Uber Uses Software to Remotely Log Out to Preserve Customer Privacy Data

With 78 or more international offices, you might have to consider some possible opposition with government authorities. In 2015, Uber faced a series of investigations in China and various other countries and were looking to secure their information while being investigated. During these police raids, employees knew the drill: immediately log-off and make it nearly impossible for the police to access the information they had a warrant to retrieve, aka proceed with the “unexpected visitor protocol.”

For fear of sounding a little too suspicious, it’s important to know that Uber was trying to protect the privacy and security of their customers, drivers, and employees – especially abroad. After a lot of searching, Uber discovered a software titled, “Ripley,” which was said to be named after Sigourney Weaver’s character in the 1979 sci-fi movie, Alien. This special software is able to remotely disable, lock, or change the password on employees’ computers and smartphones in the event of a breach or police raid. As quoted in an Bloomberg.com article, “The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. ‘Nuke the entire site from orbit. It’s the only way to be sure.’”

According to Bloomberg, the software was used during a raid in Montreal in May 2015. The  idea behind this was for Uber’s team at the San Francisco headquarters to be able to shut down a device if necessary. At this point in time, the Quebec tax authority arrived at the office unannounced with a warrant. Uber’s on-site managers followed the protocol and alerted company headquarters about what was happening. Fortunately, with the use of Ripley, they were able to not reveal anything to the investigators by logging off from all the devices in the Montreal office immediately.

The employees are trained to alert and follow some simple procedures when someone arrives unannounced at its foreign office to protect their data. If the investigators begin to investigate Uber’s machines, they have a list of Do’s and Don’ts that the employees should follow. Do’s include cooperating with the authorities and disclosing requested documents. Don’ts say not volunteer any information, nor “delete, destroy, and hide any document or data.” It’s unclear though if they used this list when using the software Ripley. Although, it is clear that Uber has allowed authorities to leave the building with company laptops plenty of times before. It all depends on the legal privilege of the situation.

Uber said “Like every company with offices around the world, we have security procedures in place to protect corporate and customer data,” an Uber spokeswoman said. “When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”

Later, Uber started using off-the-shelf software called Prey and another named uLocker. Uber said that these softwares are able to protect the privacy of the drivers, Uber employees, and the passengers. Last March, the New York Times revealed that the company used secretive software called Greyball in some cities where Uber wasn’t yet allowed to operate. The software let the company target certain people, like the police, and showed them a mock-up version of the app that showed no cars available to hide the fact that they were indeed in operation.

According to the article, Uber is now under investigation by the US Department of Justice for its use of Greyball and is facing at least four other inquiries by the US government. As for the software Ripley, uLocker, and Prey being used by the Uber they have mentioned that there is nothing secretive about it. It’s basically the same software someone would use to track down their lost or stolen smartphones. However, an Uber Spokeswoman has mentioned that these softwares are even good for internal use. For instance, if an employee loses their laptop, we can just log them out of the Uber’s System to prevent the information from leaking and having someone else access private user data.

Better Password Protection for Data Privacy Day

Today is Data Privacy Day and we’re celebrating with some do’s and don’ts for better password protection! The most common form of user authentication, passwords protect emails, bank accounts, user profiles and so much more.

In theory it makes sense to choose passwords that are hard to crack and always keep them to ourselves, but in practice, this doesn’t always happen. Here are some password do’s and don’ts.

password-do-s-and-don-ts

Need more specific tips? Here are more ideas for stronger passwords that are also easier to remember:

  1. Use Multiple Languages- Words are easier to remember than random letter groupings, but most hackers use English dictionary words when cracking passwords. Using non-English words can help you remember your password while avoiding common words.
  2. Use A Pattern for Special Characters- Inserting a set of special characters into your password every few letters can help you fulfill the special character requirement, and it’s an easy formulaic way to remember where those characters belong.
  3. Only Use Leet in Phrases- Leetspeak (switching letters in a word for numbers and special characters- for example “hello” becomes “h3110”) is not uncommon among hackers, so this method won’t necessarily help keep a one word password safe. However, using them in a phrase can still be helpful, as it is harder to guess a phrase than a single word.

 

Top Cybersecurity Threats for Business

privacy

Adopting the latest in technology can help businesses get a leg up on the competition, but some forget that with new technology comes a need for updated security. Here’s what’s trending in business technology today and how each topic should affect your plans for information security.

Cloud Computing

Cloud computing enables users to connect to virtual servers from any remote location, operate with less concern about the inherent pitfalls of physical backups, and scale up quickly without crippling hardware expenses.

While the cloud provides many great benefits, every new platform for information comes with a need for new security protocol.

As more businesses move to the cloud, they should take the time to reexamine their network security plan- who has control over data access, what kind of security training users will need, what information is critical and how many layers of authentication will be needed to protect it, etc.

Your security needs will differ depending on what you host on the cloud and how users access that information. A safe way to ensure your information is protected is to consult with a specialist about your current security plans, and see what may be vulnerable with a transition to a new platform.

Remote Work

The internet provides employees great freedom to work from home and while traveling on business trips. While business networks are secured by firewalls, antivirus software, and other layers of protection, this is not the case when employees are not properly set up to work remotely.

Let’s say an employee is working from a cafe in Brazil- they check their email and send over a company file from their smartphone using an unsecure WiFi connection. The data transferred is likely subject to very lax security, and hackers could obtain sensitive company information.

To combat this type of data theft, companies with remote users or even multiple office locations accessing a remote data center should use virtual private networks (VPNs). VPN tunnels are easily set up at little to no cost. These secure connections protect any data transferred through dedicated connections and encryption protocols. Depending on user needs, a wide array of protocols can be implemented including Secure Sockets Layer (SSL) and Transport Layer Security (TLS), IP security (IPSec), Layer 2 Tunneling Protocol (L2TP)/IPsec, Point-to-Point Tunneling Protocol (PPTP), Secure Shell (SSH), and more.

Malware: The Proliferation of Ransomware

You are probably familiar with different types of malware- intrusive software meant to harm your system. These viruses come in the form of worms, trojans, spyware, and more embedded in seemingly harmless files.

Ransomware, a very specific type of malware, has gained popularity among hackers and will continue to be prevalent in 2016. When a system is infected with ransomware, files are encrypted so they cannot be accessed, bringing business to a halt. The system is essentially up for ransom under a certain time limit, and will only be decrypted once the owners pay a large fee to hackers, if the time limit is expired and no payment is made, the files will remain encrypted.

Ransomware prevention comes down to up-to-date security protocols and staff training. A backup plan to restore files in the case of a ransomware infection can help companies save valuable time, money, and the trust of their customers.

Social Engineering and Human Error

According to IBM, in 2014, human error played a role in over 95% of security incidents. Are your employees aware of information sharing protocol? Can they identify a phishing email attempt? Data security should be talked about regularly and often with your employees to ensure they can identify threats and will be prepared to protect your business information. Educating your employees about current security trends through proper training and testing is the best way to avoid data breaches through human error.

As business technology trends change, so will the ways in which hackers try to exploit vulnerabilities in the system. Even with the hardware and software needed to protect sensitive information, a network security plan is incomplete without proper staff training. Ninety-five percent of cybercrime incidents in 2014 occurred due to human error. Being well versed in the different tactics used by information thieves can prepare users to recognize threats, and choose the right plan of action.

If you have questions about your cyber security risks and how you can mitigate them, whether personal or for business, visit our cyber security services page and contact Inverselogic to speak with an expert.

Cybersecurity Trends for 2016

Today we can do just about everything with the help of the internet- view and control bank accounts, peruse and shop from stores around the world, connect with new people or video chat with distant friends and family, even control smart objects like kitchen appliances from afar. The same effect can be observed in business, with more and more day-to-day operations becoming automated or conducted online.

It’s no surprise that privacy and online security is going to be a prolific topic of concern in 2016 and beyond. With all kinds of sensitive information being transferred between different parties, hackers have more opportunity than ever to try and steal information to either sell on the dark web or use for their own financial gain.

There are many precautions consumers and businesses should take to stay in control of their confidential information and protect business assets. For users, get started with our comprehensive Guide to Cyber Security and our Guide to Email Security.

For a general idea of cybersecurity trends, check out our infographic:

 

Cybersecurity 2016

In the coming weeks, we will continue our Cybersecurity series to help inform users of how to protect their information. Stay tuned for more on common social engineering tactics, how to protect your inbox through safe email practices, bolstering information security on mobile devices, and how to control what is shared on social media.

Interested in protection for your business? Visit our website to learn more about our cybersecurity services and contact Inverselogic to speak with an expert.

Consumer Security: Malware Ads on Forbes

The annual Forbes 30 Under 30 list highlights a select few in various industries from music to healthcare- these individuals are up-and-coming influentials under the age of 30. Naturally, the 30 Under 30 franchise receives much attention and its pages garner hundreds of thousands of online views.

Many consumers are just becoming aware of how vulnerable their privacy is online, progressively more so with coverage of recent breaches at companies and even government organizations like Apple, the IRS, and Ashley Madison. It’s natural that this year’s 30 Under 30 list include a few names in security. The article mentions:

Ryan Ozonian, 27, created encrypted messaging app CyberDust that he says is safer than SnapChat. Javier Agüera Reneses, 23, created the encrypted smartphone BlackPhone (in partnership with security firm Silent Circle) and now serves as Silent Circle’s chief scientist. Reyad Allie, 26, is Uber’s Global Intelligence Analyst and keeps the $50 billion car service’s driver and user data safe.

 

This nod to advancement in data security only makes it more surprising that Forbes served malware to visitors who wished to view the article and disabled their Adblocker software.

 

Producing quality content accrues a cost, and like other publishers, Forbes pays for this through serving ads or a subscription model. Those who wish to view content without a subscription are asked to disable their Adblocker software for an “ad-light” experience. Forbes claimed this strategy helps monetize millions of impressions that would have otherwise been blocked.

The choice to disable the software is in the hands of consumers, and Forbes’ strategy seemed like a bona fide solution meant to help generate revenue. Forbes has also disabled the poisoned ads since becoming aware of the problem. However, there is a glaring problem with the system when a host cannot monitor exactly what is being served to its visitors. Even Adblocker does not protect users from all malware.

Forbes (and lesser known sites) sometimes have little control over (or knowledge of) what ads are being served to visitors. Until this is resolved, the responsibility for keeping information safe online ultimately falls on the consumer. Stay tuned for more in the future on how you can protect your data.

Maintaining Your Cyber Security

We are becoming increasingly connected to the world online through desktops, laptops, tablets, smart phones, e-readers, and even wearables. While this is great for staying in tune with current events and keeping in touch with others, the increased exposure makes us more vulnerable to cyber attacks than ever before. Surprisingly, some people are not as aware of the threat as they should be.

Norton Security’s 2012 Cyber Crime Report revealed that 55% of those surveyed had no idea whether their computer was “clean” or free of viruses. Another major concern today is maintaining mobile security. While two out of three adults access the Internet with their phones, 44% of them are not even aware that mobile security options exist.

Still not convinced that the threat of cyber attacks doesn’t apply to you? Check out the facts below:

Cyber Crime Stats

Most cyber attacks are launched in an attempt to steal your information. Scammers will send phishing emails, trying to get you to divulge of passwords, bank account details, and other sensitive data. Some will even prompt users to download a file, disguised as legitimate software, that turns out to be malware. In these cases, users might have software on their devices, accessing their information and sending that information to an outside source without the user’s knowledge or consent.

It is much easier to avoid falling victim to cyber attacks than to try and restore lost data or recover your financial assets. To avoid becoming a victim, it helps to become familiar with the different forms of cyber attacks, and the best practices to ensure that your information stays safe. In general, here are some basic rules to follow when it comes to protecting yourself on the Internet.

  1. Never give in to unauthorized requests to reveal confidential information.
  2. Don’t use unprotected computers or networks- make sure you have an updated anti-virus program and that your network has a firewall set up.
  3.  Never leave important documents out- lock them away or put them out of sight before leaving your desk.
  4. Use passwords to protect your devices and important documents- also make sure these passwords are changed often and are long and complex.
  5. Never click on suspicious links and do not open suspicious emails- Simply opening some can be a threat to your system.
  6. Do not plug in your personal devices without prior approval- they could have dormant malware on them that could compromise your information once plugged in.
  7. Never install unauthorized programs- if you have found a program that you think would be useful, consult your IT department first.
  8. Always stay alert and report anything suspicious as soon as possible.

Whether for personal use, or on the job, follow our Guide to Cyber Security to ensure that your information, and others’ is kept safe and out of the wrong hands.

 

Predictability of Your PIN Code

Taking advantage of holiday sales might mean more trips to the bank and frequent use of your debit card. Unfortunately, the more you use your bank card the higher your risk of vulnerability to fraud and identity theft. Have you ever wondered how easy it might be for someone to crack your PIN code? Database analysts at DataGenetics broke down the trends in passwords from previously released tables and security breaches.

The most common four digit password was”1234″ which accounted for 10.7% of all passwords analyzed. Not surprisingly, the second and third most common passwords were “1111” and “0000”. Think those are too easy to guess? If you use numbers like your birth date, zip code, or street number, your code can easily be guessed if your wallet is lost or stolen along with your debit card and ID. It would be safer to use a relative’s birth date or a number unrelated to your personal information.

The 20 most commonly used password codes are fairly predictable.

The most uncommon codes from the data set were “8068” and “8093”. But we suggest a safer strategy for keeping your money protected- keep your debit card secured at home when it’s not needed and use credit cards during busy shopping seasons instead.This way any fraud using your identity can be disputed, leaving your hard earned cash safe and untouched. Fraud of any kind is a hassle and can be a danger to your finances, but it is much easier to dispute a charge on credit than decreased cash in your account when bills need to be paid. So enjoy the after-Christmas sales, and remember to practice safer shopping!

Apple to Buy Fingerprint Sensor Technology Company

Today Apple announced plans to buy Authentec, Inc., a fingerprint sensor technology firm, for $356 million. This recent move may indicate future use of fingerprint authentication on the iPhone for mobile payments.
Image courtesy of VentureBeat
Experts claim that this technology gives users added peace of mind that passwords do not, and that fingerprint sensor capability on the next generation iPhone could help further differentiate Apple.  Google currently offers mobile payments, but it is not commonly used due to security concerns.  
Read more about the details here.

Iran Attacked by Another Virus: Flame

Iran has confirmed that they have been attacked by another virus, Flame, which collects information on high-ranking officials.

Remember Stuxnet? Unlike it, Flame is not destructive but is considered more dangerous for obvious reasons.

The virus is thought to have originated in Israel since the encryption patterns are similar to previous malware threats which were programmed in the country.

To read more on the virus and what the Iranians have to say about it CLICK HERE.