Tag Archives: China

Watch the World's First Mind-Controlled Car in Action

When automobiles giant like Nissan, Toyota and Tesla are focusing on self-driving smart cars, Chinese researchers have taken the future of automotive car driving technology to the level that’s beyond your imaginations.

Chinese researchers have built what they claim is the World’s First Mind-Controlled Car — that uses nothing but human’s brain power to drive.

Isn’t that sound like a

APT Group Gets Selective About Data it Steals

Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.

Personal data is becoming a primary target at every level

I recently published a blog about the data breach at the Office of Personal Management (OPM) and the Interior Department which is being blamed on China.

In the last week, there have been a number of experts giving more detail on the depth of the stolen data. The concern is about Standard Form 86 which is used to collect data on potential federal employees applying for positions in National Security.

As you can imagine, this form probes into areas of someone’s background, family and friends that not even those close to the person may know. There are 127 pages of the form and the collection of information includes citizenship, passport, residence schools, military service, employment, financial records, alcohol and drug use, criminal records, psychological and emotional health, groups that may have been associated with, foreign travel, associates including relatives and friends.

The data is extremely valuable to any foreign government or intelligence agency, knowing your enemy in this much detail is a definite advantage. Some observers are suggesting that the data may even be used to blackmail people.  While there is of course this possibility, I doubt anyone who successfully got a position in the NSA would be susceptible to blackmail…

However, there is the risk of an unsuccessful applicant being blackmailed with the data on their Standard Form 86. Naturally, this is bad news for them and they need protection as they are not in positions of national security.

Any breach that affects the people responsible for our security is extremely serious and there needs be a robust plan to assist current and past employees, and even those who simply filled out the form.

Personal data is becoming the primary target for many cyber criminals, foreign powers and governments and the holders of the data need to take precautions to secure it. We are all potential victims of data theft and it’s our responsibility to understand the dangers of handing over our data.

While in this case there is no alternative for national security employees, in many of the data breach cases recently there are ways that we can limit our exposure by sharing less.

US blames China for massive data breach

The OPM is responsible for human resources for the federal government which means they are the collectors and holders of personal data on all federal employees.

Law enforcement sources close to the breach stated that a “foreign entity or government”  possibly Chinese was believed to be behind the attack, according to an article published in The Guardian.

It should be noted that the Chinese government stated that it was ‘not responsible’ and this conclusion was ‘counterproductive’.

The OPM carries out background checks on employees and holds data dating back to 1985. A successful attacker could gain access to records of past and present employees, with data that could even refer to retired employees and what they are doing now.

Regardless of whether you believe the continual finger pointing by one government at another, there are real people that are effected and protecting them and their identity should be the priority.

Alarmingly, an official said to Reuters that “Access to data from OPM’s computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with information about weapons systems”.

 

How to stay safe

While those of us who do not work for the government won’t have been affected by this breach, what can we do to protect ourselves identity theft?

  • Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
  • Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  • Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
  • Avoid using the same email address or identity across multiple online accounts. For example, have a primarily email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
  • Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.
  • Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
  • Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.
  • Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.
  • Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!
  • Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.
  • Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

Also consider enlisting an identity monitoring service, commercial companies that have been breached often offer this reactively to the victims. Understanding where or if your identity is being abused in real time will give you the ability to manage issues as they happen.