Encryption

What is it?

Encryption secures data by scrambling it so that only authorized people can unscramble it.

Commonly used websites and apps, like social media networks, online stores, and chat apps, use encryption to protect the data that you send to them as it moves across the internet.

Why encryption is important?

Encrypting the connection between your computer and the website you visit ensures that any sensitive information you send to the website such as your credit card number cannot be collected by someone monitoring the connection.

Websites with encryption, like Gmail, Facebook, or your bank show up differently in your browser. When you visit a website with encryption you will see HTTPS in the URL. The S stands for Secure. Most browsers will also show a green lock next to HTTPS to confirm the connection is secure. Websites that only show HTTP do not use encryption, and the information you enter on them can be monitored.

Learn more

• Electronic Frontier Foundation. Surveillance Self-defense. What Is Encryption?
• Sicher Kommunizieren Einfach Erklärt (Safe communication, simply explained) (German, with English subtitles)
• Art of the Problem. Public Key Cryptography: Diffie-Hellman Key Exchange (short version)

Malware

What is it?

Malware is any malicious software that does unwanted actions on a device.

How can it happen?

Malware “infects” you by being installed on your device. There are many ways malware can get on your device including through messages with attachments or links, physical access to your device, or a man-in-the-middle attack.

Messages: A common tactic is to send messages containing links or attachments. The goal of the attacker is to convince you to trust the message and click the file or the link. This trickery often relies on creating feelings like fear, curiosity, and urgency, and may appear to come from a person or organization you know. Clicking on the file or link results in an infection that can give the attacker access to your device.

Physical Access: An attacker with physical access to your device can directly install malware on to it.

Man-in-the-middle attack: A sophisticated attacker with control over the network sends malware to your device.

What's the harm?

There are several types of malware that can cause different harms including:

Spyware can take photos of you, steal your files, record your conversations, or track your location.

Ransomware holds your files hostage by encrypting everything on your device and not letting you decrypt it unless you provide money to the attackers.

Adware shows advertisements in unwanted places.

Who can exploit it?

Malware is often used by criminals to steal banking information and passwords. It can also be used by spies to collect data from computers and watch people’s activities.

Learn more

• Tibet Action Institute. Detach From Attachments
• Tibet Action Institute. Think Before You Click
• Cyber Arabs. Avoiding Viruses
• John Scott-Railton. Digital Security Low Hanging Fruit.

Man-in-the-middle attacks

What is it?

Imagine trying to pass a note to your friend, but a nearby stranger takes the note out of your hand, reads it, then passes it to your friend. A "Man-in-the-middle" attack works just like this story. An attacker targets data moving across the Internet and performs an action on the data, before passing it along to its destination. This action can include collecting data, tampering with it, or replacing it entirely.

How can it happen?

All data passes through routers, such as the ones at your home, your Internet service provider, and the Internet exchange points that connect Internet service providers to one another. The attack can happen at any routing point along your data’s journey across the Internet. At those points, computer programs can be set up to intercept data as it passes through and manipulate it for potentially malicious purposes.

What's the harm?

If an attacker can get access to your data, they can eavesdrop on you and even steal your identity. By sending you fake data, an attacker can trick your computer to install bad software (malware). This software can monitor everything you do on your device including your current location, everything you type (all your passwords, credit card information), or even turn on and record from your webcam without your knowledge.

Who can exploit it?

People or groups in control of Internet routing points can act as Man-in-the-middle attackers. These can include someone operating a public WiFi hotspot, Internet service providers, Internet exchange points, or government authorities.

Learn more

• Washington Post: How the NSA is infiltrating private networks
• OWASP: Man-in-the-middle attack
• Electronic Frontier Foundation. Surveillance self-defense. Man-in-the-middle attack.

Mobile identifiers

What are they?

Your driver’s license number, your social security number, your address. These identify you and your actions. Your mobile phone has similar identifiers attached to it that are used to identify the device and its actions.

What's the risk?

If mobile identifiers are transmitted without encryption they can be collected and used to learn about your online activities and interests.

Who can exploit them?

Mobile identifiers can be used by intelligence agencies, advertisers, and criminals. Intelligence agencies can monitor entire nations’ internet traffic and profile users based on their mobile identifiers. Advertisement companies can use mobile identifiers to better target ads. Criminals can use mobile identifiers to better target people with malware.

See more

• Citizen Lab. The Many Identifiers in Our Pockets: A primer on mobile privacy and security
• Center for Investigative Reporting. Hot on Your Trail: Privacy, Your Data, and Who Has Access to It

Open Wifi

What is it?

Open WiFi Networks are wireless networks that are usually free to join and require no password to connect. You can encounter them at coffee shops or other places in your community. Open WiFi networks can be convenient and helpful ways to get connected but also can put you at risk.

What are the risks?

When you are on an open WiFi you have no way of knowing who may be monitoring the network and spying on your activities. Any information that you send on an open WiFi could be collected by an attacker including your passwords, browsing history, and credit card information.

Learn more

• National Public Radio. All Tech Considered. Here's One Big Way Your Mobile Phone Could Be Open To Hackers
• Lookout Security. The problem with public Wi-Fi

Software updates

What are they?

We have all seen software update notifications. Software updates are a way for developers to keep an application you have installed current. Importantly, software updates are often used to improve the security of applications after vulnerabilities are discovered. Updates are an important part of keeping your devices secure and functioning properly.

What's the harm?

Once a security problem is discovered, attackers can take advantage of it as a way to steal data or deliver malware to their targets running the problematic software. Software companies will often rush to fix security problems when they become aware of them. If a problem is publicly known before it’s fixed, more potential attackers could be devising ways to infect their targets. This is why installing updates as soon as you can is important.

Learn more

• Tibet Action Institute. Cyber Superhero: Don't Wait Update!
• MIT Information Systems and Technology. Software Patching
• Brown University. IT Service Center. Update Your Operating System and Software