service, will allow you to register as being somewhere that you’re nowhere physically near. It allows you to safeguard your IP address. You do not want hackers to have your IP address, as it can be used to hurt you in a bewildering multitude of ways. This is probably the biggest reason to use a VPN.
Guccifer 2.0 recently made a mistake and forgot to turn his VPN on, and we connected him to an IP address connected to Russian intelligence. Now his whole identity is blown because he didn’t use his VPN.
We strongly recommend getting one of these, specifically IVPN. They take protecting their customers super seriously and they are located on the Rock of Gibraltar. That fortress strikes me as a good place to keep anything valuable.
Additional tools include TOR(The Onion Router), which offers a former naval encryption system that we can now all use. Tor takes all your internet traffic and routes it through its own network, providing total anonymity.
The DuckDuckGo browser, which Tor employs, is good to know about also. It has a number of different features that keep you safe, including a “Flame” feature that burns up all your cookies in a second. Pretty cool.
We suggest you learn Linux, because it is more secure, and 99% of viruses are designed to attack Microsoft products.
Russian hackers have been targeting home routers of individual people en masse, using what is called a DNS attack. We suggest you check your home router often, using the website Secure Router.
Secure Router is a great free feature that allows you to check if your router has been compromised with the click of a button. Doing this regularly cannot hurt and takes less than a second.
In closing, it’s important to emphasize that this is an introductory piece, and not meant to be totally comprehensive. These techniques will do a lot to keep you safe, but nothing is a substitute for doing your own research.
So far, this has not been the kind of cyber war imagined in the past, with nations taking out each other’s power grids before a mass invasion, although Russian malware continues to turn up in our power stations.
Now, just as then, there is a need for deterrence, to defend the nation and hopefully prevent a further escalation of tensions. There is more at stake than we can even put into words. We need to be ready.
There are bigger dangers here than the usual America vs. Russia, liberal world order vs the new world order that the extremist crazies keep screaming that they want kind of thing. This is different completely.
One superpower actively destroying the democratic process of another is new and very dangerous, especially since Russian destability tactics rely heavily on disinformation and a systematic devaluing of the truth.
If nothing is true, everything is permissible. And then our entire species starts down the road to guns and roving mobs.
Due diligence is the key. Hackers will look for things you might be neglecting. Get in some good habits and keep yourself alert, because it all comes down to one thing.
If you are politically active as a Democrat, you are not paranoid. You are a target. Defend yourself.