The cloud is among likely future targets of hackers, as are internet-connected home electronic devices, says a local law enforcement official who specializes in the field.
San Diego County Sheriff’s Sgt. Mark Varnau is the law enforcement coordinator for the Computer and Technology Crime High-Tech Response Team, that goes by the acronym CATCH. The multi-agency task force formed in 2000 “to apprehend and prosecute criminals who use technology to prey on citizens,” according to its website, www.catchteam.org.
CATCH members are local, state and federal law enforcement agencies from San Diego, Riverside and Imperial counties.
While for many years Varnau has often advised people to back up their computers and other devices to a cloud-based storage system, he said sometime next year he will likely stop doing that because it is criminals’ next target.
“Ransomware will attack the cloud,” he said. “They’re not there yet, but it is a matter of time.”
Varnau said it will be better for people to back up their files on a portable drive that is unplugged from the computer following the update.
Varnau, who has 37 years of law enforcement experience, said devices that operate via voice commands are “creepy beyond creepiness,” when speaking at a Nov. 8 Rancho Bernardo Business Association “Lunch & Learn” event.
“They’re always listening,” he said of the devices that include interactive children’s toys, smart televisions and voice-activated smart home assistants. “They listen to your voice for commands. You can turn it off. But if it is on, it is always listening to everything you say.”
He said some companies, like those making the smart TVs, are selling what their devices hear in homes to advertisers.
The “internet of things” also includes home thermostats and refrigerators that create a way for hackers to break into the home’s wireless system. The flaw with the thermostats, Varnau said, is that their software cannot be upgraded. Because the thermostat can adjust temperature based on sensing when someone is home, he said, “It’s a great device, but not something I would have.”
According to Varnau, the “massive growth” in popularity of such devices present huge opportunities for criminals. “This is the growth area. Crime has moved out of the dark alley … and moved into here. (Criminals) can reach out through wireless connection to victimize people to no end and not leave (their) house.”
He said internet crime is a $50 billion a year industry. “Crooks are very good at changing their modus operandi,” Varnau said. For example, compromised business email has increased 270 percent since 2015, with the average loss being between $25,000 and $75,000. Often it comes through the form of a legitimate-looking email sent to someone allowed to transfer money. It will appear to have a higher company official copied on the email, with instructions that the money needs to be sent to a specific account. Often the employee will do as told without confirming in another manner that the email is legit.
“Everybody falls for it — banks, businesses, government, cities. It is common fraud,” he said. “If you are in an industry that deals with (money), verify the transaction and do not just rely on the email.”
He said those in real estate are especially susceptible since they routinely transfer money electronically during the escrow process.
As for other advice, Varnau said:
• Everyone, but teenagers especially, need to realize they should not take intimate photos and send them to anyone, including a significant other, due to “revenge porn” being the “latest rage.” He said, “It is a huge problem, they take an intimate picture and then break up. This is real, it happens on a regular basis and is prosecuted in San Diego.”
• Creating a secure password on a wireless router is necessary, since if not re-set, the default password is often “password,” he said. Those looking for a way in can be as far as 1,500 feet — or six houses — away searching for an unsecured router that they can then use to take over or access a home computer and other devices.
• Password failure on email, social media and other accounts is also very common. Varnau said a string of letters, numbers and symbols — associated with an easy-to-remember phrase — is the best route. “Everyone should have a complex password and do not use the same password for everything,” he said. Among the worst passwords are 123456 and qwerty.
• Turn off geo-tagging when taking photos on cell phones so your location is not known.
• Do not charge cell phones at airports or use free public Wi-Fi that does not require a password since that can make devices susceptible to hackers.
• Use two-factor authentication when logging into accounts, since that requires not only a password but temporary code sent to a cell phone that must also be present.
• Lie when answering security questions for accounts and keep the answers written down, if necessary, on a piece of paper, that way even someone who knows you very well cannot figure out your answers in order to access accounts, he said.
• Put a password on a device’s lock screen to prevent others from installing spyware.
• Get security apps and install recommended software updates and patches.
For free tips, how-to videos, current scams, ID theft guidance and other information for individuals and businesses, go to www.catchteam.org.