We thank our sponsor for making this content possible; it is not written by the editorial staff nor does it necessarily reflect its views.

Unless you've been living under a rock for the past few decades, you've probably heard a lot about internet security. That's because the modern thief doesn't need to break into your home to take your most valuable possession: information. That's why one of the most critical tools in yourelectronic tool kitis a way to protect yourself from would-becybercriminals. That's why a hard-hitting VPN should be on your shopping list.

The Clear VPN is a highly effective means ofsafeguarding your personal informationwhile using the internet that blends advanced security with an interface that's easy to navigate. This highly rated service is currently on sale with a One Year Premium Subscription available for only $30, marked down from $155.

With an average user rating of 4.7 out of 5, Clear VPN is seamless to set up and use, but its encryption is anything but. This toolutilizes AES 256-bit encryption, the same used by governments and militaries, to secure your connection. That makes it virtually uncrackable without the key. What sets Clear apart, however, is its simplicity. The interface is intuitively designed, it's widely compatible with multiple operating systems, and it automatically measures your network status to connect you to its fastest servers.

Customers seem to enjoy using it too! One verified user raves, "Fantastic convenient and easy-to-use VPN client for macOS!It's not a secret that VPN is not an easy-to-understand technology. Different keys, certificates, connections, and passwords make this technology difficult to use for an average person. But ClearVPN surprised me. The great, convenient, and easy-to-use product I like to use."

Not only is the Clear VPN a competitive and effective means of bolstering your internet, but the company behind it is deeply involved in the Ukrainian relief effort. Clear VPN currently offers its services for free to all Ukrainians.

Stop living in the Stone Age of internet surfing and start enjoying your web browsing with the confidence of the complete protection afforded by aClearVPN Premium Plan: 1-Year Subscription.

Prices subject to change.

Read more here:
Bolster your online security with one year's access to this hard-hitting VPN for $30 - Boing Boing

Cybersecurity experts have warned Australian TikTok users that the Chinese government could use the app to harvest personal information, from in-app messages with friends to precise device locations.

The warnings follow a report by Australian-US cybersecurity firm Internet 2.0, which found the most popular social media app of the year collects excessive amounts of information from its users.

Heres what you need to know about TikToks data harvesting, and how to keep your information safe.

TikToks data collection methods include the ability to collect user contact lists, access calendars, scan hard drives including external ones and geolocate devices on an hourly basis.

When the app is in use, it has significantly more permissions than it really needs, said Robert Potter, co-CEO of Internet 2.0 and one of the editors of the report.

It grants those permissions by default. When a user doesnt give it permission [TikTok] persistently asks.

If you tell Facebook you dont want to share something, it wont ask you again. TikTok is much more aggressive.

The report labelled the apps data collection practices overly intrusive and questioned their purpose.

The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting, it concluded.

Most of the concern in the report focuses on permissions sought on Android devices, because Apples iOS significantly limits what information an app can gather. It has a justification system so that if a developer wants access to something it must justify why this is required before it is granted.

We believe the justification system iOS implements systematically limits a culture of grab what you can in data harvesting, the report states.

TikTok is owned by the Chinese multinational internet company ByteDance, which is headquartered in Beijing. Founder Zhang Yiming sits at No. 28 on Bloombergs billionaires index.

ByteDance has denied a connection to the Chinese government in the past, and called the claim misinformation after various leaks suggested it censors material that does not align with Chinese foreign policy aims or mentions the countrys human rights record.

They are consistent in saying their app doesnt connect to China, isnt accessible to Chinese authorities and wouldnt cooperate with Chinese authorities, Potter said.

But he said Internet 2.0s research found Chinese authorities can actually access device data. By sending tracked bots to the app, Internet 2.0 consistently saw data geolocating back to China.

Potter has said it wasnt clear what data was being sent, just that the app was connecting to Chinese servers.

This month TikTok Australia admitted its staff in China were able to access Australian data.

Our security teams minimise the number of people who have access to data and limit it only to people who need that access in order to do their jobs, Brent Thomas, the companys Australian director of public policy, wrote in a letter. The letter was in response to questions from Senator James Paterson, the oppositions cyber security and foreign interference spokesperson. Thomas said Australian data had never been given to the Chinese government.

Under Chinas national security laws Chinese companies are, upon request from the government, required to share access to data they collect.

Youre in a different digital ecosystem when youre on a mainstream Chinese app, Potter said. And who you are may determine the level of risk you are taking.

At an individual level, the average user might not be at immediate risk, Potter said. But if youre involved in something more sensitive or discussing topics that are sensitive youve become very interesting to them very quickly.

A dissident in the Chinese diaspora community, or a critic of the Chinese government, might be extremely concerned about their personal cyber security on TikTok, Paterson said.

TikTok told a 2020 Senate committee on foreign interference on social media that any request for Australian user data would need to go through a mutual legal assistance treaty process.

Other governments also use their national security laws to gain access to user data from TikTok. TikTok publishes a half-yearly transparency report for data requests from governments.

China is not on the list of countries, but the list reveals Australian governments in the second half of 2021 made 51 requests for data related to 57 user accounts, with TikTok handing over data 41% of the time. The US made 1,306 requests for 1,003 accounts, with data handed over 86% of the time.

TikTok is now the most downloaded mobile entertainment app in Australia, with 7.38 million users over the age of 18.

If you decide to keep using TikTok, Potter suggests being specific and granular about the level of permissions shared with the app.

Set permissions manually via in-app settings and in the devices settings. Tom Kenyon, a director of Internet 2.0, also urged users to monitor those permissions regularly. In any update, they can change access to permissions. Its not set and forget.

Potter said users should continue to ignore requests for sharing information. He also urged young people to avoid using TikTok for general messaging.

If you want to share videos and look at cats, sure, go your hardest. If youre going to have a conversation with your friends about your sexual orientation, or human rights, Id be very wary.

Kenyon said young people just starting their careers should think beyond the short term.

He also urged senior public servants, public officials and members of parliament to delete TikTok and other social media. While the data already collected will not disappear from TikToks database, deleting the application will stop data collection into the future. If they are wanting to continue activity across platforms, Kenyon suggested a separate, dedicated phone.

Kenyon said that as it is an avenue for data to flow to China I absolutely think [TikTok] should be banned.

But Potter said he is very rarely in favour of bans.

I am in favour of better regulation.

Potter said Australia must be clear that we expect social media companies operating in Australia to respect our norms of privacy and freedom of speech.

They need to be clear about how they operate. And if caught lying consistently, we need to have some way of holding those companies to account.

The federal minister for home affairs and cyber security, Clare ONeil, said in a statement that the Australian government has this report and has been well aware of these issues for some years.

Australians need to be mindful that they are sharing a lot of detailed information about themselves with apps that arent properly protecting that information.

I hope it concerns Australians because it certainly concerns me.

Australian influencers have vowed to stay on the app despite concerns about Chinese data harvesting.

The Internet 2.0 report will be presented on Monday to a US Senate hearing on TikTok. With 142.2 million users in North America, the US is obviously the dominant market for this app.

I would expect TikTok will come under very hard questions about how the app operates, Potter said.

TikTok has rejected the Internet 2.0 report as baseless.

A TikTok spokesperson said: The TikTok app is not unique in the amount of information it collects ... We collect information that users choose to provide to us and information that helps the app function, operate securely, and improve the user experience.

The IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China. The researchers conclusions reveal fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims.

With Josh Taylor

Link:
TikTok has been accused of aggressive data harvesting. Is your information at risk? - The Guardian

Ever wondered how to tell if your laptop has been hacked? It might not be the most prominent question in your mind, so how about another... How many smart devices do you have in your home? The answer is probably quite a lot, and almost certainly at least one - after all, you're reading this article on one right now. But how many of those devices are susceptible to hacking, and are they safe to use?

We've been living in a technological age for quite some time, but ever since the pandemic our reliance on electronic devices has accelerated. As the internet plays a more vital role in our everyday lives, we're increasingly dependent on our computers and laptops as part of a smart home. But with increased dependence comes increased potential for hackers.

A recent report from Which? (opens in new tab) revealed that a home kitted out with smart devices, including popular tech items such as smart thermostats and video doorbells, could be exposed to more than 12,000 hacking or scanning attacks in a single week. While most of our devices are equipped with internet security or antivirus software to fend off attackers, some weaker devices are more susceptible to hackers from across the world.

But what is hacking, and how can it affect our devices? Put simply, hacking is the gaining of unauthorized access to any system or computer, and it can happen for a variety of reasons.

(Image credit: Noa and Nani Ludvig Office Desk Computer Table in Classic White and Natural Pine)

Computers are often hacked for data theft, allowing criminals to gain access to the user's passwords or bank details. In other instances hackers will use ransomware to lock a device or limit its use until a ransom is paid, or a device with a camera can be hacked for surveillance.

Computers can be an easy target for hackers, but in the PC vs laptop comparison, laptops are more at risk. As they're transported easily, we often use them to connect to public internet access, such as free airport Wi-Fi. These systems are often more insecure and therefore a simple way for hackers to monitor our devices.

We've asked the experts the key signs to look out for and what steps to take if you suspect your laptop has been hacked.

There's no single sign to look for when it comes to how to tell if your computer has been hacked. Sometimes, there's even no indication whatsoever. Yet, there are some telltale signs to look out for when using your laptop. This could be the sudden appearance of applications on your desktop that you haven't installed, or maybe your contacts receiving strange messages from you.

There are giveaway signs to be wary of when you're using the internet, too. Look for things like pop-ups in the corner of your screen or internet web pages not behaving as you would expect, says Darren Northfield, a cyber security professional at Aurora Tech Support (opens in new tab).

According to cybersecurity professional and author of Bullseye Breach: Anatomy of an Electronic Break-In (opens in new tab) Greg Scott, a slow computer could also be a sign of your device being hacked. 'One big sign to watch out for is your laptop behaving differently than earlier. Maybe it feels slower, maybe pop-ups show up, maybe your home page is different. Something will have happened to cause those changes.'

As mentioned, the signs of a hacked laptop aren't always clear, and sometimes there are simply none at all. When signs do show, they're often well disguised. Hackers are great at replicating websites or software that look legitimate for malicious purposes, so when we open these dodgy webpages or applications, we don't realise the threat they pose.

According to Greg, this means our mistakes often play a part in our computers being hacked. 'Open a malicious email attachment, visit an evil website, expose your unprotected device to the internet - all these things can lead to a successful compromise of your device.'

The worst outcome for most hacking victims is the loss of money. These hackers are criminals and most of them use their skills to steal our money in some way. Some victims have lost their whole life savings after hackers have gained access to their personal information.

But how does this happen? 'The most likely scenario is somebody will steal your passwords, bank, credit, and other account numbers - and then steal your identity,' explains Greg. 'Another possibility is ransomware where somebody scrambles all your files, including your 20,000 vacation pictures from last summer, and then offers a decryption key in return for a small payment.'

It's hackers' ability to access our online banking that poses the biggest threat to our finances, however. 'Some hackers wait until you are logged in to online banking to move your money away to a separate account controlled by them,' adds Darren from Aurora Tech Support.

If you suspect that your computer has been hacked, it's important to act fast and call a professional as soon as possible. The manufacturer is likely to have a team that can help you, or you can call another tech support company.

It goes without saying, you should stop using the device and especially avoid accessing any personal accounts or inputting passwords. This applies to all your important information stored outside your laptop, too. 'Use another device to change all your passwords, credit cards, and account numbers, and consider freezing your bank accounts,' says Greg.

While it's important to contact manufacturers and support services, be cautious of suspicious phone calls. As Darren explains, 'a phone call from someone claiming to be from your internet company or phone company who claim theres an issue on your line is a well known scam tactic by hackers'.

(Image credit: Jourdan Wee / Pexels)

You might think the easiest way to deal with a suspecting hacking is to shut down your computer. While appropriate security software, such as anti-malware tools, might make this possible, in most cases it's unfortunately not that simple.

'If hackers have made a connection but not yet managed to install software then yes, shutting down your computer will cut them off,' says Darren. 'However if a hacker has already managed to install remote access software, simply shutting down will not be enough.'

Even if you do manage to stop a attack that's in progress, it's likely it will only resume when you turn your laptop back on. If you suspect your laptop has been hacked, shut it down and don't restart it until you can hand it over to a professional.

If you're looking you're looking to buy a new laptop and want to know which is brand

Read more:
How to tell if your computer has been hacked, plus what to do if it happens to you - LivingEtc

Few people have been more instrumental in protecting Ukraines private and government data, along with the countrys ongoing connectivity, than Shchyhol, who is the head of the State Service of Special Communications and Information Protection, the Ukrainian equivalent of the U.S. Cybersecurity and Infrastructure Security Agency. Since the hours before the ground invasion in February, when cyberattacks struck government and banking websites across Ukraine, Shchyhol has been coordinating with the U.S. and EU from a secure location in Kyiv, responding to cyberattacks while sharing with international allies his insights into strategies used by Russian hackers.

Overall, Ukraine has been doing much better in the cyberwar than expected few thought the country could repel a ground invasion and consistent cyberattacks simultaneously. There were certain losses: Russian forces eventually took control of the power plant near Zaporizhzhia, along with large swaths of the countrys southeast while establishing a botnet computer server near Kharkiv to spam cell phones with malicious text messages. Separate operations severely damaged governmental data centers. But despite constant aerial and cyber bombardment by Russian forces, SSSCIP has ensured those attacks were largely unsuccessful; civilians have been able to access government services and support directly from their mobile devices and computers.

I spoke with Shchyhol about the challenges of a digital war of attrition, how partner countries like the U.S. are assisting in that fight and what he sees as the future of cyberwarfare. We spoke through an interpreter over Zoom on June 27, less than a week after the European Commission and EU leaders granted Ukraine candidate status, the first step toward formal membership within the bloc.

This interview has been condensed and edited for clarity.

Kenneth R. Rosen: Viasat communications services went down as Russian forces invaded Ukraine, hindering communication by Ukrainian forces. But one of those high-speed satellite broadband connections was in my own home in northern Italy. Some 50,000 other European residents on the morning of the invasion found their internet routers inoperable. Its one instance Ive used to illustrate to my colleagues and peers the long reach of cyberattacks in the Russo-Ukrainian conflict. Was that a wake-up call for your European intelligence-sharing partners and a way for you as well to explain the difficulties faced by Ukraine?

Yurii Shchyhol: For Ukrainians, the first cyber world war started on Jan. 14, 2022, when there were attacks launched at the websites owned by state authorities. Twenty websites were defaced, and more than 90 information systems belonging to those government authorities were damaged.

In the early morning that day, I started talking to our European partners as well as our U.S. partners, their respective lines, ministries and government institutions, like CISA, and we started receiving and are still receiving assistance from them on a daily basis.

Right before the full-fledged invasion, the cyberattack, like you said, happened against Viasat. Some routers were deleted, especially those that were targeted to provide telecom services to the military units. In Germany, 5,000 wind turbines were attacked, so we can safely claim that it was not just a cyberattack on the whole of Ukraine, but against the civilized world.

So yes, youre right. The world has been awakened and we can observe that countries are more willing to cooperate on those issues and the level of cooperation will only intensify.

But what we need are not further sanctions and further efforts to curb cyberattacks, we also need for global security companies to leave the market of the Russian Federation. Only then can we ensure the victory will be ours, especially in cyberspace.

Rosen: While some of those cyberattacks were against government and military installations, others frequently hit telecommunications services, internet providers, hospitals, first responders and humanitarian aid organizations. What are some of the challenges faced by Ukraine in protecting such a wide, vulnerable attack surface?

Shchyhol: For the first four months of this invasion roughly more than 90 percent of cyberattacks were carried out against civilian sites. Of course, we were preparing ourselves for this, and in the last 18 months most of our preparations in advance were to be able to withstand widespread attacks against multiple targets. We ensured uninterrupted exchange of information between all [government and civil organizations], sharing information regarding the criteria for compromising networks. We also worked on building up the technical capabilities of government institutions so they could quickly gather server data, make copies, and share those copies with us [ahead of a Russian attack].

In all those efforts we had very strong support from our private sector. Its worth mentioning that a lot of private sector IT cybersecurity experts are either directly serving in the Armed Forces of Ukraine or my State Service or otherwise are indirectly involved in fighting against cyberattacks, and those private sector assistants of ours are world class experts who used to work in leading global companies taking care of their cybersecurity.

Rosen: When I last spoke with your colleague Victor Zoha, in February, he described the UA30 Cyber Center training facility your special service developed for the private sector. How has that grown since and was that instrumental in training the IT experts?

Shchyhol: This training center of ours launched into operation more than one year ago and over that period of time we conducted more than 100 training sessions for civilian contractors, private sector, military operators, all focused on cybersecurity. We conducted a number of hackathons and competitions. Even though we conducted a few training sessions after the beginning of the renewed conflict, the location of the training center is not safe. So were not using it that much right now.

This center was aimed to deepen the knowledge-sharing between the private sector and the government, those tasked with overseeing information protection across various government bodies and institutions. Its a hub that fosters the knowledge of the private sector. We treat it as a competence center that allows all the industries and sectors involved to grow by helping each other.

Rosen: Were referring to the efforts of private citizens, in part, when we talk about the private sector. Perhaps for the first time ever, hundreds of private citizens from across Ukraine and the world have volunteered to prevent, counteract and launch their own attacks in cyberspace in defense of Ukraine. The unifying force in defense of one country, which as far as campaigns go, continues to be rather unique. What has been the impact of the so-called civilian IT Army on Ukraines ability to defend against cyberattacks?

Shchyhol: This is the first time in the history of Ukraine, for sure, probably in the world, when the private sector, the cyberprofessionals, are not only doing what they can professionally defending the cyberspace of their country but they are also willing to defend it by any means. What youre referring to is an army currently comprised of more than 270,000 volunteers who are self-coordinating their efforts and who can decide, plan and execute any strikes on the Russian cyber infrastructure without even Ukraine getting involved in any shape or form. They do it on their own.

Other cybersecurity experts, under the guidance of my State Service, have been helpful in providing consultations to government institutions as to how to properly arrange the cybersecurity efforts, especially in the energy sector and critical infrastructure sites. Thats probably the reason none of the cyberattacks that were carried out in the past four months of this invasion has allowed the enemy to destroy any databases or cause any private data leakage.

Rosen: What are some of the lessons, over these last four months, of these ongoing attacks, that perhaps werent known or anticipated before February?

Shchyhol: In terms of their technical capabilities, so far the attackers have been using modified viruses and software that weve been exposed to before, like the Indestroyer2 virus, when they targeted and damaged our energy station here. Its nothing more than a modification of the virus they developed back in 2017. We all have to be aware that those enemy hackers are very well-sponsored and have access to unlimited finances, especially when they want to take something off the shelf and modify it and update it.

Rosen: At the beginning of our conversation you said that international technology companies should withdraw from the Russian Federation and youve written that the world should restrict Russias access to modern technologies. Such an effort to restrict their access, youve written, should be viewed as an international security priority. What technology specifically? Hardware, like servers and data processing computers? Or software, like those sold by western countries for law enforcement and data manipulation? Telecommunications?

Shchyhol: Any equipment that allows their software to be installed on servers, by way of restricting the use of those services globally so they wouldnt have access to them.

Were also urging the international organizations such as the ITU (International Telecommunication Union) that Russia should no longer be its member. Why? Because they otherwise can get access to innovations, research results by virtue of attending conferences, common meetings. So we are very much strongly in favor of getting Russia out of those organizations, especially those watchdogs that oversee the telecommunications industry of the world. They should not be able to participate in any events and get any IT information.

Rosen: Noting that you already work closely with NATOs cybersecurity command, and the international community, what does this further restriction, cooperation and a more efficient cyber-umbrella look like?

Shchyhol: The cyber-umbrella is something that should be placed over the whole world, not just Ukraine. It should be like an impenetrable wall. Russia would not gain access to any modern IT developments, not have access to innovations or new designs coming from the U.S., U.K. and Japan.

This is something that would pummel Russias ability to develop for themselves. Of course, they could design their own software, but without access to modern IT developments and without the ability to install it on any modern hardware those efforts would soon become obsolete.

We also have dire need for more competency and skills and knowledge; we dont have enough qualified staff. In order to raise more qualified personnel, we need to ensure the expedient exchange of information and coordination between professional and government institutions. That should be the global project for the next five to 10 years. Today the enemy can attack Ukraine, tomorrow the United States, or any other country helping to defend our land. Cyberspace is a unified space for everyone, not divided by borders. Thats why we need to learn to operate there together, especially in recognition of this attack on the civilized world perpetrated by Russia.

Rosen: How have U.S. Cyber Command and the National Security Agency operations been able to assist Ukraine with those aims in mind?

Shchyhol: Its an ongoing, continuous war, including the war in cyberspace. Thats why I wont share any details with you, but let me tell you that we do enjoy continuous cooperation. There is a constant synergy with them, both in terms of providing us with the assistance that we need to ensure proper protection and safety of our websites and our cyberspace, especially of government institutions and military-related installations, but also they help us with their experts, some of whom are on-site here in Ukraine and are providing on-going consultations.

Like in further supply of heavy weapons and other forms of weaponry, the same is true for cybersecurity. We expect that level of assistance, of those supplies, will only increase because only in this manner can we together ensure our joint victory against our common enemy.

Rosen: Weve talked a great deal about the hidden cyberwarfare, of a war without borders, but what digital communications devices, or physical gear and assets, sent by the U.S. in aid packages have been helpful and why?

Shchyhol: The most helpful so far was the SpaceX technology, the Starlinks, weve been sent. So far weve received more than 10,000 terminals. What those have helped us with was a relaunch of destroyed infrastructure in those communities were liberating, providing backup copying services to regional and local governments whose digital services [like healthcare cards, tax and travel documents, vehicle and home registrations] are accessed by Ukrainian civilians. It has also aided the repair of critical infrastructure sites.

Second to this have been the servers and mobile data centers. Those have allowed us in a very short time span to arrange backup copies of our government institutions, agencies, state registries, and locate them in safe regions, or at least locations that the enemy couldnt easily access. Its allowed for the continuous operation of our government.

And, the third I wouldnt say its the last as we dont have time for the exhaustive list are software and technologies that weve received access to now [that were too expensive before the invasion]. After the invasion, industry leaders started providing software free of charge or allowing us full access like Amazon, which provided Ukraine with a private cloud, allowing us to administer data from the state registries.

It goes without saying that were not only consuming someone elses services especially when they come free of charge. Even now, when the war is still raging, were taking care of our cybersecurity by investing more funds into procuring what we need. Last week, the government allocated additional funds from the national budget to finalize the preparation of a national backup center. Were ready to buy if its exactly what we need.

Rosen: Most of those vendors are Western-based companies. In April, the U.S., U.K., Canada, Australia and New Zealand, part of the Five Eyes intelligence sharing cooperative, said that Russia was planning a largescale cyberattack against those countries supporting Ukraine. Back then there was no shortage of protracted fears in the security industry that a global cyberwar could trigger Article 5 of NATO. But that constant threat to Western nations seems to have been downgraded in the news cycle along with coverage of the war.

Shchyhol: Russia is already attacking the whole world. Those cyberattacks will continue regardless of whats happening on land. Ukraine can win this war with conventional weapons, but the war in cyberspace will not be over. Ukraine is not capable of destroying Russia as a country, its more likely to destroy itself.

Thats why we all have to be ready for the following scenario to unfold: Those western countries and companies that are supporting the Ukrainian fight against Russia will be and are already under the constant threat of cyberattacks. This cyberwar will continue even after the conventional war stops.

The fact that in the last two months there was a relative lull in the number and quality of cyberattacks of our enemy, both against Ukraine and the rest of the world, only follows the usual Russian tactics, which are that they are accumulating efforts and resources, readying themselves for a new attack which will be coming. It will be widespread, probably global. Right now our task here is not to miss it, to stay awake and aware to that threat.

Here is the original post:
The Man at the Center of the New Cyber World War - POLITICO