‘Tis the Season (for Cyber Breaches)

Your community (and maybe your department) will likely suffer this holiday season

By Elijah Woodward  |   Nov 19, 2015

As we close the year out, people are undoubtedly preparing for the cliché and novel year-end round-out articles summing up events in their particular speciality. Policing, use of force, tactics, cyber security, swatting, etc., etc., etc. …

Except that the last two years have shown that December is usually the most exciting month for the cyber security stuff.

December 2013: Target breach. About 30 million records exposed, and Target’s then-CEO ultimately lost his job. Why? A vendor/trusted partner of Target was using the MalwareBytes free, home version of antivirus in their corporate environment (big no-no!). Via the vendor, attackers were able to infiltrate Target and steal info.

December 2014: Sony breach. Hackers, presumably from North Korea, knock Sony offline by destroying all their computers and stealing tons of data. In April of this year it started coming out that phishing emails were used to breach Sony.

December 2015: Stay Tuned!

I think we have a bit of a trend developing. According to some of the trainers I’ve spoken to, the holiday shopping season is the premier time to start data theft in bulk for a number of reasons.

First, this is when we do a bunch of shopping as a country. We’re going to be spending like mad, primarily with cards—online, in the stores, and everywhere else. When do you go fishing? When there’s fish! For the card thieves, this is going to be prime time, as always, to go start stealing credit cards.

Second, it’s the holidays. It’s when most of us take time off from work, relax, have some turkey, fall asleep for a few days, and watch the Cowboys lose a few football games (sorry Cowboys fans … truth hurts). The bad guys have also realized this perfect storm and like to attack during the holidays since this will allow them to go a few days longer without being detected since the digital guards won’t be at their cyber posts.

What’s that translate to for us as cops? Be prepared for the flurry of fraud/identity theft reports that will undoubtedly be overwhelming our lobbies in January!

What are some things you can do to be ready?

Public education. According to a 2014 PERF document on Local LE and cybercrime, community engagement and public education was identified as a strong area to prevent and deal with cybercrime. In particular, Madison, Wis., has taken to putting on evening lectures on cybercrime and how to protect yourself. They even went a step further with developing a cyber camp for kids that allowed the kids the opportunity to practice digging up information.

Obviously this creates an awesome way for the officers to learn from the experts about new social media outlets as well. You can check out their website for more information.

Get updated information on identity theft and credit card fraud. State Attorney Generals Offices usually have some sort of flier that they give out by the truckload to departments—all you have to do is ask! Have a couple of these fliers ready and waiting in your lobby to provide to victims as they make reports.

Get information from ftc.gov and identitytheft.gov on identity theft. Tons of good information at both of these websites—and guess what? They’re free!  Again, more good info to print out and have on hand to provide victims a path to recovery rather than the usual, “That will be five business days until you can get a copy of the case report.”

Conclusion

As this year draws to a close, let’s prepare ourselves for what we know is coming. 2013 was a year of remarkable breaches. 2014 was breathtaking, and 2015 has already been mind blowing. This will filter down to us at the local level, so let’s be ready for it when we start taking the reports.

The following two tabs change content below.
Elijah Woodward
Elijah Woodward is the owner of SavageCyberSpace.com, a security consulting company focusing on information and cyber security as well as physical security. He has 10 years of law enforcement experience working in patrol, motors, and community resources. He is a member of the FBI’s InfraGard program, and the High Technology Crime Investigator’s Association. Elijah believes that law enforcement is in a prime position to address the issues of cyber crime and fraud, and it will be cops at the local level who will have the greatest impact on these new crimes as they continue to plague our communities. Reach him at [email protected]