Last October 15, Kaspersky, the antivirus software company, published an edifying report about the volume of cyberattacks directly aiming connected objects.
Although the industry expected that this new generation of objects would be directly targeted by cyberattacks, the increase in the cyberattacks number is alarming and lets easily imagine the security flaws that the connected objects present.
According to the estimation presented by
Kaspersky, between the beginning of 2018 until mid-2019, the attacks would have
reached the record of 105 million, i.e. nine times more than the previous year
as a whole.
In order to conduct this research, Kaspersky used the trap technique by deploying more than 50 honeypots across the world. A Honeypot is a program that imitates the connected objects’ signature specifically created to attract cybercriminals. It was then possible to detect attacks from pirates that fell into the trap set for them. According to Kaspersky, during this experience, more than 20 000 sessions would have been infected every 15 minutes. 105 million attacks from 276 000 unique IP addresses have then been detected (compared to 12 million in 2018).
Furthermore, the report indicates that both in
2018 and 2019, China and Brazil are vying for the top position of the countries
that served as the origin of the attacks launched.
The main malwares that use the security flaws
of connected objects are well known (Mirai for example) and identified.
While we are aware that IoT is a privileged
playground for pirates, the first security measures are far from being
systematically applied. It’s essential for example to change the password
installed by default for each connected devices’ purchase.
For reminder, although technologies of cyber
malice are indeed more and more sophisticated, the first gateway for pirates remains
the users’ lack of vigilance.
We now know more about the cyberpirate, Nexus Zeta, whose real name is Kenneth Currin Schuchman, who distinguished himself with the creation of the Satori botnet.
Pleading guilty to the charges regarding Satori botnet creation, his confessions describe the implementation of this attack using IoT flaws.
For reminder, a botnet is a set of infected computers remotely controlled by a
cybercriminal. The machines that belong to a botnet are often called “bots” or
“zombies”. The aim: to spread a malware or a virus to the greatest number of
machines possible.
The hacker Nexus Zeta did not act alone but worked
together with two other cybercriminals: Vamp who served as the primary developer/coder
of Satori and Drake who managed the botnet sales.
The Satori botnet was created based on the public code of the Mirai IoT malware.
For reminder, in 2016, Mirai was the source of one of the biggest DDoS ever seen in 2016, targeting in particular the American provider DYN. The functioning is based on the permanent research on the Internet, of IP addresses corresponding to connected objects (IoT). Once the vulnerable connected objects identified, Mirai connects to them to install the malware.
If the Satori botnet mainly attacked the devices running with factory-set or easy to guess passwords, in its first month of deployment, it has infected over 100 000 devices.
Between 2017 and 2018, the three hackers
continue to develop Satori, which they will rename Okiru and Masuta. The botnet
went as far as to infect over 700 000 devices.
Officially accused by the American authorities,
Kenneth Currin Schuchman is free until his trial. However, he breaks the pre-trial
release conditions by accessing the Internet and developing a new botnet. It is
in October 2018 that he is this time arrested and jailed. Pleading guilty, he’s
facing up to ten years in prison and a fine of 250 000 dollars.
On October 29, 1969 UCLA sends the very first
e-message to Stanford Research Institute through Arpanet network (Advanced
Research Projects Agency Network) laying the foundation for today’s networked
world.
Arpanet, the Internet’s precursor
Arpanet is the first data transfer network
developed by the Advanced Research Projects Agency (ARPA) which belonged to the
U.S. Defense Department.
The first Arpanet node was set up at UCLA on
August 30, 1969, the second node, at the Stanford Research Institute, was set
up on October 1st 1969. The first message was sent between the two institutions
on October 29 1969 by the UCLA computer science professor Leonard Kleinrock who
wished to send the word “login” but the system crashed so only two letters,
“l” and “o”, were transmitted, the complete word will only
be transmitted 1 hour later.
Arpanet connected some universities and research
institutes: first, UCLA and Stanford Research Institute, followed by UC Santa
Barbara and the University of Utah. At the end of 1969, Arpanet counted 4
nodes, in 1971, 23 nodes were created and 111 nodes in 1977.
In 1983, Arpanet has been divided in two
networks: one military, the MILnet (Military Network) and the other academic, the
NSFnet.
On January 1st 1983, the name “Internet” already in use to define all
of Arpanet,
became official.
World Wide Web turns 30 years old
In 1989, Tim Berners-Lee, a researcher working
for the CERN, proposed a hypertext system working on the Internet. This system
was originally developed for scientists working in universities and institutes
around the world, so they could instantly share information. His vision of
universal connectivity became the World Wide Web, which sent Internet usage
skyrocketing.
In 1993, Mosaic, the first popular web browser
was created by Marc Andreessen and Eric J.Bina, two students of the National
Center for Supercomputing Applications (NCSA) of the University of Illinois. It
was not the first graphical web browser but Mosaic was particularly fast and
allowed the users to display images inside web pages instead of displaying
images in a separate window, which has given it some popularity and contributed
to increase the World Wide Web’s popularity.
Internet Protocol – From IPv4 to IPv6
The Internet Protocol (IP) is a set of
communication protocols of IT networks developed to be used on the Internet. IP
protocols allow a unique addressing service for all connected devices.
IPv4 the first major version was invented in
the 70’s and introduced to the public in 1981. It is still the dominant
protocol of the Internet today. Twenty years ago, the IETF (Internet
Engineering Task Force) started predicting the depletion of IPv4 addresses and
began working to create a new version of the Internet Protocol: IPv6.
IPv4 uses a 32-bit addressing scheme to support
4.3 billion devices, while IPv6 possesses a much larger address space. Indeed,
IPv6 uses a 128-bit address allowing 3.4 x 1038 possible addresses.
DNS – Domain Name System
At the request of the Advanced Research Projects Agency of the U.S. Defense Department, the DNS (Domain Name System) was invented in 1983 by Jon Postel and Paul Mockapetris, in order to associate complex IP addresses with humanly understandable and easy-to-remember names. Thus a logical address, the domain name, is associated to a physical address, the IP address. The domain name and IP address are unique.
In 1998, is created ICANN (Internet Corporation for Assigned Names and Numbers), the regulatory authority of the Internet. Its main purpose is to allocate the Internet protocol addresses spaces, to attribute the protocol identifier (IP), to manage the domain name system of top level for generic codes (gTLD), to assign the country codes (ccTLD), and to carry out the functions of the root servers’ system management.
With 351.8 million domain names registrations
in the first quarter of 2019, domain names registrations continue to climb, but
with the increase of the number of threats aiming the DNS at the same time.
The emergence of cyber threats
Considered as one of the first cyberattacks and
certainly the first to attract the media’s attention, the Morris Worm was
launched in 1988 by a student of the Cornell University, Robert Tappan Morris.
Originally, the malware developed by the student didn’t have for purpose to
cause damage but simply to estimate the extent of the Internet. However this
worm affected about 60 000 computers estimated connected to the Internet
and the cost of the damages was about 100 000 to 10 million dollars.
This event marks the turning point in the field of online security.
Today, cyberattacks are abundant, frequent and
more and more sophisticated. The evolution of techniques and the arrival of new
technologies make cyberattacks increasingly complex and offer new opportunities
to attackers.
There are various types of cyberattack like attacks aiming the DNS: DDoS, DNS cache poisoning, DNS spoofing, Man in the Middle… (In 2019, according to IDC – International Data Corporation, 82% of companies worldwide have faced a DNS attack over the past year) or attacks directly aiming users and having for purpose to obtain confidential information to steal an identity (phishing).
The consequences for victimized companies can be significant. For example, today the cost of a data breach is 3.92 million dollars on average according to IBM Security, this cost has risen 12% over the past five years.
An IP traffic estimated in 2022 more important than the one generated from 1984 to 2016
With more than 5 billion Google searches made
every day, e-commerce continuing to thrive, social media growing in popularity
and the increasing number of connected objects, the traffic volume on the
Internet has risen considerably.
Indeed, in 1974, daily traffic on the Internet surpassed 3 million packets per day. According to a Cisco’s research in 2017, the global IP traffic reached 122 exabytes per month, the company estimates that this volume should reach 396 exabytes by 2022.
“The size and complexity of the Internet continues to grow in ways that many could not have imagined. Since we first started the VNI Forecast in 2005, traffic has increased 56-fold, amassing a 36% CAGR (Compound Annual Growth Rate) with more people, devices and applications accessing IP networks” said Jonathan Davidson, senior vice president and general manager of Service Provider Business at Cisco.
Today, 50 years after the birth of the Internet’s ancestor, Arpanet, there are more Internet connected devices than people in the world. In 2022, the web users will represent 60% of the world’s population and more than 28 billion devices will connect to the Internet.
The industry actors plan to reduce the lifetime of SSL/TLS certificates, allowing the HTTPS display in browsers, to 13 months, i.e. almost half of the present lifetime of 27 months, in order to improve security.
Google through the CA/Browser Forum has indeed
proposed this modification, approved by Apple and a Certification Authority, making
it eligible to vote. During the next CA/B Forum meetings, if the vote is
accepted, the modification of the requirements will come into effect in March 2020. Any certificate issued
after the entry into force date will have to respect the requirements of the
shortened validity period.
The aim for this reduction is to complicate
things for cyber attackers by reducing the duration of the use of the potentially
stolen certificates. It could also force companies to use the most recent and
the most secured available encrypting algorithms.
If the vote fails, it’s not to be excluded that
browsers supporting this requirement, unilaterally implement it in their root
program, thus forcing the change to the Certification Authorities. It’s likely
that this could be the case, this change follows Google’s precedent initiative that
aimed to reduce the lifespan from three years to two years in 2018, period during
which Google already wished to reduce it to 13 months or even less.
Who is impacted?
The changes proposed by Google would have an impact on all the users of TLS certificates of public trust, regardless of the Certification Authority that issued the certificate. If the vote passes, all certificates issued or reissued after March 2020 will have a maximum validity of 13 months. The companies using certificates with a validity period superior to 13 months will be encouraged to reconsider their systems and evaluate the impact of the proposed modifications on their implementation and their use.
The TLS certificates issued before March 2020 with a validity period superior to 13 months will stay operational. The public non-TLS certificate, for the code signing, the TLS private code and clients’ certificates, etc. are not concerned. It will not be necessary to revoke an existing certificate following the implementation of the new standard. The reduction will have to be applied during the renewal.
What do the market players think about this?
It would be a global change for the industry with
impacts on all the Certification Authorities. They view this proposition in a negative light. We
can see an economic interest above all, but not solely…
The main argument is that the market is not
ready in terms of automation system of orders and certificates implementations.
Indeed, there would be more human interventions with the risks associated with poor
handling, or simply a higher risk of forgetting a certificate renewal.
For Certification Authorities, reducing the
certificates’ lifespan to such a short term mainly presents an increase of the
human costs related to the certificate portfolio management. If they are not
fundamentally against this decision, they would particularly like more time to
study what users and companies think.
The position of browsers makers
Be it Google or Mozilla, the spearheads of the
native HTTPS massive adoption for all websites and the supporters of the
Let’sEncrypt initiative, what is important is the encrypting of all web
traffic. A reduction of the certificates lifespan reduces the risk of
certificates theft on a long period and encourages the massive adoption of
automated management systems. For these two actors, an ideal world would have
certificate of maximum 3 months. If they are attentive to the market as to not
impose their views too quickly, it is more than likely that in the long term
the certificates’ lifespan will continue to decrease.
Nameshield’s opinion
The market continues its evolution towards shorter
and shorter certificates’ validity, as a continual decrease of the
authentication levels and consequently a need for management automated
solutions that will increase. We will align on these requirements and advise
our customers to prepare themselves for this reduction which will, without a
doubt, arrive. Our Certification Authorities partners will also follow this
evolution and will allow to provide all systems of required permanent inventory
and automation.
To be heard
The CA/Browser Forum accepts comments of external participants and all discussions are public. You can directly enter your comments to the Forum distribution list: https://cabforum.org/working-groups/ (at the bottom of the page). Nameshield is in contact with CA/Browser Forum participants and will inform you of the future decisions.
On last May 10th, in a press release, the Pacers Sports & Entertainment (PSE) organization, owner of the NBA’s basketball team the Indiana Pacers, revealed that they were the victim of a sophisticated phishing attack at the end of 2018.
For reminder, phishing is a technique used to obtain personal information in order to commit an identity theft. This is a «social engineering» technique, i.e. consisting in exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seemingly coming from a trustworthy company, typically a bank or a business website.
Pacers Sports & Entertainment victim of a phishing attack
At the end of 2018, the company PSE has then been the target of a phishing emails campaign resulting in the unauthorized access to emails containing personal information related to a limited number of individuals.
This cyberattack affected a limited number of
individuals but the amount of the stolen information is important: name,
address, date of birth, passport number, driver’s license, state identification
number, account number, credit/debit card number, digital signature, username
and password and for some individuals, the Social Security number.
The American company has quickly implemented
measures to secure the affected email accounts and investigate the incident
with the assistance of forensic experts. This investigation then revealed that
the hackers had access to the accounts of a limited number of persons between
October 15th and December 4th, 2018. The press release
doesn’t give any details regarding the identity of the targeted persons.
PSE individually notified each victim whose
information has been stolen and assures that “to date, PSE has no evidence of
actual or attempted misuse of any personal information”. The organization offered
to the victims of the cyberattack an access to credit monitoring and identity
protection services at no cost.
Some simple rules against phishing
Phishing attacks are increasing. Above all, they are becoming more and more sophisticated, and target all kinds of industries. Each and every one of us must be extra vigilant.
Lastly, for reminder, here are some simple rules to protect yourself against phishing attempts:
Do
not reply when someone asks for your personal data by email;
Do
not ever open an attachment from an unknown sender, or from one who is not
entirely trustworthy;
Check
the links by hovering the cursor over them (without clicking) to ensure that
they link to trustworthy websites;
Do
not trust the name of the mail’s sender. If there is any doubt, contact the
sender through another method.
More user-friendly, more comprehensive, more
attractive… our brand new and improved
Nameshield SSL interface is being launched on Thursday, June 13th allowing
you to manage all of your certificates.
You will now have access to key metrics on your
certificate portfolio, to different certificate lookup views (such as complete
portfolio, detailed overview, certificates nearing expiry, pending orders,
expired or revoked certificates), to an Organization and Contact management
tool and a redesigned ordering system.
Lastly, a decision support tool has been
included in the interface to help you choose the certificate that’s right for
your needs.
The certificate range has been updated to cover
all types of certificates, SSL, RGS, Code Signing, Individual certificates and
with all levels of authentication.
The SSL team remains at your disposal for a
demonstration and a complete user guide is available covering all possible
operations and actions.
On Friday May 17th, 2019, the
Council of Ministers of the European Union presented the creation of a
blacklist identifying the perpetrators of cybercrimes located outside the EU.
Thus this is a new legal context which has been
validated by the EU in order to try to reduce the continuously growing
cyberattacks’ number. Now, the EU will indeed be able to sanction individuals
or entities involved in the cyberattacks carried out from outside the EU.
Europe seeks through this measure to protect as
far as possible the most critical infrastructures, regarding electoral or
health systems for example, from cybercriminals, by abolishing the impunity
which the international hackers seemingly enjoyed.
If there is no name on this famous list today,
the situation could change soon.
Recently, the British Foreign Secretary, Jeremy Hunt declared that “for too long now, hostile actors have been threatening the EU’s security through disrupting critical infrastructure, attempting to undermine democracy and stealing commercial secrets and money running to billions of Euros. Hence, this decision was necessary.”
It’s now very clear that the cyberattacks carried out by nations, against nations or entities, tend to multiply. It’s important to note that these sanctions can be retroactive. To this day, the sanctions are not clearly defined: travel bans and assets freeze against those we know have been responsible for these actions? Several options are presently being studied.
Faced with the upsurge and the continually increasing strength of cyberattacks, a simulation exercise of a cyberattack in the finance industry will be organized by the members of the G7, the world’s major economic powers.
In the French presidency context, France will
be the one that will run this test in which 24 financial authorities of the 7
members of the G7 will participate during 3 days.
Today it is no secret that the banking sector is
one of the most targeted by cybercriminals [according to an IBM’s research, 19%
of the attacks would aim banking institutions].
Thus, for the first time, the G7 countries organize a cyberattack cross-border simulation in early June 2019. This test is organized by the Banque de France (the central bank of France) and proposes the following scenario: a malware will be injected in a technical component widely used in the financial sector.
As indicated by Bruno Le Maire, the Minister of
Economy and Finance of France “cyber threats are the proof that we need more
multilateralism and cooperation between our countries”.
According to this argument, this same exercise
will be conducted at the same time in the other countries, giving it a specific
dimension. If other exercises of this kind have indeed already been done
before, particularly by the Bank of England and the European Central Bank, none
of these tests was done simultaneously.
What are the results sought in this joint exercise?
Firmly establishing the risks of a cyberattack’s epidemic spread, in order to
be able to enhance the infrastructures security and to ensure the reactivity in
case of attack and prevent a wide contagion.
The actors and utility providers invade the
connected world, benefiting from the innovations that the rest of the world
opportunely provides them. It wouldn’t be a problem if we didn’t live in an age
where hacking a power plant became possible.
In 2015 and 2016, hackers shut down power to
thousands of users in the middle of the Ukrainian winter. Since then, the
American government openly admitted that foreign powers tried every day to take
control of the energy grid control rooms of the United States. And this is
important because we are currently connecting decades old infrastructures in an
environment which is swimming with threats that it was never designed to
protect against.
Engineers have not always played well with
computer scientists. These disciplines are different, they are different
mindsets with different aims, different cultures and of course, different technologies.
Engineers can plan for accidents and failures, while cybersecurity
professionals plan for attacks. There are completely different industry
standards for each discipline and very few standards for the growing field of
the Internet of Things (IoT), which is increasingly weaving its way into
utility environments. Those two worlds are now colliding.
Much of the IT used in utilities infrastructure
was previously isolated, operating without fear of the hackers, with systems
built for availability and convenience, not for security. Their creators didn’t
consider how a user might have to authenticate to a network to prove that they
are a trusted actor. That might have been acceptable in the past, but now we
have a landscape littered with outdated machines weighed down with insecure
codes that are unequipped for modern IT threats. The upgrading of these systems
and the security afterward, won’t solve all those security problems and
replacing them entirely would be too expensive, difficult to envisage and
almost utopian for many. And today, this is a real problem to connect them in
an environment exposed to threats and adversaries searching for the next easy
target.
Today, the world tends to connect more and
more, particularly through Internet of Things (IoT), we talk about connected
cars, baby monitors connected to a parent’s smartphone and doorbells informing
homeowners who is at their doors, fridges, washing machines become connected…
and utilities follow the trends, naturally wanting to be part of this world’s
evolution towards the increasing computerisation of physical objects.
Exciting as these new innovations might sound, evidence
mounts every day of the IoT’s insecurity. Whether it’s hardcoded passwords, an
inability to authenticate its outward and inward connections or an inability to
update, there is little argument about their security. These products are often
rushed to market without a thought for this important factor.
Enterprises and governments are seizing the IoT
as a way to transform the way they do business, and utilities are doing the
same. Large infrastructures will increasingly be made up of IoT endpoints and
sensors – able to relay information to its operators and radically improve the
overall function of utilities.
Unfortunately, in the rush to innovation, eager
adopters often ignore the glaring security problems that shiny new inventions
often bring with them. In an industrial or utilities environment the IoT means
something that is similar at a descriptive level, but radically different in
real-world impact. A connected doll is one thing, a connected power plant is
another entirely!
The risks on utilities are real. There are
plenty of examples. Stuxnet, the virus which destroyed the Iranian nuclear
program is just one. The aforementioned attacks on the Ukrainian power grid
could be another. Furthermore Western governments, including France, now admit
that foreign actors are attempting to hack their utilities on a daily basis.
But if this is such a big problem, you might
ask, then why hasn’t it happened more often? Why haven’t we heard about such
potentially devastating attacks even more? Well, the fact is that many won’t
know they’ve already been hacked. Many organizations go for weeks, months and
often years without realizing that an attacker has been lurking within their
systems. The Ponemon Institute has found that the average time between an organization
being breached and the discovery of that fact is 191 days, nearly half a year.
This is especially true if one of those aged legacy systems has no way of
telling what is anomalous. Others may just hide their breach, as many
organizations do. Such attacks are often embarrassing, especially with the
regulatory implications and public backlash that a cyberattack on a utility
brings with it.
Furthermore, most attacks are often not
catastrophic events. They are commonly attempts to gain data or access to a
critical system. For most, that’s a valuable enough goal to pursue. Edging into
the more destructive possibilities of such an attack would essentially be an
act of war and not many cybercriminals want to earn the attention – or the ire
– of a nation state.
The theory of the
black swan –
theorized by Nassim Nicholas Taleb: a
situation that is hard to predict and seems wildly unlikely, but has
apocalyptic implications – fits perfectly here. We don’t know when, how or
if such an event might happen but we had better start preparing for it. Even if
the likelihood of such an event is small, the cost of waiting and not preparing
for it will be much higher. The IoT market, particularly in the utilities
sector need to start preparing for that black swan.
Public Key
Infrastructures (PKI) using certificates will allow utilities to overcome many of these
threats, providing unparalleled trust for an often hard to manage network.
It’s been built on interoperable and standardized protocols, which have been
protecting web-connected systems for decades. It offers the same for the IoT.
PKIs are highly scalable, making them a great
fit for industrial environments and utilities. The manner in which many
utilities will be seizing hold of the IoT is through the millions of sensors
that will feed data back to operators and streamline day-to-day operations,
making utilities more efficient. The sheer number of those connections and the
richness of the data flowing through them make them hard to manage, hard to
monitor and hard to secure.
A PKI ecosystem can secure the connections
between devices, the systems and those that use them. The same goes for older
systems, which have been designed for availability and convenience, but not for
the possibility of attack. Users, devices and systems will also be able to
mutually authenticate between each other, ensuring that behind each side of a
transaction is a trusted party.
The data that is constantly travelling back and
forth over those networks is encrypted under PKI using the latest cryptography.
Attackers that want to steal that data will find that their ill-gotten gains
are useless when they realize they can’t decrypt it.
Further ensuring the integrity of that data is
code signing. When devices need to update over the air, code signing lets you
know that the author of the updates is who they say they are and that their
code hasn’t been insecurely tampered with since they wrote it. Secure boot will
also prevent unauthorized code from loading when a device starts up. PKI will
only allow secure, trusted code to run on a device, hamstringing hackers and
ensuring the data integrity that utilities require.
The possibilities of an attack on a utility can
sometimes seem beyond the pale. Just a few years ago a hack on a power grid
seemed almost impossible. Today, news of IoT vulnerabilities regularly fills
headlines around the world. The full destructive implications of this new
situation have yet to be fully realized, but just because all we see are white
swans, it doesn’t mean a black one isn’t on its way.
Users will soon start demanding these security
provisions from companies. The Federal Energy Regulatory Commission (FERC) has
recently fined a utility company that was found guilty of 127 different
security violations $10 million. The company wasn’t named, but pressure groups
have recently mounted a campaign, filing a petition with FERC to publicly name
and shame it. Moreover, with the advent of the General Data Protection
Regulation and the NIS directive last year, utilities now have to look a lot
closer at the way they protect their data. All over the world, governments are
looking at how to secure the IoT, especially when it comes to the physical
safety risks involved. Utilities security matters because utilities hold a
critical role in the functioning of society. It is just as important that they
be dragged into the 21st century, as they are protected from it. PKIs can offer
a way to do just that.
Mike Ahmadi, DigiCert VP of Industrial IoT
Security, works closely with automotive, industrial control and healthcare
industry standards bodies, leading device manufacturers and enterprises to
advance cybersecurity best practices and solutions to protecting against
evolving threats.
This article on the publication of Mike Ahmadi, is from an article of Intersec website.
As with each event where massive interest is
expected, the launch of the final season of Game of Thrones is a golden
opportunity for pirates.
According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.
For if the fans are many in France, without
subscription, the only solution to watch the so awaited episodes is illegal
downloading on torrent websites.
It is through this means that the
cybercriminals infect the unsuspecting web users’ computers. First warning, do
not install programs at the request of the torrent websites, they can contain a
malware!
Indeed, two kinds of
frauds are principally used:
Malwares: the malicious software are launched on
torrent websites used by the fans of the series to access to the watching of
the precious episodes.
Phishing: many phishing attempts have been counted, the
pirates use the official image of Game of Thrones to try to retrieves your
personal data.
This season, the cybercriminals are almost as
creative as the scriptwriters of the successful series: many and various fake
contests allow these hackers to collect email addresses and other bank details.
Counterfeiting is also in the game, with an
observed increase of websites proposing many so-called “official” products but
being nothing more than counterfeits.
Thus, Nameshield
recommends to the fans to be highly vigilant!
For reminder, here are the basic principles to
respect in order to serenely navigate and not be trapped by unscrupulous
hackers:
Do
not download any plugin of suspicious origin
Properly
analyze the URLs before any purchase
Check
the presence of the famous HTTPS
Check
that the final address corresponds to the searched website
As always on the web, an extra vigilance is
needed, because if spring wins our regions, don’t forget that on the web,
winter is coming…
Nameshield uses cookies
Nameshield wishes to use cookies to ensure the proper functioning of the site and, with our partners, to measure its audience🍪.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.