Report identifies source of Middle East fake news, how big is human error and why collect so much data?
Welcome to Cyber Security Today. It’s Wednesday May 15th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
There’s an old saying that goes, “Don’t believe everything you read.” Unfortunately, it’s particularly true in the Internet age, where anyone can pretend to be someone else, and what appears to be from a genuine news site may be fake. This comes to mind with the release this week of a report from the University of Toronto’s Citizen Lab.
It believes an apparently pro-Iranian group has been publishing phony content on websites that impersonate legitimate media outlets, and then spreads links to the fake news through social media. Sometimes reporters get suckered. One example is an article that appeared to be from Harvard University’s Belfer Centre for Sciences and International Affairs. Other articles have pretended to be from the Guardian and France’s Le Soir. The goal of this fake information appears to be to trash Saudi Arabia, and suggest some Muslim countries in the Middle East are increasingly getting closer to Israel.
Citizen Lab identified 135 phony articles, 72 fake websites, and 11 fake social media personas in its investigation.
This campaign is only one of many examples of people creating fake stories for various reasons. What can you do? Watch the links you click on carefully. Unfortunately, scammers can sometimes create close enough websites to fool people. One story, for example, went to belfercenter.net instead of belfercenter.org. Good for those who can spot that little mistake, bad for those who don’t. Another clue may be spelling errors or poor grammar in social media messages or web site texts. Here’s a link from the Toronto Public Library to learn how to spot fake news. And here’s one from Harvard.
In addition, organizations have to do a better job of preventing their sites from being copied.
Australia’s Information Commissioner regularly issues statistics on data breaches. The latest, covering the first three months of this year, said that while malicious attacks were responsible for 61 per cent of the incidents, human error caused 35 per cent of them. That means mistakes made by people like you, listeners, including sending email with personal information to the wrong person, losing a USB key, portable disk or laptop, or making an unauthorized or unintentional disclosure of personal information.
Remember, you are part of the security problem, and the solution.
These days companies like collecting data on customers. Apparently there’s no end to how much about you they want. But an article in CSO Online raises questions for marketing executives. It notes that recently someone stole a list of 200 million records for use by direct marketers around the world. This database had 42 fields. One field is an address, another is phone number. Others are marital status, income, financial net worth, gender, race, religion. There are 36 more fields — and they don’t include really sensitive stuff like social security numbers, credit card numbers, drivers licence numbers. So what other tiny pieces of information were collected? Not only that, this database was assembled in 2015. By now it’s out of date and useless. The message to marketers is this: Ask yourselves if you really need all of the data you collect. And if the answer is no, delete it. One of the benefits is the less data you have, the less someone can steal.
Finally, do you have a Linksys Smart WiFi router? A company called Bad Packets says some 25,000 of them have a bug that leaks information about the device and could allow it to be taken over remotely. Some are older units that date back to when Cisco Systems owned the Linksys name. It isn’t clear if Belkin International, which now owns Linksys, will fix the problem. But it would certainly help if you changed the default password from ‘admin’ to something much stronger.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon