Hacked Again by Scott Schober gives information of his experience as a cybersecurity expert, as well as advice and instructions on how to remain secure from cyber and cyber crime. Scott Schober is a cybersecurity specialist and CEO of Berkeley Varitronics Systems, or BVS, a top wireless security technology company. He begins the book by explaining how he had to learn the hard way to adapt his cybersecurity methods. He goes on to educate us as the reader in the following sections, lessons about self-protection, and suggestions for remaining secure. He completes the book with descriptions of latest major cyber attacks. The purpose of Scott Schober to write this book was to offer individuals who may not understand much about cybersecurity an idea of how to defend themselves against assaults.
“Part 1” of Scott Schober’s Hacked Again, is titled “Learning the Hard Way”, alluding to the fact that Schober had to learn the hard way that his cybersecurity practices needed some improvement. In chapter two, Schober tells the story of how his company was fooled by an Indonesian customer who purchased $14,000 worth of product using a stolen credit card. Schober said he was so excited about the fact that in one order, without any bartering, a single customer purchased $14,000 worth of product, that he avoided all the red flags. The red flags were the fact that the customer did not barter, the customer paid a ridiculous amount of money for expedited shipping, the purchase was so large in value, and that it all seemed too good to be true. Lucky for Schober, the man whose credit card information had been stolen called immediately after he saw the large transaction on his card, and described that he was not a customer from Indonesia, but a business owner in Minnesota. Schober was able to call the shipping company and get back his merchandise, and called the bank and eventually was able to get the money back to the man from Minnesota. This taught Schober that when he does business online, to get verification that the card or purchase method is valid and is money belonging to the person doing the purchasing. In chapter three, Schober describes an incident where he was specifically targeted. After being hacked the first time, Schober decided it was time to switch to a new bank, so he did his research and chose a bank close to him called “TD Bank”. He chose this bank because it had significant security measures in place to ensure each customers’ account was secure. Yet even after all the precautions, one day he went to check his bank account, and was alarmed to see that $65,000 was missing from his account. He went to the bank’s fraud department and they froze his accounts to stop him from losing more money than he already had. When he asked them, who had taken the money and how they did it, the bank initially tried with holding the information; but eventually needed to share it because it was bank policy to answer the questions of the customers. He found out that one of the larger withdrawals from his account, one for $50,000, was from a woman in New Jersey who took out the money for her “final mortgage payment”. That was only one of several people whose names were shared with Schober as people making withdrawals from his account. Schober did some research but could not find anything significant about the names. “These were real people with real accounts, but, more money from other accounts, such as ours.” (pg 16) Not only had Schober been hacked, so had these innocent people whose good names were being dragged through the mud.
“Part 2” of Scott Schober’s Hacked Again, is titled “Lessons Learned: How to Protect Yourself”, where he goes on to teach the reader lessons in how to protect oneself from attacks. A large aspect of protecting yourself in today’s day an age, involves social media and using it the correct and safe way. In chapter eight, Schober writes that all the time, people are sharing information on social media that could be used against them in the future. For example, if you share where you went to high school on your Facebook profile, hackers can gather your home town, or you could share pet’s names, or if you and your mother share a lot of common posts, a hacker could potentially figure out your mother’s maiden name, all of which are potentially answers to security questions. Schober lesson in chapter seven involves malware – including ransomware, spyware, scareware, Trojan horses, worms, and viruses – and how to avoid being a victim of it. If a person receives an email from an unknown sender or from an unexpected sender, containing a link, they should be very cautious in clicking on that link. The link could take the user to a website where a popup could download any number of different malwares to the user’s computer. Therefore, all links should be checked out, in depth, before clinking on the link and possibly causing harm to your computer. Another lesson on how to protect yourself comes chapter nine, and involves spam. Spam is: “Undesired or unsolicited electronic messages. These are illegal e-mail messages. Electronic spam came from the original Spam that was a canned pork meat product.” (pg 184) When a person receives endless spam, they usually opt to unsubscribe from receiving emails from those senders by clicking a link at the bottom of the spam email (which, from chapter seven, we already learned is something not to do). However, spam senders do not abide by any moral code, they do not care if the user gets what they want. Often, when the user thinks they’re stopping the constant flow of spam email, it is actually just beginning; once a user clicks the unsubscribe button it tells the sender that the email is one used regularly. Now the sender can go on to tell the users e-mail and name as a package, and the user could later be the victim of a more targeted phishing attack. Therefore, you should never unsubscribe from spam email, just blacklist the sender or make sure the e-mails automatically go to the trash. Chapter ten describes the difference between a website containing HTTP and a website containing HTTPS. HTTP, hypertext transfer protocol, is a prefix before every public website, whether the user sees it or not. HTTPS is the secured version of HTTP, where the ‘S’ stands for secured. If you go to a website where you are being asked to input secure or private information, or login to a secure account, such as a bank, never go through with it. HTTP does not transfer and send your data using the Secure Socket Layer like HTTPS does, and therefore the traffic could be intercepted and stolen. Another lesson involves password strength and reusability. For starts, Schober says never reuse passwords, because if a hacker gets hold of one then they might as well have access to all your accounts, or at least any using the cracked password. As for password strength, Schober describes a good password as one with at least 15 characters, containing at least one uppercase letter, one lowercase letter, one number, and one special character. Also, to keep your accounts safe, you must get into the habit of updating your passwords every month or few months. The longer you have a certain password, the more time that leaves for it to be cracked and your data, money, or information to be stolen. (Chapter 11)
“Part 3” of Scott Schober’s Hacked Again, is titled “Staying Safe”. In this section of the book, Schober makes recommendations on how to stay safe. In chapter 17, Schober describes that a company’s security is only as strong as its weakest link. Companies should be spending more time focusing on improving their weakest link, because that weak link is what a hacker will be focusing on, and exploiting. A company’s weak link could potentially be its firewall or antivirus, which is why both should not be overlooked. Antivirus is only effective if the latest update has been installed, because there are hackers that focus on breaking down each new update of antivirus, which is why it needs to be updated so much. Schober understands that it may be difficult for the people who implemented the security measures for a company to subjectively look at them and find weak points, which is why he suggests hiring an outside man to try to penetrate a company’s security to find the weak points. Another recommendation made by Schober to stay safe from cyber-attacks is to take control of your security and not live in fear or ignorance. Cyber-hackers keep up to date with all the latest technology, and so should everyone else. If a cyber hacker is using the latest vulnerability to hack your computer, you should at least be aware of what is going on and potentially how to end it. Which is why Schober suggests that everyone stay inform on all the recent cyber-attacks being posted about on the news or online, because if they do not take the suggested precautions, they could be the next victim.
“Part 4” of Scott Schober’s Hacked Again, is titled “Noteworthy Hacks and Breaches”, showing that anyone could be the victim of a cyber-crime, even large corporations. One hack that happened in late 2013, was “The Target Breach”. The hackers of the Target Breach initially gained access to Target’s network by going through a third-party HVAC contractor, an HVAC contractor is specialized and licensed to work on equipment in a home or workplace. The hackers then used login credentials that were connected to their automatic billing and contract proposal system, from there the hackers successfully installed malware that captured customer’s private credit card data. On December 2nd of 2013, the hackers downloaded a 11 GB file containing forty million compromised credit cards’ data. This breach could have potentially been much less devastating; however, Target did not inform people or banks fast enough that they had been hacked which resulted in more time for the hackers to sell the stolen credit card information and make purchases with the stolen cards. The only positive to come from the Target Breach, was that it set a precedent for how not to handle damage control post-breach. Another large hack, described in chapter 21, was the JP Morgan Chase hack in the summer of 2014. JP Morgan Chase’s cyber data breach resulted in over seventy-six million customers having their personal information compromised. This included their names, phone numbers, addresses, and e-mail addresses. At the time, most people brushed the hack aside as being unimportant, because no financial data had been stolen. However, the information taken by the cyber-hackers could be used for many reasons, some of which could eventually result in the victim’s financial data being stolen after all. The personal information taken in the breach could be used to exploit individuals in targeted phishing attacks, or to sell the information to identity thieves who then apply for a credit card in the victim’s name.