Cyber Curiosity: Introduction (Revised)

Your name, social security number, address, date of birth, driver’s license number. Vital pieces of information that create your identity. Combined they make you who you are to others. You need them to identify yourself when you go to work or school, apply for credit cards and bank accounts, or get a passport or ID. They’re essentially your keys to the world.

Without them who would you be? How would you prove you are to the world?

Dave Crouse was forced to face that reality. [1]

“I have no identity,” said fifty-six-year-old Crouse in an interview with MarketWatch. “I have no legacy. My identity is public knowledge and even though it’s ruined, they’re still using it.” [2]

In six short months, the criminals had slowly but surely charged over $900,000 to his debit card. He fought tirelessly against the attacks and attempted to salvage his finances, but ultimately those attempts cost him almost $100,000. He drained his savings and retirement accounts in the process. Even his once stellar credit score, formally a 780, has plummeted. [3]

Crouse was a favorable target for a cyber-criminal. He was a frequent online shopper, and he did the majority of his banking online. He would frequently use his debit card during his shopping sprees without using any additional protection measures such as PayPal. One of his favorite pastimes was downloading songs from file sharing websites, that are notoriously riddled with malware. [4]

The first suspicious activity in his account occurred in February of 2009, but Dave dismissed the charges since they were for small amounts of $37 and $17.98. [5]

He was financially secure, and at the time, he had a job in the construction-industry making $180,000 a year. The account that he did most of his spending out of typically had around $30,000 in it at any given time. [6]

In March, he was laid off from his job. His former $2,300 a week income shrunk to $780 biweekly unemployment checks. [2]

Unfortunately for Crouse things really took a turn for the worse in August, “All of a sudden it really got bad,” he recounts. “In August the charges hit big time — $600, $500, $100, $200 — all adding up from $2,800 to $3,200 in one day.” [7]

Once he discovered the fraudulent charges, he immediately contacted his bank and began the long process of filling out affidavits, forms swearing he was not responsible for the charges on his account. He says he filled out about 20 affidavits, and one day he filled one out concerning a charge and the following day the bank accepted similar charges nearing $4,000. [8]

“At that point I was going to the bank every day and looking at everything,” he said. [9]

Even after he closed his debit account, his other accounts were still getting drained daily. Crouse then decided to go to a new bank and open a new account, hopeful that his information was safe there. The next day both accounts, the new and old one, were fraudulently charged for $1,100. [10]

Crouse felt defeated. [11]

His new bank explained to him that he was very likely a victim of a cybercrime. It was possible that a keystroke malware had been installed on his computer without his knowledge while he was visiting one of the file-sharing sites he frequented. If this was the case, his computer was now infected and the hacker was tracking every key he struck and that’s how he picked up all of his personal information. [12]

Malicious software, or malware, such as keystroke malware is often not a targeted attack. When this type of malware is created, it is created to produce as much impact or financial gain as possible with as little effort as possible. It is sent to as many people as possible so that it is given a greater chance of giving the attacker a return on his investment.

It’s also possible that Crouse’s information was being sold on the dark web. He reported that people in multiple locations in Florida, Brooklyn. NY., and North Carolina were using his identity to make purchases. [13]

It’s common for cybercriminals to sell personal information on the dark web for as little a $1 for a social security number. Prospective criminals can also buy what’s known as a ‘“Fullz,” a full package of someone’s personal information (including the victim’s full name, social security number, birth date, account numbers, and other sensitive information) for about $30. [14]

“It was nasty,” he said, admitting that he even contemplated suicide. “I just couldn’t take it. I didn’t feel like a man anymore. I was violated and I didn’t know what to do.” [15]

His identity — Social Security number, address, phone numbers, name, even his old information — is still being used in attempts to open new credit cards and bank accounts. [16]

You might believe that Crouse’s case is an outlier, but, unfortunately, you would be mistaken. His case is much more common than you may think.

The Internet Crime Control Center (IC3) — the FBI’s department for cybercrime reports and investigations — reported that in 2019 alone there were 68,649 victims of personal data breaches, identity theft, and credit card fraud, and they lost a total of $391,899,453. [17]

Perhaps you believe that you have no reason to be concerned about your personal cybersecurity, because you believe that there is nothing that you can do to protect yourself or that it is the responsibility of corporations to worry about cybersecurity. Yet, I spoke to some experts who believe that we can all become more responsible cyber citizens.

This book explores some techniques that can help you secure your identity as you navigate through the modern world. No one can reduce their risk of being a victim of a cybercrime to zero, but you can be one step ahead.

The Power of Connection

Our world is becoming more interconnected by the minute, and this is a good thing in many ways. We use our devices and the applications they host to connect with the people that we care about.

Our phones and computers have become a gateway for connecting with amazing people and learning wonderful, new things. The Internet and the devices that we have been able to create and connect to it have improved our lives in many ways.

Today, most of us would not be able to imagine our world without the joys of our smartphone, social media, and definitely not without the Internet.

In 2020, there are currently around 15 billion Internet of Things (IoT) devices, connected to the Internet. IoT devices are defined as devices “that are connected to the internet and so can share data or otherwise communicate with each other and with users.“ [18]

In the consumer space, these “things” are most commonly smartphones, laptops, wearable devices like smartwatches and connected medical devices, smart home devices, and connected vehicles.

It is projected that there will be 41 billion IoT devices connected to the Internet by 2027, and in 2019 there were only 8 billion devices connected. [19] As you can see, the Internet of Things is growing at an exponential rate, and it’s showing no signs of slowing down.

As more everyday items in our lives become connected to the Internet from our refrigerators to our watches to our light switches, every device you connect becomes a potential access point for a hacker, or a malicious actor. This increases your chances of becoming a victim of a cyber attack if you don’t consider the risks of these devices and take steps to minimize them.

According to a study done by Pew Research in 2019, 81% of Americans admit to going online daily. This includes the 28% of people who reported that they are online “almost constantly” and the 45% that claims to log on several times a day. 8% of the population only gets connected a few times per week or less. Only 10% of American adults reported that they did not use the internet at all. [20]

Looking at these statistics, you’re likely someone who goes online every day. Just like I am. I would actually put myself into the “almost constantly” online category.

However, that level of connection and near-constant use of the Internet and Internet-connected devices comes at a cost.

“Cyber attacks are occurring every single day, targeting anybody from somebody who has $5 in their bank account to up to 50 million,” said Dr. Eric Cole, Former Chief Technology Officer at McAfee, Former Chief Scientist at Lockheed Martin, and Member of the Commission on Cybersecurity under Obama, in an interview with me.

Regardless of who you are, what your income level is, or what type of job you have, you could be the target of a cyber attack. This is why it is important for every individual who uses the Internet to learn how to use it responsibly and take personal control of their cybersecurity.

Many people think and believe that cyberattacks only affect companies, and, therefore, individuals don’t really need to think about cybersecurity.

It’s also a common belief that everyday people don’t need to have any knowledge of technology or cybersecurity. Many individuals have developed apathy toward their private online data and they truly don’t care what happens with their cybersecurity.

When I became aware that my online activity increases my risk of being a victim of a cyber attack, I changed my online behavior and adopted healthier cyber habits. I realized that increased exposure = increased risk.

However, I have come to believe something else.

Cyber attacks can, and very likely will affect you. Anyone can be a victim of a cyberattack, it’s just a matter of the impact and the timing, which is why everyone can benefit from having knowledge of technology and cybersecurity in their daily lives. I learned this lesson first-hand during my junior year of college.

In 2019, IC3 reported that cybercrimes accounted for $3.5 billion in victim losses. The IC3 received over 1200 complaints concerning cybercrimes or a suspected cybercrime per day. [21] Not all victims of cyber attacks report their situation to the IC3, so the figures are an underestimation of the true impact of these crimes.

Fortunately, I also learned you don’t have to trade the enjoyment of being connected for enhanced cybersecurity.

Discover Your Curiosity

Living in the modern world is hard enough without having to worry about the safety of your personal information, but you can no longer make the choice to opt-out of understanding the fundamentals of technology and cybersecurity. This is why everyone needs to develop a sense of cyber curiosity.

If you use the devices, you have to know how to operate them safely for your own protection. This book will teach you how to better secure your personal data from attackers, how to assess the risks and benefits before you buy or install a new smart device or application, and straight-forward tips to tighten your cybersecurity.

In preparation for writing this book, I have curated research from scholarly sources, first-hand accounts of cybercrime victims, insider knowledge from my peers in the cybersecurity community, and primary interviews and exclusive insights from some of the brightest minds in the industry. Many of the people who I’ve chosen to interview for this book have been working in cybersecurity since before it was considered a “real” thing. They’ve previously lent their skillsets to organizations like Pinterest, IBM, McAfee, and the White House.

My hope is that you will have a better understanding of cybersecurity as a multi-disciplinary subject and understand why considering it a problem for the IT department is an off-base assumption.

Don’t wait until you’ve become a victim of a cyber attack to make a change to your habits, as it maybe too late. Anticipate risks and take the measures needed to protect yourself and your family.

Topics this Book will Explore include:

• Cyber Crime
• Safe Browsing
• The Dark Web
• Malware
• Cyber Privacy
• Identity Management
• The Privacy Paradox
• Ethics in Technology
• The Growth of Cyberspace
• Hyperconnectivity
• The Importance of Personal Cybersecurity
• Effective Cybersecurity in Business

My intention is for this to be a guidebook for those wanting to protect themselves and their families as they navigate cyberspace in their daily lives. This is why Part 3 is dedicated to tips and broken into age groups (Children & Teens, Adults, and Seniors). I will also explore and explain how psychology, human behavior, ethics, and privacy play a large role in the study of cybersecurity.

Footnotes

1. Jennifer Waters and MarketWatch, “Identity Fraud Nightmare: One Man’s Story,” MarketWatch, last modified February 10, 2010.
2. Ibid.
3. Ibid.
4. Ibid.
5. Ibid.
6. Ibid.
7. Ibid.
8. Ibid.
9. Ibid.
10. Ibid.
11. Ibid.
12. Ibid.
13. Ibid.
14. Brian Stack, “Here’s How Much Your Personal Information Is Selling for on the Dark Web,” Experian (blog), Experian, December 6, 2017.
15. Jennifer Waters and MarketWatch, “Identity Fraud Nightmare: One Man’s Story,” MarketWatch, last modified February 10, 2010.
16. Ibid.
17. U.S. Federal Bureau of Investigation, Internet Crime Complaint Center, 2019 Internet Crime Report (Washington, D.C., 2019).
18. Bethany Groff Dorau, “Internet of Things: Overview,” Points of View: Internet of Things 1, no. 1 (October 2019): 1–3.
19. Peter Newman, “The Internet of Things 2020: Here’s What over 400 Iot Decision-Makers Say about the Future of Enterprise Connectivity and How Iot Companies Can Use It to Grow Revenue,” Insider Inc., last modified Mar 6, 2020.
20. Andrew Perrin and Madhu Kumar, “About Three-in-Ten U.S. Adults Say They Are ‘Almost Constantly’ Online,” Pew Research Center, last modified July 25, 2019.
21. U.S. Federal Bureau of Investigation, Internet Crime Complaint Center, 2019 Internet Crime Report (Washington, D.C., 2019).