Protect Yourself from a Massive Data Breach

15 July 2015

Hackers and cybercriminals are coming up with more and more devious ways to steal every day. Some data breaches are huge, like the attacks on retail store Target and health insurer Anthem, allowing hackers to get access to millions of social security numbers, email address, credit card numbers and other personal information. Some are state-sponsored cyberattacks, like the recent massive data breach that affected virtually every U.S. government agency. The risks of identify theft have increased on a global scale.

Victims of identity fraud can take steps to notify the authorities and credit bureaus. Massive data breaches are different. Being part of a data breach is like losing your wallet at the mall – there is no way to tell who has it, how they will use it, when they will use it, or if they will use it at all. Only one thing is certain: you must take precautions. IT computer consultant Max Nomad offers specific advice for FrontLine readers.

Of course, when it comes to anything digital, nothing is 100% safe – with time and the right resources everything is crackable. The key is to make it so time- and resource-intensive that the rewards of the crack aren’t worth the effort.

The average Password Locker can be considered “safe” because your computer or device would have had to have been previously hacked by that hacker in order to get at your Password Locker files. Many Password Lockers are Open Source, meaning that countless programmers around the world have already gone through the source code and patched up the holes.

Password Lockers use multiple encryption standards for their data. My personal favorite is KeePass2, which uses both AES and Twofish encryption for its databases. Trying to crack the encryption itself with current technology would take centuries.

The only sure-fire way to get into a Password Locker is by brute-force hacking the main password that was set by its owner. This takes considerably less time than cracking the encryption – days, weeks, months or years depending on the length and strength of the owner’s password. More than 99% of the time this is how a hacker will try to break into someone’s Password Locker.

It is important to note that a successful brute-force attack will only compromise one person’s Password Locker. To crack into another person’s Password Locker means starting another brute-force attack campaign. There are crack programs out there for some popular Password Lockers but they’re all brute force, meaning they use trial and error to guess the owner’s password. None of them can crack the encryption itself.

Looking at the headaches vs rewards from a hacker’s perspective, there are plenty of other ways to steal far more passwords (and other personal information) with a much greater success rate and far less effort.

The average adult under the age of 65 has about 20 passwords. Typically they have to be over 8 characters long. Instead of memorizing 20 different passwords, it’s not uncommon for people to use the same password for everything. A hostile adversary that manages to steal their password at one point will have effectively compromised all those sites.

If you write a (readable) username and password on paper, the instant someone sees that paper your security will have been compromised… and you may not know it.

Treat all your data as valuable. To a seasoned hacker on the hunt, data comes in two types: data to exploit and data to steal (and sell). Even the most innocent information can be parlayed into playing a role in cracking into your network. Take nothing for granted… and shred everything once it has outlived its usefulness.

Max Nomad is an IT Consultant, and author of Surviving the Zombie Apocalypse: Safer Computing Tips for Small Business Managers and Everyday People.
© FrontLine Security 2015