Open in app

Sign in

Write

Sign in

Cyber Curiosity: An Introduction

Lakeidra Smith
15 min readDec 10, 2020

My name is Lakeidra Smith, and I am the author of the upcoming book, Cyber Curiosity: Redefining Cybersecurity in the Modern World.

This is the first draft of the introduction of my book. It still has many phases of revision to go through, but I wanted to share this preview of my book a bit early. I am currently hosting a pre-launch campaign for Cyber Curiosity on Indiegogo. Early supporters get exclusive access to my author community and Facebook group where I share insights into the publishing process, inclusion in the acknowledgments of my book, and much more! If you are interested in learning more about my book or supporting my campaign, you can use this link: https://bit.ly/32ZIW4w or simply search for “Cyber Curiosity” on Indiegogo.com.

Introduction

Your name, social security number, address, date of birth, driver’s license number. Vital pieces of information that create your identity. Combined they make you who you are to others. They’re essentially your key to the world. Without them who would you be?

In 2009, Dave Crouse was forced to face that reality. [2]

“I have no identity,” said Crouse, 56. “I have no legacy. My identity is public knowledge and even though it’s ruined, they’re still using it.” [2]

In six short months, the criminals had slowly but surely charged over $900,000 to his debit card. He fought tirelessly against the attacks and to attempt to salvage his finances, but ultimately those attempts cost him almost $100,000. He drained his savings and retirement accounts in the process. Even his once stellar credit score, formally a 780, has plummeted. [2]

Crouse was a favorable target for a cyber criminal. He was a frequent online shopper, and he did the majority of his banking online. Downloading songs from file sharing websites, that are often riddled with malware, was one of his favorite pastimes. He would use his debit card like a credit card. [2]

The first suspicious activity in his account occurred during February of 2009, but Dave dismissed the charges since they were for small amounts of $37 and $17.98. At the time, he was working in the construction-industry making $180,000 a year, so he was financially secure. The account that he did most of his spending out of typically had around $30,000 in it at any given time. [2]

In March, he was laid off from his job. His former $2,300 a week income shrunk to $780 biweekly unemployment checks. Unfortunately for Crouse things really took a turn for the worse in August, “All of a sudden it really got bad,” he recounts. “In August the charges hit big time — $600, $500, $100, $200 — all adding up from $2,800 to $3,200 in one day.” [2]

Once he discovered the fraudulent charges, he immediately contacted his bank and began the long process of filling out affidavits, forms swearing he was not responsible for the charges on his account. He says he filled out about 20 affidavits, and one day he filled one out concerning a charge, and the following day the bank accepted similar charges nearing $4,000. [2]

“At that point I was going to the bank every day and looking at everything,” he said. [2]

Even after he closed his debit account, his accounts were still getting drained daily. Crouse then decided to go to a new bank and open a new account, hopeful that his information was safe there. The next day both accounts, the new and old one, were fraudulently charged for $1,100. Crouse felt defeated. [2]

His new bank explained to him that he was very likely a victim of a cyber crime. It was possible that a keystroke malware had been installed on his computer without his knowledge while he was visiting one of the file sharing sites he frequented. If this was the case, his computer was now infected and the hacker was tracking every key he struck and that’s how he picked up all of his personal information. Malicious software, or malware, such as keystroke malware is not a targeted attack. When malware is created, it is created to produce as much impact or financial gain as possible with as little effort as possible. It is sent to as many people as possible so that it is given a greater chance of giving the attacker a return on his investment. [2]

It’s also possible that Crouse’s information was being sold on the dark web. He reported that people in multiple locations in Florida, Brooklyn. NY., and North Carolina were using his identity to make purchases. It’s common for cyber criminals to sell personal information on the dark web for as little a $1 for a social security number. Prospective criminals can also buy what’s known as a ‘“Fullz,” or a full package of someone’s personal information for about $30. [2] [3]

“It was nasty,” he said, admitting that he even contemplated suicide. “I just couldn’t take it. I didn’t feel like a man anymore. I was violated and I didn’t know what to do.” [2]

His identity — Social Security number, address, phone numbers, name, even his old information — is still being used in attempts to open new credit cards and bank accounts. [2]

You might believe that Crouse’s case is an outlier, but, unfortunately, you would be mistaken. His case is much more common than you may think. The Internet Crime Control Center (IC3), the FBI’s department for cyber crime reports and investigations, reported that in 2019 alone victims of personal data breaches and credit card fraud lost a total of $231,593,664. [4]

Perhaps you believe that you have no reason to be concerned about your personal cybersecurity, because you believe that there is nothing that you can do to protect yourself or that it is the responsibility of corporations to worry about cybersecurity. Yet, I spoke to some experts who believe that we can all become more responsible cyber citizens.

This book explores some techniques that can help you secure your identity as you navigate through the modern world. No one can reduce their risk of being a victim of a cyber crime to zero, but you can be one step ahead by implementing tips from cybersecurity experts that have worked at companies such as Facebook, McAfee, and IBM.

Our Interconnected World

Our world is becoming more interconnected by the minute, and this is a good thing in many ways. We use our devices and the applications that they host to connect with the people that we care about. Our phones and computers have become a gateway for connecting with amazing people and learning wonderful, new things. The Internet and the devices that we have been able to create and connect to it have improved our lives in many ways. Today, most of us — especially not someone like me from Gen Z — would not be able to imagine our world without the joys of our smart phone, social media, and definitely not without the Internet.

In 2020, there are currently around 15 billion Internet of Things (IoT) devices, connected to the Internet. IoT devices are defined as devices “that are connected to the internet and so can share data or otherwise communicate with each other and with users.“ [7] In the consumer space, these “things” are most commonly smart phones, laptops, wearable devices like smart watches and connected medical devices, smart home devices, and connected vehicles. It is projected that there will be 41 billion Internet of Things devices connected to the Internet by 2027, and in 2019 there were only 8 billion devices connected. [6] As you can see, the Internet of Things is growing at an exponential rate, and it’s showing no signs of slowing down. As more everyday items in our lives become connected to the Internet from our refrigerators to our watches to our light switches, every device you connect becomes a potential access point for a hacker, malicious actor. This increases your chances of becoming a victim of a cyber attack if you don’t consider the risks of these devices and take steps to minimize them.

According to a study done by Pew Research in 2019, 81% of Americans admit to going online daily. This includes the 28% of people who reported that they are online “almost constantly” and the 45% that claims to log on several times a day. 8% of the population only gets connected a few times per week or less. Only 10% of American adults reported that they did not use the internet at all. [5] Looking at these statistics, you’re likely someone who goes online everyday. Just like I am. I would probably put myself into the “almost constantly” online category.

However, that level of connection and near-constant use of the Internet and Internet-connected devices comes with risks.

“Cyber attacks are occurring every single day, targeting anybody from somebody who has $5 in their bank account to up to 50 million,” said Dr. Eric Cole, Former Chief Technology Officer at McAfee, Former Chief Scientist at Lockheed Martin, and Member of the Commission on Cybersecurity under Obama.

Regardless of who you are, what your income level is, or what type of job you have, you could be the target of a cyber attack. This is why it is important for every individual who uses the Internet to learn how to use it responsibly and take personal control of their cybersecurity.

When I became aware that how often I am online increases my risk of being a victim of a cyber attack, I changed my online behavior and adopted healthier cyber habits. I realized that increased exposure = increased risk. Fortunately, I also learned you don’t have to trade the enjoyment of being connected for enhanced cyber security.

The consequences of not having any personal knowledge of cybersecurity are wide-ranging and plentiful. They can range from malware attacking and destroying your device to your social media account getting hijacked to being spied on or tracked by strangers. The consequences can also be very costly.

In 2019, The FBI’s Internet Crime Control Center (IC3) reported that for that year cyber crimes accounted for $3.5 billion in victim losses. The IC3 received over 1200 complaints concerning cyber crimes or a suspected cyber crime per day. [4] Not all victims of cyber attacks report their situation to the IC3, so the figures are an underestimation of the true impact of these crimes.

Everyone thinks and believes that cyber attacks only effect companies, and, therefore, individuals don’t really need to think about cybersecurity. People believe that everyday people don’t need to have any knowledge on technology or cybersecurity. Individuals have developed apathy toward their private online data and they truly don’t care what happens with their online privacy.

However, I have come to believe something else. Cyber attacks can, and very likely will, affect you. Anyone can be a victim of a cyber attack, it’s just a matter of the impact and the timing. This is why everyone can benefit from having knowledge of technology and cybersecurity in their daily lives. I learned this lesson first-hand during my junior year of college.

Now It’s Personal

In November of 2019, I was sitting at my desk at my student job as a Technical Support Assistant at the University of Alabama. I was chatting with one of my co-workers when I got a slew of text messages that stopped me in my tracks,
As a result of a card transaction your available balance is -$255.17.
Then, As a result of a card transaction your available balance is -$455.17.
Then a moment later, As a result of a card transaction your available balance is -$655.17.
Someone had overdrafted my checking account by over $600 in a matter of minutes. I was in complete shock. At first I thought it must have been a mistake, but I when I tried to log into my online banking account, I was completely locked out.

“Oh my god,” I said. “Someone got my bank account info, and now my account is overdrafted $655.”

My coworker looked at me, stunned, “What are you gonna do?”

“I guess I have to go to the bank and hopefully they know I didn’t do this,” I said.

“Good luck, girl.”

I rushed out to my car, and I was able to text my bank back and get the information from the last transaction. I was able to Google the ATM that the money was withdrawn from and it was located in Baton Rouge, Louisiana. I was in Tuscaloosa, Alabama. I had no ties to Louisiana. My stomach sunk even further to the floor.

How could this be happening? I thought as I drove to my local bank.

When I arrived at the bank, I approached the bank teller, and I told her about the text messages I had received.

“You’re going to need to talk to her,” she said pointing to a lady in a suit, sitting at a desk behind me.

I looked back to see where she was pointing. I turned back and said, “Thank you.”

I walked over to the lady’s desk. I was so nervous and jittery. I explained to her what had happened, and she began to pull up my information using my account number and social security number.

“Is this your email?” she asked as she showed me her computer screen.

“No,” I said. It was clearly an email that was made just to break into my account. It was a random series of letters and numbers attached to a yahoo account.

We started exchanging small talk as she continued to look into the charges.

“I’m so embarrassed that this happened to me,” and I really felt at the time that I should’ve been immune to an attack because of my knowledge of cybersecurity. I knew what not to do, and still, I wasn’t doing the best job I could of securing myself.

As she was resetting my email and password, she said very cavalierly, “It’s the holidays. These types of things have been happening a lot lately.”

That’s very comforting, I thought sarcastically.

“Yes, it does look like they withdrew the money from an ATM in Baton Rouge. So we’re going to file a claim with our fraud department and your money should be back into your account in 2–4 weeks,” she said with a smile.

“Thank you so much for your help,” I said as I got up to walk out.

Thankfully, my story had a fairly happy ending. My money was returned to my account about 3 weeks after the hack, and since then I’ve improved my passwords and security questions on all of my accounts. However, if I wasn’t a college student and someone overdrafted my account, this story would have ended a lot differently. Many people live paycheck to paycheck. They cannot afford for someone to steal money from their account and then they have to wait 2–4 weeks for the money to be returned. Bills will still be due, food still has to be put on the table, but cyber criminals don’t care about you as an individual.

Cyber crimes are typically just traditional crimes carried out in a new venue. What happened to me is the cyber equivalent of someone stealing my wallet. We all learned at some point to keep your purse close to you, or not to walk with your wallet or money in your hand. Not practicing proper cybersecurity is the Internet equivalent of walking and waving hundred dollar bills around. If you’re not careful, eventually someone is going to take it.

As I sat in my bedroom reflecting on my day, I realized what had happened. I had unknowingly fulfilled the routine activities theory, which I learned in a prior cyber criminology class, and made myself a prime victim for a cyber-criminal. The routine activity theory (a crime opportunity theory), which means if these three things are fulfilled the criminal will more than likely take the opportunity. The three things are: a motivated offender, a suitable target, and the absence of a capable guardian. A motivated offender can be anyone who is willing to commit the crime. I was a suitable target because I had a bank account with money in it, that also allowed for overdrafts. A capable guardian is someone or something protecting what could be stolen, the thing of value. Holding your purse close to your body and making sure it’s zipped is providing a capable guardian. In this situation, a capable guardian would have been a strong password and a tricky set of security questions. Unfortunately, I lacked both at the time.

My Tipping Point

I remember the first day of class in Spring 2020. I had just signed up for this class days before the beginning of the semester, because someone dropped it and I was so excited that I was able to get a spot. It was the last elective that I needed to fulfill my Cyber Criminology minor, and it seemed to be on a pretty interesting topic. Legal and Ethical Issues in Computing. At one point in my life, I wanted to be a lawyer, and I guess my interest in policy and legal matters never really left me. Ethics also intrigued me, because I believe we have a responsibility to make sure that the technology is being created ethically and not being misused or abused.

I attempted to push up the stairs of Lloyd Hall, with my iced caramel latte in my hand, past the crowd of students that has formed between class times.
-buzz-
I looked down and my Apple Watch said, “CS340 Legal and Ethical Issues in Computing in 5 mins.”
“Excuse me,” I said with a sense of urgency to my voice. Showing up late on the first day of class is in poor taste.

My path slowly cleared, and I started to hurry up the second flight of stairs to the third floor. My pink backpack felt like a brick strapped to my back as I walked swiftly down the hallway until I finally reached the doorway. Room 386. I made it, and just in time. I sat down in one of the desks in front of the small classroom and plopped my backpack down beside me.

Unbeknownst to me, this class would change the way I would think about the real ethical issues plaguing the computing industry, and it triggered me to explore how many of those were linked to cybersecurity and privacy.

The class surrounded creating a final project that showcased your research around a niche technology subject and the related legal and ethical issues around that subject. I chose IoT devices as the subject for my project. It was a topic that I wanted to learn more about, and I thought what better time to do a deep dive into the topic than for a project worth 40% of my final grade.

As I began my research, I found many articles that confirmed my overall feelings about IoT devices. IoT devices offer users great functionality, accessibility, and sometimes even improve the user’s quality of life, however, they collect large amounts of data and user information which can lead to privacy and security concerns from improper security within the device, a breach, or the device maker selling the user’s information to a third-party. A 2019 survey by Consumers International and the Internet Society found that “75% of people distrusted the way data is being shared, 63% found data collection by connected devices “creepy” and 53% did not believe connected devices could effectively protect their privacy.“ [8] Yet, year after year IoT device ownership has grown exponentially. Why was that, if people didn’t trust these devices?

I began delving deeper into scholarly research about the privacy and ethical concerns with IoT devices, and I was intrigued by the information that I found.

If I asked you if you value your security and privacy, what would you say?

You would probably say, “Yes, of course, I do.”

What would you say to me, if I told you that you actually didn’t?

When asked if they would share their date of birth with a complete stranger, most people would answer, “No.” However, if given an incentive to share their date of birth like a coupon or exclusive access to a new app, they’d be more willing to provide their information.

This is referred to as the privacy paradox. A theory that demonstrates the “disjointedness between self-reported privacy concerns and actual privacy protecting behaviors.” [8] The privacy paradox is the reason that millions of people own smart devices that they don’t think are secure.

This is why everyone, needs to develop a sense of cyber curiosity. Living in the modern world is hard enough without having to worry about the safety of your personal information, but you can no longer make the choice to opt-out of understanding the fundamentals of technology and cybersecurity. If you use the devices, you have to know how to operate them safely for your own protection. This book will teach you how to better secure your personal data from attackers, how to assess the risks and benefits before you buy or install a new smart device or application, and straight-forward tips to tighten your cybersecurity.

In preparation for writing this book, I have curated research from scholarly sources, first-hand accounts of cybercrime victims, insider knowledge from my peers in the cybersecurity community, and primary interviews and exclusive insights from some of the brightest minds in the industry. Many of the people who I’ve chosen to interview for this book have been working in cybersecurity since before it was considered a “real” thing. They’ve previously lent their skillsets to companies like Forbes, Pinterest, Snapchat, and the White House.

References

  1. https://www.makechange.aspiration.com/articles/my-personal-info-ended-up-on-the-dark-web
  2. https://www.marketwatch.com/story/the-rise-of-identity-theft-one-mans-nightmare-2010-02-10
  3. https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/
  4. https://pdf.ic3.gov/2019_IC3Report.pdf
  5. https://www.pewresearch.org/fact-tank/2019/07/25/americans-going-online-almost-constantly/
  6. https://www.businessinsider.com/internet-of-things-report
  7. Dorau, Bethany Groff. 2019. “Internet of Things: Overview.” Points of View: Internet of Things, October, 1. https://search-ebscohost-com.libdata.lib.ua.edu/login.aspx?direct=true&db=pwh&AN=141181100&site=eds-live&scope=site.
  8. https://www.sciencedirect.com/science/article/pii/S0167404820301711?via%3Dihub
Cybersecurity
Technology
Books And Authors
Books
Publishing

--

--

Lakeidra Smith

Written by Lakeidra Smith

5 Followers

Lakeidra is a cybersecurity consultant, published author, and public speaker. I seek to use my voice to help people discover the human side of cybersecurity.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams