Cybersecurity – I Teach Accounting Information Systems

Is TikTok recording every keystroke?

Last week, Felix Krause, a Viennese researcher, made news when he published that TikTok can record any user’s keystroke in certain situations. He found that TikTok inserts code into a 3rd party website when the user clicks on an external link. The code essentially acts as a keystroke logger.

What does this mean? Personal information may be recorded if you click on a website from within TikTok and type any information. The keystrokes can be recorded even if you enter the information and do not press Submit. In an interview with Forbes, Krause says, “This is a non-trivial engineering task. This does not happen by mistake or randomly.”

Per Forbes, TikTok has confirmed the code exists. However, it denies that the data is being used. “Contrary to the report’s claims, we do not collect keystroke or text inputs through this JavaScript code — it is only used for debugging, troubleshooting, and performance monitoring.”

Krause confirmed he has only tested the iOS version of the app and not the Android version.

Does this mean that you should abandon TikTok? That is a personal choice. It is up to the user to understand the potential that exists and take the necessary precaution. Based on this information, extra care is needed when accessing third-party websites directly from TikTok.

Think your crypto is secure?

Nomad is the latest cryptocurrency trading firm to be hit with a significant theft of its crypto assets. Last week they announced a $190 million theft of their digital assets. Nomad is not alone. In a report by blockchain analytics firm, Chainalysis, over $1.7 billion of cryptocurrency was stolen this year through May.

Hand with image of bitcoin — Photo by Worldspectrum on Pexels.com

There is a false sense of security regarding safeguarding crypto assets as they reside on the blockchain, which has long been touted as secure. Although the blockchain is relatively secure, many software applications automate the trading of cryptocurrencies. These applications are the weak spot for many blockchain operations. This opens the door for hackers to steal large amounts of assets without leaving a trace.

For more on the Nomad theft, see the article at: https://www.reuters.com/technology/us-crypto-firm-nomad-hit-by-190-million-theft-2022-08-02/

Think Cryptocurrency is safe? Think again.

“In 2019 alone, an estimated $4.26 billion in cryptocurrencies was lost due to hacks, cybertheft, scams, misappropriation or insider fraud, up about 250% from 2018.” Fraudsters have upped efforts to attack cryptocurrencies in recent years.

Fraudsters are using schemes such as: embezzlement, Ponzi schemes, phishing and ransomware.

Unlike other frauds, if a person loses cryptocurrency, there is no recourse or way to recover it.

For how forensic accountants can help, go to: https://blog.aicpa.org/2020/05/cyber-criminals-are-finding-ways-to-steal-your-digital-dollars.html#sthash.Sv5ebunY.dpbs

Juice-jacking — Is this a real security threat?

Juice jacking is ability for cybercriminals to replace legitimate, public USB chargers with devices that have the capability to download data from your phones. Just this month, the Los Angeles District Attorney’s Office warned travelers of the potential dangers of using USB charging ports in public places.

However, when asked, the DA’s office said they have had no official reports of Juice-jacking taking place in the area. In short, many believe this cyberattack is feasible, but not widespread.

My advice is to use either power packs or plug into an electrical outlet if at all possible. Even though this isn’t widespread to date, caution should still be exercised.

For more information, see Snopes at https://www.snopes.com/fact-check/juice-jacking-real-security-issue/ or How to Geek at: https://www.howtogeek.com/166497/htg-explains-what-is-juice-jacking-and-how-worried-should-you-be/

Solving the cybersecurity skills gap

There is a global cybersecurity skills crisis. The threat continues to grow as there is a shortage of experts to reduce cyber attacks.

One expert believes the field is changing too fast that this issue will not be solved in the classroom. Certifications and other static methods lag behind the latest techniques used by hackers.

The most important skills for a cybersecurity to develop is creativity and curiosity, as well as thinking on one’s feet, skills that are rarely honed while in the classroom. The best learning will be by doing as real attacks are occurring.

With technology, you can commit a crime anywhere — even space

An astronaut on the International Space Station, allegedly accessed her estranged spouse’s bank account without permission. If proven, this would be identity theft.

This shows the far-reaching possibility of cybercrime.

Technical Disruption – Target Corp

Imagine — the busiest shopping day of the week and all of the systems to checkout customers are shutdown. Imagine you are one of the largest retailers nationwide.

Target Corporations experience an outage on Saturday of all stores nationwide due to a software outage. It seems the software outage was caused by routine maintenance — which obviously failed.

More from the Wall Street Journal at https://www.wsj.com/articles/target-stores-suffer-nationwide-outage-11560627812

Terrible video but had to share. Employees handing out chips. Starbucks handing out drinks. Customers offering their baskets to strangers trying to hold all of their items. Sometimes the most uncomfortable situations can actually bring out the best of human nature. #targetdown pic.twitter.com/iI3owraDoX
— Hunter Sowards (@huntersowards3) June 15, 2019

Can Encryption be broken?

RSA 2048-bit encryption is the standard. The time to break the code for encryption is currently so long, this is the standard for most systems. All banking, email systems, etc use 2048-bit as the primary encryption method.

Now comes the new computers called quantum computers. The processing times on these systems are a fraction of traditional computers. Experts predict RSA 2048-bit encryption may be broken in 8 hours or less.

Scientists have found a new encryption method which would not be able to be broken, but it is far becoming the standard.

For more on Quantum computers and encryption, see the MIT Technology Review article at: https://www.technologyreview.com/s/613596/how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours

Not your Father’s CFO

With the cost of a data breach reaching over $2 million per instance, the C-suite can no longer leave cybersecurity solely to IT. CFOs are becoming more involved with defining strategy for data security with the technology leaders.

Read Jeff Thompson’s, Institute of Management Accountants CEO, article on how financial executives are taking a more proactive role when it comes to data security.

https://www.forbes.com/sites/jeffthomson/2019/04/29/not-your-fathers-cfo-todays-cfos-incorporate-cybersecurity-in-their-risk-portfolio/#165fea3f395d

A new threat — Reward cards

It seems that every merchant has some type of rewards cards. At first it was just airlines and hotels that had these programs, now the local yogurt shop has joined into the trend. With more and more of these rewards programs online and accessible through apps, they are a new target for hackers.

See this article in the New York Times for more details: