CIA Hacks: a reader asks…
In light of the recent Wikileaks news of all those CIA hacking tools, do I need to change what I do? I have an always-updated Windows 10 computer with the built-in antivirus, Malwarebytes 3.0, and I use LastPass for password management with a very long master password that I have memorized. I don’t connect to free wi-fi hotspots and don’t use my computer out of the house. My home wi-fi is Verizon FIOS and has a long and complicated wi-fi password – same for the router login. I use an iPhone that’s always updated to the latest iOS version and I don’t use many apps. I do online shopping only at well-known places like amazon.com, do online banking (app on my iPhone and on my computer’s web browser). I have Equifax CreditWatch with automatic fraud alerts and credit lock turned on. And my credit card app alerts me anytime my credit card is used, plus my banking app alerts me anytime there’s a transaction. I also use 2-factor authentication on all websites that have it enabled. Whew!
It sounds like you’ve pretty much covered the bases in terms of keeping yourself protected. Meaning, you don’t have to change anything or do anything more, you are very well-protected.
I have to say that over the last year I’ve become more and more suspicious of Wikileaks, and this latest so-called bombshell further deflates their trustworthiness. Most news agencies (driven by commercial advertisers to get eyeballs and attention) published alarming stories about the CIA hack without doing much investigation into exactly what happened.
As it turned out, much of the information Wikileaks leaked was either misleading, misrepresented, or otherwise conflated with other shady sources to generate alarming headlines. In actuality, there was little to no real concerns revealed – at least to security experts and people in-the-know. For example, the news reported that secure communication apps like Signal and Whatsapp were hackable, when in fact the actual information released showed how strong they are and essentially impenetrable on their own.
Like any other technology, apps, computers/devices and websites can be compromised, but often not directly. For example, if someone were able to trick you into giving them your iPhone unlocked, then they could access your apps and personal information easily. The security vulnerability isn’t in the apps and personal information stores, it’s in your behavior. So don’t give anyone your unlocked iPhone!
The New York Times has a great article about this at https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html which is well worth the read.
At this point, I’m ready to call Wikileaks what I think it is: a disinformation tool, probably state-sponsored (and not by US interests). While the leakers may get their hands on actually revealing information, the source and methods are so suspect that I’m going to treat all leaks as propaganda and/or disinformation campaigns going forward. In short, I don’t trust ’em anymore for anything.