Category: Security News

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against smart home swatting attacks.

Nationally, smart home device manufacturers have notified law enforcement that offenders have been using stolen email passwords to access smart devices with cameras and voice capabilities to carry out swatting attacks.

What is Swatting?

Swatting is a term used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life. The goal is to draw a response from law enforcement and the SWAT team to a specific location. Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences in some other parts of the country. These attacks also pull limited resources away from valid emergencies. Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that may have potentially deadly consequences. Offenders often use spoofing technology to anonymize their own phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number. This enhances their credibility when communicating with dispatchers.

How is this version of Swatting carried out?

Recently, offenders have been using victims’ smart devices to carry out swatting attacks. To gain access to the devices, offenders are likely taking advantage of customers who reuse their email passwords for their smart device. The offenders use stolen email passwords to log into the device and hijack features, including the live-stream camera and device speakers. They then call emergency services to report a crime at the victim’s residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also livestreams the incident on shared online community platforms.

Protection and Defense

If you have smart home devices with cameras and/or voice options, there are a few basic ways to protect yourself:

• Use complex passwords or passphrases for online accounts, and don’t reuse passwords across different accounts.
• Use multi-factor authentication (MFA) for all online accounts and any device that touches the Internet. Best bet—don’t use a secondary email address for that secondary layer of authentication. Use a mobile phone number, virtual or physical tokens, or biometric options (such as a face or fingerprint scan).

Next week, we will talk more about how to create strong passphrases without driving yourself crazy.

If you have been victimized in this kind of crime, make sure to file a report with your local police department. If you believe your email or other smart device credentials were compromised, you should also report the incident to the FBI’s Internet Crime Center at www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against tech support fraud.

You just received some really cool new gadget under the tree that is supposed to make your life easier—but you can’t even begin to make sense of the instructions, if the device even had such a thing. It’s enough to take the joy out of what’s left of your holiday season.

The fact of the matter is that many of us need help… if not now, then down the road. Here are two scenarios that you need to watch out for. In the first scam, you do an Internet search for help with your device. You see posts or even paid ads that look legit… but aren’t.

In the second scenario, the scam starts with the fraudster contacting you first. You get a message—via email, text, social media post, or even a pop up on your screen—from someone pretending to represent a well-known, reputable tech company. He tells you that some bad actor has already hacked your device, and you need help immediately to deal with some devastating malware that is about to destroy it.

Here’s how to protect yourself:

• If you get a call from someone you don’t know, who says that you have a problem with your computer, hang up. It’s a scam.
• If you get a pop-up message on your screen saying that you have a security issue and need to call a specific number or click on a link for help, ignore it.
• If you have what you think is a problem, try shutting down and restarting first. Sometimes that resolves the problem.
• Make sure all anti-virus and malware software is up-to-date. Set your system to update automatically, and, when in doubt, run a scan yourself to see if there is an infection.
• If you do need tech support, go to a company that you know and trust. You should make the initial contact, preferably in person or by phone, using publicly-available contact information.
• Back up your files and important documents. No system is going to be completely secure. Copy all of your files to an external hard drive or cloud storage. If your computer breaks or is hacked, you will still have access to your files.

Finally, remember that the legitimate tech companies will neither contact you unsolicited to ask for access to your computer nor will they ask for account passwords.

If you have been victimized by a cyber fraud, be sure to file a report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against all of those Internet of Things that are sitting under your tree right now.

What’s included in the Internet of Things or IoT, as it is called? Everything in your home that connects to the world wide web. If you look at the holiday wish lists that your kids, spouse, and parents conveniently texted you – there are probably a number of items that count as IoT.

There’s the fun stuff such as remote-controlled robots; games and gaming systems; interactive dolls; and talking stuffed animals. Then consider personal electronics—digital assistants, smart watches, and fitness trackers just to name a few. Add that to items you may already have plugged into your home such as security devices, thermostats, refrigerators, and even light bulbs – well all that and more makes up your Internet of Things.

What these all have in common is that send and receive data. But do you know how that data is collected? And where it is going?

Another concern is that hackers can use that innocent device to do a virtual drive-by of your digital life. Unsecured devices can allow hackers a path into your router – giving the bad guy access to everything else on your home network that you thought was secure. Private pictures and passwords safely stored on your computer? Don’t be so sure.

Here’s what you can do to build that digital defense:

• Change the device’s factory settings from the default password. A simple Internet search should tell you how – and if you can’t find the info, consider moving on to another product.
• Passwords should be as long as possible and unique for IoT devices.
• Many connected devices are supported by mobile apps on your phone. These apps could be running in the background and using default permissions that you never realized you approved. Know what kind of personal info those apps are collecting and say “no” to privilege requests that don’t make sense.
• Secure your network. Your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices.
• Make sure all of your devices are updated regularly. If automatic updates are available for software, hardware, and operating systems – turn them on.

As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.

Have a great holiday everyone and remember to shop safely.

Source: Federal Bureau of Investigation (FBI) State Crime News

On the morning of Friday, January 22, Andrew Ericson was taken into custody for his role in the riot and assault on the Capitol building. We will continue to support our colleagues from our Washington Field Office in bringing all those who participated in this illegal activity to justice. Our enforcement activity will continue in the days and weeks to come. As always, we thank the public for their assistance which has been instrumental throughout the investigation. We ask you to continue submitting tips by calling 1-800-CALL-FBI or online at tips.fbi.gov.

Source: Federal Bureau of Investigation (FBI) State Crime News

Since the civil unrest at the U.S. Capitol on January 6, the FBI Oklahoma City Office has taken appropriately aggressive action to protect Oklahoma’s citizens and institutions from future violence. We are gathering intelligence and coordinating with our local and state partners on potential threats. We are focused on identifying, investigating, and disrupting persons who incite violence and engage in criminal activity here in Oklahoma and beyond. We urge the public to call FBI Oklahoma City at 405-290-7770 or go to tips.fbi.gov to submit tips regarding potential violence at any upcoming protest or event. For immediate emergencies, call 911.