Computer Forensics Expert: How to Keep Anyone From Snooping Around Your Cloud

The American Civil Liberties Union, based in New York, NY., reported the U.S. Government claims the right to read personal online data without warrants. This trend is not unique to the U.S. Government. Many governments around the world make requests of these service providers as well.

According to statistics published by Google, it received over 16,000 requests for information affecting over 31,000 users in 2012. Google’s same statistics stated they provided information in over 85% of the requests.

In 2012 Microsoft received over 70,000 requests affecting over 120,000 accounts. While this is a much higher number, Microsoft only produced information on these requests about 2% of the time. Almost 80% of the requests asked Microsoft to divulged subscriber and transactional information only.

Locking the thieves out:

Companies and individuals can take easy steps to prevent thieves, companies and the government from gaining access to online storage which contains private information.

Here are a few basic ways of protecting or encrypting the data to keep prying eyes from viewing confidential and/or personal information:

1) The data can be encrypted before it is stored in the Cloud. Products like TrueCrypt, Privacy Drive and MyInfoSafe allow for the user to encrypt their data. This type of encryption can be done for files as well as folders prior to storing it in the Cloud.

2) Use an “On The Fly” encryption product which encrypts data as it is stored by almost any online storage provider. Products like BoxCryptor, Cloudfogger, SafeMonk, and Viivo integrate with the Cloud Storage provider(s) of your choice encrypting data locally, but seamlessly before it is stored in the Cloud. These services provide encryption completely separate from the storage provider, ensuring even the storage provider employees can’t access data stored in their company’s Cloud.

3) Choose a provider that encrypts the data as part of their service. Storage-As-A-Service companies like SpiderOak, iDrive and Comodo not only transfer your data via an encrypted protocol, these companies also store the data in an encrypted format preventing those who don’t have an access key from easily viewing your data. It is unknown if there is a back door they are able to use to access data stored on their servers.

Businesses are acutely sensitive to government information requests due to their legal responsibilities under privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. Therefore, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.

The U.S. Electronic Communications Privacy Act of 1986 was enacted in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages stored in online repositories. In 2001, the PATRIOT Act further added to the authority of the federal government to search records under its “Library Records” provision, offering a wide range of personal material into which it could delve.

We are not suggesting people should try to skirt around the PATRIOT Act. But companies and individuals should do their best to comply with data privacy issues. It should be up to the organization or individual to establish a policy regarding exactly what, when and to whom they disclose information from their Cloud service provider..

Computer Forensics Expert: Traveling? Treat Your Laptop Like Cash!

In today’s society, traveling with a laptop seems like an everyday occurrence, whether for “mobile office” or just personal use. There are some things you should be aware of when traveling with your laptop. Since it is portable and portable items can be easily lost or stolen. Here are a few tips to help avoid heartache and an employer’s wrath.

#1 Treat your laptop like cash. Some of the information might be replaceable. Other information, however, may be irreplaceable. There is also the risk of someone using the information to further their cause (attempt to sell it back to you, or one of your competitors). If nothing else, it will be the hell and countless hours you have to go through to get another machine and get it setup just like the laptop which disappeared.

#2 Never leave your laptop alone and exposed, ANYWHERE! Not in the car, not in a conference, not anywhere someone armed with a crowbar or just a bag can easily grab it. Airports are especially notorious for this type of theft.

#3 Invest in a security lock. These long steel cables can be used to lock your laptop to a bench, table, or other stationary object, via a dial (or padlock) which can only be removed by someone with the code or key. Otherwise, the computer has to be damaged to remove it from this lock. One way to increase the difficulty of taking your laptop from an exposed area is to run the cable through the handles of your brief case, thus adding a damper to a swift pull. That is: if your handles absorb some of the tug of someone trying to make off with your laptop, it will be much harder for them to yank the lock mechanism from your laptop. We recommend that employees be required to use a lock even if their laptop is in the trunk of the car. If attending a conference, the laptop should be locked to a table or some other object which is difficult to move. The idea is to deter the casual thief. Most thefts are non-targeted and opportunistic. By placing a lock on your laptop you are preventing this from possibly happening. A good lock costs about $25 and can be found at most electronics retailers.

#4 Never carry written passwords with your computer. If you must write down passwords (we recommend you never do, but we realize this is not realistic for some) keep them in a separate bag or in your wallet. So in the event your computer is stolen, you still have your passwords which can changed if needed.

Computer Forensics and Hacking Expert Witness: Howdy, I’m a Hacker!

The most common visual is the pale nerd in his mother’s basement who is getting into his university server to change his rivals grades to failing ones. Then there are the various Hollywood depictions which show “master criminals” manipulating traffic signals and financial markets. This is a fairly recent use of the word “hacker” and for years before it had a very different meaning.

In the early 90’s when Linux (a popular free computer operating system) was introduced, the word hacker did not even exist. Users of these operating systems referred to themselves as “hackers”, only due to their ability to manipulate and reuse programming code for their own purposes, outside of its originally intended purpose. If you think of them as chefs, everyone has that one basic recipe for lobster bisque, but each chef will put their own spin on the recipe to make it their own. They were / are very competent programmers that had a passion for writing their own programs.

The majority of these “hackers” used their skills for good. For example, helping a friend who needed new software to help keep track of inventory at a grocery store. Then there are some more famous hackers, including Steve Jobs and Bill Gates who made a lot of money creating a consumer computer for the home. A small percentage used their skills for less than honorable purposes, such as Kevin Poulsen and Adrian Lamo. These dishonorable hackers are what gave the noble hobby of computer manipulation its bad name.

Due to the large amount of media attention on the subject, in recent years, the term “hacker” has become synonymous with crime and people using their skills to steal and create fear. While this may be true in some instances, it is not the majority. Now we distinguish good from evil with (figurative) hats:

“White hat hacker” or “Ethical Hacker” is person who hacks for good to find their own or other organization’s vulnerabilities and report them for improvement.

When the term “Black” is useed along with “Hacker” they are considered to be someone who hacks for evil maliciousness or personal gain.

“Gray hat hackers” are in that limbo status between the two who may offer to repair a vulnerability for a fee.

“Blue hat hacker” are usually outside computer security consulting firms who test software or systems for bugs looking for exploits so they can be closed prior to software or system release.

Remember: not all hackers are bad.