A friend asked recently if I might post a little guidance to newcomers hoping to better fortify against online attacks - and, in a manner that hopefully ALL can understand.

First, let’s talk about the nature and types of attacks.

Generally speaking, hacking is either passive or active in nature - and always subversive.

‘Passive’ hacking - examines patterns of life, building profiles whilst simultaneously exploiting vulnerabilities.

‘Active’ hacking - directly engages with the intent to coerce/impune.

Often, these methods are used in concert with other tactics - such as, utilizing public or open source data repositories to further coerce.

For example, the use of the SCRA database to openly target veterans. Or, court records to gain insight into points of exploitation.

Part of the psychology of their attack is to create the impression that the flow of embarrassing/controversial information regarding the victim can only be stopped through a specific action or inaction. More often, in cases where the attack can lend credibility to their efforts.

That’s why we are seeing the growing volume of attacks/doxxing of key members of government and - sadly, our media. It is a tactic employed most notably by the IRA (an internet ‘research’ agency doing Putin’s bidding) - later confirmed through our 17 Intel agencies.

And further evidenced through our international intelligence partnerships. The tactic is being used to sow discord - to divide the national conversation, and thereby weaken our National structure. We saw this in advance of the 2016 elections, and we are already noting for 2020

More vocal advocates are being targeted simply for their commentary and resulting in mass reporting of the account for violation of the social media platforms terms of service

So, how do we protect ourselves online while exercising our rights? More to come...

We begin by taking immediate action to limit and/or secure the outer worlds view into your inner world. Think of it like the blinds on your bedroom window - good security requires an honest look at our own habits and practices.

For example, photos and images may seem innocuous. So might the details of ones birthday celebration or location of the happy festivities. In and of themselves, these data points seem harmless - but TOGETHER, they can be used to gain access to private data.

I make it a practice not to friend family members on social media platforms. Why? Because I know that through my own work they are also vulnerable. Their vulnerability increases my own.

Similarly, we should periodically review our own timelines and connections; if something doesn’t feel right, it probably isn’t. More so, remove any content that might be viewed as a violation of terms of service. Don’t give fodder to a fool’s effort.

If you are hosting a presence on another platform, make sure you’re taking similar protections.

For example I host a website to support my charitable work. I utilize a secure service that allows me to flip a switch and restore my site if I’m hacked.

Similarly, I make sure that I’m limiting the potential for unwanted intrusion. Make sure all patches are installed, and updated initiated. Do not use apps from third party sites unless you’re certain you understand how they are protecting your data

Keep BIOs clear of any personally identifiable information - location, employment, hashtags, that might draw attention to your account. One of the tactics used by these groups is to mass report, often identifying targets through hashtags. So be mindful.

Don’t personalize the attack. Try to remember that this is a large scale effort to destabilize the United States. You losing your mind isn’t going to help. Likewise, action in the moment can result in adverse action.

Passwords...stop using the same password across multiple accounts. Set up a throw away email account that can be used when signing up for social media platforms; one that is distanced from your own reality by a good arms length

More to come...