Cyber private investigator in Wichita: No one has secrets anymore

Emery Goad, a private investigator and one of the possible victims of the cyberhacking attack on Wichita’s City Hall this week, was shredding paper containing his private information on Thursday.

And he was wondering, with a laugh: “What’s the point?”

The story that broke out of Wichita last week was that Turkish cyberthieves hacked into a City Hall procurement website. Two Internet news sites claim bank files and Social Security numbers were taken in an invasion still being investigated by authorities.

Goad, though a supposed victim, says this kind of thing is just one of our worries. More important: It raises larger questions, again, that we really need to think about, he said.

Goad is a cybersavvy private investigator who has encountered many of the lies and scam artist and back-channel thievery stories ever concocted. Ravi Pendse has studied hacking worldwide as a Ph.D. researcher and expert on the Internet, database storage and cybersecurity.

Both say we are under surveillance of various kinds now and under threat from hackers. We are being photographed, video-recorded, our keystrokes recorded, Goad said. Which is why Goad was chuckling as he destroyed data. Why shred it when somebody has it anyway?

“I hate to sound so scary,” Pendse said. “But we all are surrounded by malicious actors now.”

They both have suggestions about how to watch our backs.

Pendse says in a cheerful voice that it isn’t that hard. “All it takes is Kansas common sense.”

Goad is not so sure. Or so cheerful.

‘No one is safe’

“It’s like an arms race,” Pendse said. “Malicious actors are constantly developing new ideas, and you need to hope that those who protect you are always one step ahead.”

“No one is safe. The Pentagon has been hacked. Banks in New York have been hacked.

“There is a thing called Shodan,” he said. “Shodan is the Google for hackers. It searches the back channels, looks for open unsecure ports, and publishes those addresses. If I am a new person to hacking, I look at Shodan.”

This is relevant because we all have shopping, personal or business relationships with places to whom we’ve shared our credit card numbers and sometimes Social Security numbers. Businesses, city halls, online shopping sites, insurance companies, banks: if they get hacked, we get hacked.

“There are now YouTube videos to teach you how to hack,” Pendse said. “If you Google how to hack, you might get 9 million hits, with YouTube videos teaching you step by step.”

Pendse, former vice president for information technology at Wichita State University, began a similar role at Brown University in Rhode Island a few weeks ago. Because of his work with big Internet companies like Cisco and NetApp, he’s considered an authority on data security.

“In the early days of hacking, the person hacking might be some 14-year-old trying to see what he could do,” Pendse said. “But now state actors (countries) do it. The Chinese do it. When the Russian army fought the country of Georgia, they first launched a cyberattack and took down all communications in Georgia.”

“Criminal gangs hire very intelligent people to steal money from banks. There is now a large black market, involving data miners buying and selling credit card information.

“It is a really interesting and scary world all over the map.”

Spying, surveillance are everywhere

Goad does not believe that a group of Turks hacked into City Hall, even though Cyber War News reported this week that an outfit called @AgentCorporatio claimed on Twitter to have done the deed to retaliate against U.S. support of Israel.

He thinks that tale was “a joke” planted by perpetrators who are more likely data miners, a relatively new species of entrepreneur. “They were probably harmless, and took data that they’ll then sell to other data miners, who then will sell some of it back someday to people like me.”

Data miners are usually legitimate, he said. Some, not so much. He works with some of them, and so do businesses, governments, insurance companies, credit card companies and many other entities. Data miners acquire, buy and sell information, including information on us and our buying habits.

“The old right to privacy – it’s pretty much gone.”

We are spied on everywhere, he said. There are now thousands of road cameras, building cameras, surveillance cameras and data entry points, he said.

There has been a story run repeatedly on the news in recent days that Goad finds fascinating: A motorist recently plowed through a group of motorcyclists, and got chased and beat up. This was video-recorded, Goad pointed out, by a helmet camera worn by one of the motorcyclists. We can now constantly video-record each other, Goad said.

There are companies compiling databases showing where millions of license plates have been “seen,” (recorded by road cameras and other cameras). That’s a way to track a car’s movements, he said. The American Civil Liberties Union recently reported on its website a story (picked up by Virginia newspapers), that the Virginia State Police since 2010 gathered license plates showing which political rallies private citizens had attended.

Inside homes, where children and spouses have smartphones and other devices, images and voices can be recorded and sent elsewhere, depending on how everyone is getting along, or not, Goad said.

“Make the assumption that you have no secrets,” Goad said. “Because you don’t have any secrets, not anymore. Assume at all times, at work, at home, at the casino, at any public place, on your smartphone, that you are being surveilled.

“Because you are.”

Related stories from Wichita Eagle