More than cybersecurity. With them Advanced Persistent Threat (Act), it rarely works. What many cyber attack experts don't want to confess is that there are gods data breach, those of the Apt in fact, from which it is almost impossible to defend oneself. They are very "toxic" digital attacks, which stand out from all the others because they are conducted by State hacker and financial criminal organizations transnational. And which sometimes escape and devastate like boomerangs. They increasingly target sensitive industries and logistics platforms, energy supply and telecommunications infrastructures, to steal secrets of fundamental importance for the very stability of a country and industrial sectors without leaving any traces. Protecting scientists, politicians, businessmen, CEOs and company consultants while they work with their PCs, especially while traveling, in online meetings, from cyber attacks is becoming very, very difficult. Former hackers or ethical hackers have underlined this on several occasions, even at the latest edition of the DEF CON conference, the most important event in the world on how to protect yourself from any type of cyber espionage, which took place in August in Las Vegas.
Cybersecurity: from Stuxnet onwards, the virus is also offline
Anyone who has attended Def Con at least once knows that they had to give up their smartphone, PC or tablet due to very strict security measures. And what is very interesting is that a series of exceptional cybersecurity measures are being learned, capable of greatly reducing the "toxic" risks of the worst pirates of the web. Very useful measures for big managers, for politicians and for all those who may be, without their knowledge, and despite all the precautions taken, the object of espionage operations and theft of intangible assets, especially while traveling, in public places, at fairs…. Very useful because they were developed by those super ex-hackers who know cyber attacks well (from malware to ransomware) having designed and practiced them at the time. And then it's good to remember that the first Virus Act dates back to 2010, the evil, cursed Stuxnet (developed by US and Israeli government "entities") which hit the heart of the Iranian Natanz and NotPetya nuclear system, despite not being connected to the Internet. But it has also caused gigantic, large-scale damage globally.
Cybersecurity: three rules for defending yourself while traveling and in public places
Here is the precious advice - faithfully translated - that Def Con provides to those who travel, at the fair, in meetings where it is necessary to implement fundamental precautions.
Rule 1: Protect your phone at all costs. Bring a spare phone to the conference or protect your personal phone if you decide to bring it. You can purchase a burner phone at Walmart with a prepaid SIM card already installed. And pay it only in cash to make it even less traceable to you. Don't install anything on your phone that can link to your identity. Finally, it is better if you use this burner phone for the weekend too. If you use – but we don't recommend – your phone during the conference weekend, put it in one Faraday bag, Also known as RFID bag. These bags block all outgoing and incoming radio frequencies. Think of it as a physical version of airplane mode for your phone. The goal is to prevent hackers from stealing sensitive data from your smartphone. We also recommend keeping your credit and debit cards and any other RFID-enabled devices in your Faraday bag. As an added precaution, if you are unable to obtain a Faraday bag in time to take with you to the conference, turn off Wi-Fi and Bluetooth on your phone and keep your phone in airplane mode while at DEF CON, your hotel and restaurants nearby, basically anywhere you think hackers might be present.
Rule 2: Delete Wi-Fi networks. Erase all Wi-Fi networks already saved on phones, tablets and laptops that you take out of the company. They may reveal personal information. Your Wi-Fi enabled device may provide sensitive information such as your device's MAC address or the name of each Wi-Fi network to which your device is connected. With this type of information in their possession, a hacker could perpetrate an attack Man-in-the-middle (MITM) against you. This is a silent cyber attack that intercepts and manipulates internet traffic. They could also track you down in real time. Some of these exploits might be performed against you just for fun and for the sake of seeing what could be done.
Rule 3: Don't use the open network. Public Wi-Fi networks should never be used, especially if they do not have passwords. The organizers of Def Con, obsessive as they are about cyber protection, recommend not using the Def Con public network without protection because it is even monitored: if you are discovered - they threaten - to commit this serious misstep, that is, communicating without encryption, that is, without there computer security, you'll end up on the Wall of Sheep, which is Def Con's version of a wall of shame. The board displays the usernames and passwords of those who have not protected themselves from being hacked. This method of publicly exposing people seems brutal, but it is a way to indelibly remind all conference attendees of the dangers of unencrypted communication.