Berezovo had been life-trained in security work, particularly that having to do with Soviet security problems in North America, where this killer would operate. If a normally conditioned Anglo-Saxon could be taught to kill and kill, then to have no memory of having killed, or even of having had the thought of killing, he could feel no guilt. If he could feel no guilt he could not fall into the trap of betraying fear of being caught. If he could not feel guilt or the fear of being caught he would remain an outwardly normal, productive, sober, and respectful member of his community so that, as Berezovo saw it, this killer was very close to being police-proof and the method by which he was created must be very, very carefully controlled in its application to other men within the Soviet Union. Specifically, within Moscow. More specifically within the Kremlin.–The Manchurian Candidate by Richard Condon
Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801-6809 (2002). Available at: https://www.law.cornell.edu/uscode/text/15/6809
(4)Nonpublic personal information
(A)The term “nonpublic personal information” means personally identifiable financial information—
(i)provided by a consumer to a financial institution;
(ii)resulting from any transaction with the consumer or any service performed for the consumer; or
(iii)otherwise obtained by the financial institution.
(B)Such term does not include publicly available information, as such term is defined by the regulations prescribed under section 6804 of this title.
(C)Notwithstanding subparagraph (B), such term—
(i)shall include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information other than publicly available information; but
(ii)shall not include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any nonpublic personal information.
(GLBA, 15 U.S.C. § 6809(4)(B))
Lay traps: When you’ve mastered the basics above, consider setting traps for phishers, scammers and unscrupulous marketers. Some email providers — most notably Gmail — make this especially easy. When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that with a “+” sign just to the left of the “@” sign in your email address. For example, if I were signing up at example.com, I might give my email address as firstname.lastname@example.org. Then, I simply go back to Gmail and create a folder called “Example,” along with a new filter that sends any email addressed to that variation of my address to the Example folder. That way, if anyone other than the company I gave this custom address to starts spamming or phishing it, that may be a clue that example.com shared my address with others (or that it got hacked, too!). I should note two caveats here. First, although this functionality is part of the email standard, not all email providers will recognize address variations like these. Also, many commercial Web sites freak out if they see anything other than numerals or letters, and may not permit the inclusion of a “+” sign in the email address field.
An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network system, or data and who, (3) through action or inaction without malicious intent, (4) unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability.
–Unintentional Insider Threat and Social Engineering, Insider Threat Blog, Carnegie Mellon University (CMU) Security Engineering Institute (SEI), by David Mundie, 03/31/2014
Spear phishing is targeted. The attackers did their research, usually through social engineering. They might already know your name or your hometown, your bank, or your place of employment—information easily accessed via social media profiles and postings. That bit of personalized information adds a lot of credibility to the email.
Spear-phishing emails work because they’re believable.
Spear-phishing attacks are not trivial or conducted by random hackers. They are targeted at a specific person, often times by a specific group. Many publicly documented advanced persistent threat (APT) attack groups, including Operation Aurora and the recently publicized FIN4 group, used spear-phishing attacks to achieve their goals.
Phishing emails are exploratory attacks in which criminals attempt to obtain victims’ sensitive data, such as personally identifiable information (PII) or network access credentials. These attacks open the door for further infiltration into any network the victim can access. Phishing typically involves both social engineering and technical trickery to deceive victims into opening attached files, clicking on embedded links and revealing sensitive information.
Spear phishing is more targeted. Cyber criminals who use spear-phishing tactics segment their victims, personalize the emails and impersonate specific senders. Their goal is to trick targets into clicking a link, opening an attachment or taking an unauthorized action. A phishing campaign may blanket an entire database of email addresses, but spear phishing targets specific individuals within specific organizations with a specific mission. By mining social networks for personal information about targets, an attacker can write emails that are extremely accurate and compelling. Once the target clicks on a link or opens an attachment, the attacker establishes a foothold in the network, enabling them to complete their illicit mission.
A spear-phishing attack can display one or more of the following characteristics:
- Blended or multi-vector threat. Spear phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defenses.
- Use of zero-day vulnerabilities. Advanced spearphishing attacks leverage zero-day vulnerabilities in browsers, plug-ins and desktop applications to compromise systems.
- Multi-stage attack. The spear-phishing email is the first stage of a blended attack that involves further stages of malware outbound communications, binary downloads and data exfiltration.
- Well-crafted email forgeries. Spear-phishing email threats usually target individuals, so they don’t bear much resemblance to the high-volume, broadcast spam that floods the Internet.
White Paper: Spear-Phishing Attacks, FIreEye
As a security professional within a corporate environment, I am tasked with identifying and mitigating vulnerabilities or threats. Information Security (InfoSec) effectively comes down to this: 1) know what you have (valuables), where it’s located and who has access to it, 2) identify potential vulnerabilities/weaknesses coming from both inside and outside the company (or DMZ), and 3) eliminate/reduce all vulnerabilities and weaknesses to the fullest extent possible, while carefully monitoring those that you choose to allow to remain unaddressed (there are many reasons for making this decision).
Take this process and apply it to a community of people. For the sake of argument:
- Make 10% of that population homeless.
- Create an economic structure wherein people are constantly flowing in and out of homelessness. The population keeps changing.
- The total % of people who are homeless increases, slowly, over time.
- 25% of the people who experience homelessness spend the rest of their lives living with a mental or physical illness (disability?) acquired as a direct result of being homeless.
- 75% of the people experiencing homelessness, at any point in time, are children.
- The protection afforded to housed people is not provided to homeless, making them perfect targets for criminals, predators and ‘recruiters’ of all kinds.
- Surviving homelessness requires surviving violence.
If this community has 100,000 people, then a minimum of 10,000 people are being forced to live underground at any given moment in time. 7500 of these individuals are children whose education is being interrupted and/or negatively impacted by the experience. There are also a minimum of 2500 people who are dealing with illnesses and disabilities as a direct result of being forced to live underground while surviving extreme poverty.
Those 7500 children and 2500 permanently injured/disabled adults (we’ll assume they are all adults) are (re)entering society with training, experience, perspective and skills that may or may not positively contribute to the safety, security and positive function of society.
As a security professional, I shake my head in disgust because those 7500 unknowns (at this point, they are not officially threats) were completely avoidable. I did not have to be concerned about them at all. It is a situation that could (should) be eliminated through housing, access to basic resources/necessities, respectful and effective assistance from police forces and safe, quality, reliable and free education.
Now, let’s introduce some known threats.
- Psychopaths make up 1% of the total population (How to Spot Psychopaths: Speech Patterns Give Them Away): 1000
- Sociopaths make up 4% of the total population (What percentage of people are psychopaths/sociopaths?): 4000
- Violent criminals make up 1% of the total population (The 1 % of the population accountable for 63 % of all violent crime convictions): 1000
- Organized crime holds influencing control over 10% of the total population (https://www.fbi.gov/investigate/organized-crime): 10,000 (Notes: 1) ‘influencing’ control covers everything, including: owing a small debt, having a distant blood relation directly involved, being blackmailed and being a fully involved member and 2) I could not find a published population % of involvement, so I went with an easy-to-calculate number – when compared to actual influence of organized crime, I suspect this number is extremely low.)
- Sexual predators make up .2% of the total population: 200 (https://www.statisticbrain.com/sex-offender-statistics/)
All of these threats could consist of a grand total of 10,000 people due to overlap (read: the highest number listed above), but it also could consist of a total threat base of 16,200 people – assuming no overlap. So my known threat base ranges from 10,000 to 16,000 people in the total population. Assuming %s remain consistent and all known threats are adults, then it can be assumed 250–400 experienced homelessness at some point.
I’m guessing that you are looking at that relatively low number of homeless predators and wondering: how does this illustrate compounding vulnerability exploitation? Allow me to illustrate…
Compounding force #1: One vulnerability leads to a strengthening of a threat which, in turn, creates another vulnerability.
10,000 perpetrators/threats (10% of the total population) are committing crimes against 10,000 vulnerable (homeless) people (10% of the total population) either by preference or as a form of practice. The homeless are not provided police protection and they cannot defend themselves due to extreme poverty and social stigma. Therefore, a potential criminal who has not crossed the line into full-blown criminal activity, is provided a ‘sandbox’ where these behaviors can be acted out and perfected before perpetrating them against people who ‘matter.’
Compounding force #2: The purposeful allowance of an exploitation, and the refusal to take proper action in response, increases both the threat and the vulnerability.
The widespread acceptance surrounding the degradation, marginalization and violent treatment of poverty survivors (homeless people in particular), creates a pervading social construct (culture) that is less able (unable?) to identify and address these same behaviors perpetrated against the general population. The community has become ‘numb’ to criminal activity and lost a significant (important) portion of it’s willingness and/or ability to properly address these actions.
The culture of a community/environment must be such that threats can be identified and addressed, promptly, properly and effectively. If the culture is negatively affected in one circumstance, allowing a known threat/criminal act to go unaddressed (unpunished), then that same threat will not only continue, but will grow stronger and begin to expand (aggressively).
Compounding force #3: Threats that are mitigated ad-hoc and separate from the whole often generate more vulnerabilities and create new categories of threats.
The widespread refusal to treat poverty survivors (homeless in particular) with the basic respect due to any human being, combined with an aggressively enforced caste system that forces people into permanent association with a ‘lesser-than’ category, directly and negatively affects all poverty survivor’s ability to improve their lives both financially and socially. They are placed between the proverbial ‘rock and a hard place.’
Desperation and lack of options can force people to find creative solutions (this is good), but it can also push them into making alliances and decisions that place them into the community threat category (this is bad).
The homeless are the absolute bottom, they are not the entire community of poverty survivors. Those who are surviving poverty while remaining housed (however tenuous that situation may be) will see what is happening to those trying to survive homelessness. The actions taken against the homeless will directly and profoundly effect the decisions made by those who are ‘merely poor.’
The two communities combined are placed in a state of desperation, trying to improve their situation. This makes them all particularly vulnerable to everything from relatively light criminal activity (e.g.: shoplifting) to criminal association (e.g.: joining a gang or a criminal network) and radicalization (e.g.: joining terrorist organizations like the KKK or ISIL and participating in hate crimes or terrorist attacks).
By isolating and ignoring the safety and welfare of one segment of the community, the threat level is increased for another segment of the community. Due to the ostracism and marginalization of poverty survivors, the actions taken by poverty survivors, in reaction to their situation, are separate from the actions taken by the police and similar organizations in protections of the community as a whole. This disconnect creates an increased number of threats seeking to exploit vulnerabilities found throughout the community.
Compounding force #4: The creation of exploitable vulnerabilities increases with the acceptance of those exploitations.
When the only thing separating those vulnerable to degradation, vicious social behavior and open violence is financial standing, moving a targeted individual into a state of absolute vulnerability hinges on destroying their financial standing.
In other words, everyone is vulnerable, because anyone can have a financial crisis at any moment.
It’s easy to assume that you are immune to such experiences. But it is even easier to examine the life and habits of any individual or family and identify that ways in which they could go from housed and financially secure to living out of shelter – in a stunningly short period of time.
For criminals and predators, this is an important loophole. It permanently establishes a vulnerability within every single household, that can be exploited to reduce or eliminate a threat to criminal operations. Because the vulnerability is entirely financial, exploiting it presents minimal risk to criminals and predators. After all, arranging for a family member for come down with a mysterious illness that requires a lengthy hospital stay, or simply ensuring the primary breadwinner looses his or her job, is relatively easy.
There is no such thing as an isolated threat. Every ecology or environment (e.g.: computer systems, the environment, human social networks, towns and cities, etc.) operates within the push-and-pull of threats-vs-vulnerabilities. Every threat has the potential to grow strong and every vulnerability has the potential to grow larger. Both have the ability to spread to other systems, ecological environments, communities, etc.
Dividing the world into absolute, unchanging, categories of US and THEM is a dangerous habit. A truly effective system of threat identification and mitigation recognizes that there is no them – there is only us.
Step 1: Read this article –>How I Learned to Stop Worrying and Embrace the Security Freeze
Step 2: Place a freeze on social security numbers of all family members. Note: A freeze cannot be placed on minors through online portals. Most agencies offer snail-mail options for minors.
- Equifax: https://www.freeze.equifax.com
- Experian: https://www.experian.com/freeze/center.html
- Innovis: https://www.innovis.com/personal/securityFreeze
- Trans Union: https://www.transunion.com/credit-freeze/place-credit-freeze
Step 3: Place all account IDs, passwords and PIN numbers in a safe place! Applying for credit in the future will require contacting the agency and removing the freeze, temporarily or permanently.
Has anyone succeeded in erasing someone’s memory? by Gagan Bir Singh https://www.quora.com/Has-anyone-succeeded-in-erasing-someones-memory/answer/Gagan-Bir-Singh?share=d15154d6&srid=zRYF
The possibilities for abuse are massive and terrifying.
“Put as much in writing as possible and save that documentation. By creating a paper trail, you’ll have proof of your concept if it does go to court. Keep a log of every discussion you have where details of your business are disclosed. This log could come in handy if you find one of those conversations go somewhere.”
“To make sure your next million dollar idea isn’t stolen or copied, we enlisted the help of specialists in “idea security” to find out how you can avoid becoming a hard luck story…Rather than trying to avoid attention, flag ideas as your own even at an early stage. “Use the right symbols in your media and marketing material alerts,” recommends David Bloom, head of Safeguard iP, a specialist Intellectual Property (IP) insurance broker. Patent and design numbers can be added later…”
“Turn to the U.S. Patent and Trademark Office for help. Fortunately, patents aren’t the only tools available to protect our ideas. First, file a provisional patent application. You can do this yourself online or use a template such as Invent + Patent System or Patent Wizard to help you. The USPTO also has call centers available with staff members on hand to answer questions and offer guidance.”
“Tortious interference with business occurs when another person directly interferes with a business’s ability to operate. This offense usually involves other offenses, such as defamation. However, if a person steals your idea and then actively works to prevent you from bringing your idea to fruition, this could constitute tortious interference.”
What Is the Legal Term for Stealing a Business Idea?, AZCentral.com, by Van Thompson
“I say do what you can. Do the legal end when it’s practical, but don’t trust it. Don’t think it solves the problem.
You’ll never get a legitimate investor to sign one of those documents before you pitch. If an investor signs off on a non-disclosure, she’s just ruled out a whole class of business she can never invest in without risking legal action. They just don’t do it.
And, I think lots of people who you might want as team members would be put off with the idea of signing a legal document before talking about it. I would.”