
‘Vigilance!’
You do not need J.K. Rowling’s “Mad-Eye” Moody to reinforce the point.
Paranoia is in the air around us (not just talking about POTUS here), and there is good reason when it comes to security for one’s self.
Well over 600,000 cyber attacks have crossed the global airwaves in the past 22 hours alone [see them in real time with FireEye Cyber Threat Map: https://www.fireeye.com/cyber-map/threat-map.html].
Even those working in cyber security can use a resource that easily conveys the importance and specifics of the craft to the public in a way they can absorb.
First we will touch on the need for journalists to have these hammers, nails, and gloves in their tool belt.
But all of these things should be utilized, or at the least be kept in mind, by anyone whose name and email are subject to being scraped and used to spread malicious materials to friends, family, colleagues, and contacts alike.
So aside from the cyberwar and its attacks that have erupted more than 454 times a second today, there is another disturbing war going on.
And this makes the protection of journalists and their sources all the more paramount.
In the United States there has been a progressive up scaling in the war against whistleblowers since the Clinton Administration, if not earlier.
You would think in the wake of Nixon it would be different.
Without whistleblowers and insightful journalism citizens would not have any idea as to what heinous acts a member or members of the government are committing against the folks they are sworn to serve.
Acts such as illegally tapping a political competitor, like Tricky Dick did, must come to light.
And so for anyone who is one of the 772,904,991 unique email addresses recently posted to a popular hacking forum [wired.com], securing the ways in which we choose passwords, store passwords, access communications and encrypt them have to become and remain priority.
Government agencies and black hat hackers can in some way trace all of our digital communication means, via email, call, text, legally or illegally.
The only way to successfully attain some semblance of privacy for yourself and/or your sources is to continue to learn about the new ways in which to protect and employing security methods proven to at least hold the dogs at bay for a period of time.
You can read and download vpnMentor’s eBook PDF-version of the Online Privacy Guide for Journalists 2019 here.
It is an excellent resource spelling out instructions, reliable choices to look into, citing research, and most of all explaining in laymen’s terms how to employ the techniques and tools.
The last of three big points made in their introduction is this: ‘Acting cautiously both in the digital and real world . . . needs to be done to ensure that a journalist’s sources and data are secure and well.’
Another series of great sources and insights can be found on the Freedom of the Press Foundation’s Guides & Training page here.
Though it does not have the name “Equifax” attached to it, I am still shocked at the lack of mainstream news coverage for ‘Collection #1’ where 772,904,991 unique email addresses along with more than 21 million unique passwords were uncovered in a popular hacker space.
On have i been pwned, security researcher Troy Hunt’s project, the newly revealed mass, 87 gigabytes worth, of leaked data tops the list of the largest cyber security breaches in history.
If you are not familiar with the site, you can instantly check to see if you have an email account that has been compromised in a data breach of some kind on record.
Those using the same password for multiple sites can find their emails all over numerous areas that have been identified so far using this search tool and you can subscribe your emails to learn if any breach implicates your credentials.
Are your passwords remotely strong enough?
Well the Online Privacy Guide for Journalists 2019 points out that certain combinations can be cracked quite easily while others offer mathematical difficulties culminating in years or centuries for a machine to potentially break.
The Haystack is really cool.
The Gibson Research Corporation’s password strength calculator is a tool dubbed the Haystack and with it you can see that:
A password like “F53r2GZlYT97uWB0DDQGZn3j2e”, from a random password generator, seems very strong, and indeed it is, taking 1.29 hundred billion trillion centuries to exhaust all the combinations even when the software is making one hundred trillion guesses per second. [https://www.vpnmentor.com/blog/online-privacy-journalists/]
But that is not to say that even a password like that, when not made randomly, often relies on some kind of pattern or human characteristic that is somewhat publicized in our 1984 world, a repeated number or sports team, perhaps (Mr. Robot fans), can make the code cracking very possible.
I have been told from a cyber security source I trust that a hacker needs only time and patience to learn any target and infiltrate it.
Do not make it easy for them.
“Cyber Security 411: Online Privacy Guide For Journalists 2019” was written by R.J. Huneke.