Lou Covey, Author at Cyber Protection Magazine

Voters mareking ballots at voting station

Election security is not a technology problem. It is how naive we are

Lou Covey Jun 27, 2024

When it comes to election security, the technology we use to vote and count those votes is not the problem. The problem is how naive we are.

Election security has been at the forefront of daily news cycles for more a decade. The concerns about illicit use of technology to input and count the votes turned out to be largely overblown. Every U.S. state other than the Commonwealth of Louisiana, uses paper ballots, matching the practice of every other western democracy. Lawsuits have bankrupted people and organizations claiming the technology was changing votes. Those that have complained the loudest about election interference are now facing prosecution for the crimes.

Now the tech focus is on the use of artificial Intelligence to create deepfake video and audio. A recent pitch from Surfshark,

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

FBI statistics showing the break down of elder fraud. $1.2 million in investment scams is on the top. which is twice as much as the second, tech support scams

Elder fraud festers out of control

Lou Covey Jun 21, 2024

As legislatures around the world try to get a handle on the growth of ransomware, another category of cybercrime is festering out of control: Elder fraud.
The FBI’s Internet Crime Complaint Center (IC3) reported more than 100,000 people in the US, 60 years and older, lost $3.4 billion total to digital scams. The IC3 pointed out that the elderly are half as likely to report a loss. So the actual crimes and losses are probably much higher.

In contrast, the total ransomware payouts last year from reporting companies was $1.1 billion according to Chainanalysis. While the total number of fraud reports to the IC3 appears to have leveled off after years of growth, elder fraud increased by 14 percent year on year.

“Combatting the financial exploitation of those over 60 years of age continues to be a priority of the FBI,” wrote FBI Assistant Director Michael D. Nordwall, who leads the Bureau’s Criminal Investigative Division, in the report. “Along with our partners, we continually work to aid victims and to identify and investigate the individuals and criminal organizations that perpetrate these schemes and target the elderly.”

Who is vulnerable?

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Hacker taking control of Marriott Hotel customer data

Third-party security is almost impossible

Lou Covey May 3, 2024

There are many themes arising for the RSA Conference next week including tools and services to protect against originating with unsecured third parties in the supply chain. That is a crucial issue in every industry especially with almost every company doing business with a supplier in the cloud. But the scope of the problem is almost impossible to resolve. The reasons are myriad.

With every Fortune 1000 business and government agency doing business with tens of thousands of third-party suppliers, the odds of finding one chink in the security protocols are very good for the criminals and state actors looking to do damage.

Social engineering can easily bypass the strongest technical defenses. It only takes a single lapse in digital hygiene to open the door to man-in-the-middle attacks, invite malware injections, and launch credential stuffing. It is also the favorite strategy of ransomware gangs.

Ransomware grabs headlines and remains highly lucrative for ransomware gangs. When compared to other forms of cybercrime, however, ransomware is really a minor issue. There are more than 33 million small businesses (under $100 million in revenue) operating in the United States alone representing 99 percent of all businesses. However, according to a study produced by the Black Kite Research and Intelligence Team, less than 5000 of them experienced a successful ransomware attack in the last 12 months...

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Cariacture of Google stomping in newspapers

Google at loggerheads over support for journalism

Lou Covey Apr 24, 2024

Google and the state of California have come to loggerheads over legislation designed to require Google to provide financial support for local journalism. Naturally, Google is fighting this with a PR and lobbying blitz. They and their allies may be missing the point. Whatever the outcome, it could have a profound impact on the democratic process.

The legislation, The California Journalism Preservation Act (CJPA) has been wending its way through the California legislation for about a year. The text of the law says, "This bill … would require … a covered platform (as in Google) to remit a … payment to each eligible digital journalism provider … The … payment would be a percentage, as determined by a certain arbitration process, of the covered platform's advertising revenue generated during that quarter."

History of dispute

A bit of history provides context. Google launched Google News in 2002

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Commentary: Getting the point of Google News v. the media

Lou Covey Apr 24, 2024

Cyber Protection Magazine posted a long article about Google’s decision to start de-listing California-based newspapers. We strove to be as objective as possible and present both sides of the argument, but we did say that the opponents were missing the point, hoping that the point would be obvious in the discussion. Here, however, we want to shed objectivity and make the point clear.

Google’s move, generously described, is a preemptive response to California’s Journalism Preservation Act (AB 886) that has yet to pass the Senate. The act will require Google to sit down and negotiate with California publishers over the fair price of publishing content from those media sites.

Note that the bill is not mandating a price. It is mandating a negotiation. That changes the nature of the discussion.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

50s style ladies chasing a robber down the street

A lesson on election security from tea ladies

Lou Covey Apr 9, 2024

Our current election season faces the same problems as in 2016 and 2020. Foreign adversaries are interfering with the election process. This time we know it’s happening we know where it’s coming from and we have ways of dealing with it. The question is, is it enough?

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Book Review: AI Doctor, take the money and run

Lou Covey Mar 25, 2024

When we received an invitation to review AI Doctor we were quite excited to get a look inside what a serial entrepreneur, investor, and cardiologist thinks about dealing with those vulnerabilities.

Purchase Required

You must first purchase a membership level before purchasing this content.

Choose a Membership Level

Already a member? Log in here

Social media hangs itself in TikTok legislation

Lou Covey Mar 19, 2024

The debate over the appropriateness of the Congressional action against TikTok can be debated for a long time and probably will until the Senate takes action—which could be weeks. What is less debatable is TikTok’s, and pretty much all of the social media industry’s contribution to the situation. In essence, social media has hung itself with its own lifeline.

The industry has long embraced Section 230, a section of Title 47 of the United States Code that classifies them as part of the telecommunications industry. That particular law immunizes social media platforms and users from legal liability for online information provided by third parties. The section also protects web hosts from liability for voluntarily and in good faith editing or restricting access to objectionable material, even if the material is constitutionally protected. These protections do not apply to what is traditionally known as “the media.” That is an important distinction.

The FCC also regulates related to the foreign ownership of telecommunications companies, broadcast, and cable companies, in that it is not allowed. If TikTok expects protection under Section 230, it has to abide by all the FCC regulations, including ownership. In that case, the legislation is consistent with US law.

News media or Telecom?

However, the CEO of TikTok has made the case that the legislation infringes on the First Amendment rights of the company, creators, and users because… wait for it … TikTok is a major source of news for users. In other words, it is a news medium. According to TikTok, 43 percent of users rely on the app for daily news. But that sets up an entirely different problem.

Print, broadcast, and cable media are bound by ethics and laws to print truth. If they knowingly publish defamatory and untrue information, they can be sued by the injured party. That was most recently and famously demonstrated in the lawsuits against Fox News and Rudy Guiliani for intentionally spreading lies about election technology related to the 2020 US election.

Those same lies were and still are spread on social media platforms, including TikTok, with impunity under the protection of Section 230. But if they are a news medium, the protections of Section 230 go away and TikTok and creators who spread disinformation can now be held accountable for libel and slander.
Social media companies can adjust algorithms limiting what kind of information can be distributed on their networks and they reluctantly apply those restrictions when they are pushed to. But they can’t be sued for disseminating that information under Section 230. If they

Purchase Required

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Already a member? Log in here

Thief stealing a credit card from a hidden pocket

Scam Bucket: Credit card fraud is inevitable

Lou Covey Mar 14, 2024

You can do everything right, but credit card fraud is inevitable.

In recent weeks, Cyber Protection Magazine has fielded calls and emails from people who have followed all the best-known techniques for securing banking, debit, and credit card information. That includes bank notifications every time the card is used, multi-factor authentication (MFA), biometrics, and limiting the use of a card for specific transactions. These readers still experienced unauthorized use of their payment cards

How does that happen?

The market for criminal use of legitimate credit cards is a well-known “secret.” The most common sites are found on the DarkWeb, but occasionally they pop up on Meta sites, where they can reap thousands of dollars before Meta gets around to kicking them off, generally without prosecution.

The criminals collect most of this information through phishing attacks using email, but also on Facebook and Instagram, and falling for a phishing scam may negate victims’ claims they “did everything right.” Criminals, however, are getting more sophisticated. Enterprises selling the card information gather it by sending fraudulent emails or text messages, posing as legitimate entities, and tricking individuals into providing their credit card information. Then there is basic social engineering, manipulating victims into revealing their credit card information through phone calls, and QR codes.

Even more sophisticated, criminals will install skimming devices on ATMs, gas pumps, or point-of-sale terminals to capture credit card information when cards are swiped or inserted. While it may not be obvious that the skimmers have been added to the terminal, it is fairly easy to determine if it is legitimate. Legitimate card readers cannot be easily removed, while skimmers may be held on with a simple adhesive. Some locations, like Costco fueling stations, place tape over the reader and, if broken, can alert users and the vendor that there may have been a breach.

No one is completely safe

But by and large, data breaches are the most common source of stolen credit card information, and that is something most victims cannot do anything about.

By hacking into databases of companies or financial institutions criminals steal terabytes of credit card information. Employees of companies or financial institutions may access and sell credit card information, posting the information of those above, carding forums. Criminals exchange...

Purchase Required

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Already a member? Log in here

Keystone cops in wrecked car turning a corner

Turning the corner on cyber insurance

Lou Covey Mar 8, 2024

It seems like the insurance industry is turning the corner on cyber insurance and making a decent profit in the process. But not every industry watcher is optimistic.

Purchase Required

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Already a member? Log in here