Robert Siciliano Identity Theft Expert
Numerous outlets reported that Googles Gmail and 30 other companies were hacked by the Chinese. Ars Technica reports many say the hack was targeted against Chinese dissidents.
The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.
McAfee reported evidence that a vulnerability in Internet Explorer was exploited in the attack.
Google Enterprise president Dave Girouard blogged to inform Google App clients their data was safe. “This incident was particularly notable for its high degree of sophistication. This attack may understandably raise some questions.” Girouad stated “We believe our customer cloud-based data remains secure.”
Many have reported the most successful technique of Chinese hackers involves phishing and social engineering. These hackers determine their targets, then send a spear phish targeted email to a specific employee posing as someone from the company or a vendor. Once the target clicks a link they may download a remote control or malicious software completing the attack. On a broader scale they may send a blast to everyone in the company and ultimately hook a few employees giving them access to company accounts.
This all means that it’s not just sweaty skeevy money making criminal hackers involved in the penetration of your networks. There is a strong possibility that hacking is being sponsored by foreign governments who have a much bigger agenda.
All the more reason to beware and alert in regards to your security.
- Never click on links in the body of an email. NEVER!
- Always be suspect of any external or internal communications. You could be a target of a phish.
- Before you go divulging usernames and passwords to anyone in response to an email, pick up the phone to verify the need
- Make sure your PC is fully and automatically updated with its critical security patches.
- Anti-virus must be run automatically and fully up to date.
- Its not enough to just run anti-virus. Run a program that immunizes your PC against keyloggers
- Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
- Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing being an imposter and social engineering invasions on the Montel Williams Show