MultiversX Tracker is Live!

Some things to do from someone who has a background in cyber security

All Cryptocurrencies

by COINS NEWS 142 Views

Some things to do from someone who has a background in cyber security

So real quick, I have a background in cyber security. I have several degrees. One of the higher degrees I had to take FBI classes and see how cops can get info off computers and so on. Part of given things I've made honey pots which showed what countries were attacking us. I've setup security systems, dealt with AI and AI firewalls, and so on and so on.

My point is, cyber security is one of those things I know. To the point I use to teach it on an international level.

Because of this and because I got the following saying my stuff was compromised. I figure I might as well share my knowledge

https://preview.redd.it/e8g6zig9ih5a1.png?751&format=png&auto=webp&s=1af2192040c31aee5067d3aef9731e823eb3a8a7

NOTE: You can ask me cyber security questions around crypto, and I will try to answer it if I see it and can.

(I also have a background in rockets, space, and space flight before man spaceflight went away in 2011. But I seriously doubt there will be any crypto related questions on that.)

_______________________________________________________________

The first thing to remember:

There is only so much you can do. Realistically it is impossible to 10000% keep hackers out and away from everything you have. Something at some point will get compromised. This being the gov systems getting hacked, your address being leaked, or whatever.

Because of this as an average person you need to have a plan on what to do when such things happen. Make it into levels.

  • Level 1 = You needed to deal with it yesterday. Like hackers are taking away your home situation.
  • Level 2 = You need to deal with it, but there is some time. But you need to take it seriously. So like ID theft.
  • Level 3 = Your general hack. Like someone hacked into your Xbox account or whatever. It is important, but not critical.
  • Level 4 = Someone hacked in an account you didn't use for a while. Maybe you forgot to close it. You don't have plans on using it again, but maybe you aren't sure what is in it. Or you do and generally don't care.
  • Level 5 = Like the image above. It might be something you don't care about, or once it is out there it is out there. Like my email address and partial phone number is out there. There isn't anything I can do about that. With how I have my stuff setup the only thing they can do with that is trick me/phishing attack.

On all levels if you think your account is compromised then the first thing you need to do is CHANGE YOUR PASSWORD. If the site lets you log out all devices connected to the account.

This automatically kicks the hacker out and they don't have the new password. Even if you can log them out, still change the password.

Anyways having a plan lets you follow it to success and lets you not have to worry about things as much. Like a lot of people shut down when they get attacked because it is too much for them. They just do nothing for a short time because creating a plan in the middle of the action they can't do that.

Something I found helpful is if you have problems try to narrow down your questions to yes/no. Like, is the hacker keeping you out of your house, keeping you away from your meds, or something that critical? And just work yourself through the levels to figure out how serious this is.

__________________________________

What everyone needs to do:

If you use something like Gmail you can do 2 things.

  1. when you sign up to your account or change your account email. So like if you sign up to Kraken, you can do (email+kraken@gmail). What this does it if you start getting a bunch of spam or scam emails with the to field with that. You know that place has been compromised to some level.
  2. Google Voice is your friend. Google Voice is a FREE VOIP service. Basically you can set it up were it will give you a number, and it will forward all calls to your actual number. When someone calls or text the VOIP number, they don't see the real number. You can use this number as a public interfacing number. What I do is family has my real number and everyone else gets my public interfacing number.

Something to note is you can have multiple email addresses. 1 for general public, 1 for signing up to things, and so on. You can have all the accounts forward to 1 account. And you can set it up where when you send it sends through the account you want.

Phone:

  • Unless if it's a business phone. In the voice mail thing don't say who you are. Like you can say this is x number, please leave a message. But I don't even do that. But also with the stuff I was with you can identify someone by their voice so I'm taking more security precautions than a normal person should. Anyways, lets say if a hacker grabbed your phone number from some exchange you did KYC with. They got nothing other than your number. They can easily get 1 if you're a male/female and your name from most voicemail greetings.
  • If possible, use an out of state number. Like all my numbers are 100% out of state. This makes it that much harder for a bad person to track your location if they are using that bit of info. Like the area code can narrow things down by a bit.
  • NEVER say who you are when someone ask unless if you are expecting the call. So like if I am getting support to call me, then that is normal for me to answer that question. But if I don't expect the call, I never say who I am.
  • If you don't expect the call or recognize the number don't answer. Again, if I am expecting a support call then this is where I would. And the previous point mistakes happen. But there is a redundancy factor to protect you.
  • Don't download images from numbers you don't know. Like back in the day there use to be a way to hack someone's phone through the image that downloads on their phone. Apple use to have a number of problems with their text system. IDK the risk level today, but IMO it is better to not risk it. This is 1000% more important for us. Like if hackers got your number from an exchange. They can send it a virus through this, and if you have any hot wallets on the phone. Problems happen

Sign up for https://haveibeenpwned.com/ It's free and it alerts you if your info gets on a list. I don't recall CoinTracker ever sending me a letter. Like they might of and I forgot. But often this is the only way you know if something happened and how bad it is.

Passwords:

  • Obviously don't use the same passwords everywhere. It is best to try to use some password manager. But note if you trust them or not, how they protect your info, and so on.
  • Try to use complex passwords. Like in this day and age, you can just get a password generator. Use it. Some even let you generate passwords in a readable way. So like "r3adb00ksw1thpants"
  • Again, change passwords when you find a hacker might gain access.

There is best practices of changing your passwords every 90 days or so. I hate this practice because it isn't realistic depending on how many accounts you have. But there is this.

2FA is your friend:

  • So it is best not use SMS for 2FA. There is just too many cases where mobile networks had gangs working in them and they screwed with this, or something happened.
  • Google authenticator is free. Use it. Something you can use is Yubi key authenticator.
  • Use security keys when you can. You have to have the physical device in hand to get into your account. Note some things won't let you do this or it cuts features off.
  • Get a hardware wallet. What I'm seeing more and more of in crypto world is places (more so web 3) is letting you log in normal or log in using your hardware wallet. In some cases they require you to prove you who who you are before doing anything. They are using the wallet to do this.

Crypto world:

Because we are using a new technology, we have to do extra things.

  • Put your crypto in your wallet you control and no one else.
  • DYOR before signing any smart contract. Some people get scam and some contracts let the bad person suck all your crypto off your wallet.
  • Revoke smart contracts if you are done with them.
  • Use web 3 domains in place of your address. For example, I could give random joe my address. Or I can give random joe a readable web 3 domain to send crypto to.

Yourself:

The biggest security threat is YOU YOURSELF. Learn to STFU.

So a major part of hacking is social engineering. You can protect yourself by simply asking 1 question.

Is the info I'm giving the person something I should really be telling them?

When I worked in retail people would tell us their life story. Don't do this. Random person isn't your psychiatrist. And even if they are your friend, it is best for security reasons watch what you say. There is just too many stories of "friends" and "family" screwing over someone because they know too much and it turned out they weren't a good person. Even be careful with spouses and kids.

Something we use to do to test people when I was around security is put $5 on a table in break rooms or other areas. There would be a hidden camera there. But we would see if

  1. if the people will touch it
  2. if they do touch it will they bring it to whomever to find the owner.

IDK the percent but if I had to guess 90% of the time the money would be pocketed even if it was a church.

Also

  • note things like where you are using your phone, who can be looking over your shoulder, and so on.
  • note if you are using a hardware wallet to keep your crypto or software wallet.
  • note any actions you do that might cause problems. (leaving passwords out, being on unprotected wifi, not using VPN, and so on)

EDIT: Bonus advice

I forgot to mention, one of the more important things is BUY A SECURITY CAMERA. Like Wyze sells them for $20 or so. They work great and make sure you get an SD card. Buy multiple of them to have tight security.

Basically, set them up in such a way if a bad person comes in to your home, then they will be recorded. The point isn't to stop them, but to give the cops something. The point of locks is to stop them (btw lock your doors you aren't using, and when you leave your car even to get gas lock the doors).

If someone steals your hardware wallet, or devices with software wallets on them. This could help.

submitted by /u/crua9
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments