ISIS is the new face of terrorism and the Internet is the next front. Terror organizations use social media to recruit members, spread their messages and plan attacks. That they would also use hacking to evoke fear should come as no surprise.
That appears to be what happened on March 9 this year when visitors to the websites of several credit unions did not see the front page they were expecting. Instead, they saw a black screen with the logo for the Islamic State. Under the image were the words "Hacked by Islamic State (ISIS) We Are Everywhere :)" along with a link to a now-defunct Facebook page.
A closer examination of the defacement suggested to the FBI that this was not the work of the international terrorist group. First, the smiley face at the end of the message does not fit the tone of other messages the group has sent. Second, the targets, which included several small businesses and credit unions, seem out of character for the group. Most of the group's rage tends to focus on agents and governments it views as occupying territory in the Middle East. Third, the level of damage was relatively low. A sophisticated hacking operation would aim to debilitate or destroy economically or politically important assets. While taking down a credit union's website for a few hours is certainly disconcerting, the dollar amount of that can be applied to the damage is relatively low.
Rather, the FBI suspects this is the work of fairly unsophisticated domestic hackers. The target selection fits more with an attention-seeking group of malcontents. The strategy of website defacement is popular among amateur computer security students seeking to prove their skills or leave a "calling card." No member data, accounts, or contact information was compromised in the hack and the defacement of the websites has already been reversed.
As with every other security compromise, the possibility that a more serious data breach occurred is not out of the question. In most cases, this breach would involve rigging the website to install malicious software on users' computers. While it is unlikely, precautions are free and an ounce of prevention is worth a pound of cure when it comes to information security. If you're concerned about your computer integrity, take the following four steps.
1.) Install, update, and run security software
Using the Internet without antivirus software is like reaching your hand into a medical sharps disposal bin. You're going to get something and the results won't be pretty. Several free antivirus programs exist. Popular choices include Panda Security, AVG and Avast.
If you already have antivirus software, you might think you're covered. Yet, antivirus programs only protect against specific kinds of malicious programming. While they're certainly the worst of the worst, viruses are only one kind of threat you face on the Internet. You also need an anti-malware program, like MalwareBytes or Spybot. These programs find and remove security threats that, while not quite to the level of viruses, can still compromise your computer.
These programs are still serious threats. Data breaches at Home Depot, Target and others were caused by malware on company computers. Even professional security experts occasionally forget about defending their systems this way.
Once you get the software installed, make sure to keep it updated and run it regularly. The scans usually take between 20 minutes and an hour. That's all it takes to stay safe from the worst threats.
2.) Change your passwords
It appears unlikely that any user data was compromised in this most recent round of hacks. Still, there's no reason not to be cautious. Change the passwords you use to log on to major financial websites and any website where you use those same passwords. If you use your Destinations Credit Union password to access your email, change your email password, too.
It's a good idea to cycle passwords every six months or so anyway. Doing so helps to keep your accounts safe. If you have trouble remembering to do so, consider using a password management service to keep track of your security.
Always choose strong passwords. Four random words with a number on the end is a great way to randomize passwords but keep them somewhat memorable. Just look around your computer area and use the names of the first four objects you see, followed by your birth month. Doing so creates a password that humans can easily commit to memory, but the most powerful computers would take years to crack.
3.) Get a credit score report
You can get a free credit report every year, and it's a good idea to do so. If you're planning to buy a house or a car this year, you might want to hold off and use your free report closer to your purchase date. If you don't have major purchases planned for this year, you can use your free credit score report to check if you've been hacked.
Look for accounts you don't remember opening or large, sudden upswings in debt utilization. These could be signals that someone's compromised your identity. Call the credit reporting bureau immediately to report suspicious activity.
This alleged ISIS hack is nothing to fear, but it's worth being cautious all the same. It's much easier to take preventative action than to regret not having done so. Taking these steps can help ensure you stay safe, no matter what happens.