The Hollywood depiction of an identity thief is often one of a lone hacker working from a dimly-lit basement apartment on sophisticated algorithms to brute force his way into an unsuspecting bank account, someone’s personal computer or webcam, or a mainframe server for a major corporation or government agency. The truth of the matter, however, is that while digital thieves in the real world are no less nefarious than their fictional counterparts, their methods are far more mundane and therefore both easier to execute and more difficult to protect against.
Most cybercrimes are committed using information freely shared by their victims across the Internet over unsecure channels of communication. By placing oneself in the middle of virtual conversation happening between two or more parties—which may include any combination of people, servers, and devices—eavesdroppers are able to scoop up freely shared sensitive data including credit card and social security numbers.
As interconnected technologies become increasingly integral to our day-to-day lives, sharing information across the internet is second-nature to most, and while most people would not freely announce their bank account numbers, PINs, or social media account passwords within the earshot of strangers, many might not think twice before hitting “send” on a text message containing that very same information to a loved one. An estimated 556 million people fall victim to cybercrime each year, and some reports identify “man in the middle” attacks (i.e., attacks in which information is gathered via digital eavesdropping) as responsible for as many as half of vital data breaches. When sending information across the Internet, it simply isn’t enough any longer to rely on the security measures your receiver may or may not have in place.
The increased shopping activity around the holidays makes this season particularly vulnerable to cybercrime. The amount of holiday shopping completed over the Internet has steadily risen over the past two decades, and for most, the reservations about entering one’s credit card number into an online shopping cart are long-forgotten. We trust our online retailers to keep our information secret. Not all retailers are created equally, however, and niche-market dealers may make use of vulnerable site-design our outdated encryption methods. SSL 3.0, one of the most wide-spread methods for protecting consumer-entered private information across the internet, was recently revealed to contain an exploit that could render personal information open to a MITM attack. More frightening, the oft-publicized breaches that plagued major retailers such as Target, who saw as many as 70 million credit cards stolen this past year, and Home Depot are a somber reminder that even well-funded merchants may not be properly equipped to secure our payment card information entirely.
Our credit card and bank account numbers lend access directly to our finances, and for this reason, it’s easy to think of them as the most important digital properties to keep secret. Other pieces of highly sensitive and exploitable personal information may not get the same treatment, however. Social media channels such as Facebook and Foursquare have demonstrated that many are easygoing about sharing even their own locations, possibly in real-time thanks to our GPS-equipped mobile devices, across public channels, information that inevitably carries a risk of exploitation. Criminals may, for example, monitor publicly-broadcasted location data to determine when to burglarize a home.
In our homes, poorly secured private networks may leave our personal computers, webcams, and phones open for eavesdroppers. Devices intended to keep us safe such as video- equipped baby monitors may be open for exploitation, giving would-be intruders a sneak-peek into our homes and private lives. And because the data transferred among a private network is less likely to be encrypted than that sent over a public network, private information may actually be left more vulnerable in our homes or offices than elsewhere.
What we have found to combat these and other attacks.
Protecting oneself from cybercrime may feel like an exercise in futility, but swearing off modern digital communication is neither practical nor truly effective. Instead, it’s time to take our personal data security into our own hands. Pryvate, a subscription-supported app, allows users to regain their privacy through military-grade encryption and an all-encompassing umbrella model that simultaneously secures communication over the phone, instant or text messaging, video chat, email, and web browsing. It protects its user’s data by enciphering all communication, rendering the data useless if intercepted during a MITM attack. What’s more, Pryvate establishes a new encryption key with every established communication channel, allowing it to maintain perfect forward security, which effectively means that in the unthinkable event that an encrypted message may be deciphered, subsequent messages remain secured. And because Pryvate delivers encrypted content directly to and from conversing parties, it never makes a record of that data.