On Friday, The Guardian reported that the NSA is not only using malware, but they are tapping into U.S. telecom providers' networks (with permission) and redirecting some users to malware via "man in the middle" attacks, similar to the way China censors its Internet. These attacks are directed at users of Tor, the anonymous Internet browser. Less complicated attacks are likely being used on less security conscious individuals as well.
When a hacker redirects your Internet traffic onto a spoof website, gets you to download something malicious, and then spies on you, we call that "illegal." When the NSA does it, we call it "national security."
Either way, you probably don't want someone watching your every online move. Here are a few tools to minimize the risk (though seriously, there is no such thing as truly secure Internet).
1. Update Your Browser, Flash, Java, et al.
This one seems obvious, but for some people, they prefer the old Internet Explorer, or hate that annoying Java Update pop-up, or ignore the Adobe Flash update notifications. You're busy -- you don't have time for some slow update that might require restarting your browser and/or computer.
Well, if you want to remain secure, you need security updates. Try hitting the update buttons when you leave for lunch (followed by a tap of the Windows+L keys to lock your screen).
2. Install an Ad Blocker
Security or not, you should have one of these. Imagine an Internet without those annoying full-page, music-blaring ads. Everything loads faster, looks cleaner, and as a bonus, it reduces the chances of downloading an advertisement with malicious code.
A personal favorite is Ad Blocker Plus, which is a free plug-in for Internet Explorer, Google Chrome, Opera, and Mozilla Firefox. The plug-in also has nifty features like blocking malware websites and disabling Internet-wide tracking.
One note from experience: certain websites, especially streaming television sites (got to catch Grey's Anatomy on Thursdays, right?) won't work if an ad blocker is running. In ABP, it's as simple as clicking the stop sign icon and unchecking "Enabled for this site."
3. HTTPS Everywhere
Most websites connect via HTTP or HTTPS. The latter is encrypted, and is used for banks, email logins, and other sites that require secure connections. Most websites will allow HTTPS connections, but default to HTTP.
The Electronic Frontier Foundation and the TOR Project collaborated on a plugin for Firefox (stable) and Chrome (beta) that sets connections to HTTPS whenever possible.
4. Click to Play Plugins
With this settings tweak, you can prevent any Java or Flash content from playing until you click to activate it. Websites will load faster, and more importantly, malicious Java and Flash content won't automatically load.
Firefox now has "Click to Play" enabled by default for all plugins except the latest version of Flash (and there is an extension that will block that as well). As for Chrome, you can enable the "Click to Play" setting using this tutorial by Cnet.
The beauty of a secure browsing experience is not just in peace of mind, but that it is quick. No ads or superfluous plugins means everything loads much faster. Have any other browser tweaks you've done for security or speed? Tweet us a tip @FindLawLP.
- How The NSA Deploys Malware: An In-Depth Look at the New Revelations (EFF)
- Democrats Split Over NSA Reforms; Proposed Changes (FindLaw's Technologist Blog)
- Sloppiness, Social Media Led to Silk Road Founder's Capture (FindLaw's Technologist Blog)