Cybercriminals generally hack utilities for one reason: money. They also are deliberately targeting specific businesses, especially those that are civilian but support military installations.
CHICAGO - A former White House cybersecurity expert is warning of potential cyberattacks on critical infrastructure. And in Illinois, security analysts are heeding his message on the dangers.
As former acting principal deputy national cyber director, Jake Braun, executive director at the Harris School of Public Policy's Cyber Policy Initiative at the University of Chicago, said that during his time in the Biden White House, he dealt with escalating cyber threats from China and other nation-states - often targeting utilities.
"They are very deliberately targeting specific water utilities, specific energy operators and so on - that are civilian but support military installations," he said, "so that if we go to war, they've kind of seeded the battlefield, so to speak, with malware."
Of the approximately 50,000 water utilities throughout the United States, Braun said only a few hundred support military operations - and many of the rest are unprotected. Braun noted that he is working with the National Rural Water Association to recruit cybersecurity volunteers to help support local water utilities.
Cybercriminals generally hack utilities for one reason: money. Braun said ransom demands in exchange for the thieves releasing their hold on systems is rising. These schemes start primarily in Russia and other Eastern European countries, but nations such as China are also willing to infiltrate and weaken critical infrastructure.
Braun pointed to the Bipartisan Infrastructure Law to fund improvements to these systems.
"And many water utilities aren't even requesting the funds," he said. "So the funds are there, they're available, and water utilities often don't even know they can request the funds for that. And that is true for many other critical infrastructure."
Braun said some water utilities are in such rural areas that they struggle to find cybersecurity experts. He lauded volunteer programs such as the University of Chicago's Project Franklin to fill the gap.
Among the targets of cybersecurity attacks in Illinois 2024 were the Secretary of State's office, three colleges, and three hospitals.
BRANDPOINT MEDIA - Scams are unfortunately a fact of life these days. If it's not identity or data theft, it's credit breaches and scam phone calls. Many of us are getting scam texts, too. As the holidays roll in, the U.S. Postal Inspection Service (USPIS) wants you to know we are on the job, working to protect you and your mail and packages.
USPIS's new holiday campaign, Don't Get Snowed by Holiday Scams, alerts consumers about crimes that are on the rise this holiday season: counterfeit postage, phishing/smishing, mail and package theft, and letter carrier robberies. It's all about making sure your holiday season is merry, bright, and safe.
Photo provided
Counterfeit postage
Now is a great time to stock up on stamps so you have them on hand to mail your holiday cards and packages. Looking for Forever Stamps online? You may find some deceptively good deals out there. And that's the key word: Deceptive. Counterfeit stamps are appearing more and more. If you see stamps at 20% to 50% off their face value, it's a scam. Fraudsters target consumers online on social media platforms, third-party ecommerce sites, and pop-up ads. These fake, discounted stamps come in a variety of designs that are meant to mimic real postage.
Protect yourself
Buy your stamps at the post office or from approved postal providers, which include legitimate "big box" retailers.
Report the sellers of counterfeit stamps at uspis.gov/report.
Phishing/smishing
What's that? You may have received a text or email about a package delivery gone wrong or unpaid online postage charges. The subject line or headline usually is "Delivery Failure Notification" or something similar. These messages appear to be from the USPS or another government entity, but they're not. They will likely contain a URL for you to click. If you do, it can activate a virus or lure you into providing personal financial information. If you get a text or email that uses poor grammar, has spelling errors, or asks you for payment or personal information of any kind, it is a scam.
Protect yourself
Don't click on any links.
Block the sender.
Delete the text or email immediately. If you choose to report it, send USPS-related phishing emails to spam@uspis.gov. You can also send USPS-related smishing texts to 7726. All other phishing/smishing attempts should be reported to the FTC or your local consumer affairs group(s).
Mail and package safety
Thieves are always lurking, getting ready for the busy holiday season, just like you! Your packages may arrive on time but may not truly reach their destination if they're plucked from the porch before you or your loved ones can get them inside. USPIS takes these cases of package theft very seriously and makes thousands of arrests each year. Thieves commonly cruise neighborhoods at times when people are at work, but they can strike anytime.
Protect yourself
Don't leave letters and packages in your mailbox or at your door for any length of time. Use USPS Hold Mail service, a delivery locker, or ask a trusted neighbor to grab your package if you are going to be away.
Request signature confirmation on packages and add package tracking.
Don't send cash in the mail.
If you move, file a change of address with USPS at www.usps.com and let your financial institutions know as soon as possible.
If you suspect you may be a victim of mail theft, report it at www.uspis.gov/report.
Letter carrier safety
Thieves are getting bolder. They're targeting letter carriers and stealing mail, packages, and even employee valuables. USPIS constantly strives to protect those who deliver to your door.
Postal inspectors are on the job, focusing on operations in high-risk areas, increasing awareness through education, and enforcing more than 200 laws designed to protect the nation's mailstream. Recent operations have led to the arrests of individuals involved in postal-related crimes, and the Postal Inspection Service is committed to making sure every letter carrier returns home safely this holiday season and all year long.
Protect yourself (and your letter carriers!)
If you see suspicious activity, call 9-1-1 immediately, then postal inspectors at (877) 876-2455.
Secure packages immediately after delivery.
Have your local post office hold mail/deliveries if you are going to be away.
Ensure valuables remain out of sight. Whether on your person or at your front door, your valuables are a target for thieves who are always on alert for their next opportunity.
For more information on what postal inspectors are doing to protect employees and customers, visit Project Safe Delivery - United States Postal Inspection Service (uspis.gov).
Holiday cheer is coming your way this season in the form of cards, letters, and packages. By working together to prevent scams and theft, we can all ensure the season is merry and bright.
Keywords: Postal Inspectors, Holiday Season Crime, Counterfeit stamps, Package Theft, Postal Crime
There has been a lot of research on the types of people who believe conspiracy theories, and their reasons for doing so. But there’s a wrinkle: My colleagues and I have found that there are a number of people sharing conspiracies online who don’t believe their own content.
They are opportunists. These people share conspiracy theories to promote conflict, cause chaos, recruit and radicalize potential followers, make money, harass, or even just to get attention.
There are several types of this sort of conspiracy-spreader trying to influence you.
Chaos conspiracists, aka trolls, a high “need for chaos” are more likely to indiscriminately share conspiracies, regardless of their personal beliefs.
I don’t believe in anything. I’m only here for the violence.
Research shows that people with positive feelings for extremist groups are significantly more likely to knowingly share false content online. For instance, the disinformation-monitoring company Blackbird.AI tracked over 119 million COVID-19 conspiracy posts from May 2020, when activists were protesting pandemic restrictions and lockdowns in the United States. Of these, over 32 million tweets were identified as high on their manipulation index. Those posted by various extremist groups were particularly likely to carry markers of insincerity. For instance, one group, the Boogaloo Bois, generated over 610,000 tweets, of which 58% were intent on incitement and radicalization.
You can also just take the word of the extremists themselves. When the Boogaloo Bois militia group showed up at the Jan. 6, 2021, insurrection, for example, members stated they didn’t actually endorse the stolen election conspiracy, but were there to “mess with the federal government.” Aron McKillips, a Boogaloo member arrested in 2022 as part of an FBI sting, is another example of an opportunistic conspiracist. In his own words: “I don’t believe in anything. I’m only here for the violence.”
Combative conspiracists – the disinformants
Governments love conspiracy theories. The classic example of this is the 1903 document known as the “Protocols of the Elders of Zion,” in which Russia constructed an enduring myth about Jewish plans for world domination. More recently, China used artificial intelligence to construct a fake conspiracy theory about the August 2023 Maui wildfire.
Often the behavior of the conspiracists gives them away. Years later, Russia eventually confessed to lying about AIDS in the 1980s. But even before admitting to the campaign, its agents had forged documents to support the conspiracy. Forgeries aren’t created by accident. They knew they were lying.
As for other conspiracies it hawks, Russia is famous for taking both sides in any contentious issue, spreading lies online to foment conflict and polarization. People who actually believe in a conspiracy tend to stick to a side. Meanwhile, Russians knowingly deploy what one analyst has called a “fire hose of falsehoods.”
For instance, in the wake of the first assassination attempt on Donald Trump, a false accusation arose online about the identity of the shooter and his motivations. The person who first posted this claim knew he was making up a name and stealing a photo. The intent was apparently to harass the Italian sports blogger whose photo was stolen. This fake conspiracy was seen over 300,000 times on the social platform X and picked up by multiple other conspiracists eager to fill the information gap about the assassination attempt.
Commercial conspiracists – the profiteers
Often when I encounter a conspiracy theory I ask: “What does the sharer have to gain? Are they telling me this because they have an evidence-backed concern, or are they trying to sell me something?”
When researchers tracked down the 12 people primarily responsible for the vast majority of anti-vaccine conspiracies online, most of them had a financial investment in perpetuating these misleading narratives.
Some people who fall into this category might truly believe their conspiracy, but their first priority is finding a way to make money from it. For instance, conspiracist Alex Jones bragged that his fans would “buy anything.” Fox News and its on-air personality Tucker Carlson publicized lies about voter fraud in the 2020 election to keep viewers engaged, while behind-the-scenes communications revealed they did not endorse what they espoused.
Profit doesn’t just mean money. People can also profit from spreading conspiracies if it garners them influence or followers, or protects their reputation. Even social media companies are reluctant to combat conspiracies because they know they attract more clicks.
Often, folks are just looking for attention or other personal benefit. They don’t want to miss out on a hot-topic conversation.
Common conspiracists – the attention-getters
You don’t have to be a profiteer to like some attention. Plenty of regular people share content where they doubt the veracity, or know it is false.
These posts are common: Friends, family and acquaintances share the latest conspiracy theory with “could this be true?” queries or “seems close enough to the truth” taglines. Their accompanying comments show that sharers are, at minimum, unsure about the truthfulness of the content, but they share nonetheless. Many share without even reading past a headline. Still others, approximately 7% to 20% of social media users, share despite knowing the content is false. Why?
Some claim to be sharing to inform people “just in case” it is true. But this sort of “sound the alarm” reason actually isn’t that common.
Over time, the opportunists may end up convincing themselves. After all, they will eventually have to come to terms with why they are engaging in unethical and deceptive, if not destructive, behavior. They may have a rationale for why lying is good. Or they may convince themselves that they aren’t lying by claiming they thought the conspiracy was true all along.
It’s important to be cautious and not believe everything you read. These opportunists don’t even believe everything they write – and share. But they want you to. So be aware that the next time you share an unfounded conspiracy theory, online or offline, you could be helping an opportunist. They don’t buy it, so neither should you. Be aware before you share. Don’t be what these opportunists derogatorily refer to as “a useful idiot.”
BrandPoint - Cybercriminals are increasingly attacking rural hospitals across America, posing a direct threat to patients. For many Americans living in rural areas, the nearest emergency room may be miles and miles away – and in an emergency, every second counts. Cyberattacks can disrupt the essential operations of hospitals, leaving people at risk.
Cybercriminals are also increasingly targeting rural communities, where digital defenses may not be as robust due to resource constraints. These attacks can be devastating, particularly to smaller, independent hospitals with limited means of protecting themselves.
When a rural hospital falls victim to a cyberattack, it’s not just the institution that suffers; the entire community feels the ripple effect. Just last year, an Illinois hospital permanently shut its doors partly due to a devastating ransomware attack. NBC News reported that because of the hospital closure, some residents are now more than thirty minutes away from emergency services.
Here are three ways people in rural communities can help:
1. Strengthen rural hospital cybersecurity
Hospitals need tools to protect themselves. That’s why the White House along with cybersecurity experts like Microsoft, are providing free and low-cost resources available to every rural hospital across the nation. This includes advanced security products along with free cybersecurity assessments and free training for frontline and IT staff. Rural hospitals can sign up for the program or learn more at nonprofits.TSI.microsoft.com/security-program-for-rural-hospitals.
2. Explore a cybersecurity career
America is facing a cybersecurity skills crisis. There simply aren’t enough people with the skills to defend against cybersecurity attacks: There are nearly half a million job openings requesting cybersecurity skills, but there are only 85 cybersecurity workers available for every 100 cybersecurity jobs demanded by employers, according to Cyberseek.
Anyone, anywhere can take advantage of the opportunity and start a career in cybersecurity. Building the skills necessary is easier than ever, especially given the free classes and tools available. For example, the Career Essentials in Cybersecurity learning path from LinkedIn and Microsoft allows you to earn professional certification in the field.
3. Protect yourself
Rural communities can protect themselves by strengthening vital infrastructure and hiring cybersecurity professionals, but the most important step is personal. Whether you work in a hospital or elsewhere, it’s critical to understand cybersecurity threats and prepare yourself.
Cyberscams are a pervasive threat in our increasingly connected world, and no one is immune to their risk. These scams, often disguised as tech support, prey on the unsuspecting, exploiting trust and causing harm. It’s essential to be vigilant and informed to protect yourself and your loved ones on how you can identify these online con artists. By staying aware and cautious, you can defend against the tactics of cybercriminals and keep your digital life secure.
Statepoint Media - In today’s hyper-connected digital universe, cyber criminals have more information than ever before, with the ability to reach you through unsecure public Wi-Fi, your email inbox, via text message, and more.
According to a Scam and Robocall Report from T-Mobile, Americans lost an estimated $39.5 billion to phone scams in 2022. Lucky for you, there are several ways to protect and safeguard your personal information to help prevent scammers from scammin’ this holiday season.
1. Avoid Public USB Ports: Traveling by plane this holiday season? The FCC warns that cyber criminals can download malware to public USB charging ports to gain access to your information. Prevent this by using an AC power outlet instead.
2. Beware of Charity Scams: It’s the season of giving, but the FCC warns many cyber criminals take advantage by creating fake charities staged as real nonprofit organizations to gain access to your payment information. Woof. To prevent this, don’t click on suspicious email or text links and verify the organization is registered at the National Association of State Charity Officials or Better Business Bureau’s Wise Giving Alliance before donating this holiday season.
3. Screen Your Calls: Scammers are continuously upping their game, with total robocall attempts up 75% from 2021 to 2022. Detecting whether an incoming call is a potential scam isn’t always easy, but T-Mobile’s Scam Shield app makes it simple. Free to all T-Mobile customers, Scam Shield enhances your scam-blocking protections so you can say goodbye to scam calls. In 2022 alone, Scam Shield identified or blocked 41.5 billion scam calls in the T-Mobile network. That’s a whopping 1,317 calls identified or blocked every second. With Scam Shield, when the network detects a potential scam call, it is flagged and displayed as “Scam Likely” on your device. Customers who want even more protection can download the Scam Shield app or dial #662# from their T-Mobile smartphone to enable Scam Block, which automatically blocks any calls that match the database of scam calls. Take that, tricksters. To learn more, visit t-mobile.com/scamshield.
4. Shop Smarter Online: According to Statista, 57% of holiday shoppers plan to use their smartphone to make holiday purchases this year, and scammers are onto them, ramping up activity during the two weeks before Christmas. To minimize any cyber Grinches trying to steal your personal info, monitor your financial accounts regularly for suspicious charges and sign up for your bank or credit card company’s text or email notifications to stay on top of fraudulent activity.
5. Use Secure Tools: Safeguard your online accounts with Multi-Factor Authentication, which requires users to enter two different kinds of information to log in, like a password and one-time PIN code. It’s like having a digital bouncer to make sure only you get into your accounts. Another protection is a password manager, giving you the ability to securely store passwords across multiple platforms and websites. The tool also provides an autofill password function and a new password generator.
To learn more about the industry’s top fraud trends and how to stay protected from scammers year-round, check out T-Mobile’s Scam Shield Report found at t-mobile.com/news.
While cyber threats are on the rise, you can sleigh scams by staying vigilant and incorporating these best practices into your life this holiday season.
For years, colon cancer was believed by many to be an "old person’s disease." However, a study revealed that young patients ages 20 to 29 have recently seen the highest spike in rates of diagnosed colon cancer cases.
Pet parents increasingly want to take their furry family members with them wherever they can. This has led to an uptick in pet travel, whether around town, on business, or across the country. In response to this demand, more hotels are taking steps to accommodate four-legged guests.
Ngô Minh Hiếu was once a fearsome hacker who spent 7 1/2 years incarcerated in the U.S. for running an online store that sold the personal information of about 200 million Americans. Since leaving prison, Hiếu has become a so-called white hat hacker, attempting to protect the world from the sorts of cybercriminals he once was.
These days, Hiếu said, it doesn’t take much hacking to access sensitive details about Americans. Companies and governments routinely leave databases exposed online with little or no protection, as we’ve reported, giving cybercriminals an easy way to harvest names, emails, passwords and other info. While in prison, Hiếu wrote an online security guide for the average internet user. As he and others have pointed out, it’s impossible to create an impenetrable shield. But here are some of his tips for how you can mitigate your risks, along with some other practical online security advice.
1. Stop reusing passwords
Make 2022 the year you finally stop reusing passwords. Once a password is exposed in a data breach, as routinely occurs, cybercriminals may use it on other websites to see if it grants them access and lets them take over an account or service. To help you generate lengthy, difficult-to-guess passwords without having to commit them to memory, use an encrypted password manager such as 1Password or LastPass. These services, which typically charge $3 to $4 per month, also monitor databases of breached passwords, like Have I Been Pwned, which can identify some passwords that have already been made public.
2. Delete unused accounts
Another benefit of using a password manager is that every time you create a new account at a website, you can log it in your password app. The app will track when you created a password and when you last modified it. If you notice that you haven’t used a website in a few years, and you don’t think you’re likely to use it again, delete your account from that website. It will mean one less place where your data resides.
3. Add an additional layer of security
Use multifactor authentication — which requires a second, temporary code in addition to your password to log in to a site or service — whenever possible. Some services send a six-digit code via text message or email. But the most secure method is to use an app that generates a numerical code on your phone that’s in sync with an algorithm running on the site. To make the process easier, you can download an app like Authy that, like a password keeper, helps you generate and manage all your multifactor authentications in one spot.
4. Manage your apps’ privacy settings
A lot of the data about us that gets leaked consists of information we don’t even realize apps and services collect. To limit that risk, check the privacy settings for any new app that you install on your computer, smartphone or other device. Deselect any services you don’t want the app to have access to, such as your contacts, location, camera or microphone. Here are some guides on how to manage your apps’ privacy settings for iPhone and Android devices.
5. Think before you click
Clicking on a link from a text message, an email or a search result without first thinking about whether it’s secure can expose you to phishing attacks and malware. In general, never click on any links that you didn’t seek out and avoid unsolicited emails asking you to open attachments. When in doubt, hover your cursor over a hyperlink and scrutinize the URL. Avoid it if it would lead you to somewhere you don’t expect or if it contains spelling errors like a missing or extra letter in a company’s name. And for safer online browsing, consider paying for an antivirus tool like Malwarebytes that helps you avoid suspicious URLs online (or sign up for a free browser guard extension).
6. Keep your software up to date
Whether it’s your web browser or the operating system on your computer or smartphone, it’s always a good idea to download and install the latest software update as soon as it’s available. Doing so fixes bugs and helps keep your systems patched against the latest security threats. To make sure you don’t forget, turn on notifications for new updates or enable autoupdate settings if they’re available.
7. Limit what you’re sharing online
Some of the large collections of personally identifiable information that have been floating around online weren’t hacked or stolen: They were simply scraped from social media websites like LinkedIn or Facebook. If you don’t want a particular piece of info about you out there, don’t put it on your social media profile. Scrub anything you don’t want exposed in your profiles, and check the platforms’ privacy settings to see who can access whatever is left. You can also pay for a service like DeleteMe, which helps centralize and pursue requests to delete your personal information from various data brokers.
8. Secure your SIM
One technique that has become increasingly common in recent years is SIM swapping: A cybercriminal tries to dupe your mobile carrier into switching your number from a SIM (the memory card that tells your phone it’s yours) that you control to a SIM that they control. The goal is to commandeer your phone so they can get around multifactor authentication settings that protect your financial accounts. To guard against SIM swaps, contact your carrier to establish an account PIN, or follow these directions if you’re with Verizon, AT&T or T-Mobile. And if you switch carriers, change your PIN.
9. Freeze your credit reports
If you’re afraid that a scammer might use your identity to open a fraudulent credit line in your name, consider placing a freeze on your report. A freeze will restrict access to your credit report, meaning that no one (not even you) will be able to open a new credit line while it’s in place. If you decide to apply for a loan or a new credit card, you can always unfreeze your credit later on. Freezing and unfreezing your credit is free, but you have to contact each of the three major credit bureaus separately to do it. Here’s a guide on how to get started.
10. Back up your data
Don’t assume that you’ll always have access to all your files and folders. Backing up your data can help you guard against virus infections as well as hard drive failure and theft or loss of your computer. You could use well-known cloud storage providers such as Dropbox or Google Drive to save copies of your data or buy a subscription to an online cloud backup service that automatically saves your files and lets you restore them if anything happens. All such services offer encryption, but if you’re afraid of storing your data in the cloud, keep an encrypted copy on a separate hard drive.
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.
PONTIAC - People everywhere are conquering their cabin fever and are enjoying the great outdoors after a long, bitter winter. But before you head out for that hike, health care experts remind you to take precautions to avoid tick bites. Read more . . .
CHICAGO - An Illinois law professor is weighing in on what she called a "very public and open test of due process" for immigrants being deported from the United States without court hearings. Read more . . .
CHAMPAIGN - In a show of solidarity against President Donald Trump's trade and immigration policies, which critics say are harming families and retirement savings, more than a thousand protesters gathered Saturday at West Park near downtown Champaign for the Hands-Off! Mobilization rally. Read more . . .
Photo Galleries
A couple of runners found themselves in the wrong race at this year's Illinois Marathon. Over 60 photos from the race that you should see.
by Terri Dee
