As part of National Cyber Security Awareness Month, the FBI is providing weekly cyber tips. Cyber tip #2 discusses the security risks posed by Internet of Things (IoT) devices—such as thermostats, ...
Cyber Tip: Be Vigilant with Your Internet of Things (IoT) Devices
National Cyber Security Awareness Month
These days, more and more individuals and businesses are using web-connected devices that make life a little easier and also enhance company efficiency. But these so-called Internet of Things (IoT) devices—just like computers and smartphones—pose security risks to consumers by cyber criminals who are constantly looking for vulnerabilities to exploit for their own gain.
What are some examples of these IoT devices? They range from thermostats, front door locks, garage door openers, webcams, and coffee makers to security systems, medical devices like heart monitors, smart TVs and refrigerators, automatic devices that control lighting, office equipment like printers, fuel monitoring systems, even baby monitors.
What’s the danger from a cyber criminal who gains access to your thermostat or coffee maker? Maybe uncomfortable temperatures or cold coffee, but more importantly, once cyber criminals find a way into your home or business through cyberspace, they can move laterally and compromise your network devices, including routers, laptops, phones, tablets, and hard drives to steal your personally identifiable information, identify bank account logins and credit card numbers, send malicious and spam e-mails, abscond with proprietary business information, interfere with business transactions, engage in digital eavesdropping, etc.
Obviously, there are IoT devices that, if accessed, could result in physical safety threats—unlocked front doors, compromised medical devices, and disabled security systems are just a few examples. But these, like any device connected to the Internet, can serve as jumping off points for hackers and other cyber criminals to get at your most sensitive files and information.
So how can consumers minimize these risks?
- Understand your IoT devices. Many come with default passwords or open Wi-Fi connections, so change to a strong password and only allow the device to operate on a network with a secured Wi-Fi router.
- Protect your Wi-Fi networks—set up firewalls and use strong, complex passwords, and consider using media access control address filtering to limit the devices able to access your network.
- Many routers give you the option to set up more than one network—if yours does, separate your computing devices from your IoT devices and spread them throughout several different networks. That way, if cyber criminals break into one network, the damage they do will only be limited to the devices on that one network.
- Disable the Universal Plug and Play protocol (UPnP) on your router—UPnP can be exploited to access many IoT devices.
- Purchase IoT devices from manufacturers with a track record of providing secure devices, and set your devices for automatic updates when available.
Operation Cross Country, a nationwide law enforcement action that took place last week and focused on underage victims of prostitution, has concluded with the recovery of 149 sexually exploited ...
Operation Cross Country
|Raw video footage from Operation Cross Country actions in Alexandria, Virginia and Jackson, Mississippi. Operation Cross Country is a week-long, FBI-led enforcement action to address commercial child sex trafficking throughout the United States.
Transcript | Download | Story
Operation Cross Country, a nationwide law enforcement action that took place last week and focused on underage victims of prostitution, has concluded with the recovery of 149 sexually exploited children and the arrests of more than 150 pimps and other individuals.
The FBI, in partnership with local, state, and federal law enforcement agencies and the National Center for Missing & Exploited Children, conducted the annual action—the ninth and largest such enforcement to date—as part of the Bureau’s Innocence Lost National Initiative.
A woman who posed as a hospice nurse and treated more than 200 patients is serving time in prison.
Identity Theft: Fake Hospice Nurse Sentenced
Imagine the emotional difficulty of arranging in-home hospice care for a terminally ill family member. Now imagine learning after the fact that your loved one had been cared for not by a nurse but by a medical imposter.
That is exactly what happened in more than 200 cases in the Dallas/Fort Worth area over nearly a three-year period when a woman who had stolen the identity of a registered nurse used those credentials to gain employment with multiple hospice companies.
In his statement for the record before the Senate’s Committee on Homeland Security and Governmental Affairs today, FBI Director James Comey discussed the current threats to the homeland and the FBI’s ...
Director Briefs Senate Committee on Current Threats to the Homeland
|FBI Director James Comey briefs members of the Senate Committee on Homeland Security and Governmental Affairs on current threats to the homeland on October 8, 2015.
Director James Comey told a congressional committee today that while counterterrorism remains the FBI’s top priority, the threat itself has changed in two significant ways. First, the “progeny of al Qaeda”—including ISIL, AQAP, and al Qaeda in the Islamic Maghreb—have become our focus. And second, we’re dealing with an explosion of terrorist propaganda and training on the Internet, in particular social media, so it’s no longer necessary to get a terrorist operative into the U.S. to recruit.
In his statement for the record before the Senate’s Committee on Homeland Security and Governmental Affairs, Comey said that the Bureau continues to identify individuals who want to join the ranks of foreign fighters in support of ISIL and homegrown violent extremists who may aspire to attack the United States from within, and he highlighted several case examples. He also discussed the “Going Dark” issue, which involves the impact of emerging technologies on the FBI’s ability to fulfill its public safety and national security missions. Comey said that the government continues discussions with private companies to ensure they understand the risks that result from malicious actors’ use of their encrypted products and services.
In talking about the cyber threat—from state-sponsored hackers, hackers for hire, organized crime syndicates, and terrorists—Comey said that an element of virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated. And he specifically highlighted an increase in the scale and scope of reporting on malicious cyber activity measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. To counter the cyber threat, Comey said that Bureau agents, analysts, and computer scientists use technical capabilities and traditional investigative techniques. They also work cooperatively with local, state, federal, and international partners and with the private sector.
An insurance broker who pocketed the premiums paid to him by more than 800 commercial trucking companies in nearly a dozen states is serving time in prison for his fraud scheme.
Insurance Broker Sentenced for Fraud
More than 800 commercial trucking companies in nearly a dozen states paid Atlanta-area insurance broker John Paul Kill approximately $3.7 million in premiums from 2013 to mid-2014 to purchase insurance that protected their livelihoods: their cargo and the trailers that carried it.
There was only one problem—for the most part, Kill didn’t purchase the insurance requested by his customers. Investigators with Georgia’s Insurance Commissioner’s Office discovered that Kill pocketed the premiums for his personal use.
Once Georgia officials realized the extent of Kill’s activities—millions of dollars in stolen premiums from customers in multiple jurisdictions—the office requested the assistance of the FBI. And as a result of the ensuing joint investigation, Kill pled guilty in federal court earlier this year to the nationwide cargo insurance scam. This past August, he was sentenced to four years in a federal prison and was also ordered to pay $1.23 million in restitution to his victims.
As part of National Cyber Security Awareness Month, the FBI will be providing weekly cyber tips. First up: How to protect yourself with two-factor authentication, a technology that increases security ...
Cyber Tip: Protect Yourself with Two-Factor Authentication
National Cyber Security Awareness Month
In many cases, an online password is all that separates the average person from financial or reputational harm—passwords are the way that people log into their online lives: e-mail, banking, social media accounts, cloud storage, and so much more. And often times, in an effort to better remember passwords, users often minimize their size and complexity, use the same passwords for different online accounts, and don’t change them very frequently, if at all.
Unfortunately, cyber criminals—sometimes using the least sophisticated means necessary (i.e., password guessing, defeating security questions, social engineering, and technical devices such as keyloggers)—obtain passwords more often than you think. Which is why it’s important to add another level of protection between the cyber criminal and you.
Two-factor authentication, or TFA, adds that second level of protection. TFA is a technology that increases security by incorporating requirements beyond something you know (your password). Along with something you know, TFA can also include something you have (a dynamic token or PIN), something you are (a particular biometric), or somewhere you are (your location at the time of authentication).
And the best thing is, TFA is usually offered as a free service for most home Internet users by many e-mail service providers, social media platforms, cloud based storage solutions, and even banking and finance sites (although sometimes you might have to search a little for it or contact the company to ask if it provides two-factor authentication). Most sites that employ TFA require a strong password and supply a PIN that changes at a set interval—users can receive those PINs very easily through text messages or mobile applications.
However, using TFA does not mean you don’t have to take extra care with your password: make it unique to your life but something not easily guessed, use a different one for each online account, write it down and store in a safe place away from your computer, and change it several times a year.
Many large businesses have already recognized the benefits of deploying TFA to their workforce and in doing so have dramatically reduced the risk of credential theft and the subsequent loss of sensitive or proprietary data. Smaller and medium-sized businesses are encouraged to do the same.
Observed each October, National Cyber Security Awareness Month is the perfect time of year for individuals, businesses, and other organizations to reflect on the universe of cyber threats and to do ...
National Cyber Security Awareness Month
Observed each October, National Cyber Security Awareness Month is the perfect time of year for individuals, businesses, and other organizations to reflect on the universe of cyber threats and to do their part to protect their networks, their devices, and their data from those threats.
The FBI—working in conjunction with its many partners at the local, state, federal, and international levels, as well as with industry—takes its own role in cyber security very seriously. That role involves operational efforts—including investigating and disrupting cyber-related national security threats and cyber crimes and collecting, analyzing, and disseminating cyber threat intelligence. It also involves outreach efforts to industry.
The Bureau will continue to work jointly with our national security and law enforcement partners to address threats to the nation’s cyber security from nation-states, terrorist organizations, transnational criminal enterprises, and child predators. But government can’t do it alone—assistance and vigilance from the public is vital.
Stay tuned to this website during the month of October—we’ll be providing you with tips that will help keep your families and your businesses safe from cyber criminals.
Today, the FBI is releasing the 2014 edition of its annual report Crime in the United States, a statistical compilation of offense, arrest, and police employee data reported voluntarily by law ...
Latest Crime Stats Released
Today, the FBI is releasing the 2014 edition of its annual report Crime in the United States, a statistical compilation of offense, arrest, and police employee data reported voluntarily by law enforcement agencies that participate in the Bureau’s Uniform Crime Reporting (UCR) Program. This latest report reveals that the estimated number of violent crimes reported by law enforcement to UCR’s Summary Reporting System during 2014 decreased 0.2 percent when compared with 2013 data. And the estimated number of property crimes decreased 4.3 percent from 2013 levels.
What’s new this year? For one, the 2014 publication includes the inaugural Federal Crime Data report, which contains traditional UCR data from a handful of federal agencies, as well as FBI arrest data on human trafficking, hate crimes, and criminal computer intrusions.
Also included for the first time in Crime in the United States is UCR’s second report of human trafficking data submitted by state and local law enforcement.
It is expected that law enforcement participation in data collection for both reports will expand over time, which will help provide a more complete picture of those crimes.
A luxury car salesman who used a website to advertise below-market prices on a variety of expensive vehicles not only didn’t deliver the cars ordered by many of his customers, he also kept much of ...
Con Man Sentenced in Fraud Case
|Law enforcement seized this 2008 Mercedes-Benz from Memphis luxury car salesman Michael Brown during the investigation into allegations that Brown was defrauding customers who ordered luxury cars through his company’s website.
It’s a cautionary consumer tale that’s been around forever: In an attempt to get a deal on something that sounds too good to be true, the customer gets the shaft instead.
That’s just what happened in the case of a luxury car salesman in Tennessee who used a website to advertise below-market prices on a variety of expensive vehicles. Not only did he not deliver the vehicles ordered by many of his customers, he also kept all or part of the fees they paid him in advance.
The perpetrator’s scam, however, eventually caught up with him—as did law enforcement—and this summer, Memphis resident Michael Brown was sentenced to more than six years in federal prison after pleading guilty to mail and wire fraud.
Pope Francis’ first visit to the United States presents special security challenges. But federal agencies—working closely with state and local law enforcement—have a well-rehearsed template to follow ...
Preparing for the Pope
|A banner in Washington, D.C. welcomes Pope Francis. The FBI is part of the highly orchestrated security effort surrounding the pope’s six-day visit to D.C., New York City, and Philadelphia.
Pope Francis’ six-day visit to three major metropolitan areas during his first trip to the United States—which begins September 22—presents special security challenges. But the FBI and other federal agencies—working closely with state and local law enforcement—have a well-rehearsed template to follow.
Agencies have been coordinating and training together for months for the pope’s visit to Washington, D.C., New York City, and Philadelphia. But the agencies involved also rely heavily on the public to increase their capacity to ensure security at the papal-related events and other large gatherings. To submit tips or information about potential threats, visit tips.fbi.gov.