About That On-Line Poll...

At the end of July, I posted an online poll here on LinkedIn that ran for two weeks and asked readers, “How do you lock the front door to your house?” I provided four possible answers to choose from.

While the poll features tell me that there were 949 “impressions”, only 16 people actually made a selection. While that might be very bad for scientific sampling, it is very good for individual privacy and security.

Poll comments-

Aside from the votes cast in the poll, there were six comments left, by four unique individuals. While one seemed to be preoccupied by a zombie apocalypse, another chose to make a political statement. One of the earliest comments seemed to assume that this poll was intent on becoming an example for Multi-Factor Authentication. That was not a bad guess, since it’s one of my favorite features to encourage people to activate and use. I especially like the comment that suggested the specific lock configuration is based on risk analysis. Still, none of these comments was what the poll was really about.

Poll Results-

If you have never setup and conducted a LinkedIn poll, you may not know that the results not only show what options were selected, they also include who selected each option. The poll is not anonymous. As a result, for those who responded to the poll, they shared with me a description of their front door locks.

Using the Information-

Once I had a list of names, associated to a LinkedIn profile, that includes additional information, I could start building a profile for each of those people. Such details can then be further expanded with the use of open source intelligence. Simply put, there is a wealth of information available to the public if you know where to look. Considerable amounts of personally identifiable data is available on the dark web. For this exercise however, all that was needed is a few cleaver Google searches, and access to an online data broker such as spokeo.com or radaris.com and I was able very quickly connect names to very likely home addresses. How quickly? In 100% of the respondents, I was able to locate a likely home address in less the five minutes. For 75%, it took less then three minutes. Unbelievably a likely home address was located in less the one minute in 54% of the list. You may notice that I am stating “likely home address” because the only way to be absolutely certain of correctness is to start knocking on doors, and that would be creepy. However there is good reason to believe that at least most of the information compiled, is correct. If I were a bad actor that was proficient at defeating "Smart Locks", what would a list of addresses where they have been put into use be worth?

Profiling-

No doubt you have seen plenty of news stories about all of the various companies that have had their customer’s personal data stolen. You probably have even received a notification that your personal data has been exposed at some point over the last half dozen years or so. The dark web is full of data that contain names, date of birth, social security numbers, bank accounts, and more. But that is not the only source of information. The internet is filled with what is considered to be perfectly legal and legitimate information about you and your life. There is an entire industry (Link contains adult language) collecting and sharing data about you, your habits, preferences, and contact information. They scrape public records, social media, and in some cases they simply ask questions. All of that data can be cross referenced and correlated to build very detailed profiles about people. That data can then be used for all kinds of fraudulent activity in an attempt to monetize those records. Here are a few examples I've seen in the last 24 months:

• Open an investment account: Creating an account to trade stocks or cryptocurrency can provide criminals a way to make short term investments, and/or launder money, while letting someone else pay the capital gains taxes.
• File for Unemployment Insurance: This has become such a huge problem, the Department of Justice has recently established a new National Unemployment Insurance Fraud Task Force (justice.gov) to address this specific crime.
• Obtain or use health insurance: If a criminal can get your health insurance information, it can be used for their own needs. This can become a real problem when you suddenly get the bill for the copay. Or worse, your doctor unexpectedly has records of bad habits you don’t actually have.
• Re-use cracked passwords: If your password is exposed, you can never use it again. That will be the first password they try on your other accounts.
• File fraudulent tax returns: Redirect your tax refund to themselves.
• Apply for credit cards, or loans: Why pay the money back when it was in someone else’s name?

We can no longer assume that our personal information is still private. What can we do to protect ourselves? While nothing is guaranteed, there are a few things you can do to make it more difficult for the criminals.

1. Place a freeze on your credit
2. Get an annual free credit report and review for suspicious activity
3. Be careful what kinds of information you share with anyone (even me)
4. Use good, unique passwords that can’t be guessed when knowing anything about you (don’t use your pet’s name)
5. Make sure your personal computing devices are all up to date and have an effective name brand antivirus
6. Consider credit monitoring services
7. Check if your email or phone is in a data breach
8. Scrub the internet (best you can)

The low poll participation is a positive sign that people are becoming more cautious with what they share online. Unfortunately there is still considerable amounts of data collected both legally and illegally prompting a need to take steps to avoid being easily taken advantage of.