Most lawyers haven’t studied computer science extensively and may look at internet security as being nothing more than purchasing security software for their laptop or calling up their credit card company when weird online purchases pop up on their bills that they never made.
For yourself and certainly your clients, cyber security can come off as an extremely complex concept that we would rather leave to the professionals.
Instead of getting stuck in overwhelming assumptions, let’s simplify the basics of internet security and jump right in and make sense out of its basic premise so that it stops feeling so intellectually intimidating.
Cyber security is a form of protection that is associated with the internet and computer-related software, hardware, or network systems.
This means protection for websites, social media accounts, phones, computers, and everything else that you do online or that is connected to computer systems.
Before you make the assumption that information technology security and cyber security are the exact same thing, let’s identify their differences.
IT security is a wider concept that encompasses the protection of your physical information like access codes to buildings and virtual information, while cyber security only applies to the protection of your virtual information, computer systems, and networks.
Both cyber security and IT security are forms of internet security that need to be implemented, especially to protect the extensive amounts of data that is collected by businesses.
How do you know if you are dealing with a denial of service attack? An obvious sign of a DOS problem is if your systems or networks can’t process data from valid users because they are being overloaded.
DOS attackers can come in the form of one IP address or from multiple infected host machines.
Malware is wicked software with the purpose of intentionally ruining computers, computer networks, and servers.
The most common forms of malware are referred to as viruses, trojan horses, worms, spyware, and ransomware.
Viruses connect, scatter, and replicate inside your computer to paralyze it.
Trojan horses are malware that misleads users into thinking that seemingly safe things like email attachments or fake advertisements are safe to click and open up. Trojans can then take control of your computer against your will.
Worms are similar to trojans being that they slither inside of your networks and computers through clickable engagement.
Spyware steals your personal information from your browsing habits, and in extreme cases, the attacker may try to blackmail you for it.
Ransomware can lock you out of your own online accounts and be used as a threat to attempt to delete or publish your data if they don’t get ransom money out of you.
We all occupy space on the world wide web whenever we go online using authorized entry points such as our log-in credentials. But a backdoor bypasses these valid entry points, allowing a person with negative intentions to invade your online presence without your permission.
How many times have we been told to pick a complicated password instead of the easy ‘1,2,3,4’ ones that are simple to remember? There is a reason for these warnings; a lack of password protection is the largest threat to your internet security.
These online attackers don’t even have to deploy complicated theft techniques to steal your password, like social engineering, breaking into password databases, or mining unencrypted passwords.
Hackers can simply type in your typical password and move in instantly because you made their life super easy.
To make it more difficult for hackers to get into your accounts, you can use what’s called two-factor authentication to prove that it’s really you. Two factor authentication means one, something you know like your password, and two, something you have like your phone. Oftentimes they will send you a random pin to your phone via text or using a special app.
That way, even if the hacker steals your password, they will not be able to get into your account, giving you time to change the password.
Phishing spelled with a ‘ph’ involves the sending out of mass emails that ask random people to head right over to a website that may appear legitimate, such as your bank or your employer’s web portal.
But unfortunately, what ends up happening is that this website is only pretending to be something that looks safe and sound. What the hacker is using this site to do is to ‘phish’ your personal data and collect your credentials and log-in details in the process. For example, it might ask you to log into your bank because you have an important message about your account balance.
Now that you have a better understanding of what you need to know about internet security, you can become more conscious of the threats to your personal data as well as your client data.
Instead of remaining too scared to ever go online again, be educated about the various threats and keep your guards up just like you would when exploring a big city.
The senior editor of Legal Scoops, Jacob Maslow, has founded several online newspapers including Daily Forex Report and Conservative Free Press
Disclaimer: Some information on this site may be considered attorney advertising under your state’s laws and ethical rules. This legal news site and its content is for general information only and is not legal advice. Information on this site may be incomplete or out-of-date.
No attorney-client relationship is created between you and any attorney who publishes content or online forms on this site. Hiring a lawyer is an important decision that should not be based solely on advertisements.
Biden to create cybersecurity standards for nation’s ports as concerns grow over vulnerabilities
WASHINGTON (AP) — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.
Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.
The new standards, which will be subject to a public comment period, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them. They require port operators to notify authorities when they have been victimized by a cyberattack. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.
Why Was Sam Altman Fired? Possible Ties to China D2 (Double Dragon) Data from Hackers
Theories are going around the internet why Sam Altman was fired. On an insider tech forum (Blind) – one person claims to know by third-hand account and how this news will trickle into the media over the next couple of weeks.
It’s said OpenAI had been using data from D2 to train its AI models, which includes GPT-4. This data was obtained through a hidden business contract with a D2 shell company called Whitefly, which was based in Singapore. This D2 group has the largest and biggest crawling/indexing/scanning capacity in the world 10x more than Alphabet Inc (Google), hence the deal so Open AI could get their hands on vast quantities of data for training after exhausting their other options.
The Chinese government became aware of this arrangement and raised concerns with the Biden administration. As a result, the NSA launched an investigation, which confirmed that OpenAI had been using data from D2. Satya Nadella, the CEO of Microsoft, which is a major investor in OpenAI, was informed of the findings and ordered Altman’s removal.
There was also suggestion that Altman refused to disclose this information to the OpenAI board. This lack of candor ultimately led to his dismissal and is what the board publicly alluded to when they said “not consistently candid in his communications with the board.”
To summarize what happened with Sam Altman’s firing:
1. Sam Altman was removed from OpenAI due to his ties to a Chinese cyber army group.
2.OpenAI had been using data from D2 to train its AI models.
3. The Chinese government raised concerns about this arrangement with the Biden administration.
4. The NSA launched an investigation, which confirmed OpenAI’s use of D2 data.
5. Satya Nadella ordered Altman’s removal after being informed of the findings.
6. Altman refused to disclose this information to the OpenAI board.
We’ll see in the next couple of weeks if this story holds up or not.
AMAZON says cloud operating normally after outage left publishers unable to operate websites…
SEATTLE (AP) — Amazon’s cloud computing unit Amazon Web Services experienced an outage on Tuesday, affecting publishers that suddenly found themselves unable to operate their sites.
The company said on its website that the root cause of the issue was tied to a service called AWS Lambda, which lets customers run code for different types of applications.
Roughly two hours after customers began experiencing errors, the company posted on its AWS status page that many of the affected AWS services were “fully recovered” and it was continuing to recover the rest. Soon after 6:30 pm E.T., the company announced all AWS services were operating normally.
Amazon said it had experienced multiple error rates for AWS services in the Northern Virginia region where it clusters data centers. The company said customers may be dealing with authentication or sign-in errors when using some AWS services, and experiencing challenges when attempting to connect with AWS Support. The issue with Lambda also indirectly affected other AWS services.
Patrick Neighorn, a company spokesperson, declined to provide additional details about the outage.
AWS is the market leader in the cloud arena, and its customers include some of the world’s biggest businesses and organizations, such as Netflix, Coca-Cola and government agencies.
Tuesday’s outage was first confirmed shortly after 3 p.m. ET. and it was unclear how widespread the problem extended. But many companies, including news organizations such as The Verge and Penn Live, said they were experiencing issues. The Associated Press was also hampered by the outage, unable to operate their sites amid breaking news that former President Donald Trump was appearing in court in Miami.
Morgan Durrant, a spokesperson for Delta Air Lines, said the company experienced “some slowing of inbound calls for some minutes” on Tuesday afternoon. But he said the outage did not impact bookings, flights or other airport operations.
The episode on Tuesday is reminiscent of a much longer AWS outage in December 2021, which affected a host of U.S. companies for more than five hours.
The outage comes as Amazon is holding a two-day security conference in Anaheim, California to tout its cloud offerings to its clients or other companies that might be interested in storing their data on its vast network of servers around the world. Companies have been cutting back their spending on the unit, causing growth to slow during the most recent quarter.