Note: This article was slated to be published on escapeartist.com in February.
Expats tend to be strategic thinkers, proactive planners and, above all else, action takers. However, I have discovered that, in my travels abroad, expats often overlook the importance of simple cyber security measures in their ventures. Why is cyber security so vital for the expat in particular? In the following, we will briefly survey the answers to this question and subsequently, in a following series on cyber security specific to the expat, provide a guide to cyber security solutions of vital importance to the expatriate. (Many of the solutions are free and open source and can be implemented readily by anyone who can turn on their computer and operate a mouse.)
Underdeveloped cyber infrastructure
“We’re not in Kansas anymore Toto.” Most expats hail from the major nations of the West, e.g., the U.S., UK, Australia, etc. Granted, the expat has many reasons for fleeing these proverbial coups but what these particular countries do have is a highly developed cyber infrastructure and have placed a good deal of engineering efforts into the area cyber security (true of most developed, Western nations).
On the flip side, many of the emerging nations to which expats relocate provide just the opposite in terms of network infrastructure. While the comms are there, security, if present at all, has been found to be woefully lacking. This has been the norm since the beginning implementation of networks. Convenience precedes security and thus cyber security is often but an afterthought—security is viewed as a final, ad hoc formality.
For example, I regularly travel throughout both Central and South America (most recently foraying into Asia). As an information security specialist and Ethical Hacker, I am always curious about the local networks and security architecture. From the local hotel to public Wi-Fi to local business, I have, to date, evaluated networks in Chile, Costa Rica, Puerto Rico, Panama, Guatemala, Colombia, Nicaragua, and Japan. The common thread? When these networks are secured at all, it is usually with a weak and/or outdated encryption standard (e.g., WEP) or the access key is made publicly available which, in essence, provides the means for decryption on the part of a malicious party.
Without becoming overly technical at this point in the discussion, suffice it to say that, based on a flaw in implementation of WEP, any WEP password can be decrypted in about 30 seconds by anyone with enough skill to search for directions on Google. It is that easy. However, even the higher levels of encryption such as WPA and WPA2 can be readily decrypted if the key is discovered (which can also be quite simple given the right tools and know-how) or if you are simply sharing the network.
To illustrate this point further, have you ever used the Wi-Fi provided by a local restaurant or coffee shop (or other “Free Wi-Fi”)? If so, the chances are good that a malicious individual on the same network was monitoring your every online move from checking your e-mail to reading your bank statement all the while stealing your credentials and other valuable, confidential information. This is a common tactic of hackers as well as data and identity thieves. In a subsequent article in this series we will discuss how to mitigate and outright prevent such breaches.
Leaving one’s country for greener grass and brighter shores does not always mean forsaking the conveniences of home altogether. On the contrary for those who have departed from Western nations. Such expats continue to, in most cases, rely heavily upon country-of-origin financial institutions due to both the convenience thereof and, a modicum of confidence commensurate with those institutions. This, in and of itself, is not a problem.
The problem is that “All roads lead to Rome.” What this means is that, quite simply, anything connected to the Internet, whether a desktop PC, laptop, tablet, smart phone, web server, thermostat, etc., is just that--connected! And when a device is connected to the regular Internet (or the ever more pervasive Internet of Things) it is accessible and can be monitored by any other device that is likewise connected. Moral of the story, any time one connects to the Internet without taking the appropriate security measures, especially when accessing financial or other personal and confidential information, he or she is at risk of compromise.
For example, I am often called upon to provide security assessments and awareness training for my clients. It is a trivial matter for me to set up a wireless access point and broadcast an SSID (access point name) of “Free Wi-Fi” with my personal PC being used as a gateway for any traffic via any associations with the access point. As such, I am able to monitor every single bit that flows across the ether. I can capture e-mail usernames and passwords, banking information, monitor social network usage, redirect an individual’s traffic to sites of my choosing, and plant malware. All of this with ease.
Such attacks and attempts on your data are not isolated “It can’t happen to me” events. It is happening quite frequently and, chances are good that, even as you read this article, your computer is being probed by automated botnets designed to crawl the web and probe for vulnerable networks and network devices. In a forthcoming article in this series, we will discuss the means to mitigate such attempts on your confidential data.
Not much really needs to be said under this point. The term government essentially includes intrusive as part of its modern definition. However, later in the series one article will be dedicated to just how the U.S. and other governments are monitoring and logging much of your personal data (without valid reason or warrant), exactly what types of data they are collecting, and what you can do to mitigate such intrusive government monitoring and, effectively, “go off the digital grid” without giving up the Internet. This is an ever-evolving and important issue, particularly for the expat, as home governments are even more interested in keeping up with those who have expatriated. The old cliche "you have nothing to worry about if you aren't doing anything wrong" is not a valid retort to the law abiding citizen--privacy is a psychological necessity.
There are many players at work in the Internet underground (or “Darknet”) and, as this is an introductory article to a full series on cyber security for the expat, we will not herein delve into the details of these varied and sundry individuals and groups. Further along in the series the reader will be introduced to: the hackers, the “carders,” digital pirates, major cyber crime syndicates, and the cyber jihadists. Particularly, the expat will learn just what such individuals want from them and how to best protect him or herself from exploit.
In the above, the reader was introduced to the primary topics of discussion in a forthcoming series on cyber security for the expat, an everything-you-need-to-know and how-to from soup to nuts on protecting your personal information, preventing prying digital eyes, and staying safe online.