This friend suddenly started receiving password notifications for several of their social networking sites (Facebook, Twitter etc) and other applications. The more interesting aspect is that this friend has an upcoming legal case so the multiple password notifications from independent applications and sites was a little more than conincidental. Given all the incorrect uses of the word "hacker", I refuse to call this person or people "hacker(s)" and really, what he/she/they did is not that subtle.
I had some advice for my friend, which I first bounced off another good friend, Brian Honan, who was extremely helpful as always and had some awesome additions.
So this post is not intended to tell you how to be safe on the Internet or how to harden your laptop/destop/phone. I simply thought I'd publicise this advice in case anyone-else ran into the same scenario (bear in mind that this advice is primarily intended for a non-technical person, who may have to contact law enforcement -
- Record everything. Using a bound notepad (not the type you can tear a page from), note every event with date and time of each incident, as well as the actual details of the incident.
- Print out all emails, messgaes, screen shots etc that relating to every incident encountered.
- Date each incident and link it back to the record in the notebook.
- Report it to law enforcement, they may not be able to do anything but at least it will be reported to them and they will have a record to go back on if it becomes serious.
- The notebook and printed evidence will obviously help with initial report and any subsequent reports.
- Likewise report to the provider's security team (e.g. Facebook, Twitter, LinkedIn [I could only find a link to the hack, not their Security Team :(], Google etc - they all have their own security team and they should be pro-active in helping). Some companies have a "security team" in name but not in reality so your email will go to trash essentially or in geek terms "/dev/null". However, again, there is a record.
- Report every incident to both bodies. Do not leave anything out.
- Change passwords and use enhanced security of any service they are using, e.g. Gmail and Facebook have advanced security settings. Use two-factor authentication where possible. As we all know, nothing is infallible but raising the bar helps and tends to discourage the vast majority of attackers onto an easier target.
- Run regular AV scans on all your machines (do not flame me for recommending AV, I know the many short-comings, however, for all its failings, it does have a place for many end-users and it will catch the "known" stuff.
- Decouple any applications from their social network profiles. If you log into any site "with Google" or "with Facebook" etc, remove that facility from the site and set up a unique password that is complex, difficult to guess but that you can remember.
- If required (given the many unique passwords that you now have), use a password manager. Some folk like them, others don't. I feel that most users have a tendency to use simple, common passwords or simply re-use the one complex password, both of which have been shown to be the case in multiple hacking stories this year, and ultimately password managers strongly discourage this behaviour. Overwall (imho) the advantages outweighing the negatives (such as single point of failure), although I prefer not to have my password managers in the "cloud", rather on local systems that I have physical access to. For a much more detailed discussion check this link out.
The blog post is intended to help others (non-technical, not as Internet savvy as many techies) who believe their Internet accounts are being attacked for whatever reason.
Just my 0.02c and I thought I'd share.....