fbpx
TCM Security is offering free Active Directory Health Checks to any company with 10 or more employees. To inquire, please contact us.

Overview

Today, we end our Practical Cybersecurity Awareness Month journey with another critical topic: Protecting yourself online and offline; Internet Privacy, OSINT and the Dark Web. The four-part series discussed during this month will be available on our YouTube channel as separate videos on October 31, 2023.

In today’s digital age, the line between our online and offline lives has blurred, giving rise to new challenges and opportunities in the realm of privacy and security. You’ve probably heard whispers about the mysterious dark web, wondered about the information you inadvertently share online, or felt curious about how people dig up ‘public’ information that seems private. This blog dives deep into these areas, demystifying the enigmatic dark web, offering insight into OSINT (Open-Source Intelligence) and its role in our lives, and providing actionable tips to safeguard your digital footprint. Join us as we navigate the intricate web of online privacy, shedding light on the shadows of the internet.

 

Basics of Internet Privacy

Why is Online Privacy Important?

In the digital age, your online identity is just as significant as your offline one. Every time you surf the internet, post on social media, or even purchase something online, you leave a trail of digital breadcrumbs. While the internet offers unparalleled convenience and connectivity, it also exposes users to potential threats. Breaches in online privacy can lead to identity theft, financial loss, and personal distress. Moreover, without proper privacy measures, your personal beliefs, interests, and habits can be scrutinized, manipulated, or even used against you. Protecting your online privacy ensures your freedom, safety, and peace of mind in an increasingly interconnected world.

Data Brokers and Your Personal Information

You may not have heard of them, but data brokers play a significant role in the digital economy. They are companies that collect, process, and sell vast amounts of personal data from various sources, including public records, surveys, and online activities. This data is then packaged and sold to advertisers, marketers, or other entities, often without your explicit knowledge or consent. Your shopping habits, online searches, and even health concerns can become commodities. The result? Targeted advertising that seems eerily accurate, higher insurance rates based on perceived habits, or even personal information falling into the wrong hands. Being aware of data brokers underscores the importance of being cautious about what you share online and knowing your rights regarding data collection and usage.

How Companies Track You Online: Cookies, Fingerprinting, and More

Every wondered why after browsing for a new pair of shoes, you suddenly see ads for similar shoes on almost every site you visit? This isn’t coincidence; it’s the result of online tracking. Here’s how it works:

  • Cookies: These are tiny files websites store on your device. They remember your preferences, login details, and items in your shopping cart. However, third-party cookies also track your online activities and relay this information to advertisers, helping them target you with relevant ads.
  • Fingerprinting: This is a more covert way companies track users. By analyzing various attributes of your device and browser, like your screen resolution, OS, installed fonts, and plugins, trackers can create a unique “fingerprint” of your device. This makes it possible to identify and track you, even if you block cookies.
  • Other Methods: Companies also use web beacons (tiny, invisible images embedded in websites and emails that notify when a page or email is accessed), and Etags (a part of the HTTP protocol used by browsers) to monitor user activity.

Being aware of these tracking methods is the first step in protecting your online privacy. Subsequent steps include using privacy-focused browsers, blocking third-party cookies, and regularly clearing your browsing data.

 

Introduction to OSINT

What is OSINT and Why is it Important?

OSINT, or Open-Source Intelligence, refers to any information that can be legally and freely obtained from public sources. This might encompass anything from information gleaned from newspapers, radio, and television broadcasts to that found on social media platforms, public records, and digital footprints left behind on forums, websites, and blogs. While OSINT is often associated with government agencies and private investigators for intelligence gathering, its relevance isn’t restricted to them. In an age of information explosion, understanding OSINT is crucial because it helps individuals recognize the vast amount of data available about them and take steps to manage or mitigate potential risks. In a way, OSINT serves as a mirror reflecting how much of our personal life is publicly accessible.

Everyday Examples of OSINT in Action

While OSINT might sound like a technical term reserved for spy agencies, its examples are present all around us.

  • Job Recruiters: When potential employers want to know more about a candidate, they might Google their name or scour their LinkedIn and other social media profiles. This is OSINT in its simplest form.
  • Marketers and Advertisers: By analyzing public product reviews, comments on social media, or trending topics on platforms like Twitter, they can gauge public sentiment and tailor their advertising strategies.
  • Journalists: Reporters often use OSINT techniques to verify events, find sources, or gather details for their stories, especially by leveraging user-generated content.
  • Private Individuals: Ever looked up a new acquaintance on Facebook or Instagram? That’s OSINT. Or maybe you’ve checked out a restaurant’s reviews before deciding to dine there.

The Dangers of Oversharing on Social Media

Social media platforms encourage sharing moments, thoughts, and experiences. While this has brought about more interconnectedness, it has also paved the way for oversharing. Posting about an upcoming vacation, sharing your daily routine, or even showcasing your new home can have unintended consequences.

  • Personal Safety: Revealing that you’re away from home might be an invitation to burglars. Posting about a new purchase, like jewelry or tech gadgets, can make you a target for theft.
  • Identity Theft: Sharing personal details such as your full name, date of birth, and address makes it easier for cybercriminals to piece together your identity.
  • Professional Repercussions: Posting inappropriate content or comments that go against company policy can lead to disciplinary action or even job loss.
  • Emotional Impact: Personal experiences or photos shared online can be manipulated, misinterpreted, or used maliciously, leading to emotional distress.

To mitigate these dangers, it’s vital to be mindful of the information you share, regularly review your privacy settings, and be discerning about accepting friend or connection requests from unfamiliar individuals.

Additional resources:

Hacker Reacts to Influencer’s Home Tour

 

Securing Your Digital Footprint

Reviewing and Tightening Social Media Privacy Settings

In our hyper-connected world, social media platforms have become extensions of our personal and professional lives. But with this convenience comes the responsibility of safeguarding our privacy. Regularly reviewing and adjusting your privacy settings is essential. Here’s how:

  • Profile Settings: Ensure your profiles are set to ‘private’ or ‘friends only,’ especially on platforms like Facebook and Instagram. This way, only those you trust can view your content.
  • Location Settings: Turn off location services for apps that don’t require them. Avoid checking in to locations in real-time as this discloses your whereabouts.
  • App Permissions: Many third-party apps request access to your social media. Review these permissions and revoke any that are unnecessary or from untrusted sources.
  • Activity Logs: Platforms like Facebook allow you to view your activity log, showing your interactions. Periodically review and prune any unwanted or outdated content.

The Concept of “Data Detox” and Reducing Your Online Exposure

‘Data detox’ is the process of reducing your online footprint, making it harder for companies (and prying eyes) to track you. Here’s how to get started:

  • Google Yourself: This helps you see what’s publicly accessible. Reach out to websites if you find personal data or photos that you want removed.
  • Deactivate Old Accounts: Remember that MySpace or old forum account? It’s time to deactivate any profiles you no longer use.
  • Limit Sharing: Think twice before sharing personal details, especially those that can be used to identify or locate you.
  • Use Incognito Mode: Browsing in private or incognito mode prevents storage of browsing history, cookies, and search records.

Benefits of Using a VPN and How to Choose One

A VPN, or Virtual Private Network, is a service that allows you to connect to the internet securely by routing your connection through a server and hiding your online actions. Benefits include:

  • Privacy: VPNs hide your IP address, making your online actions virtually untraceable.
  • Security: They offer an encrypted connection, protecting your data from potential snoopers.
  • Freedom: VPNs can bypass geographic restrictions on websites or streaming audio and video.

When choosing a VPN:

  • Research Reliability: Look for VPNs known for their security and performance.
  • Check the Policy: Ensure they have a strict ‘no logs’ policy, meaning they don’t store user activity. This is essential for maintaining your privacy and preventing any potential data sharing or leaks.
  • Consider Costs: While there are free VPNs, paid options often offer more features and better security.

With the digital landscape constantly evolving, staying informed and proactive in our approach to online security is more critical than ever. Adopt these practices and browse with peace of mind.

 

Physical Security and OSINT

The Risk of Shoulder Surfing and Visual Eavesdropping

While digital threats often take the spotlight, physical security breaches can be just as damaging. One such risk is shoulder surfing, where someone discreetly observes you typing sensitive information, such as PINs or passwords.

  • Common Scenarios: ATMs, public transport, cafes, or any crowded place can be hotspots for shoulder surfers.
  • Prevention: Always be aware of your surroundings. Use your body or hand to shield your screen when entering passwords or PINs. Be cautious of individuals with cameras or smartphones pointed in your direction.

Geo-tagging and Why It’s a Potential Threat

Geo-tagging refers to the embedding of precise geographical location data within digital content, such as photos or social media posts.

  • Potential Dangers: Sharing geo-tagged content can:
    • Reveal your current location, making you a potential target for crime.
    • Expose patterns in your behavior or routines.
    • Disclose locations that you’d prefer to keep private, like your home or workplace.
  • Management Tips:
    • Disable Geo-tagging: Most smartphones and digital cameras offer the option to disable geo-tagging.
    • Review Before Posting: Before sharing photos online, ensure there’s no sensitive location information attached.

Safe Disposal of Old Devices

Disposing of old gadgets isn’t as simple as throwing them in the trash. These devices contain a wealth of personal information.

  • Factory Reset: Before disposal, perform a factory reset to wipe all data. Remember, this only removes the pathway to the data. With the right tools, data can still be recovered.
  • Physical Destruction: For devices that won’t be reused or donated, consider physical destruction. Drilling holes in hard drives or using a hammer can be effective, though somewhat crude, methods.
  • Electronic Wiping: Software tools can overwrite your device storage multiple times, making data recovery exceptionally challenging.
  • Recycle: Many electronic stores offer recycling services, ensuring environmentally friendly disposal.

While the digital realm has its threats, the physical world does too. Merging knowledge of Open-Source Intelligence (OSINT) with proactive physical security measures ensures a comprehensive approach to safeguarding your privacy and safety.

 

Introduction to the Dark Web

What is the Dark Web vs. the Deep Web?

The terms “dark web” and “deep web” are often used interchangeably, but they represent distinctly different parts of the internet.

  • The Deep Web: Refers to any part of the internet that isn’t indexed by traditional search engines, like Google or Bing. This includes anything behind a paywall (like subscription services), proprietary databases (like academic databases or private data clouds), and other password-protected sites. It’s vast and mostly innocuous.
  • The Dark Web: A small fraction of the deep web, the dark web is intentionally hidden and inaccessible through standard browsers. It requires specialized software, like Tor or I2P, to access. It’s here that illegal activities are more likely to occur, though not everything on the dark web has malicious intent.

Myths vs. Reality: What’s Actually on the Dark Web?

  • Myths: The dark web is often sensationalized in media, portrayed as a hub for exclusively illegal activities, from hiring hitmen to human trafficking.
  • Reality: While the dark web does host illicit activities and black markets (like the infamous Silk Road), it’s also a haven for whistleblowers, activists, journalists, and others who need anonymity, especially in oppressive regimes. There are forums, blogs, and websites dedicated to a variety of topics, not all nefarious.

The Potential Dangers and Allure of the Dark Web

  • Dangers: Navigating the dark web isn’t for the uninitiated. It’s rife with scams, dangerous content, and potential legal consequences. Malware and hacking attempts are common, and one can easily stumble upon disturbing content.
  • Allure: Despite its risks, the dark web attracts users for various reasons:
    • Anonymity: Both users and website operators have a significant degree of anonymity on the dark web.
    • Unrestricted Content: In places with heavy internet censorship, the dark web provides a platform for uncensored news, discussions, and more.
    • Curiosity: Some are drawn to the dark web out of sheer curiosity, having heard tales of its mystique and lawlessness.

The dark web remains one of the most misunderstood parts of the internet. While it houses shadowy corners and illicit activities, it also offers refuge for those seeking freedom from surveillance and censorship. As with any tool, its value is determined by how it’s used.

Conclusion: Building a Culture of Security Awareness

In the expansive world of the internet, the challenges of maintaining privacy and security are ever-evolving. It’s not just about the tools and technologies we employ, but the habits we cultivate and the awareness we spread.

Daily Habits for Better Online Hygiene

  • Routine Checks: Just as you’d brush your teeth daily, regularly check and update your software, apps, and devices.
  • Diversify Passwords: Avoid using the same password across multiple platforms, and change them periodically.
  • Be Click-Wary: Be judicious about the links you click and the files you download, especially from unknown sources.
  • Log Out: Always log out of accounts when using public or shared devices.

The Ongoing Need for Staying Updated on Security Trends

  • Stay Informed: The landscape of cybersecurity is dynamic. New threats emerge, but so do new defense mechanisms. Regularly reading up on security news can keep you a step ahead.
  • Participate in Forums: Joining cybersecurity forums or groups can offer insights, advice, and alerts from a community of like-minded individuals.
  • Attend Workshops: Periodically participating in online safety workshops or seminars can provide hands-on experience and updates on the latest best practices.

Encouraging Family and Friends to be Security-Conscious

  • Start Conversations: Talk to loved ones about the importance of online security. Share stories, both positive and cautionary, to highlight its relevance.
  • Set Up Together: Spend time with family and friends setting up security tools or going through privacy settings. It’s a practical way to ensure their safety and a bonding activity.
  • Gift Security: Consider gifting security tools or software, like VPN subscriptions or password manager accounts, on special occasions.

Building a culture of security awareness isn’t a one-time endeavor; it’s a continuous journey. In this digital age, our collective safety hinges on not just individual actions but the broader community’s commitment to fostering a secure and informed online environment. By embedding these principles into our daily lives and influencing those around us, we pave the way for a safer digital future for all.

 

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

 

tel: (877) 771-8911 | email: info@tcm-sec.com