By Daniel J. Solove
I produce computer-based privacy and data security training, so I’m often in the hunt for stock photos. One of the hardest things in the world to do is to find a stock photo of a hacker that doesn’t look absolutely ridiculous.
I’ve gone through hundreds of hacker stock photos, and I’ve discovered some that are so absurdly funny that they are true classics and deserve to be celebrated in a hall of fame. So I bought some of these gems to share them with you — because if there’s any sense of justice in the universe, when so much thought, creativity, and effort goes into a stock photo, it deserves to be sold.
by Daniel J. Solove
This post was co-authored with Professor Woodrow Hartzog.
This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is the FTC supposed to be involved here?
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
Professor Solove’s LinkedIn Influencer blog
You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.” He blogs about various privacy and data security issues. His blog has more than 600,000 followers.
* * * *
Professor Solove’s Twitter Feed
Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.
* * * *
Professor Solove’s Newsletter
Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.
* * * *
Professor Solove’s LinkedIn Discussion Groups
Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:
Posted by Daniel J. Solove
According to a stat in SC Magazine, 90% of malware requires a human interaction to infect. One of the biggest data security threats isn’t technical – it’s the human factor. People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in a host of risky behaviors. A lot of hacking doesn’t involve technical wizardry but is essentially con artistry. I’m a fan of the ex-hacker Kevin Mitnick’s books where he relates some of his clever tricks. He didn’t need to hack in order to get access to a computer system – he could trick people into readily telling him their passwords.
There have been a number of good recent articles on data security and data security training. Robert O’Harrow, Jr.’s recent piece in the Washington Post discusses the human element to data security in his piece, “In Cyberattacks, Hacking Humans is Highly Effective Way to Access Systems.” The article describes the increasing sophistication of phishing. The old misspelled lottery scam emails are now your grandfather’s phishing. Today’s phishing is more personalized – and much more likely to trick people. According to O’Harrow’s article: “The explosive growth of cyberspace has created a fertile environment for hackers. Facing the flood of e-mail, instant messages and other digital communication, many people have a hard time judging whether notes or messages from friends, family or colleagues are real. Many don’t even try.” O’Harrow goes on to note that “Hackers are so confident about such permissiveness that they sometimes begin their attacks in social media three or four steps removed from their actual targets. The hackers count on the malicious code spreading to the proper company or government agency — passed along in photos, documents or Web pages.”
Two notable differences are: (1) the form from Citibank’s website has a toll free phone number you can call to opt out; the form in the letter does not; (2) the addresses of the processing centers where the opt out forms are to be sent are different.
So my friend then called Citibank to find out what was going on. Had a fraudster acquired a card in her name? Was the letter an elaborate fishing scheme?
My friend recounted the conversation the best she could so I could recreate it on this blog. This is reconstructed from her memory, so it’s not exact. Although the transcript below doesn’t contain the precise words spoken, it hopefully will capture the gist of the conversation.
Click on the continuation to read more.