The war in Ukraine is seeping into the cyber world as well. A new report from Microsoft speaks of "some of the worst targeted attacks [upon civilians] that [it] has seen in some time," although they're keeping the details under wraps. How bad is it, you ask? Well, it's gotten to the point where security experts are bringing up war crimes as defined under the Geneva Convention. As such, taking steps to protect your data and identity online has never been more crucial.
To avoid getting caught in the digital crossfire, we've prepared eight fantastic ways to secure your online activity.
#1 Encrypt Your Data with a Virtual Private Network (VPN)
We've talked in-depth about how VPNs work in the past, but here's a refresher just in case you're not familiar with the topic.
First off, VPNs hide your IP address, which is an indicator of your real-life location (country, city, and even ZIP code are included). On top of that - and depending on which server you connect to - a VPN will assign your device a new IP. This has multiple benefits, such as:
- Hiding your actual location from online services (such as Netflix), allowing you to bypass pesky geo-blocks in the process.
- Protect you from any hackers or other unsavory individuals trying to find where you live, or perform a (D)DoS attack and take down your network.
Next up, VPNs encrypt all data passing through your network, essentially turning it into Matrix-style gibberish to anyone trying to peek into your private affairs. Massively useful in dealing with man-in-the-middle (MITM) attacks, so-called "Evil Twin" hotspots, and other hacking methods. More importantly, a VPN will help safeguard your transactions on unsecured public Wi-Fi.
Don't know which VPN to start out with? Then check out our list of the best VPN services. If you're just looking for a quick suggestion, you can always try ExpressVPN RISK-FREE for 30 days. Gain access to over 3,000+ lightning-fast servers in over 94 countries, virtually impenetrable security, and the ability to unblock Netflix and many other streaming sites at your leisure.
#2 Keep Track of Strong Passes with a Password Manager
To protect your data and identity online, you need to ensure that hackers have a hard time guessing (or brute-forcing) the passwords to all your sensitive accounts. According to the Verizon Data Breach Investigations Report (DBIR), over 80% of all breaches are caused by people re-using the same weak passwords.
Naturally, no one can remember long, alphanumeric passwords to the dozens of accounts they use on a daily basis. Nor is particularly pleasant having to carry around a notebook of passcodes. Thankfully, there's no need for any of that, as you can simply use a top-notch password manager to do all the work for you.
Not only can they create and store strong passwords offline (out of reach from any hackers), but they'll also auto-complete them in your browser or other apps. As easy and secure as can be.
One unintentional side benefit is that password managers can protect you from phishing attacks. In other words, creating fake (but legit-looking) websites to lure people into handing over their login details. Phishing is the preferred attack vector nowadays, with Google reporting that Russia and Belarus are engaged in a massive phishing campaign against Ukrainians, as well as European allies in other countries.
#3 Check Your Links - Stay Safe Against Phishing
Since phishing is such a widespread problem, we feel this required its own dedicated section. You can use tools like Google Transparency Report to test out whether a link is legitimate or about to send you to a malicious site.
Be on the lookout for suspicious links, even if they come from a trusted friend. After all, you never know if their account has been compromised, or if someone is impersonating them with a well-crafted fake account. Check twice before you click on that free Discord Nitro link.
#4 Secure Your Sensitive Data with Encrypted Email
Major emails providers have been marred in privacy scandals, from Google scanning emails for advertising purposes, to Yahoo's 3-billion user data breach. Rather than having your personal matters under scrutiny from major ad networks (or leaked online), we suggest adding encryption to this part of your online persona as well.
That being said, ProtonMail recently came under fire for exposing the IP address of a climate activist to the Swiss authorities. While the emails themselves were still safe, we still recommend using a VPN to protect your privacy and identity online. Yes, even while using an otherwise secure service.
#5 Use Encrypted IM to Keep Your Conversations Private
Pretty straightforward. If you don't want Facebook reading your WhatsApp messages or hackers sliding in your DMs without your knowledge, then you'll need an encrypted IM solution.
Signal is a great recommendation, having been praised by Edward Snowden for its use of end-to-end encryption. It's also open-source, so anyone online is free to scrutinize its code for flaws. Some people stand by Telegram, but with its closed-source nature and custom cryptography that's prone to vulnerabilities, we can't recommend it in good faith.
#6 Block Malvertising and Tracking with uBlock Origin
Who would have thought that blocking ads could protect your data and identity online? Just take a look at uBlock Origin, a free content blocking extension for Chromium-based browsers and Firefox. Why is it so useful? Well, take your pick:
- It filters annoying ads, some of which can actually contain malware (see the "Malsmoke" malvertising campaign for a concrete example)
- Blocks privacy-busting cookies and ad trackers online, including things like Facebook Pixel that can track you even if you don't have an account
- Stops known malware and phishing domains in their tracks
Thanks to community-driven filter lists (like EasyList), you won't have to deal with all these online dangers and nuisances. Of course, you're also free to add your own filters to further customize and clean up your browsing experience.
A script-blocker like uMatrix maybe even better, though it's more of a recommendation for advanced users. It features a wider array of options, such as blocking scripts, XHR elements, and other things ad-blockers don't usually target.
#7 Social Media Clean-up Tools
In one of our old articles - How to Use Social Engineering - we mention how any information you post on social media can be used against you. Something as seemingly innocent as where you went to school or the name of a restaurant may be used to doxx you. Attackers may post your private details online where they can be used in abusive ways (swatting, identity fraud, and more).
In the context of the current war, Meta reports that Russians are targeting Ukrainians with misinformation and hacking attempts on Facebook and Instagram. Mind you, Russian anti-war protestors are also being targeted, so innocent civilians on both sides find themselves in a losing struggle. To protect your data and identity online against social engineering attacks, we recommend doing some spring cleaning on all your profiles.
Of course, going back and deleting all those posts can be a cumbersome process. Thankfully, you can automate most of it nowadays, with free tools such as:
- TweetDelete - bulk delete old Tweets for privacy reasons (note: there's a limit of 3,200 tweets the tool can delete at a time - active users beware!).
- Jumbo for iOS and Android - rather than having to comb through endless privacy settings, Jumbo sets all your social profiles to "max privacy settings" in just a few taps.
- MyPermissions - removes unnecessary app permissions from Facebook, Google, Instagram, Twitter, Dropbox, and Yahoo in a single clean interface.
Facebook also made it easier to bulk delete your posts through the Manage Activity interface, so make sure to take advantage of that.
#8 Secure Your Device with Two-Factor Authentication (2FA)
Having an extra layer of defense can't hurt, and the same applies to two-factor authentication. It's preferable to use a 2FA app or hardware tokens instead of SMS-based authentication, as the latter is vulnerable to exploits.
Then again, it's still better than having no 2FA at all. After all, spending an entire afternoon or weekend resetting all your passwords isn't particularly fun. Nor is contacting PayPal, your bank, or the authorities and sitting through the painful recovery process.
More Tips to Protect Your Data and Identity Online
As part of their ongoing aggression, Russian hackers have unleashed a data-wiper malware attack that disabled rebooting on the affected machines, effectively rendering them inoperable. Regrettably, such attacks tend to use hidden exploits and phishing tactics that may bypass even the most effective anti-virus software. Regardless, we highly recommend using a capable anti-malware app on your devices, as you still need a way to defend against known threats.
Check out our guide on how to clear cookies and supercookies as well, to prevent a build-up of private info on your system in case it gets compromised somehow. Take care to update everything on your system, whether it's your OS or any installed apps. This will minimize the chances of hackers abusing exploits to take over your device. Backing up sensitive data to an external, offline drive every now and then is also a good idea for that same reason.
Otherwise, all we can suggest is to stay safe and vigilant against misinformation. Take everything you read about the war with a grain of salt, especially if it's shared by that one weird uncle on Facebook.