Followup on Yesterday’s Post About the Ransomware Attacks, More Oceanography, Mobile Site

Folks,

Mea culpa. It looks more and more like the “ransomware” attacks were not after money, but destruction. That, coupled with the timing in Ukraine right before their Constitution Day, would tend to indicate it was Russian operatives that did this. At first, I assumed that a major attack in Ukraine was Russian-sourced, but as the day unfolded with reports from around the world, I surmised that it was actually NK hackers, making it look like an anti-Ukraine operation, and after even more Bitcoin like the previous wave of ransomware. The fact that there was a major dip in Bitcoin value right before the attack started seemed like an echo from a previous attack.

Well, it looks like I was wrong – the attacks had a poorly-designed ransom function that didn’t work, and in reality, the payload destroyed files of certain types without recording the encryption key used. In other words, it was irreversible – the payload was destructive and not ransomware, it was just built to resemble one. So in this case, paying or not paying had the same result – if you contracted it, your files were toast.

 

Still, the suggestions I made about updating current systems, using good security software, backups, not clicking on ANY link in email, etc. hold. And, should you be running a dead Windows operating system, do plan to upgrade soon – either get a newer pc, upgrade to Windows 10, or install something like Linux Mint or Ubuntu. Right now, you’re a sitting target with adversaries that are evolving while your old machine likely doesn’t have functional anti-virus software, much less modern defenses built into operating systems.

 


 

And now an overdue announcement – tomorrow at noon Eastern, we’ll have part 2 of Boussinesque’s Intro to Oceanography, this time on Ocean Acidification. As a huge fan of all forms of seafood, learning of the effects of this trend on plankton, the root source of all life in the sea, has me quite concerned.

It will be interesting, and he’ll be manning staffing in the comments to answer questions, etc.  – thanks to both for nudges

 


 

A brief note to mobile site users – expect some changes over the next day or three. I intend to bring a lot of the tweaks and tools from the desktop site to the mobile site, where appropriate. I’m sure some will complain, feel free to do so and I’ll adjust it like always! Should you have any mobile site complaints or suggestions, this is the thread for them; I’ll come back here a few times to see if any late readers have added their 2 cents.

 

 


 

Finally, about 3:30 today I will do some backend tweaking and that may make the site boogered for a few seconds. Should this happen, comments you just submitted might get eaten, so if it’s important, around that time, copy comments to notepad or something in case it doesn’t go through. I’ll comment right before and after the change.

Open thread!



Site Maintenance and Tech Suggestion: You Have Been Warned

Folks,

Item the first: small site changes

  1. The blogroll
    This was a classic case of “no good options”. Currently, and for months, the Blogroll opens in the same window. This causes some users to complain and ask that it open in a new page. I finally caved, knowing that in doing so, I would cause IOS users a headache as it blocks pop-ups by default. After making that change, I began to receive emails complaining that for them, Blogroll was no longer working. One report was from a FireFox user, so this is no longer just an IOS issue.
    That got me thinking – one choice means inconvenience, the other means it doesn’t work. So the choice became clear: the blogroll will open in the current page. I’m sorry for the hassle this causes some, but hassle for some is better than not working for some!
  2. Later this afternoon, I’ll be making a few small back-end tweaks related to security. This may make the site hiccup for a moment as the changes take hold. If you have an issue, count to 10 and reload the page and all should be well.  It is possible during this brief time that comments-being-submitted may disappear into the aether. If so, my apologies, and please re-submit it/them.

 

Now, a brief comment on the current wave of hacking going on:

I’m sure you’ve heard about the wave of ransomware/hacking that began yesterday morning in Ukraine and has now spread around the world.  In my opinion, this is another effort by North Korean-affiliated hackers to generate a huge amount of Bitcoin that will likely be used to purchase more tech and hacking exploits. I bet that a significant chunk of the proceeds from these hacks goes back to NK’s coffers, but these likely foreign-based operations need funding, and I think that they likely resort to these types of hacking to keep the electricity on, as it were. I don’t think it coincident that NK re-commenced their numerical code broadcasts about 2 weeks before the last big hack happened.

The issue of concern from my perspective is that this is the second wave of ransomware-hacking on a global scale. I suspect that many of you have read about how a bunch of NSA exploits and hacking tools were stolen, likely from a contractor, and are being released. If a nation state’s hackers were behind the theft, then perhaps they are using these exploits to generate money before systems are all patched.  If this is the case, then these first ransomware attacks are probably using the least-valuable exploits, ones that have already been patched in most systems. I fear that, in the coming weeks, we’ll see more and more of these attacks, and that they will be much more effective, when they begin to use 0-day exploits that no one except the NSA knows about. (On a side note, is the NSA/US Government financially liable for the effects of their stolen cyber weapons?)

So the question is, what can you do/not do?

These important things:

  1. Ensure that your computer(s) are fully up-to-date. This means Windows, Mac, Linux, phones/tablets. Automatic updates are a requirement in this era, embrace them. As soon as an update is released, bad guys analyze it to see what was fixed. Then they target that issue in hopes of catching machines that aren’t yet patched.
  2. Ensure you are running quality Anti-Malware/Anti-Virus software on all appropriate machines. I don’t like to recommend certain brands, but I’d stay away from Russian brands (bye-bye Kaspersky, I cannot trust your great products ever again) and avoid the cheap/free/no-name options.

    I buy an annual 5 computer license via Amazon, use the digital download option, and it’s like $25 a year. DO IT NOW if you do not have such software. Although I use Norton Security, McAfee is another trustworthy name. Neither product is ideal, and I know many of you hate them with a passion for their performance, but for many lay-users, they are sufficient. They are not better than other options, but I prefer them to any free or no-name solution.

    Please try to start your Amazon purchases using the link here or in the sidebar on the desktop site, or in the comment area or top of a post on the mobile site. Every purchase made using these links generates a bit of $ for the site!

  3. Ensure that all important files are backed up. I love cloud storage/backup because it means there’s a copy off-site, so if my local copy gets screwed up, I can get a good copy. I also like a local backup of my files, so I use a on old Raspberry PI with a hard drive as a Samba-powered backup server. It’s simple, effective, and silent.
    For my most important machine, I backup the entire hard drive (I use CloneZilla to copy the entire disk to an external USB drive) every week. That way, worst-case scenario, I can restore my Windows and programs, downloading my files from local or cloud backup.
  4. If you have an old PC or two on your home network, say for the kids to use or for guests, take them off the network if they are running the following operating systems: Windows 95/98/ME/2000/XP/Vista. All of these are no longer supported which means that any exploit that comes out that targets them will be successful. Email and website are the most likely vectors, and, especially with teens, website visits include some gnarly, crap-ridden sites. Ideally, update old computers to a modern version of Windows, or replace the operating system with a more-secure, free option. Linux Mint is a great operating system that works on almost any old machines. I’m quite partial to Ubuntu, both the GUI version and the “headless” server version that I use for my home media server.
    I love the idea of a Chrome Book and similar paradigms – they do seem to have a very good security model.
  5. If you are running an Android tablet or phone, ensure that you’ve got good security software installed. In IOS, we’re ok because of Apple’s walled-garden approach, but with Android, things are much more dangerous. Related to my suggestion of Norton or McAfee, both include options for installing on your devices.
  6. Never click on a link in any email about any account. Always use a new tab in your browser and type in the site’s address yourself and login as you normally do. Often, well-crafted emails purporting to be from a bank or other financial institution will contain links to sites that look and behave much like the real one, but record your username, password, secret questions/answers, etc. and then use that data to steal your money from the real site. Such emails are also often ways that trojans and other nasties get loaded onto your machine.
  7. NEVER put a found USB stick into a connected, important machine. Bad guys are clever – they know people love to find free stuff, and when they do, they hope that there’s something valuable or neat. So bad guys will drop a few poisoned USB sticks in areas where people will find them, then rush home/to the office to see what’s on it, how much room it has, etc. Such a technique will often infect a machine and perhaps other machines on the network faster than you can believe.
    I use a Linux machine to investigate such things, since I’m sure that Windows is the real target, though these days I just break them and dispose of them without even looking – better safe than sorry, and hopefully if it’s legit, I’ve saved someone’s important data from being found by someone not-so-benign.
  8. Don’t leave machines running all the time if you’re not using them daily – an unattended machine is a sitting target. Always check machines at least once a day or so to ensure all looks ok. Nothing like checking your machine after ignoring it for two weeks, only to realize that the deadline for paying ransom expired last week!

 

To conclude, let me explain briefly what a ransomware attack looks like.

The Basic Mechanism

Basically, these things get into your machine and then use high-grade encryption to encrypt all the files on your computer. This means that instead of your resume, that Word doc is a scramble of characters that makes the file unusable and unreadable. You are often given a short-term deadline (3 days) to pay $300 in Bitcoin to undo this, or can take up to 7 days to pay $600. During that period, if the payload on your machine receives a “they’ve paid” signal, it will unscramble your files. If the 7 day limit is passed, your files are re-scrambled with a random encryption key which is never saved, so your files are permanently scrambled. Or at least for the next few years until tech and decryption breakthroughs mean it will take days not decades to decrypt your files. By then, you’ll likely not care.

Signs of a Compromised System

Basically, you’re using your computer and it gets slower, and you might get errors running programs you use routinely, or messages about corrupted files. This is the infected stage – the payload is on your machine and is in the process of encrypting your files. Turning off the computer or shutting down won’t necessarily stop things, but it might. It also might result in your already-encrypted files being permanently scrambled as the tool didn’t get a chance to complete the process and present a ransom demand. If the files are important, it’s almost better to let the encryption process finish so that you can pay them off, confidant that your files are recoverable.

Once the payload has determined that its encrypting-files job is complete, it will present a screen that you cannot dismiss. It will contain instructions, links to tech help, often even live chat-based support, believe it or not. Once you see the screen, it’s time to go buy $300 of Bitcoin and send it to the file-nappers. There are no other options, sadly – the FBI, NSA, etc. cannot help.

So when you hear about a hospital or a company dealing with this, we’re talking about many-to-most-to-all computers being infected. Imagine how much a company has to pay to release all their computers! In a home user situation, having to pay for one machine is bad enough, but having to pay for multiples can quickly get very expensive. Hence the utility of having your files backed up – as long as you have them, you can pay to release the important computer or two, and for the rest, you can reformat, re-install the Operating System, and all your programs.

 

These truly are scary times – take precautions and be safe!

 



Something Strange is Happening on Twitter

Or as we call it around here it is a day ending in day!

More seriously Twitter seems to be deluged by bots signing up to follow the President’s personal and/or official accounts and, at least for now doing nothing. There are also widespread reports of people who are not following the President being signed up to follow the President’s personal and/or official accounts without their permission. They are also apparently following other elites and notables like Secretary Clinton, President Obama, even Ellen Degeneres.

From the white hat hacker known as the Jester.

No one is quite sure what it means or what is going on (after the jump). Read more



Update Your Linux Machines Folks

Researchers found a major bug in Samba, a core component of many Linux and Unix systems as it controls storage and interfaces with Windows and other non-Unix things.

The issue allows a bad guy to run unapproved code uploaded remotely as a root user. Your firewall has to have the right port open, but lots of folks do that to solve a temporary need and then forget to close the port to outsiders.

So, should you have home or work Linux machines, take a few minutes and update them. This also applies to many less-obvious Linux machines such as my personal favorite, the RaspberryPi.

Many use them as cheap controllers for home storage, media centers, home automation, etc.  So don’t neglect them folks – if they get compromised, that’s just a ticking time bomb waiting to get worse.

Unrelated to this news, we’ll be tightening the site up a bit more in anticipation of increased efforts by bad guys.

On the test server front, the good news is that it’s up and running. There are still a few more details to take care of, and I’m pretty much not doing any work from now until Tuesday as I have lots of IT duties and plan to take apart, re-organize and put back together my home office. Fun fun.

Finally, don’t forget that tomorrow at 12:30 Eastern, my guest post on Oceanography will launch, with the author in the comments ready to answer questions. I found his intro to be very interesting, and it led he and me into an in-depth discussion of the numerous crises in our oceans that are here, or will be soon.

 

Open Thread!



Tunnel Collapse at Hanford

 

A tunnel collapsed in the 200 Area of Washington State’s Hanford Reservation. The 200 Area is where fuel elements from Hanford’s reactors were processed to recover the plutonium that went into American nuclear weapons. I was not aware of an underground rail system there. The system is probably in the 200 area only because the reactors are much too far away to make an underground system possible. Read more



Itunes Help

I need help organizing my itunes. Yes, I am using itunes. I don’t want to hear about alternatives to itunes. I want apps that help organize my library, add art to albums, and gets rid of dupes.

Help me borg.








Privacy, ISPs, and What You Can Do

I’m sure you’ve heard that the Senate, then House, voted to allow Internet Service Providers (ISPs) to sell your browsing and Internet usage data. This is astounding, and has huge implications for each and every one of us that has any Internet usage that might be looked at askance by whomever decides to license your usage data.

So let’s cover some basics on technology, the potential uses for your usage data, and some ideas of what you can do to protect yourself.

I’m sure you’re aware of basic Internet tracking tech, but I’ll begin there and grow in complexity. I expect I’ll cover many of thee issues in Part 2 of my post on tech and protecting yourself, but Adam and Major Major Major Major brought up the idea, and I agreed to write this post today as it’s timely.

 

The Technology

When you connect to the Internet from your home or on your mobile device, you are using an ISP. When you use someone else’s Internet connection, you’re using their ISP. For the most part, your usage from your home or mobile ISP is the ISP of concern for this post.

When you connect to the Internet, you get an Internet Protocol (IP) address. It’s 4 block of numbers (XXX.XXX.XXX.XXX), and for remote computers/servers, it’s usually expressed as a name to make it easier on us humans.  So, for example, the IP address  for www.balloon-juice.com is 63.247.137.229.

When you use a web browser, websites put cookies on your machine. They are used to track your site visits, page visits, etc. Although cookies come from different sources, many are actually parts of syndicates or networks and so all members of a syndicate can see what people did not just on their sites, but on others’ too. And so should you enter your name on one site that’s a member of the syndicate, then all members can link your behavior to your name (or any other info you enter online).

Don’t get me started on Facebook or Google – they track everybody everywhere possible and link all kinds of data they license or buy so that one of them most likely has the biggest db (and the other, the second-biggest) of people and their online AND offline behavior and characteristics in the world. That’s a different post.

There are other ways to track behavior – “blank pixel” technology”, browser fingerprinting, mobile device supercookies, and so many more things. Did you know that when you open an email and you see a picture, that’s often used to inform the email sender that you’ve opened the email?

And of course there’s lots of folks combining disparate data to develop even more thorough profiles of people and their online and offline behavior to drive psychographic analysis and predictions on behavior.

There are truly a myriad examples I could list, but let’s focus on the focus of today’s post: your ISP. I’ll use home usage as the scenario for the rest of this post.

Read more