The camera - glue it up! A Cybersecurity Specialist's Revelation

2024 Author: Seth Attwood | [email protected]. Last modified: 2023-12-16 15:55

Do I need to glue the camera on my laptop? Is your smartphone eavesdropping on you? How to protect yourself from personal data leakage? An employee of the cybersecurity department answers the pressing questions of our time and talks about the work.

How to become a "white hacker", fines and IT feminism

I studied at the university in one of the specialties related to the complex information security in the organization. They taught us how to protect the organization as a whole, from documentation - policies, regulations, etc., to the technical component - video cameras, access control and management systems. There were several courses in cryptography, a computer security course - this is exactly the area that interested me.

Around the equator of studying at the university, in search of a part-time job, I ended up in a very good company, where I worked in parallel with my studies and for many years after.

I cannot name a specific one, I am one of the specialists in the study of various kinds of cyber attacks. We study their mechanisms and functionality and figure out how to prevent them.

I was never called a white hacker, black or gray. I like the gradation "cybersecurity specialist" - "cybercriminal" more. I'm on the bright side of the force, that's enough.

Many information security specialists work in large well-known organizations, almost all of them work in the office. Including me. There is no routine as such, I arrive at ten and work until seven. Someone comes at one o'clock and leaves at nine or ten o'clock in the evening. The main thing is the result. You can always work from home - everyone is connected with a laptop.

Our offices are quite comfortable with many pleasant buns, such as coffee machines, vending machines and other attributes of a modern office.

Of course they are paid. There are also kitchens - in self-respecting organizations, this is all by default.

Most companies have a shift schedule. I have not worked on shifts for a long time, but I started with a shift schedule. Then I switched to the area that interests me.

There are a lot of girls in cybersecurity, including in Russia. There are world-renowned specialists who are the best or some of the best in certain areas.

No, in this area the main thing is knowledge. I worked with several female analysts, they were very cool specialists. In this regard, everything is open in IT. In the same way that female programmers don't surprise anyone nowadays. Again, the main thing is knowledge and skills, not gender.

There is always work, and there is always something to do. As far as I know, many companies have certain indicators for shift workers. Those who are in free float may not have such indicators, because in some situations, the study of one cyberattack can take weeks or months.

For everything the same as in any other company. Among the features - companies engaged in the protection of information will not hire a person with a tarnished reputation in our field, as well as those who have committed crimes under Articles 272, 273 and 274 of the Criminal Code of the Russian Federation: illegal access to computer information; creation, use and distribution of malicious computer programs; violation of the rules of operation of means of storage, processing or transmission of computer information and information and telecommunication networks.

This is immediately a black mark. Our world is narrow - it is unlikely that a person will be taken anywhere.

Corporate events, salary and career growth

I worked for a long time in one large company, it was very fun and comfortable there. We often attended various specialized conferences, there were always many opportunities for self-development. And the team at that time was very friendly.

Of course, they did not come to the corporate parties of System of a Down, but Bi-2, Mumiy Troll, Spleen and other stars of Russian rock performed with us. Bi-2, for example, turned out to be very simple guys - after the concert Leva came out to us with the words: "Guys, give me a lighter." We smoked with him, it was fun. We, like many other companies, have two global corporate parties - New Year and the company's birthday. We walk once every six months.

But this is not only with us - any other organization like the same Google is doing well in terms of corporate events, working conditions and various goodies. They know how to keep an employee.

It seems to be there, but I don't remember anyone celebrating it. There is no such thing as on the day of the Airborne Forces or on the day of the border guard. The birthday of the company is celebrated on a much larger scale than the day of the IT specialist.

A good specialist makes good money. It all depends on experience and scope, on your uniqueness. In Moscow, you can get 200,000 rubles. Maximum - well, a few hundred. At the top manager level. This is, of course, above the national average.

About ten years ago, on probation, I received 20,000 rubles. I had a place to live, I never paid for anything, and for me it was ****** what kind of money. Now the interns have a little more - the crisis, inflation - but, unfortunately, I do not know for sure.

I earn from 150,000 rubles. But I work - no one will pay anything for nothing. Everybody is adequate, everybody counts money and does business.

There are independent experts. They do what they are interested in, work from home and can collaborate with anyone.

There is always a shortage of personnel. I have not one or two of these in my team. The team can be geographically fragmented, each working with a specific task. There are about ten people in the room. There is no competition - we are all doing one thing.

There is a special department that processes applications.

Yes. Large companies have departments that deal, for example, with purely industrial safety. Now, after all, everything is gradually being digitized - factories, industrial enterprises. Their idea of protection may be outdated - that's why all the process control systems have to be protected.

A key moment that changed the entire industry for years to come was the discovery of the Stuxnet worm in 2010. It was created to prevent the development of the Iranian nuclear program. Nine years later, Stuxnet is still remembered today.

Cyberattacks today can cost a lot of money, which is why professional cybercriminals are engaged in it. Well, or special cyber units of states.

If you work well, you grow well. Someone wants to be engaged in only one direction and have horizontal growth, while someone grows up. Several years ago I switched to a related field related to consulting - it turned out to be diagonal growth.

Do I need an antivirus and why glue the camera on a laptop

Certainly.

There are several highly respected companies testing security products: AV-Comparatives, AV-TEST, and Virus Bulletin. They show more or less truthful results.

All my family and I have Kaspersky Internet Security. The sound of a pig, by the way, when a virus is detected, has not been used for a long time:)

There are a lot of viruses and antiviruses for Mac too. And when the Yabloko people say that they are doing well - ****** they are not doing well. This carelessness then bears fruit for cybercriminals.

It is more difficult with iPhones - it is difficult to develop malicious programs for them. In fact, it is extremely difficult to run some code from outside the App Store. There are exit routes, but there are no massive attacks on end users. But in reality - if they want to hack something, they will hack anything.

The goal of any information security system is not only to prevent attacks, but also to make hacking as difficult and expensive as possible for cybercriminals.

Android must also be installed with security software. There is an opinion that android is the most unprotected. In 2014, when several hundred thousand malicious programs already existed under it, their representatives were talking some nonsense that there are no malicious programs, there are only potentially dangerous ones. Of the mobile operating systems, iOS is still safer.

Rumor has it that some large corporations based in America can wiretap your phone without your knowledge through apps. But today there is no direct evidence of this, and at the same time there are many facts that play against this theory.

Probably not. Rumors, again, go, but these are rumors. If paranoia rolls up, you can turn it off. But then you still have to turn it on.

It is advisable to glue the camera. There are many malicious programs that can secretly transmit video and audio data to hackers.

Putting a comprehensive security system, not sitting under the admin account - this immediately removes many problems. Do not use public Wi-Fi networks - there is no password, all traffic is transmitted in clear text. Or else use a VPN in this case. Come up with strong passwords for each service, or use a password manager.

Online banks themselves encrypt traffic, but there are ways to attack in this case too. Therefore, if you are connected to public Wi-Fi, immediately turn on the VPN. The traffic is encrypted, the likelihood of compromising it is very low.

The password must be at least 8 characters long, of course, uppercase and lowercase letters, numbers, special characters. You can come up with a mnemonic rule to make passwords for each resource, but at the same time so that they are all different. You need to practice well, remember and change it every three months.

It is imperative to use two-factor authentication. And it is extremely important not to use text messages as a second factor (at least for critical resources).

Today, SMS is still widely used for two-factor authentication, and at the same time, there are different ways to get the contents of the SMS cherished for a cybercriminal. Therefore, most experts strongly recommend using hardware tokens or two-factor authentication applications.

There is an opinion that Linux is "Elusive Joe". But in fact, it is also possible to carry out attacks on this system.

There are no unbreakable systems. The unbreakable system is a steel cube in the most heavily guarded military bunker, containing a computer completely covered in cement. Only then is the computer safe. And that's not a fact.

All safety rules are written in blood, they have not changed globally - either now or ten years ago. They can adapt to new technologies, but the essence remains the same in general.

Interaction with control "K", computation by IP and Putin's phone

Install VPN or Tor.

Intelligence agencies are naturally interested in gaining access. There are other messengers that are more secure than Telegram. The most important point is what kind of encryption is used: end-to-end, or messages are encrypted only during transmission to the messenger's servers and are already stored unencrypted there. In today's realities, it is best to use messengers with end-to-end encryption, when only you and the person with whom you are communicating have the key. This is, for example, Signal. I am wary of WhatsApp, despite the fact that they also use this kind of encryption by default, since today it belongs to Facebook.

In general, everything can be hacked, the main questions are the goal of hacking and the resources of the attacker.

This is a regular topic. Many companies involved in cybersecurity may receive an official request for expertise from the “K” department, and everyone does it. Cybercrime is the same criminal offense. It's a routine. Now the practice of collecting the evidence base has already been developed - what and how to look for, how to prove the guilt of a particular person.

No, but most often Masks of Shaw comes to the suspect and seizes a laptop, cell phones, smartphones, SIM-cards, flash drives and other equipment, and hand them over to us for technical research.

Pirated software never needs to be installed. It used to be a problem with access to software, but now the main programs are preinstalled on laptops. They are unlikely to come to you because of Photoshop, but it is easy to get infected with something.

When you go online, your ISP will give you an address. That is, it knows your physical address and binds an IP to it. But I doubt that the provider will give it to some left Vasya. If you are sitting through a proxy, then it is even more difficult. The provider can provide all the data to the special services, but a jealous wife will not look for a husband through MTS.

In theory, anything is possible.

Russia is constantly bombarded with accusations of all the worst cyber (and not only) sins. And no one really showed any real evidence. And at the same time, everyone knows that the same Facebook massively leaked personal information and metadata from Cambridge Analytica.

Many countries today recognize the need to ensure the cybersecurity of the state in general and critical infrastructure in particular. Therefore, in many countries there are units that are involved in protecting against cyber attacks.

Most likely, no one will ever say for sure whether Russian-speaking hackers influenced the elections or not. But the fact is that Russian-speaking programmers and security specialists are serious guys and some of the best in the world, if not the best. And you can find them not only in Russia, but also in Silicon Valley, and in Europe, and in other countries.

Many technological words are tracing paper from English. Sorts - the source code, virye - viruses, malware - the general name for malicious programs.

There is professional paranoia, and many people experience it.

There is no anonymity. If they want, they will find it.

And why should he? He's a smart man. Our services are guys with a head, they understand everything. There is a special unit of the FSO, which is engaged in providing government communications. How and what works there - only they know. But for some reason I am 100% sure that everything is done very reliably there.

Smartphones and tweets at this level are pampering.