Bosses, if you can’t beat it, join it.
FOR THE MILDLY PARANOID
So it looks as if the CIA could potentially break into most smartphone or computer networks, at least according to the stolen documents released by WikiLeaks on Tuesday.
Whether you have anything to hide or not, it’s a good reminder that in a digital age, keeping your life private requires some work.
Here’s a list of things everyone should be doing already to keep their information relatively confidential, plus some for the truly paranoid.
DON’T GET PHISHED
The most common way the CIA’s cyber tools — and hackers for that matter — get into your devices is via phishing emails or texts. These are created to look like they’re from a friend or trusted sender (say, your bank or a software company) and contain a link they try to trick you into clicking on.
Doing so loads software onto your computer, tablet or smartphone that allows the spies or hackers in. Once there, they can install any number of programs that allow them to spy on you and steal data. The CIA documents describe programs that can search through emails, contacts, texts and photos and send them from your device without your knowing it.
All of this is why you want to be very careful about what emails you open and what links you click. Hackers, and presumably the CIA, are very good at creating realistic-looking emails that entice you to click on dangerous links. When in doubt, don’t click on the link but instead go to the actual website it claims to be from.
TURN ON TWO-FACTOR AUTHENTICATION
This is that annoying step that comes after typing in your password. It sends a code to your smartphone or email. You input the code — the second factor in the authentication process — and you’re good to go.
While it seems like a hassle, it’s actually an extremely powerful way to keep anyone but you from getting into your accounts. They’d have to have stolen not only your ID and login but also your phone. You should turn twofactor authentication on for every app, program and device for which it’s available.
ONLY USE SECURE WEB BROWSERS
Look for websites that use the secure version of the web protocol. You can tell by looking at the URL, which should start with HTTPS rather than simply HTTP. It stands for Hypertext Transfer Protocol Secure and keeps malicious third parties from inserting code onto the site.
USE STRONG PASSWORDS
There are weak passwords, and then there are crazy weak passwords. According to a survey by Keeper, which makes password management software, 17% of users have 123456 as their password. At least put up a fight! Choose strong passwords, or sign up for a password management program that will create them for you.
INSTALL A MODERN OPERATING SYSTEM
Many of the vulnerabilities detailed in the WikiLeaks documents are older and target dated systems. It’s entirely possible that the CIA has newer tools for newer programs, but we don’t know. What we do know is that the longer an operating system or program is around, the more vulnerabilities in it that are found and exploited. So use the most recent version of whatever operating system you prefer (Microsoft, Apple or Linux generally), and when a new one comes out, don’t wait forever to switch.
INSTALL SECURITY UPDATES AND PATCHES
When you get a new phone or computer or install a new system, set it up to automatically update with security patches. If there’s no automatic update available, check periodically to see if anything new is available.
USE A SECURITY PROGRAM
There are many out there, from free ones to those you pay for. While it’s unlikely they’d keep the CIA out of your system, they’ll do a good job of keeping run-of-themill hackers away.
WHAT ABOUT ALEXA?
Many have noted that Amazon’s popular voice-activated digital assistant, Alexa, and the Echo speaker/microphone it lives in are not mentioned in the WikiLeak documents. That could mean that WikiLeaks simply hasn’t gotten to the portion of the documents that talks about Alexa. It could also be that the data dump, which seems to date mostly from 2014 and 2015, is from a time when Alexa was not really on the radar as a potential security risk.
That said, Amazon told USA TODAY that Echo’s design precludes snooping. The Echo keep less than 60 seconds of recorded sound in its storage buffer. As new sound is recorded, the old is erased.
USE ENCRYPTED MESSAGING SOFTWARE
There’s no evidence the CIA was using the tools described in the WikiLeaks documents to spy on Americans, which would be illegal under U.S. law. That said, if you really want to keep your life confidential, here are a few more things you can do.
Popular programs include Signal, Telegram and WhatsApp. The WikiLeaks documents claimed that the CIA had a program that allowed it to see what users were typing on certain phones running the Android operating system, but they hadn’t been able to break the encryption of the programs themselves.
INSTALL A CAMERA COVER ON YOUR COMPUTER AND PHONE
This keeps anyone from being able to surreptitiously turn on your camera and use it to record you. At hacker conferences it’s common to see little bits of paper taped over computer cameras or little plastic sliding covers that allow them to close off the lens when they’re not using it.
USE A LAND LINE
While it’s relatively trivial to bug someone’s phone, there are strong legal protections around doing so in the United States, including the requirement that those doing the bugging get a court order. So making a call on a land line is more secure, or at least more legally protected, than making a call on a cellphone. It also doesn’t leave a digital trail.
UNPLUG AND TURN OFF YOUR DEVICES
For the truly paranoid, the best way to make sure the devices that surround you aren’t spying on you is to unplug them or turn them off.