Who needs psychics to reveal future lottery numbers when you can hack into the state lottery association and tamper with it? That apparently was the reasoning of Eddie Raymond Tipton, 51.

Prosecutors believe Tipton inserted a thumb drive into a computer—the one that spits out random numbers for the lottery, says an article in the Des Moines Register, according to a report at arstechnica.com.

At the time of this purported crime, Tipton was head of security for the Multi-State Lottery Association. Surveillance caught him buying a ticket that was worth $14.3 million (not smart enough to wear a disguise, eh?).

Coincidence? Not according to the prosecutors, who say he programmed computers that generate the numbers. This shouldn’t even be possible.

Supposedly on November 20 of 2010, Tipton went into the “draw room” where he altered the time on the computers. The settings of the room’s camera were changed, so that Tipton’s activity inside the room would not be recorded.

Prosecutors say that of the five people who are capable of changing the camera’s settings, four said they did not change them. Of course, the fifth person is Tipton. What a sly duck: resetting the camera so that it recorded only one second out of every minute, to miss detecting him inserting the thumb drive.

But he pled not guilty, even though he was identified as the man in the surveillance purchasing the golden ticket. Even if there’d been no tampering, Tipton would be barred from receiving the prize because employees of the association are banned from claiming lottery prizes.

For about a year, this particular ticket went unclaimed. But through a New York attorney, a company in Belize tried to claim the ticket at the last minute.

Somehow, authorities smelled a rat and focused on Tipton. Prosecutors also say that he had a fascination with root kits, which is in line with quickly installing the thumb drive. A root kit can be installed fast, carry out its orders, then self-destruct without leaving a trace.

The scales of justice are not tipped in Tipton’s favor especially because a witness plans on testifying that shortly before December 2010, Tipton told him he had a rootkit—a self-destructing one.

The trial is set for July 13.

You will love the Tri-Band WiFi technology; it can connect all of your devices at the same time. The only router capable of this is the Netgear Nighthawk X6 AC3200 Tri-Band Wi-Fi Router (a.k.a. Netgear R8000).

This router provides three connections and has six wing-like antennas. Another feature is the ReadyShare USB. The user who’d really be interested in the Netgear R8000 is the one who has all sorts of electronics like a complete entertainment system, desktop PCs, a few laptops, game consoles, smartphones, etc.

But even if you have just five devices in your house, you may still wish to consider this high performance router to smooth out all of your connections and eliminate any hiccups. All of the gadgets can be connected, something that regular routers can’t do.

This high performing router has Broadcom’s Xstream platform, which can prioritize incoming traffic and prevents slow traffic from impeding fast traffic.

Some Key Specifications

• Selects the fastest Internet connection for every device
• Memory: 128 MB Flash and 256 MB RAM
• WiFi Protected Access (WPA/WPA2—PSK)
• WiFi Technology: 802.11ac Tri-Band Gigabit
• WiFi Performance: AC3200 (600 + 1300 + 1300 Mbps)
• The WiFi range works for very large households.
• WiFi Band: Simultaneous Tri-Band WiFi – Tx/Rx 3×3 (2.4GHz) + 3×3 (5GHz) + 3×3 (5GHz)
• Ethernet Ports: Five (5) 10/100/1000 (1 WAN and 4 LAN) Gigabit ethernet ports
• VPN support for secure remote access
• Denial-of-service (DoS) attack prevention
• Double firewall protection (SPI and NAT)
• System requirements: Microsoft Windows 7, 8, Vista, 2000, Mac OS, UNIX or Linux
  Microsoft Internet Explorer 5.0, Safari 1.4, Firefox 2.0 or Google Chrome 11.0 browsers or higher

Ready to set up the Netgear R8000?

• Follow the instructions in the manual.
• The instructions are not complicated.
• After setting it up, go to routerlogin.net. The default password is “password” and the default username is “admin.” The setup wizard will get it installed for Internet access.
• Once your connection is established, you can figure out what you’d like in your network.
• The advanced menu will allow you to configure more features. Play around with the advanced menu to see what you might like.
• Use the latest firmware.
• Go to netgear.com/home/discover/apps/genie.aspx to download the Netgear Genie, an application that will monitor and control your new router and network. The Genie offers additional features like parental controls.

The manufacturer’s suggested retail price is $299, and that comes with a limited one-year warranty. But look around; you may find a sale price.

The Tri-Band feature really sets the Netgear R8000 apart from other routers. The one challenge with this router is its horizontal, rather than vertical, expansion. But that’s really just a minor little issue when you consider all that this router can do, like take on multiple connections simultaneously—without any glitches. Other outstanding features:

• Will enable multiple use of electronics in the household without anyone experiencing compromised loading times or any other sluggishness; no congestion. So while one person watches YouTube, another downloads files and a third watches a show while also using a smartphone, nobody’s online experiences will be hampered.
• Is ideal for a household with a lot of devices.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Wired internet or wireless WiFi, the warnings are out there: Don’t visit any websites that you have important accounts with when using a public computer (hotel, airport, café, etc.).

Visiting even a more trivial account, such as an online community for cheese lovers, could sink you—in that a cyber thief might get your username and password—which are the same ones you have for your bank account, PayPal and Facebook.

Why is public Wi-Fi such a bad thing for shopping and banking and other such activities?

Snooperama

• As already touched on, a roving hacker could glean your username and password, or credit card number and its three-digit security code when you do online shopping, because the cyber communications of public Wi-Fi are not encrypted. They are not protected or scrambled up. The cybersnoop can thus see what everyone’s passwords, usernames and account information is.
• Hackers can also see what sites you’re visiting and what you’re typing on those sites.

If you plan on using public Wi-Fi, make sure your device has full protective software including a firewall (and you should always have these anyways).

When connecting to public Wi-Fi, always choose the “public” network rather than the “home” or “work” options when using Windows. This will prevent Windows from sharing files.

If you absolutely must conduct work or personal business while on public Wi-Fi, then use a VPN: virtual private network; it scrambles communication into gibberish by encrypting it.

Malicious Locations for the Wi-Fi

Don’t assume that a hacker is far away when he snoops for something to steal. For instance, the “hotspot” to connect online may have been set up by a thief like a spider in a web waiting for flies. Additional ways a hotspot could be malicious:

• HTTP connections can be hijacked by software called sslstrip. This software generates copycat links—a domain name that looks just like the authentic one, but appearances are deceiving because these imposter domain names use different characters.
• Hackers can use the Wi-Fi Pineapple to set up the attacks mentioned above. The Pineapple is on the lookout for when a laptop is trying to connect to a network it recalls, barges in and claims the summoning. Pineapple is now in a position to perform additional attacks.

Hack Prevention

• Avoid online activity using public Wi-Fi with important accounts. If their site has HTTPS with the padlock icon there is a degree of security here, however, the rule still stands: no public Wi-Fi for important accounts. The only exception to this hard rule is if you have the VPN.
• Using a VPN will encrypt all of your online activities, freeing you to use public Wi-Fi for anything. Hotspot Shield is a VPN provider that’s compatible with iOS, Android, PC and Mac. It runs quietly in the background.

Public Wi-Fi is the location where you can get online: airport, airplane, coffee house, hotel, motel and more. Many people don’t give this a second thought, unaware of how risky this really is.

Public Wi-Fi is very non-secure, a goldmine for hackers who want to steal your identity and commit fraud, destroy your website, you name it. They can do this many ways, including intercepting your activity with an imposter website where you input login details—that the hacker then obtains.

But public Wi-Fi will always be risky as long as its proprietors, such as the coffee house, find that enabling security features hampers ease of use for patrons.

So even if you don’t do banking and shopping online, the wrong person can still see, word-for-word, your e-mail correspondence.

Do’s at a Public Wi-Fi

• Make sure your devices are installed with antivirus, antimalware and a firewall, all updated.
• Prior to when you anticipate using public Wi-Fi, consider the nature and amount of sensitive data on your device, maybe remove it (and back it up).
• Make sure the hotspot is legitimate; speak to the proprietor. Cybercriminals could set up hotspots as “evil twins”.
• Sit against a wall so that nobody can spy what’s on your screen.
• If sitting against a wall is not possible, be aware of who’s around you. Cover your hand when typing in login information.
• Use a privacy screen; this makes it impossible for a “shoulder surfer” to see what’s on your screen while they peak over your shoulder or from the side.
• Use a VPN: virtual private network. It will encrypt all of your online transactions, making them impossible to decipher by cyber criminals, whether it’s login information, usernames, passwords or e-mail correspondence. Even your IP address will be concealed. Hotspot Shield is a VPN provider, and it’s compatible with Mac, PC, iOS and Android, quietly running in the background after it’s installed.

Don’t’s at a Public Wi-Fi

• Don’t let your device connect with the first network that “takes.” Instead, select it.
• Do not keep your wireless card on if you’re not using it.
• Do not keep your file sharing on.
• Can you not wait till you’re in a secure location to do banking and other business transactions? No matter how bored you are waiting at the airport or wherever, do not do banking and other sensitive activities.
• Don’t engage in any serious or sensitive e-mail communications.
• Never leave your devices unattended for a single second. Not only can someone walk off with them, but a thief can insert a keylogger that records keystrokes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. 

Did you know that, once again, Facebook has changed its privacy policies? At the top of the FB page is a lock icon. Click it for more privacy settings.

What do visitors see? To view how visitors see your Facebook page, go to “Timeline and Tagging,” then hit “Review what other people see on your timeline/View As.”

Posts by friends. Click “Timeline and Tagging” to prevent a visitor’s unwanted post from showing. Then click “Enabled,” as this will allow you to “review posts friends tag you in before they appear.” Designate who can post on your timeline, ideally just “Only Me.”

Unauthorized logins. To prevent someone from logging onto your FB account, go to “Security” and click “Login Approvals,” and proceed from there. This way if someone tries to login from a computer other than your own, they’ll need to see the security code that FB sends to your mobile phone.

Search engine access. If you don’t want everyone finding your Facebook page by simply entering your name into a search engine, click “Privacy,” then “No” to “Do you want other search engines to link to your timeline?”

Old posts. In the “Privacy” setting is an option for limiting old images. You may not want everyone to see all of your timeline. You can also set up things so that you can review new posts by others as they come in.

Liked businesses. Where it says “Ads and Friends” click “Ads,” then “Edit.” Next click “No One” where it says “Pair my social actions with ads.” This will prevent you from becoming associated with a particular business.

Apps. Go to “Apps” if you don’t want everyone seeing what apps you use on Facebook. Change the “App Visibility” to “Only Me.” In “Apps Settings” are more options.

Hackers love LinkedIn because it links them in—straight through the portal of the targeted company. Geez, how much easier could this be, what with all the publically-exposed e-mail addresses of key players (and also worker bees) in big companies that someone wants to hack.

An article on blog.sungardas.com was written by a white-hatter (his job is to try to hack his clients’ systems so that they know how to make them more impenetrable to the bad guys). The author says he’d make a beeline to LinkedIn if he became a black-hatter.

In addition to all of those revealed e-mail addresses, the hacker could also learn (without hacking, of course) what a business’s e-mail structure is. He can then compile a list of employees for his social engineering attacks. (Can you just see him watering at the mouth over this—like putting a sizzling steak in front of a dog.)

A phishing campaign could trick the targets into giving up crucial information—essentially handing the company key to the hacker. The crook, however, knows better than to pull this stunt on IT employees. But fertile territory includes employees in the marketing, accounting and customer service departments.

Maybe you’ve read that every professional these days absolutely should have a LinkedIn account. You can bet that every hacker agrees!

Companies need to come up with a way to prevent hackers from sneaking into their network via that bastion of essentiality known as LinkedIn.

The penetration-tester, in his article recommends that businesses do the following:

Social engineering training. Workers must be aggressively trained in how to sniff out a phishy-smelling e-mail. No corners should be cut with this training program, which should include ongoing staged attacks.

A statement clarifying communication about security information. To help prevent employees from giving out sensitive information to the wrong people, the company must figure out how communication will be conducted, then get it down on paper. For example, “E-mails from our company will never ask you to reveal your username and password.”

Definitive reporting process for suspicious activity. Employees need to have, on paper again, specific instructions in how to report suspicious activity, such as a questionable e-mail. These instructions should be simple and to the point.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Disgruntled employees act out in lots of ways. A guy I knew who hated his boss “played” on his work computer all day. The computer was strictly for constructing company graphics. But he installed all kinds of games and wasted lots of time. His boss never knew he blew off half the day.

Company computers are obviously company owned, making it legally possible for your boss to spy on you. Employers can also figure out whom you’re speaking to on your company owned or sanctioned phone and for how long—with phone monitoring software—They can also see contacts, emails, texts, media and more. All legally.

An article on forbes.com notes that some companies sell and advertise such software in a sensational way (“Find Out WHO Is Making Up Normal Personal Calls”)—software that can automatically send e-mail alerts about phone calls made by employees. These include details such as frequency and with whom.

The forbes.com article then mentions another such company, that sells spyware for cell phones and tablets that’s “100% invisible and undetectable.” They usually call it monitoring, not spying, and point out that businesses have a right to monitor to “control their business.” And, frankly, they do.

However, most of these programs are geared towards and used by parents and spouses (spouses concerned with cheating) and parents, what with kids developing all kinds of psychological disorders with the help of cyberbullying.

And again, company monitoring is legal if this activity is in the employer’s contract. The monitoring must have a business-related reason. There’s a difference between “spying” or tracking an employee’s use of the company phone during times that employee is supposed to be working, and spying on his conversations with his ex-wife over the custody fight of their kids while he’s on lunch break.

Businesses need to strike the right balance so that employees don’t feel that their trust has been violated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.