• They may be married and have a family
• Introverted with a close group of friends
• Often learned to program at a young age
• College educated, often in electronics, IT, or physics
• No social media accounts – to avoid drawing attention
• Believe that soft drugs, such as marijuana, help them work

Notice that the Secret Service doesn’t specify a gender.

Please forward this to your friends, so they know their adversaries a little bit better.

The post A Hacker Profile – Who Are They? appeared first on Foster Institute.

Now, what affects you directly whether you own a Tesla or not. Many IT Professionals, consultants, and outsourced IT firms access your network remotely using tools designed to help them help your users solve technical issues. Example programs include GoToMyPC, TeamViewer, LogMeIn, VNC, and Splashtop. Some outsourced companies use a product called Agent Tesla to support their customers. If you visit the website agent tesla dot com, you will see that the product has additional features including stealing keystrokes, breaking passwords, and spreading itself like a virus through a network. It appears that some bad actors have been using this tool to infect computers at companies without the company’s permission. And the tech support representatives at Agent Tesla were more than willing to assist the bad actors.

A key takeaway is that user-friendly tools can permit non-technical people to hack your network without needing any technical know-how.

What if a disgruntled or unscrupulous worker in your company installs GoToMyPC, LogMeIn, or similar easy-to-use software on computers in your private offices? They could overhear private conversations without anyone knowing. One of our clients experienced millions of dollars of embezzlement because a trusted worker used one of those programs on the computer that was in the conference room. The embezzler was not technically savvy at all, and he heard enough confidential information to embezzle millions and wreak all kinds of havoc. He did not need to use the additional user-friendly features that Agent Tesla provides including password cracking and automatic infection of other computers, but he could have.

Visit with your IT professionals. What are you, as an organization, doing to protect yourself from someone intentionally utilizing a readily available program, such as Agent Tesla, to infect your network, spy on your workers, steal information, and break your passwords?

The CEO, Owner, President, and other chief executives suffer the most when an attack devastates an organization. Most of them wish they’d have taken more of an active role in security. Learn from their mistakes, before it is too late.

The post Stealing Tesla Cars, and Stealing Your Network with Agent Tesla appeared first on Foster Institute.

If you will be in Vegas, leave your laptop and phone at home – lest you end up on the infamous wall of shame for being hacked. The website is defcon dot org

The post Hacker Convention Starts Later This Week appeared first on Foster Institute.

Gaining access to your account can provide everything from photos stored in your phone, to the passwords of Wi-Fi access points to which you’ve connected to in the past. That is very concerning.

When attackers know your browsing history, your email messages, your past search terms and the links you’ve clicked, they can use that information to perform very effective attacks tailored to trick you and the members in your company. With knowledge of your passwords, they can wreak all kinds of havoc.

Go get an idea of the kind of data that is stored in the cloud and is potentially accessible to attackers who use the right tools, see google dot com /policies/privacy/

Additionally, there are tools available, such as cloud explorer, that make it easy for even non-technical attackers to conveniently gain access to the sensitive information stored in your phone.

Please forward this to whomever is concerned about their mobile device’s security.

The post Attackers Can Hack Your Phone Without Having Your Phone appeared first on Foster Institute.

1. Refuse to permit tech support to access your computer to help you.

If this is your known service provider, then maybe you will decide to trust them. However, nobody else.

Last week, I connected a new well known web-cam that is highly rated. It didn’t work properly, so I called tech support. Their opening line, “I will send you a link to click, that will permit me access into your computer so that I can fix the problem.” I gently told him there was no way he was ever getting remote access. He was shocked, and had to go ask his manager what to do next…

2. Believe your anti-virus.

The camera company’s tech support rep, now with the manager with him, told me to download a special driver and run it on my computer. When I started to download the driver onto a “test” computer, my anti-virus program identified the driver as a virus. So I refused to install the driver. Without missing a beat, he said, “That’s ok, you can trust anything from us – it is safe.”

I wonder how many of their customers have been duped. Even if the tech support had no intention of infecting their customers’ computers, how can they be sure that their software isn’t already compromised without their knowledge? Never let convenience override your choice to do something reckless.

3. Never answer online quizzes.

I love my wife. One day, she was so excited to tell me what her rock band would have been called in High School. She took a quiz on Facebook that told her. I asked what her rock band would have been called. The band name generated by her filling out the online quiz including the street she grew up on, followed by her favorite pet’s name, and the name of the high school she attended. Like I said earlier, I love her so much. But please don’t ever fill out any online quizzes again – ever. You can be duped into giving away too much information. Attackers can combine the answers with other information they discovered elsewhere on the web, and it makes it lots easier for them to assume someone’s identity.

Please forward this to everyone you care about…

The post Avoid These 3 Really Good Hacker Tricks appeared first on Foster Institute.

As demonstrated last week, attackers attempt to guess usernames and passwords on systems in an attempt to gain access to those computers.

The most concerning part, since your network is already under attack, is that one or more of the attempts might have been successful.

Those thousands of unsuccessful login attempts on a computer are, in a way, reassuring because the attacker was having difficulty finding a combination that worked.

The reason that some computers have fewer attack attempts can be because an attacker successfully gained access after a smaller number of guesses.

This is often the case since the attacks are automated so an attacker will not usually get tired of trying. Once one of the tries is successful, then that’s when the attacker stops guessing usernames and passwords. At that point, they already have access.

Have your internal, or outsourced, IT Pro examine failed logon attempts and see if the usernames seem random like the list published last week. If the usernames are similar to those on that list, then that’s an indication that an attacker was attempting to gain access. If there are a small number of attempts, then that attacker may have gained access to the computer.

Now that’s concerning.

Please forward this to your friends and associates so that they can be more aware of how to protect the security of their organization.

The post How To Know if a Password Attack Succeeded appeared first on Foster Institute.

Read the interview by entering this search phrase into Google:

My hack stole your credit card site:money.cnn.com

Forward this to your friends who want to discover this hacker’s point of view on attacking tens of thousands of companies…

The post This Hacker Tells All appeared first on Foster Institute.