You Are Being Stalked

Somebody Is Watching You:  Imagine that there is someone following behind you day and night, watching and writing everything you do into his notebook.  Now, imagine that his cohort is doing the same thing to your spouse.  But it doesn’t stop there, they are also following your children.  They take their information and report it to their boss.  Seems pretty creepy, right?  Because it is.

Big Tech Advertising:  That scenario is played out every time you browse the internet, shop online, or use social media.   Your activity is being monitored and tracked by the big tech companies like Google and Facebook.   Have you ever wondered how Google could afford to give you free email when 20 years ago it was expensive?  Or how Facebook can provide their platform for free?   They can afford to do that because you, the user, are the product.  They are selling your information for targeted advertising.  They are getting rich by selling the browsing habits of their users or by tracking what you like or don’t like on social media or the types of videos you watch.

Eye Opening Ted Talk:  In recent years, there has been increasingly louder outcries from the public once the digital stalking has been made public.  In his TED Talk, Gary Kovacs used a tool in his FireFox browser called Collusion that creates a map of the different organizations that are tracking your activity.  After hitting only four websites, there were 25 different trackers.  On a typical day this number grew above 150.  There is a plugin for Chrome and Edge called Ghostery that alerts you of the number of trackers attached to your session for each site. It also allows you to block them.  Social media sites are known for having more trackers associated as compared to other sites.

Cookie Replacement:  There is a push to remove these tracking files called cookies to give users more privacy.  Advertisers were concerned about possibly losing this venue for targeted marketing.   Google, however, has stepped in to create a new anonymous online identifier to replace cookies called Federated Learning of Cohorts (FLoC).   FLoC uses your browsing history from the past week to assign you to a group, a FLoC ID, with other “similar” people around the world.  Google sells access to these FLoC IDs   as long as the advertisers agree to basic guidelines, which would aim to deliver users greater privacy and control over how they browse the web. This methods still contains many of the same privacy and possible discrimination issues that cookies have. 

Defensive Tools:  You are not alone or defenseless in this attack against your privacy.  The Electronic Frontier Foundation (EFF) is a privacy advocate for the people.   They have created a browser extension called Privacy Badger that works on FireFox and Chrome. It monitors third parties and ad networks that try to track you through cookies and digital fingerprinting and can even auto-block them.  Another thing you can do to protect your privacy is to change your search engine.  Google, Yahoo, and Bing all collect your information to “personalize” your experience.  Instead use search engines designed for privacy in mind like DuckDuckGo, Qwant, and Startpage.  If you want to go all out, you can use a relatively new browser called Brave that blocks ads and trackers.   For complete privacy with end-to-end encryption for your messaging and phone calls, we recommend an application for both phones and computers called Signal. 

Regain Your Privacy:  It is time to get that stalker off of your back and regain your privacy.  Check out Ghostery, Privacy Badger, DuckDuckGo and Brave while enjoying your online experience without being tracked.

Time to Put a Light on the Shadows

Missile Controls: During the Cold War, there were hundreds of top-secret nuclear missile silos around the United States and allied countries.  An example of the silo can be seen here in Arizona at the Titan Missile Museum.  Many of the silos are still in use today.  They are guarded with service members with extremely high- level security clearances where the details of the location and security procedures if exposed could give the enemy the upper hand.

National Security Issue: Understanding the importance to national security, what if I told you that for the last seven years, details of operations of nuclear weapons in Europe have been on the internet, freely available to anyone through flashcard-learning applications.  Since 2013, flashcard applications like Quizzlet, Cheg, and Cram were created by service members at six European bases to help them memorize security protocols about US nuclear weapons and the bases.  Details included the location of the exact shelters and “hot” vaults that contain the nuclear weapons.  Camera positions, frequency of patrols, and unique identifiers for restricted area badges were part of the package.  In addition, secret duress words that signal when a guard is being threatened were exposed. 

Security Breach: A journalist from Bellingcat looked up terms associated with nuclear weapons bases, like Weapons Storage and Security Systems (WS3), associated with air bases, and the flashcard apps showed up.  This was a huge security breach, and it went on for more than seven years! 

Shadow IT: This is a perfect example of the risks of Shadow Information Technology (Shadow IT).  Shadow IT is any technology that employees uses without approval or support from their IT department. Examples of Shadow IT include using personal emails, music streaming services, collaboration tools, and storage and sharing applications that have not been approved for use. 

Circumventing the System: The flashcard-learning applications are cloud-based applications open to the public.  The service members did not have a similar technology to help them memorize all the protocols, so they went to the web and used a specific free tool that helped them learn much more efficiently.  The members created Shadow IT because the military did not provide a secure solution. Sometimes, Shadow IT exposes to management the tools required to perform the tasks to get the mission accomplished.  If leadership acknowledged the requirement and created a secure solution, that sensitive information would have been kept secret. 

Big Risks: Shadow IT is a security risk.  It is projected that one-third of successful cyber-attacks are on data located in Shadow IT resources.  That’s because, if the IT department does not know about it, they can’t secure it.  When left unchecked, businesses risk proprietary data or customer data.  If exposed, that means loss in the marketplace, downtime, fines, or damage to reputation. 

How to Avoid It: To protect your business, find out all the tools that are being used by your staff.  Provide amnesty to anyone using unauthorized apps. This provides insight into what is required for their tasks and gives you a chance to confer with your IT or cybersecurity professionals to determine a secure way forward.  Whitelisting application tools provides insight to management into what applications are used on the work network, and management can decide what is allowable.  There are no secrets when a whitelisting tool is used.  Shadow IT is exposed to the light.

Moral of the Story: Whether you are protecting nuclear warhead secrets, or your company’s process to beat the competition, Shadow IT can have a negative impact on your operations.  Discover what is out there and find a way to secure it.