QC business crowd gets lessons, warnings on cyberattacks

“Everybody in this room is a target.”  That was the word from FBI Special Agent Daniel R. Spicer Jr., a member of the FBI Omaha Cyber Task Force, who gave one of the presentations on Wednesday, Aug. 9, at the Cybersecurity Event At The Stardust event venue at 218 Iowa St., Davenport. That event, which […]

“Everybody in this room is a target.”  That was the word from FBI Special Agent Daniel R. Spicer Jr., a member of the FBI Omaha Cyber Task Force, who gave one of the presentations on Wednesday, Aug. 9, at the Cybersecurity Event At The Stardust event venue at 218 Iowa St., Davenport. That event, which was presented by Twin State Technical Services and the Quad Cities Chamber of Commerce, gave the audience an overview of the cyber threats they face, steps that can be taken to prevent such attacks and state and federal laws in the works to battle cyber criminals.

Mr. Spicer told the crowd of about 50 people from the business community that in this computer era, “Every crime is going to have a cyber edge to it.”  And he outlined some of those cyber crimes that often center on criminals at a computer who steal the identity of a person or business and then steal money or property. Some of those crimes include:

• Phishing or smishing: The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to get people to reveal personal information, such as passwords and credit card numbers.
• Business email compromise (BEC): A cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company information. The criminal often poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam.
• Ransomware attack:  This is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Mr. Spicer told the crowd that some of the variants of these attacks have titles such as “Karakurt,” “Conti,” “Wasted” and “Maze.”

Mr. Spicer also said it is vital that victims of such crimes report the cyberattacks to the government. Reports can be made to www.IC3.gov, which is the FBI’s Internet Crime Complaint Center. Information from the center shows reported losses from cyber crimes from last year that included about $9.2 million in Nebraska, and more than $25.1 million in Iowa. However, to make matters more frustrating, Mr. Spicer said he knows those reported losses may only be the tip of the iceberg. That’s because many of these crimes go unreported. But in the midst of much bad news, there are success stories in finding and punishing the criminals behind many of the cyberattacks. The FBI agent gave several examples of criminals being caught. For instance, a cyberattacker in South Africa was arrested on June 1, 2022, and sentenced to 15 years in prison. Another in India was arrested this past July for a cyber scheme. However, Mr. Spicer said these cases are “cheery examples” of people being arrested and brought to justice. That’s because cooperation with foreign law enforcement officials can be spotty. He added that the FBI often gets good cooperation with officials in India and the United Kingdom, “hit and miss” help from police in Mexico and almost no help from officials in China and Russia. Presenters meeting also spent time giving the audience tips for protecting people and businesses from cyber crimes. Some of those types included:

• Be very careful of your moves on social media. In fact, Mr. Spicer said “social media is cancer.”
• Have a response plan and make sure that business employees know what to do in case of suspected attacks.
• Report suspected cyberattacks to your bank or financial institution. The sooner you report such events, the more likely you can recover stolen money.
• Have a reliable backup of company information and files.
• Pay attention to email and other other communications in the company. “We can’t be shy. We have to pay attention. … Don’t click on something if you don’t know what it is,” said Iowa State Sen. Chris Cournoyer of LeClaire.

Sen. Cournoyer also gave the audience an update of state and federal legislation. The LeClaire lawmaker, who has a degree in computer science from the University of Texas and describes herself as a technology nerd, said her family has been touched by cyber crime. Recently, her daughter was targeted when somebody placed a high-tech tracking device in her backpack. Stories of similar incidents were revealed during legislative discussions on new laws to battle cyber crimes. “You may have heard about bar owners in Des Moines who (used tracking technology) to track female patrons; just real scumbags,” she said. Sen. Cournoyer added that some of the legislation in the works or signed into law include:

• Consumer data privacy (SF 262): The bill provides consumers with more control over their personal data.
• Sexual exploitation: (SF 84): The bill makes it a class C felony relating to offenses of sexual exploitation of a minor and stalking committed while using technology devices.
• Ransomware (HR 143): The bill provides a definition of “ransomware” and makes it a crime in Iowa.
• Cybersecurity programs (HF 553): This bill provides an incentive to businesses to safeguard personal information.

 Many members of the audience said they found the Wednesday presentation helpful and informative. “This has been interesting. … It shows us we have to be adaptive to fight this,” said Matt Harmon of White Distribution & Supply, which has a facility in Muscatine.