- Confront it. Be proactive. Go after the attackers and fight back. Bullies and cowards – which comprise most of the script kiddie population – will turn tail and run if you let them know you’re going to fight back. Even the few organized criminal elements, unless they have some political agenda and can use you to forward it, will give up easily in the face of a determined counter attack.
- Neglect it. Let them play around and waste their time as long as they aren’t doing any real damage. Just make sure that they can’t get beyond your sandbox or firewall. Sooner or later, having not obtained anything of value, they’ll give up.
- Turn in your resignation and run screaming out the door because you failed to put adequate security measures in place. Don’t laugh: It has happened.
By far, the best approach is to confront the threat and engage in an active counter strike. This can be done by immediately implementing logging of all attack traffic and engaging law enforcement to help trace the attack back to its source. The bad guys want to remain anonymous: Do everything you can to make them visible.
Do you agree, or disagree? Comments, please.
Every day, I see student computers and laptops infected with malware. Every day, I see questionable posts made by people who think only their friends can see what they write. That’s what “Sarah” thought and this video is a reminder that the internet is a very dangerous–and public–place. Please impress upon family, friends and co-workers that prudence is the best approach.
Call it poetic justice. Call it criminal stupidity. Call it what you want. I call it hilarious. I got a good laugh out of this at a time when I certainly need some laughs. From Sophos’ Naked Security blog:
A US child abuse image collector turned himself in to local police earlier this month, after ransomware hit his PC and showed messages warning him that the FBI were on to his nasty activities.
Jay Matthew Riley, 21, of Woodbridge, Virginia, was apparently hit by the ransomware attack while surfing the web to add to his collection of unsavoury images.
As is usual with such malware, he was shown a warning demanding cash in return for keeping quiet about his suspicious activities.
He fell for the scam. Good for him. Maybe he’ll turn his life around.
The problem is that regular, law-abiding netizens get this ransomware, too, and those that fall for it and pay the bogus “fine” end up a few hundred dollars lighter in the wallet. Oh, and their banking information is probably comprised, too, so the losses can end up being much greater.
Law enforcement, especially the FBI and other three-letter agencies, do not enforce the law by such means, so NEVER comply with any directive to pay “fines” or “penalties” when such things pop up on your screen. Best to call your favorite Geek and have him/her clean the malware off your machine.
On the other hand, if you are a pedophile or sexual predator, feel free to head down to the local police station, where they should be able to help you out with three hots and a cot for a long time.
By now, we all know that each of us is being monitored: All of our electronic communications, email, Internet traffic, cell phone transmissions, faxes, even landline (which is really all delivered via microwave towers these days) is being intercepted and recorded in massive data centers run by the NSA. There are probably other secret three-letter (or four-letter, depending on your viewpoint) agencies that we don’t even know about yet who function as backups to the ones we do know about.
It’s unfortunate that our government is forcing its citizens to learn the art of surveillance in order to protect our First Amendment rights under the United States Constitution. This is being done, purportedly, to protect us from terrorism. The truth — and this is known by those who are doing it — is that our government is out of control and fears that its criminal activities will be exposed. I’m not talking about what we already know, I’m talking about those deep, dark secrets that, if discovered, could bring the government down.
But, that’s for others to address and fix.
There have long existed techniques for jamming radio transmissions to cripple enemy communications in times of war. One of these techniques is the transmission of high power carrier signals containing nothing but noise spread across the known frequency band the enemy is using, making it impossible for the enemy to get any valid traffic through the noise. This principle is applicable to internet traffic with a twist.
One could simply record random atmospheric noise in MP3 files, encrypt them to make them look like something of interest and keep a steady stream of them flowing from one’s internet connection to the cloud. Done with sufficient volume, this would tend to mask most of your valid traffic, burying it in the noise, so the watchers would have to sort through useless, random noise.
I’m not advocating this, mind you, just making an observation. I could probably turn this into a plausible plot for a cyber-thriller novel, but I’m not a novelist. If any novelist finds this an interesting plot, feel free to run with it.
The news has been filled with pieces about how your internet, telephone and email traffic is being monitored by the NSA. It’s called PRISM. That’s not an acronym, but a descriptive moniker according to Steve Gibson. A prism splits light into its spectrum; PRISM splits the light on fiber optic cables into two paths – one to the internet router and the other to the NSA data collection facility.
Security Now! podcast, Episode 408, “The State of Surveillance (How the NSA’s PRISM program works.),” is a must listen for everyone. Here’s why, in Steve’s own words:
Leo and I remind our listeners that we just had another Microsoft Patch Tuesday. Then I detail and carefully lay down a solid foundation of theory of the operation of the NSA’s PRISM program. This explains EVERYTHING about what the NSA is doing, and how. I even explain how and why the program got its name.
Big Brother is Watching You! The Thought Police aren’t far behind.
Sophos produces some excellent videos and this one definitely qualifies. I have been saying these things for years, but this video punches home the whys and wherefores of the three biggest wireless security myths. Enjoy!
I have been reading Bruce Schneier’s Secrets and Lies: Digital Security in a Networked World for some time now. Why it took me so long to finally read it, I don’t know – any security geek worth his salt needs the background this book provides. Granted, technology has changed and advanced since this book was first published in 2000, making some of the examples irrelevant in today’s environment, but the basics of security that they illustrate have not.
In Chapter 24, Mr. Schneier outlines and explains security processes in depth and states the obvious that most of us either never think about or take for granted:
Computer insecurity is inevitable. Technology can foil most of the casual attackers. Laws can deter, or at least prosecute, most criminals. But attacks will fall through the cracks. Networks will be hacked. Fraud will be committed. Money will be lost. People will die.
Technology alone cannot save us.
. . .
The only thing reasonable to do is to create processes that accept this reality, and allow us to go about our lives the best we can.
The following are the process principles Mr. Schneier outlines. I’ve printed this list and posted it as a reminder to look at my network with these points in mind when making changes or upgrading things.
- Secure the Weakest Link
- Use Choke Points
- Provide Defense in Depth
- Fail Securely
- Leverage Unpredictability
- Embrace Simplicity
- Enlist the Users
If you haven’t read the book, I highly recommend you do so now to get the in-depth take on each of these principles.
We tend to be creatures of habit. For some areas of our lives, that’s a good thing; there’s nothing wrong with establishing healthy eating habits or good home maintenance habits. When it comes to security (both physical security and cyber security), however, habits can be a very bad thing. For instance, if you always park in the exact same spot and take the same route from or to the parking lot at the same times each day, you could become a target for muggers. The solution is to park in a different spot each day – maybe even a different lot, if you can – and vary your route. In other words, be a moving target, be unpredictable.
The same principle applies in cyberspace. You’ve seen those statistics that show how predictable password patterns are (see Password patterns to avoid as one example). Most of us probably also use the same user name (our name or a variation) for everything and some, heaven forbid, the same (predictable) password or password pattern. This makes it relatively easy for hackers to compromise your account. The solution is to use different user names for your various sites and online accounts. This can be as simple as adding numbers to your user name, or tacking on the site name. For example, my login to foo.net could be kenfoo with a random password. Or, it could be kharthun23. Whatever you do, the idea is to be unpredictable.
You’re the Man, the IT guru, the go-to guy where you work. Your cell phone rings in the middle of the night at times. You get emails 24/7. Everything depends on you. You had an assistant, but budget cuts eliminated that position. On your way to work one fine morning, you’re hit by the proverbial bus. Will your successor be able to step in and take over or will he/she find him/her self in the middle of IT Hell?
It happened to me once (not my predecessor’s fault, more the fault of the office manager) and it took me two months to get things figured out. My first day on the job, I was handed a rather rumpled piece of folio paper with some logins and passwords written on it. I took one look at it and for a moment I considered running screaming from the building. Here was a network with several routers, closets full of switches, five servers, an IP phone system, and a complete wireless network. I had the passwords for four of the servers, the hosted email system, and my predecessor’s workstation.
In short order I learned that most of the passwords, save the one for the domain controller and my predecessor’s workstation, were wrong. I found out much later that the office manager apparently lost the instructional write-up she had been given by my predecessor when he left.
Like I said, it took me two months to figure it all out as I dug through old files, stacks of binders and hundreds of my predecessor’s folders filled with documentation (where I finally found the original instructions). Had the office manager not lost the original write-up, the whole process would have taken me less than a week to get up to speed.
Document everything and make sure there are multiple copies. Create a special set of instructions and do what you can to make sure they are not lost. I have a red binder that I keep updated to make a transition easier for my successor.
IT Hell is not a fun place to be!