AXEL.org

Cybersecurity

Your Privacy and The Internet of Things

The Internet of Things is a remarkable push to bring data collection to a broader range of devices. As technology becomes cheaper, smaller, and more powerful, the internet has found its way into unlikely places. The Internet of Things brings conveniences and insights into the lives of the layperson and the daily dealings of businesses all around the world. What can we gain from the Internet of Things? What happens when the Internet of Things turns its back on us?

What is the Internet of Things?

The Internet of Things is a distributed method of connecting mundane objects, or things, to smart devices and the internet at large. This is done by attaching sensors and transceivers to these objects and directing them to share information that may make end-user lives more convenient[1].

The classic example of an IoT-enabled device is a smart refrigerator. The utility of a refrigerator is bolstered by the inclusion of a few sensors and the ability to communicate. We can extend the lifespan of these refrigerators by predicting service needs and reporting points of failure as soon as they arise. Consumers are able to streamline their grocery shopping, saving time in their increasingly busy lives. 

The benefits of the Internet of Things on a consumer level are numerous. On a commercial grade, they are unparalleled. We can use IoT-enabled devices to drive down overhead costs by taking preventive measures when our servers and production devices ask for regular maintenance. Data points can be gathered from clients at trade shows or in our stores that can further create comfortable and lucrative transactions. Security methods such as intrusion detection and loss prevention can once again be in the hands of the business owner with IoT connectivity.

What are some common IoT Risks?

The Internet of Things relies on the deployment of additional points of internet access, a haphazard deployment of IoT-enabled devices in a workplace can result in easily-missed holes in the digital security fence of your workplace. Password protection and shoddy firmware can lead a savvy hacker directly into a company’s most private data. Ransomware attacks could ironically arrive through an unsecured security camera[2]

Beyond security issues, privacy itself may be at risk when adopting IoT-enabled devices. Smart doorbells, for example, give local law enforcement nearly unrestricted access to the video data passing through the connection between the camera and the end user. Bringing on a device that promises to bring the conveniences of the Internet of Things needs to be a process taken on carefully and with a careful eye on end-user agreements.

Inviting the internet into your company creates an interesting set of vulnerabilities that may not have existed before. One thing to be said about simple machines is that they are entirely secure from a digital standpoint. Adding sensors to the devices running your production infrastructure or connecting devices that previously could not communicate with the internet eventually requires more infrastructure than before.

The Internet of Things relies on edge computing solutions[3]. These are solutions that bring computing power and storage away from the cloud and closer to the place of business. This distributed method of computing brings power and stability to IoT-enabled devices, allowing them to gather and process more data without losing speed or increasing latency. Edge computing solutions come in hardware form, like additional servers, or a software form, like bespoke applications or computing protocols. By virtue of existing near your private data, these secondary computing solutions open up a workplace to cyber-attacks and privacy concerns.

How Does AXEL Go Protect You? 

The shortcomings of the Internet of Things should not scare workplaces away from the conveniences and the massive data-related insights that can come from the clever integration of sensors and transceivers. Like anything else, informed decision-making and a safety-first mindset will prevent the Internet of Things from eroding the privacy and security of a workplace.

Adding additional points of failure to a network means that a business’s privacy and security will find themselves quickly under fire. AXEL Go is a file sharing and storage service that is dedicated to protecting privacy and security wherever possible. Our decentralized server structure and cutting-edge AES 256-bit encryption offer top-of-the-line security in the face of ransomware and brute force attacks. AXEL Go also guarantees your privacy when using our IPFS servers. Only authorized users have access to the contents of your storage. Not even AXEL is able to peer into your end-to-end encrypted storage. 

As technology moves forward in innovative directions, AXEL Go is ready to provide the security and privacy required to keep making the internet a safe and convenient place. 

Try AXEL Go Today

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

[1]Fruhlinger, Josh. 2022. “What Is Iot? The Internet Of Things Explained”. Network World. https://www.networkworld.com/article/3207535/what-is-iot-the-internet-of-things-explained.html.

[2]Iredale, Gwyneth. 2022. “Security & Privacy Issues In The Internet Of Things (Iot)”. 101 Blockchains. https://101blockchains.com/security-and-privacy-in-iot.

[3]Gold, Jon, and Keith Shaw. 2022. “What Is Edge Computing And Why Does It Matter?”. Network World. https://www.networkworld.com/article/3224893/what-is-edge-computing-and-how-it-s-changing-the-network.html.

Personal Vehicle Telematics and Privacy Oversights

Our cars are collecting data without our consent. As vehicles have become more sophisticated, tracking information via the onboard diagnostic system (OBD) and built-in GPS has become commonplace. This data is loosely regulated, and that can create a massive privacy hole for consumers. This information can be pulled by insurance companies, mechanics, and whoever else has the authority to demand information from your car. This is rapidly becoming a privacy blindspot upon which we should shine a bright light and direct legislation.

Telematics, Privacy, and Your Vehicle

Telematics is the process of sending and receiving data related to the location and destination of vehicles on the move. In the past, this was typically reserved for fleet vehicles so companies could better track and direct workers to maximize productivity and minimize fuel consumption. Today, as the technology has become more affordable and personally helpful, telematics has found its way into newer vehicles. 

On its face, this information and coordination is a boon to the automotive world. Insurance companies could identify safe drivers, cities could better direct traffic, and the days of being lost on the road could disappear into history overnight. However, like with any technology, a more pernicious reality lies just beneath the surface. If unrestricted access to telematic data is given to too many parties, the vehicles trusted to shuttle us to and from work can easily become intrusive bundles of data weaponized against the driver or any passengers they may have had. Any private activity at any time can be extrapolated from the mere presence of a vehicle. Without oversight, insurance companies, civil courts, and law enforcement will pounce on this opportunity. Hackers plucking this information from servers holding onto this data for later use can easily dangle it over the heads of their targets with frightening precision and expedience.

Buckle Up Your Data

Anybody with a car will immediately understand how much information their vehicle can reveal about them. Everything from their home address to their grocery shopping habits can easily be laid bare once someone has access to location data. This information is sensitive and woefully under-legislated. 

Telematics law is a burgeoning legal framework since the innovations leading to the technology in vehicles have only recently been regularly included in automobiles heading to market. Many states simply defer to the Federal Trade Commission (FTC) and its already existing rules and regulations related to buying and selling the data of internet users. Clearly, this is insufficient. Many similarities exist between internet data and the telematic information collated by a private vehicle. Still, the degree to which drivers rely on their personal vehicles is entirely unlike the relationship they may have with their smartphones. It should also be noted that the collection and distribution of this private data, in many cases, may not be as simple to opt out of as data collection on the internet. Insurance companies and their massive lobbying power are also incentivized to obscure these oversights and push for legislation that will give them broader access to a driver’s private data than they already have. 

Citizens, privacy-minded or not, should push for legislation that covers these holes in privacy law. Telematic data belongs to more than just the driver of a vehicle. Passengers, family members, and children are inextricably tied to this data once they step foot in a car. Their privacy should not be waived simply because they decided to travel inside a vehicle. 

Protecting Your Privacy

AXEL understands that privacy comes first. Without privacy in the modern era, people are subjected to undue scrutiny from bad actors. Hackers, corrupt authority figures, and competitors always look for data that will give them a leg up on their perceived enemies. Any privacy oversights left unaddressed by legislation will inevitably turn against civilians and their best interests. 

When insurance companies offer customers discounts on premiums in exchange for unfettered access to private location data, eyebrows should be raised. Massive insurance companies act to maximize their profit by any means necessary. The overreach into their customers’ personal lives is not simply a business practice that trades the right to privacy for an opportunity to deny their customers’ claims. This represents a broader trend towards the unacceptable commodification and reduction of privacy.

AXEL Go is committed to protecting the privacy of its users and the interests of the internet at large. Our end-to-end encryption, password-protected secure fetch, and decentralized server structure are engineered to provide personal privacy from every angle. AXEL Go will never request access to private data in exchange for discounts, and our servers are designed to keep prying eyes out of our client’s storage no matter what.

Create a Private Space Online

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any size business. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

“Research Shows Data Privacy Concerns For Telematics Policies”. 2022. Actuarialpost.Co.Uk. https://www.actuarialpost.co.uk/article/research-shows-data-privacy-concerns-for-telematics-policies-18317.htm.

Leefeldt, Ed. 2022. “The Witness Against You: Your Car”. Forbes Advisor. https://www.forbes.com/advisor/car-insurance/telematics-data-privacy/.

“The Surveillance State Has Invaded Our Cars. Why Don’T We Care?”. 2022. Fast Company. https://www.fastcompany.com/90389104/the-surveillance-state-has-invaded-our-cars-why-dont-we-care.

What Do We Do About Social Engineering?

What Do We Do About Social Engineering?

We hear about ransomware schemes all the time, from the Colonial Pipeline attack to personal PC breaches[1]. These attacks involve an unauthorized party slipping into a secure system and locking users out of their data. Imagine that you stroll into the office one day and can’t get to work until your company pulls together thousands of dollars. The popular image of a hacker prying their way into a system involves rapidly striking a keyboard and slipping in through a digital backdoor. The truth, however, is often much more clever and sophisticated. 

Social Engineering Basics 

Social engineering takes the digital security fight offline. Hackers operate similarly to con artists. They take time to research their targets. Social media accounts are combed through for hints. They compile employment rosters, gather contact information, and learn everything they can about a company’s standard operating procedure[2].  

Social engineering has become an intricate process these days. Hackers have the opportunity to falsify credibility in ways we haven’t seen in the past. The ability to “spoof” a phone number is the ability to make it seem like they’re calling from a phone number that belongs to another person or organization. Spoofing is a powerful tool in the hacker’s kit. By spoofing the right number, they can convincingly pose as the representative of a client, a colleague in a distant department, or authority figures like the police or government officials[3]

Many social engineering tactics rely on following breadcrumbs until they can dig up login credentials, but a majority of them leverage fear and urgency in their information gathering excursions. These attempts to get information out of people can come in the form of false subpoenas, investigative claims, or bank phone calls. 

Businesses that deal in online spaces need to be particularly careful when it comes to social engineering. If your cybersecurity is robust and your digital hygiene is pristine, social engineering attacks may be the final opening in your armor.  

Protect Your Secrets 

Social media posts about work may, in most cases, be harmless, but with enough employees making enough posts about privileged information will lay bare the secrets of a workplace. Tweets complaining about the email services or storage solutions can turn into ammunition for a clever hacker. Photos of office spaces can be a peek into the hardware and internet infrastructure of an office, giving an innovative way in for the hackers. Workplace policies that prohibit social media posts about internal processes go a long way when it comes to preventing hacking attempts. 

If your business involves exchanging personal information with clients via the phone or email, social engineers will, with time, work out who those clients are. Once a social engineer works out who your common points of contact are, they will often opt to pose as tertiary collaborators. With a handful of details, a hacker can create a convincing profile of a person that never existed. Be wary at work when a “new employee” calls for information your clients already have.  

Disengage and Verify 

When phone calls come from a number you recognize, but the caller’s behavior seems incongruent, take a minute to gather information of your own. If the police call and they’re demanding login information to “investigate a case,” gather information of your own before handing anything over. Badge numbers, and officer names are pieces of information you’re entitled to. Ask to call back and contact the police on your own. Contacting the organization a spoofed number claims to be from on your own is one of the best ways to verify the legitimacy of a call or text message. Bank scams and IRS fraud will similarly fall apart under his degree of scrutiny. This also works to break apart social engineering attempts when the culprit poses as a representative of your clients. Any request for sensitive information should be verified ahead of compliance.  

Practice Password Security 

If a successful social engineering attack happens in your workplace, a diverse pool of passwords will protect the office from widespread damage. Successful data breaches thrive when a single password grants access to more than one security system. Diversity in passwords will save you a ton of time and headache in the event something goes work. We also recommend never storing a password [4] in a document on your computer. If a hacker gets access to your machine and finds that, then your security breach’s damage will quickly spill out onto other corners.  

Decentralize Your Workplace 

The end goal of any social engineering is to steal private information or otherwise disrupt a business’s ability to continue work without paying a ransom. Decentralized storage is, by far, one of the best ways to keep this from happening altogether. Data backups stored offsite in decentralized servers are going to be secure in the face of a data breach in the workplace.  

Let AXEL Help 

AXEL is a decentralized storage solution for all of your storage and file-sharing needs.  

You can try AXEL Go Premium with all features unlocked free for 14 days. Sign up today and see how AXEL Go can improve your workflow and supplement your organization’s cybersecurity. 

References

[1] Touro College. “The 10 Biggest Ransomware Attacks of 2021.” Touro College Illinois. Touro College, November 12, 2021. https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php 

[2] Kaspersky. “What Is Social Engineering?” usa.kaspersky.com, March 9, 2022. https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineering 

[3] 29, Ray March, JamminJ March 29, The Sunshine State March 29, Gary March 29, Hal March 29, Ferdinand March 29, Nope March 31, et al. “Hackers Gaining Power of Subpoena via Fake ‘Emergency Data Requests.’” Krebs on Security, March 29, 2022. https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/ 

[4] “Password Safety.” Technology Safety. Accessed April 27, 2022. https://www.techsafety.org/passwordincreasesecurity 

After the Cyberattack: What Happens to your Data Following a Breach?

In 2022, cybercrime seems like everyday news. And in a way, it literally is. Simply search “data breach,” and you’ll find a wealth of businesses across the country dealing with the fallout of cybercrime. Businesses large and small fall victim to these attacks every day, putting more and more people’s personal information in jeopardy. And for consumers, your information leaking isn’t something you have to worry about for a few weeks, then move on. Because of the unique way personal data is stolen and sold, victims of data breaches have to keep an eye on their social media and bank accounts for years. 

On the business side, you’ve likely heard the horror stories of businesses losing millions of Social Security Numbers, or even having confidential documents leaked. From retail stores like Target to digital forums like Facebook, businesses from every industry have fallen victim to cybercrime. Unfortunately, this digital devilry has only become more prevalent. 2021 was the worst year on record for businesses and consumers, with nearly 6 billion accounts breached by cybercriminals[1]. There’s a decent chance even some of your personal information has been leaked without your knowledge. But if nearly 6 billion accounts across the Internet have been compromised, well, where is that information?

Where Does Your Personal Data Go?

When a data breach is reported, the most reported statistic is the number of accounts affected. Data breaches can have anywhere from a few victims, all the way up to 3 billion. When news of a breach breaks, reporters like saying that consumer data has been “leaked” or “published.” However, a more accurate term to describe a breach is that consumer data has been “auctioned off.” This is because the perpetrators of cyberattacks rarely use the data that they just stole. Rather, they simply sell your information to a multitude of low-level digital scammers, who try to make their money through simple phishing scams and the like, rather than complex cyberattacks.

Of course, stolen data can’t be sold on traditional commerce websites. And any public website that tried to sell the data would be taken down quickly for distributing a stolen good. After all, you can’t really Google “stolen data near me” and find what cybercriminals looking for. So, once all that data is stolen, where does it go on sale? On a section of the Internet few know about, and even fewer have visited: the Dark Web. 

The Dark Web is a “layer” of the Internet that can only be accessed through special software. Estimated to be almost 500 times larger than the standard web, the Dark Web is a hub for cybercriminals and their illegal activities[2]. After a data breach, the hackers will typically post about their haul on a Dark Web forum and offer the data to other users for a specific price. Depending on the price and quality of the stolen data, there could be anywhere from a few to hundreds of buyers. Even just hours after a data breach, your personal information could be in the hands of dozens of scammers all across the globe.

How Valuable is My Personal Data?

Not all data breaches are created equal, and not all information is equal either. Think about it: If you were a cybercriminal, would you want three million Twitter usernames and passwords, or one million credit card numbers? Considering Twitter logins are worth just USD $35, and credit card numbers are worth up to $240, most would choose the credit card numbers[3]. Some pieces of information are simply more valuable than others, and cybercriminals know this. That’s why, when a data breach occurs, measuring the impact solely on the number of affected accounts is inaccurate. A leaked Facebook password could cause headaches, but besides a few spam posts, it probably won’t affect your life too much. A leaked passport number, however, could lead to something as serious as identity theft.

This showcases how stolen data itself isn’t particularly valuable, and is only valuable if you know what to do with it. After all, if you hand a random passerby your Social Security Number, it’s unlikely they’ll know how to steal your identity. Unfortunately, these Dark Web cybercriminals have all the knowledge they need to cause chaos in victims’ lives. Even information as simple as phone numbers and corresponding names can be a cash cow for scammers. The disparity in value between pieces of information highlights just how wide-ranging the damage from a data breach can be. So next time there’s a major data breach in the news, don’t just look at the number of accounts affected to judge the severity. Look at what was stolen to truly determine how damaging a cyberattack is.

What About Stolen Documents?

Of course, personal information isn’t the only data that is put at risk during a cyberattack. If cybercriminals target a business, law firm, or government agency, confidential documents could be leaked as well, especially in ransomware attacks. The problem, however, is that this confidential information simply isn’t valuable to cybercriminals. Therefore, when these documents are stolen, cybercriminals often demand a ransom and threaten to publish the confidential information unless it’s paid. For businesses that suffer this type of attack, they typically only have two choices: Pay the ransom, or face a public relations (or even legal) nightmare. 

However, not all cyberattacks are typical. Some cybercriminals couldn’t care less about the money, and only seek to embarrass specific businesses. In one case, a Swiss hacker published confidential data from dozens of companies and government agencies as a protest against mass surveillance[4]. For these companies and agencies, once the hacker gets the data, it’s gone, regardless of the ability to pay a ransom. This highlights how no two cyberattacks are exactly the same. Although most hackers are in it for the money, some simply seek to make a statement, regardless of the financial consequences. That’s why, when it comes to cybersecurity, it’s important to be prepared for anything and everything.

Protect Yourself from Cybercrime

Ultimately, the best way to protect yourself from cybercrime is to prepare. Thankfully, there are simple, inexpensive ways to greatly minimize the risk of a cyberattack on you or your employer. First, encryption is everything when it comes to cybersecurity. Encryption is like splitting your files into thousands of different puzzle pieces, so even if hackers got into your network, your documents are completely illegible to the attackers. Next, updating your security software is the easiest way to mitigate risk. Cybercriminals are always on the lookout for security holes, and those holes are much more prevalent in older versions of software. Keeping your software up-to-date could be the difference between safety, and one of the worst cyberattacks in history. Just ask Equifax.

Finally, one of the best ways to consistently prevent cyberattacks is to encourage a culture of security. This means educating all employees on the risks of cybercrime and how to minimize those risks. From teaching employees how to spot phishing emails to creating an incident response plan, simply prioritizing cybersecurity before a breach is one of the best ways to prevent cybercrime. Prioritizing cybersecurity doesn’t have to be expensive or time-consuming, but it’s the key to protecting your most valuable documents and data.

About AXEL

If you and your business are ready to prioritize cybersecurity, AXEL Go is the solution for you. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. At AXEL, we believe that privacy is a human right and that your information deserves the best protection. To try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Mello, John P. “Data Breaches Affected Nearly 6 Billion Accounts in 2021.” TechNewsWorld, January 18, 2022. https://www.technewsworld.com/story/data-breaches-affected-nearly-6-billion-accounts-in-2021-87392.html

[2] “After the Data Breach – What Happens to Your Data?” BlackFog, May 6, 2021. https://www.blackfog.com/after-the-data-breach-what-happens-to-your-data/

[3] Sen, Ravi. “Here’s How Much Your Personal Information Is Worth to Cybercriminals – and What They Do with It.” PBS. Public Broadcasting Service, May 14, 2021. https://www.pbs.org/newshour/science/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it

[4] “U.S. Charges Swiss ‘Hacktivist’ for Data Theft and Leaks.” NBCNews.com. NBCUniversal News Group, March 19, 2021. https://www.nbcnews.com/tech/security/us-charges-swiss-hacktivist-data-theft-leaks-rcna448

Has School Surveillance Gone Too Far?

When it comes to education, pen and paper simply aren’t enough these days. Even just twenty years ago, the most technology students would see in a classroom was the occasional TV cart for educational films. However, in today’s schools, classroom technology is far more than the occasional classroom movie. These days, it’s a necessity. 

Even before the COVID-19 pandemic forced classes online, education technology was revolutionizing the way students learn. From software programs like Schoology to the prevalence of SMART Boards, education technology is used in a variety of ways with one overarching goal: To help students learn and retain information better. To help achieve this goal, many schools have begun to distribute laptops and tablets to students. After all, many projects must be completed and turned in online, and issuing school laptops can ensure all students have equal access to their assignments. While this free distribution of education technology is a noble act, particularly for students who can’t afford premium technology on their own, the technology comes with a massive caveat.

In nearly all cases, school-issued technology is installed with monitoring software. While monitoring software is necessary in some capacities, like ensuring students aren’t playing games on their laptops during class, many software programs are concerningly complex. As education becomes more and more digitized, it’s fair to ask: How much should schools know about their students?

The State of Surveillance

Monitoring students during school isn’t anything new. After all, schools act as students’ guardians during the school day, so it makes sense to observe, monitor, and occasionally report students for illicit or unsafe activities. However, with the rise of technology in schools, students began to spend much of their time online. Naturally, a school’s desire to observe, monitor, and report extends to the digital world as well. Today, a wealth of software programs including Bark, Gnosis IQ, Gaggle, and Lightspeed are installed on student devices to monitor their online interactions[1]

And this monitoring isn’t limited to school either. Even outside of the classroom, these software programs utilize artificial intelligence and human moderators to monitor students’ private chats, documents, and emails[1]. If a student searches for something related to, say, self-harm, the software can send an alert to the school district, allowing teachers to message students within minutes. While this strategy can help prevent self-harm, family abuse, and other dangerous situations, it’s clear that student privacy is sacrificed in exchange for this goal.

With the sheer amount of surveillance that students face, few would argue that student privacy isn’t violated. The question, however, is if this sacrifice of privacy is worth it. Proponents of school surveillance argue that it helps schools keep tabs on students, so if a particular child is in danger, the school can take action. In fact, one of Gaggle’s main selling points is its claim that the software saves hundreds of lives per year[2]. While this statement may be exaggerated, the software certainly helps identify students in need quickly.

On the other hand, those against tracking argue that surveillance invades privacy and deters free speech. After all, if you know a live human is watching every email or message you send, you may be more careful about what you type. Ultimately, this tracking software expands the classroom walls to home life, making children feel like they’re being watched all day, every day. Although school surveillance works in some cases, it also has several unintended consequences.

The Harms of School Monitoring

First, the psychological harm to students from endless surveillance can not be understated. In fact, a study found that 53% of students don’t share their true thoughts online because of surveillance, and 77% say they’re more careful about what they search online[3]. After all, students aren’t dumb; they know when they’re being tracked, and would rather censor their own behaviors than potentially deal with their messages or searches being flagged. The study states:

Systematic monitoring of online activity can reveal sensitive information about students’ personal lives, such as their sexual orientation, or cause a chilling effect on their free expression, political organizing, or discussion of sensitive issues such as mental health[3].

Because of the surveillance, students are scared to have conversations about tough topics. This causes students to avoid talking about them at all to avoid potential punishment from schools.

In addition to the psychological effects, surveillance software disproportionately harms minority students as well. Artificial intelligence programs are more likely to flag language spoken by Black students[4]. This is because of the lack of minority voices during the training of the AI, and the lack of diversity in the AI field in general[5]. This issue is exasperated by the fact that Black and Hispanic students use school devices at a higher rate than white students. Additionally, surveillance AI targets LGBTQ students as well, by flagging innocent words like “gay” and “lesbian[5].” Ultimately, it’s clear that student monitoring software does not judge every student equally.

Finally, vulnerabilities found in these software programs increase the risk of data breaches and other privacy incidents. In 2020, ProctorU, a software that monitors students during tests, was breached by cybercriminals, resulting in the leak of over 440,000 students’ emails, passwords, addresses, and phone numbers[6]. More concerningly, in 2021, researchers found vulnerabilities in Netop, another student monitoring software. In this case, they found a bug that could allow hackers to install malware, or even gain access to students’ webcams[7]. At the end of the day, software like this is just another way for cybercriminals to make a quick buck while wreaking digital havoc.

Can Safety and Privacy Coexist?

Here’s the thing: Keeping tabs on students isn’t a bad thing. In fact, that’s practically the entire purpose of a school. But as education becomes more digitized, there ought to be a balance between keeping students safe and respecting their privacy. Of course, some tracking is reasonable. Kids shouldn’t be playing games during instruction, and tracking software allows schools to see who isn’t paying attention. But monitoring students at home? At that point, students feel watched all day, thus less likely to type their true feelings. And making students feel like they have to constantly hide their true beliefs and feelings isn’t a recipe for success. Safety and privacy can coexist, but right now, there are too many severe consequences associated with student monitoring software to make the sacrifice of privacy worth it.

About AXEL

No matter if you work in education, law, or business, cybercrime poses a threat to your industry. Thankfully, AXEL makes it easy to protect yourself from the threat of ransomware and data breaches. At AXEL, we believe that privacy is a human right and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Crispin, Jessa. “American Schools Gave Kids Laptops during the Pandemic. Then They Spied on Them | Jessa Crispin.” The Guardian. Guardian News and Media, October 11, 2021. https://www.theguardian.com/commentisfree/2021/oct/11/us-students-digital-surveillance-schools

[2] Haskins, Caroline. “Revealed: How One Company Surveils Everything Kids Do and Say in School.” BuzzFeed News. BuzzFeed News, November 3, 2019. https://www.buzzfeednews.com/article/carolinehaskins1/gaggle-school-surveillance-technology-education

[3] Hankerson, DeVan, Cody Venzke, Elizabeth Laird, Hugh Grant-Chapman, and Dhanaraj Thakur. “Online and Observed.” CDT.org. Center for Democracy and Technology, September 2021. https://cdt.org/wp-content/uploads/2021/09/Online-and-Observed-Student-Privacy-Implications-of-School-Issued-Devices-and-Student-Activity-Monitoring-Software.pdf

[4] Chung, Anna. “How Automated Tools Discriminate against Black Language.” MIT Center for Civic Media, January 24, 2019. https://civic.mit.edu/2019/01/24/how-automated-tools-discriminate-against-black-language/

[5] Kshetri, Nir. “School Surveillance of Students via Laptops May Do More Harm than Good.” The 74 Million, January 19, 2022. https://www.the74million.org/article/school-surveillance-of-students-via-laptops-may-do-more-harm-than-good/

[6] Abrams, Lawrence. “ProctorU Confirms Data Breach after Database Leaked Online.” BleepingComputer. BleepingComputer, August 9, 2020. https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/

[7] McCracken, Harry. “Popular Student Monitoring Software Could Have Exposed Thousands to Hacks.” Fast Company. Fast Company, October 15, 2021. https://www.fastcompany.com/90686770/netop-student-monitoring-software-hack

What Does Cyberwarfare Look Like? Just Ask Ukraine.

Since March of last year, Russia has been deploying troops close to the Russia-Ukraine border [1]. While troop movement within a nation is typically normal, Russia’s relationship with Ukraine is anything but. Since 2014, Russia has aggressively shown its desire to annex Ukrainian territory, starting with its occupation of Crimea, a territory that was formerly part of Ukraine, but mostly comprised of people of Russian ethnicity. However, it soon became clear that Crimea was just the beginning for Moscow’s leaders. Following Russia’s occupation of Crimea in 2014, the country began to use unique, digital strategies to destabilize Ukraine.

Beginning in 2015, Russia has engaged in flagrant cyberwarfare with Ukraine. And these attacks weren’t just data breaches and ransomware attacks; they’ve affected nearly every resident of Ukraine. Ultimately, the Russia-Ukraine conflict could be a sneak peek of how war is waged in the future.

Hackers Target Ukraine

Following Russia’s annexation of Crimea, Ukraine saw relative calm for almost two years. However, in December 2015, Russia launched an effective, atypical attack. On December 23, a Russian cyber-military unit, “Sandworm,” attacked Ukraine’s power grid, and knocked out electricity to over 200,000 Ukrainians.[2] Thankfully, power was restored to most places within six hours. Although a few hours without electricity isn’t exactly a devastating attack, it was undoubtedly worrying. After all, this was the first-ever confirmed hack that took down a power grid.[2] Additionally, power grid control centers were still not fully operational over two months after the attack, highlighting the sheer strength and organization of the attack.

Unfortunately, this was not the only cyberattack that Russia has executed on Ukrainians. One year later, in December 2016, Russia again attacked Ukraine’s power grid.[3] They quickly followed up by targeting Ukrainian banks and state-owned industries in June 2017.[4] Following this major attack, Russia seemed to calm down, and tensions actually diffused for a few years. However, this changed in early 2022. As Russia began to mobilize its troops toward the Ukraine border, Moscow launched another cyberattack. This time, Russians were able to take down over 70 Ukrainian government websites, along with a message that warned Ukrainians to “Prepare for the worst.”[5]

Although Russia launched multiple effective cyberattacks, many cybersecurity experts believe Russian President Vladimir Putin could have ordered the attacks to be so much worse. After all, Ukraine’s 2016 power grid outage only lasted for about an hour. This made some believe that Russia was using Ukraine as a “testbed” for refining cyberattacks that could be used globally[3]. No matter Russia’s ultimate purpose, these cyberattacks show a glimpse of Russia’s unique military strategy.

Disinformation Campaigns

In addition to cyberattacks, Russia has also used the Internet to sew instability within Ukraine as well. When Russia invaded Crimea in 2014, the country used state media and social media to sway ethnic Russians in Ukraine to support the annexation.[6] These accounts falsely alleged that Western forces manipulated Ukrainian protests, and also fabricated stories of Ukrainian soldier misconduct. Using this disinformation, Russia was able to gain enough support to annex Crimea with (relatively) little pushback.

If these disinformation efforts sound familiar, well, they are. Russia used similar techniques to meddle in the United States’ 2016 presidential election.[6] It’s a sinister, yet successful strategy for promoting Russian interests. With the emergence of the Internet and the popularity of social media, information warfare is relatively simple. Being able to kindle instability from thousands of miles away is a new, anxiety-inducing strategy that is being utilized in Ukraine, the United States, and other nations. Although it may not lead to traditional warfare casualties, Russia’s cyberwarfare actions have been extremely successful in promoting Putin’s interests.

What Would a Cyberwar Look Like?

When people think of cyberattacks, most think of data breaches and ransomware attacks. Damaging, yes, but they typically don’t harm anyone outside of the affected business and its customers. Cyberwarfare is very different. While Russia’s power grid attacks on Ukraine were effective, they were not nearly as devastating as they could have been. If Russia chooses to execute full-strength cyberattacks, the consequences could be deadly. In this scenario, Russia could shut off most of the country’s electricity, disable heat in the middle of winter, and shut down Ukraine’s military communications.[7] A cyberattack like this could make it astonishingly easy for Russia to successfully invade Ukraine. While an attack of this magnitude has not been undertaken by Russia or any other nation, the possibility of one is undoubtedly concerning. Full-fledged cyberwarfare is something the world has never seen, but the possibility of it increases every day.

Of course, it’s naive to assume that Russia is the only country preparing for cyberwarfare. The United States certainly has the capability to defend itself against cyberwarfare, and the ability to execute offensive cyberattacks. In fact, the United States was one of the first nations to engage in an act of cyberwarfare. In 2010, the U.S. and Israel jointly infected Iran’s nuclear infrastructure with the Stuxnet computer worm.[8] This attack crippled Iran’s nuclear program, highlighting just how successful cyberattacks can be.

When it comes to cyberwarfare, we really don’t know what the rules are yet. If Russia attacks another nation’s electricity or heat, indirectly leading to civilian deaths, is that a war crime? Or is remotely targeting infrastructure fair game? There are dozens of questions that haven’t been answered. Unfortunately, we may learn these answers during a future cyberwar. Whether this new kind of war is waged between Russia and Ukraine, the U.S. and China, or some other combination of unfriendly nations, we know the consequences of cyberwarfare will be severe.

About AXEL

Cybercrime is an ever-present threat. Thankfully, AXEL makes it easy to protect yourself from ransomware and data breaches. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Roth, Andrew. “EU and UK Pledge Backing to Ukraine after Russian Military Buildup.” The Guardian. Guardian News and Media, April 6, 2021. https://www.theguardian.com/world/2021/apr/05/eu-sounds-alarm-at-russian-troops-ukraine-border-moves

[2] Zetter, Kim. “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid.” Wired. Conde Nast, March 3, 2016. https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[3] Zetter, Kim. “The Ukrainian Power Grid Was Hacked Again.” VICE, January 10, 2017. https://www.vice.com/en/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report

[4] Polityuk, Pavel, and Alessandra Prentice. “Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack.” Reuters. Thomson Reuters, June 27, 2017. https://www.reuters.com/article/us-ukraine-cyber-attacks-idUSKBN19I1IJ

[5] “Ukraine Cyber-Attack: Russia to Blame for Hack, Says Kyiv.” BBC News. BBC, January 14, 2022. https://www.bbc.com/news/world-europe-59992531

[6] Merchant, Nomaan. “US Tries to Name and Shame Russian Disinformation on Ukraine.” ABC News. ABC News Network, January 28, 2022. https://abcnews.go.com/Politics/wireStory/us-shame-russian-disinformation-ukraine-82526617

[7] Miller, Maggie. “Russian Invasion of Ukraine Could Redefine Cyber Warfare.” POLITICO, January 28, 2022. https://www.politico.com/news/2022/01/28/russia-cyber-army-ukraine-00003051

[8] Melman, Yossi. “’Computer Virus in Iran Actually Targeted Larger Nuclear Facility’.” Haaretz.com. Haaretz, September 28, 2010. https://www.haaretz.com/1.5118389.