Blake Dowling, Author at Florida Politics - Page 6 of 7

Blake Dowling

Blake Dowling is chief business development officer at Aegis Business Technologies. His technology columns are published by several organizations. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com

Blake Dowling: The latest in social engineering and digital fraud — hacking a person

Social engineering refers to manipulating individuals into divulging confidential information as part of an elaborate con.

In some cases, it can be the first step in digital fraud.

Last week, I received a call from “Verizon,” asking me for the password of our account.

I asked the chap what his name was; he said “John.” I informed “John” it was a bad day to be in the fraud business and said I would need his password.

See what I did there?

Needless to say, John was not amused. I added that I would also need the name of his pet and favorite song by Coldplay (he seemed like a Coldplay guy). Anyway, he hung up.

Obviously, John did not work for Verizon. He wanted to gather private info. There are so many ways for criminals to attempt to defraud; I will detail a few to save you some pain. Not just common phishing schemes or crypto locker ransomware threats, but some new ones I bet you haven’t heard of.

Have you heard of baiting? This is a very creative form of fraud.

In baiting, the criminal counts on the curiosity of the victim. The thief leaves an infected disc or USB drive in an elevator, a parking lot, a bar and the like, hoping the person who finds it puts the device into their computer. To this end, they rely on the user, usually labeling the disc or drive with something that sounds enticing: “Swingers party at Dan’s,” “credit card numbers, “case notes,” or even something as simple as “confidential.”

The device in question has malware loaded; the minute it is plugged in, the thief can target that PC and its connected network.

People are curious by nature and they often fall for this.

The Verizon story mentioned above is called “vishing” or phone phishing. There are many variances of this, with one of the most common is someone calling claiming to be from tech support, or Microsoft.

Don’t forget, readers, Microsoft never calls you, not ever.

So when a fake rep from Microsoft calls, asking you to click a link and enter your password, please don’t do that. That is bad. I have had clients fall for that one, and all of their data was compromised.

Another abundant playground for cyber thieves is social media.

Is your birthday on your Facebook page? Your title at work? How do you think criminals come up with fake emails sent to the president of organizations to the accountant asking for wire transfers? We received one the other day at Aegis; the tone was way too nice. We laughed over that one.

Or maybe they pull contact info off your corporate website. Having info out there is a good thing — for people trying to reach you — but it also makes you a target for those in the fraud business.

Just this morning, I was speaking with a local businessman. He asked me if I had ever heard of the following scam: Someone pretending to be a vendor for a large university provides a change of bank account for direct payment and impersonates the CTO or accountant of that supplier. Schools in Florida are always a target.

Once a transfer is executed, it is hard to track down the criminals in question, as the money is gone and they are usually overseas. In these cases, local law enforcement doesn’t know what to do. Just like a friend of mine in Texas who had their credit card number stolen. The card was used in a store in California so the Texas police told him to file a report in Cali.

That’s about as helpful as a room full Pokémon Go players drinking copious amounts of Dirty Steves — Red Bull and vodkas.

The reason cyber criminals go to all this trouble? It is usually much easier to hack a person (con them into providing confidential information) than it is to hack a network.

How do you protect yourself? As Agent Fox Mulder said back in the day: Trust No One.

____

Blake Dowling is chief business development officer of Aegis Business Technologies. His columns are published by several organizations. You can reach him at dowlingb@aegisbiztech.com.

 

Blake Dowling: Not in this lifetime — tech and the Guns N’ Roses reunion tour

On a Wednesday evening in 1988, I joined my friend Quinn Borland for an epic concert in Albany, Georgia.

Opening for rock legends Motley Crüe was a little-known band called Guns N’ Roses.

I was in middle school, so it was an incredibly big deal to be out on the town on a school night.

The show was spectacular, and in the years to follow, the band rocketed to worldwide success.

GNR 1996
Guns N’ Roses in 1996.

Fast forward to 1992, and my friend Ron LaFace and I caught the band in Tampa on the “Use Your Illusion Tour.” The band was on top of the world; in their prime. Soon after that, they broke up.

About 10 years ago, lead singer Axl Rose was asked if the band would ever re-form. “Not in this lifetime,” he said.

Never say never, as earlier this summer most of the original lineup launched a massive reunion that rivals any traveling show on the planet.

It’s called the “Not in this Lifetime” tour.

Over the weekend, I caught their performance at Orlando’s Citrus Bowl; they delivered an evening of 100 percent gold.

It’s interesting to note how the world has changed since the original heyday of GNR.

Andy and I were rolling down Interstate 10, and he kept looking at his iPad to check some map. I asked him what he was doing, and he said he uses the Waze app for travel. Waze points out traffic issues, accidents, police, cheap gas and anything else you might need while going down the road. It is a community app, so you rely on other drivers to get you the information you need; you can contribute also. Very cool.

Guns N’ Roses in 2016.
Guns N’ Roses in 2016.

It would have been nice to have this in the ’80s.

I used Uber to get a ride to the stadium. Andy had never used that app, so I explained how I use the app while traveling, from the tailgate spot back to the hotel in Gainesville, etc.

For the two of us, it was $10 to get dropped off in front of our gate. What a deal.

(I assume I don’t need to define Uber.)

The world of rock and roll and technology have indeed formed a bond. My friend was obsessed with the GNR Twitter account as they randomly awarded guests seat upgrades and free swag throughout the evening.

We did not win.

However, we had a truly authentic engagement with the GNR brand and community. That was thanks to social media.

Speaking of social media, I try to keep posts short and sweet.

While I will post a column I wrote, a concert pic, me and the family on vacation, etc.; I shy away from political rants, sharing personal problems with the world, how much l love my dog, etc.

But I couldn’t help but post a two-minute video of the encore, “Paradise City.”

There was so much going on, it was irresistible. Fireworks, epic jam, sound and lights off the chart, plus the band sounded amazing (that’s important). Axl is not 25 anymore, but he can still bring the thunder as good as anyone.

The conversation about music and technology is usually about how tech, specifically how online file sharing has destroyed the business. And, believe me, I understand that dialogue; I used to work in the business.

However, if you think about how technology has changed the concert experience for the user, it is mind-boggling. Getting to the show, enjoying the show and documenting it for vital Facebook posts make the 2016 concert experience both unique and weird.

I say weird because half the stadium was staring at their phones during the show — maybe they were playing Pokémon Go? LOL.

If you get a chance to see the 2016 GNR, I say go for it.

DOWLING GNR 2016

___

Blake Dowling is chief executive officer of Aegis Business Technologies. His columns are published by several organizations. You can reach him at dowlingb@aegisbiztech.com.

Blake Dowling: Consumers can avoid feeling the ‘email Bern’ by hackers

Debbie Wasserman Schultz got to “Feel the Bern” from a hostile crowd of Florida delegates at the Democratic National Committee.

Why were these Bern Victims so fired up? The email scandal, of course, which led to Schultz’s resignation. The pro-Clinton digital documentation revealed in this breach and scandal is a mess.

There are several old school rules of thumb my grandparents used to use. Here are two: “make sure to get it in writing” and “make sure to not put that in writing.”

You should have the same approach to writing emails.

“I don’t care if anyone reads this, ever.” If it’s not that, delete.

Emails can be sent/forwarded to the wrong people, handed over to the courts, watched by the National Security Agency, and — as with Debbie and the gang at the DNC — hacked.

The DNC realized something was wrong going back as far as April. They brought in a professional security firm to analyze their network; they found a breach, and blocked it. But it was too late. The bad guys had been inside their world for a year, and they had already taken everything they wanted.

It is suspected that a nation state was behind the hack (Russian-backed cybercrime syndicate Guccifer 2.0 is a distinct possibility). I was asked by the Orlando Sentinel this week how do you stop something like that? (See my Q & A with Paul Owens later this week.)

The short answer is … you don’t.

If you have the resources to build nuclear weapons and fly in space, you can pile up enough code, hackers, hardware and software to perpetuate a successful cyber threat against anyone. What you need to be thinking about is how to minimize the threat.

Your password is your front line of defense.

To those of you that have a password that is a variation of the word password or a word that can be found in the dictionary: FAIL.

Those rules from information technology experts have been read over and over: a number, a capital letter, and a symbol in every password gives you some security. There are software programs designed to auto-hack passwords, and by following these protocols, you might just stop a threat in its tracks.

The most common attacks are Trojans, Phishing schemes, denial of service (DOS) attacks, Ransomware/Malware (Cryptolocker), and password attacks/brute force attacks. In conjunction with a strong password, put your email somewhere smart.

Don’t use a free hosting service for email. There are a dozen examples of free email, but I will minimize my risk of a nasty letter in the mail and not call them by name.

You get what you pay for, both in life and email. Use a cloud platform with a “Tier 4” data center.

Tier 4 is defined as critical servers and computer systems in a data center, with fully redundant subsystems (cooling, power, network links, storage, etc.) and compartmentalized security zones controlled by biometric access control methods.

If you have your email on a local server, make sure a state-of-the-art firewall is deployed, and in all cases have up-to-date hardware with the latest patches, as well as anti-virus and anti-spam solutions in place.

Lastly, if an attack, breach or theft occurs, have a solid backup of your email and data in place.

The Russians, Chinese, 14 people in North Korea with internet access, and the wacko next door could all be potential cyber criminals. You can buy kits on the dark web to become a cybercriminal in about seven minutes.

So keep thinking defensively. To that end, another way to keep the bad guys out is “two-factor authentication.” This is a method of confirming a user’s identity by utilizing a combination of two different components. These components may be something the user knows, something the user possesses or something that is inseparable from the user.

An example from everyday life is the withdrawing of money from an ATM. You have to have a bank card (something that the user possesses, factor one) and a PIN (personal identification number, factor two) for the transaction to be carried out. The same goes for logging onto a commercial site, when they text you a code to enter.

Criminals are not getting dumber, but the average American is; see the Pokémon Go craze if you need further evidence.

So when it comes to email, keep your eyes wide open, and security top of mind. Be safe out there.

___

Blake Dowling is chief business development officer at Aegis Business Technologies. His technology columns are published by several organizations. Contact him at dowlingb@aegisbiztech.com or at aegisbiztech.com.

Blake Dowling: What is Pokémon Go and why is it news?

My son Reid catching a creature
My son Reid catching a creature

Fads are a regular occurrence in our fast-paced, ADD-ridden culture.

We run from shiny thing to shiny thing, instantly fascinated and quickly bored.

Swatch Watches in the ’80s and (of course) parachute pants, those awful rubber band bracelets my daughter wore by the truckload a couple of years ago. The yahoos from Duck Dynasty are a trend that hopefully will go away very soon.

This month, a digital craze began sweeping the world, via the weird world of Pokémon, and their innovative new app Pokémon Go.

Why is Pokémon being featured in a professional column? Because the tech use in it is off the charts and criminals have found a way to get in the mix, actually monetizing from gameplay.

Put your tray tables up and your chair in an upright position; this is going to be an interesting ride for you. Wheels up.

To start our story, we must journey to the Land of the Rising Sun.

Pokémon began as the hobby of Satoshi Tajiri, who as a child was into catching bugs and tadpoles near his home in suburban Tokyo. Tajiri decided to put his idea of catching creatures into practice, to give kids the same thrills he had as a child.

In 1996 – after getting Nintendo on board – the first game was launched (where you try and “catch ‘em all”) followed by trading cards, toys, TV, a touring show, movies and more games.

The object of the game is to collect creatures; this latest version has the same goal.

Pokémon is a free-to-play mobile app unless you are foolish enough to buy PokéCoins during game play. Yes, this is a real thing.

The game works by tapping into your phone’s GPS for real-world location and augmented reality to bring up those cool-looking Pokémon on your screen, overlaid on top of what you see in front of you.

And you—the digital you—can be customized with clothing, a faction (or “team” of players you can join) and other options, and you level up as you play.

DOWLING POKEMON 2

In reality, you are walking around at the grocery store, park or pub, catching Pokémon. You add them to your Pokébex (your jail of Pokémon), and once you have a few, you then battle other people. You can also go to Pokéstops to gather items to help your game play. This is the “lure” function.

Three people were robbed at gunpoint in Baltimore this week while playing Pokémon Go, Baltimore County police say. In this case, it appears the victims were so engrossed with their phones and the game that they didn’t notice they were alone in a dark alley in a bad neighborhood. This behavior is similar to a teenager on a cellphone who sees nothing of the real world.

Meanwhile, in Missouri, a group of teens was caught Monday using the beacon function to lure other players to a “Pokéstop” location where they were waiting to rob them. This is scary. You are able to lure people to a shady area, who will be distracted, most likely unarmed (as the Pokémon crowd seems like a docile bunch) and easy prey to rob or worse.

As citizens of the digital world, we need to up the dosage on our common sense as being so engrossed in our phones and games, where we would expose ourselves to dangerous situations is alarming, to say the least.

This will not be the last game of this kind that comes up, and the crimes mentioned above will not be the last digital themed crimes committed.

DOWLING POKEMON 1

On a lighter note, my wife was driving down the road yesterday by a local park; out of the corner of her eye saw our son in the bushes with some friends laughing and running around. He is 17, so this is not normal behavior, when she asked what he was doing he said “playing Pokémon.”

She wondered if the ’60s were back and LSD was popular with kids again, but I assured her that he was just the latest American on the Pokémon Go train.

Technology makes our lives easier, sometimes more complicated and sometimes more dangerous, so when you are rolling out new tech make sure you are being safe and don’t forget to “catch ‘em all.”

___

Blake Dowling is chief business development officer at Aegis Business Technologies. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com.

 

Blake Dowling: из России с любовью (From Russia with love)

Dowling Russia 1I visited Russia for the first time this summer.

Growing up a Cold War kid, the prospect of visiting the Motherland was a little freaky — and the constant visibility of the Russian Navy in the Baltic Sea had me sleeping with one eye open.

Once I overcame these minor fears, the country was truly a gem to explore and discover. Who knew drinking straight vodka with lunch was such fun? It also makes bland food taste fabulous.

Our guide kept telling us how nice Russians are and how they love Americans; this was a farce. I detected no love for the United States. In fact, half of the souvenir shirts that I saw, mocked our president and other world leaders.

Barry [Obama] is an easy target; but still, this is ’merica, ya’ll. (see T-shirt below for an example).

It is interesting that our guide said to use cash only while visiting the former USSR. Credit card fraud is so rampant they said to just avoid it. So rubles it is, I think the ratio was 66 to 1 rubles/dollars.  T-shirts were 450 rubles, so was a Diet Coke.

Anyway, as we roamed — through the Hermitage Museum (Who would have thought DaVinci and Rembrandt had pieces there?), Catherine’s Palace, checked out the ballet, and had lunch where Putin celebrated his 50th birthday —  cyber-crime and fraud were always in the back of my mind.

Some of the world’s most diabolical cyber threats originated in Russia. The CryptoLocker virus was developed by a Russian hoodlum, and it is the Bill Cosby of cyber threats. It is believed a man with the online name of “Slavik” created CryptoLocker.

The FBI has identified Slavik as Evgeniy Mikhailovich Bogachev, a Russian national whose whereabouts remain unknown. He is believed to be the creator of two of the most sophisticated and destructive forms of malicious software in existence — Gameover Zeus and CryptoLocker.

Through the Zeus program, he was able to take control of almost half a million computers worldwide in what is called a botnet, controlled by criminals. The primary goal of the Zeus program is to capture your keystrokes, so that when you go to a financial site, it copies your passwords and then they go about stealing your money. In the crypto-locker scenario, your computer and all its data are locked, with demand for ransom. Once the ransom is paid, you may or may not get the encryption keys to release files. (Make sure you keep a solid backup of your data in case you are infected and need to wipe and reload your machine).

It is estimated hundreds of millions of dollars have been stolen with these tools.

It appears Bogachev is still on the run and is facing charges from Russian and American authorities.

Also making news while we were visiting Russia was the doping scandal and the subsequent Olympic ban. Man, they are pissed about this.

No one I talked to denied anything, they were all cool about the fact that the culture of doping was widely known over there.

Russia has a lot of alarming trends.

Did you know that Russia’s homicide rate is one of the highest in the world?

Organized crime in the country has its hands in everything you could imagine: human trafficking, assassins for hire, extortion, drugs, money laundering, etc.

The Russian military rolled into the Ukraine and annexed Crimea, and actively assisted a separatist force in destabilizing the region.

What are we doing? Our government has cut our military spending by 25 percent in the past five years.

We are a joke to them and not the America they once feared. Who knows how global politics and conflict will end up in the coming years? One would assume China and Russia will eventually try something on a grander scale, and then there are our pals in Iran.

As the downed fighter pilot, Col. Andy Tanner said in the movie “Red Dawn” about how the the fictional invasion of the U.S. by Russia started, “I don’t know. Two toughest kids on the block, I guess. Sooner or later, they’re gonna fight.”

The sun sets around 11 p.m. in Russia this time of year, and it was a pleasure to visit and learn more about this nation. It is a nation of grandiose history and horrendous violence (see Lenin, Stalin) but a nation worth checking out if you get the chance.

And don’t forget to drink some vodka while visiting; it worked for my wife and me.

We just need to make sure not to take that ritual home with us …

___

Blake Dowling is Chief Business Development Officer for Aegis Business Technologies in Tallahassee, and he writes columns for several organizations.

You can contact him at dowlingb@aegisbiztech.com.

This slideshow requires JavaScript.

Blake Dowling: Kicked in the conch … Bimini, part 2

In early 2016, I wrote a column for Florida Politics.com about the island of Bimini, located in the Bahamas about 50 miles from Miami. Hemingway wrote some books there, Gary Hart got busted for some shenanigans there. It’s a small fishing village with some seriously cool spots to check out — nature, watering holes, possible site of Atlantis, the Bermuda Triangle, conch, rum, etc.

I put together a piece intended to be a technology column. In the end, the finished product was a discussion of what — in my opinion — constitutes overdevelopment on the island.

As the column hit the streets, the feedback started roaring in like crazed Bernie Sanders supporters at a hemp rally. I got comments from the Bahamas, Puerto Rico, Miami, Texas and all the way to England.

My column was reposted across the pond by a group called Tourism Concern that has been watching the island closely. Jolly good show, Alison Stancliffe.

(L to R: Myself, Bradley Beesley, Trimmer)
(L to R: Myself, Bradley Beesley, Trimmer)

Here is the short version of the past and the now. In 2008 an area of the island was declared protected, called the North Bimini Marine Preserve. Oddly enough, since that time, a rather large resort, pier, marina, and some private homes have been built, and they keep creeping closer to the NBMP area. One of the other people to pick up my column was filmmaker Bradley Beesly (Google him: HBO original shows, Travel Channel shows, the Flaming Lips documentary, etc.)

Bradley and his team were commissioned to do a piece on what is going on in Bimini. He flew me and my esteemed cohort, Trimmer (whose family has close ties to the island) down for a few days of filming.

Getting there was a real treat — Silver Airways to Tampa-Tally-Ft. Lauderdale-Bimini. Get to the Tally airport two hours early, all flights canceled. WTF. Rerouted to Miami airport with a one-hour layover, thanks to a taxi driver on meth, I actually made the 45-minute rampage across town and caught the connecting flight to the island.

bimini 05.31 3

We hit the ground running hard — literally, really hard (those Silver Airlines pilots need to take a refresher, just saying) — around 5 p.m. We threw our bags down, cracked a Kalik beer, and started our quest to capture the essence of the island on film with a scene at the local conch shack. We talked to locals and guzzled a few Kaliks while enjoying some fresh conch salad. Working with Bradley was great, he guided us in and out of several spirited conversations, and we really got the chance to lay it all out there.

The fact of the matter is, the hotel is there now. It is HUGE, by the way, I had never seen it with my own eyes, we checked it out via boat, and then rolled over on the golf cart. Granted it is not an ugly hotel, it’s cool looking, but (ye gods!) it is slapped right on the end of an island that only has 2,000 people on it, and the island is just 7 miles long.

bimini 05.31 4

I think at this point the hotel and the island need to work in more harmony as neither one are going anywhere. Also, the hotel and the government need to sign the NBMR law and move on, and stop any discussions of golf courses where mangroves and reefs are currently located. Attention, señor, what do you think helps stops storms, replenishes the sea life, etc.?

These things are why people come to the island in the first place.

bimini 05.31 5

We spent a lot of time at Big Johns, the Big Game Club, had some homemade Souse with Sarah Lee, rum drinks at Ebby’s, listened to stories from the Barefoot Bandit (foreign girls, fishing, etc.)

We did some swimming, ate like kings, more Kalik, did some boating, more rum, tinkered with the boat, got the golf cart fixed (maybe). Everything, and all things, that make the island a real gem.

These awesome characters or activities would not be around without the bounty of nature Bimini has to offer, and it’s a shame it is being disrupted. But hopefully, that is over. As we sat at Joe’s Conch Shack during our first day of filming, we were discussing some of the negativity associated with the recent development, and I think I summed it up nicely by saying, “the island got kicked in the conch, fellas.”

So there you have it, the good, the ugly and all the rest. See you in the islands again soon.

I will, hopefully, be at the far right corner of the porch at the Big Game Club, and I will let you buy my next Kalik.

bimini 05.31 6

___

Blake Dowling is Chief Business Development Officer for Aegis Business Technologies in Tallahassee, and he writes columns for several organizations. You can contact him here: dowlingb@aegisbiztech.com.

 

Blake Dowling: Retailers use your online data to determine what to charge for a product

Price discrimination has reared its head again. Just like most things, technology has taken something old school and rolled out a high-tech version of it.

Not to be confused with “price gouging” mind you. This is where some run-down hotel in a college town charged you $300 a night for a $60 room. They should all be flogged. But that conversation we shall have another day.

In the past, different stores in different neighborhoods where different socio-economic conditions exist might charge different prices for the same item. That is a grossly simplified example of old-school price discrimination.

What is this digital version I speak of? Down the rabbit hole we go, take the red pill Neal…. (Matrix humor)

So you shop online a lot. You have a Facebook account. You Tweet about nonsense (I love the burgers #whataburger). You have a Gmail account etc.

The servers at retailers are stirring up this data and crunching it into analytics that they can use to identify and predict your buying patterns as a consumer. They are also sizing up your browser and device type as well as how much time you spend online and many other factors.

By finding out what you buy and for how much, the online retailers can spit out a price to you that may be higher than it is to someone else. It sounds almost ridiculous, but it is happening and it is legal.

Northeastern University did a study on a hardware chain and looked at pricing at its brick and mortar stores vs. prices on a mobile device. It was higher on the mobile device, even higher when an Android device was used.

So are Android users stooges to be toyed with and ripped off? I guess so, according to digital marketing metrics. MAC users are also on the list to get higher prices as it is assumed that they have a higher price threshold.

How does one protect oneself? Get multiple quotes from different sites when buying big ticket items. Call a store if it has one and check the price over the phone. Check pricing on different devices, laptop, tablet, home PC etc.

Also, delete your browsing history, and cookies, close all accounts that require a log-in, and drop your free mail accounts. There is a reason they are free. Thanks for reading, be safe out there.

***

Blake Dowling is chief business development officer at Aegis Business Technologies. His columns are published by several organizations. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com. Column courtesy of Context Florida.

Blake Dowling: Beware of ‘boss phishing’ and other new cyber scams

I had a client ask me last week why I did not let them know about the scam “boss phishing.” That’s when an organization receives an email pretending to be from the boss of a company asking accounting to send money ASAP to an account.

I told the client that I had done my absolute best to get the message out.

On two local TV networks, I spoke of the threat. I wrote articles for 850 Magazine, Context Florida, and the Tallahassee Democrat. We had a “lunch and learn” with the Florida Department of Law Enforcement on it; we featured it in our newsletter.

But I know where that client is coming from. All the training and information in the world may not help you when the threat comes knocking at your door.

With Boss Phishing and Cryptolocker (ransomware), you can ruin your company’s day pretty fast. This particular client had an accountant with a sharp eye and she noticed the domain was one letter off and she asked the “boss” if he had sent her a request for funds.

The answer was NO.

Not all companies are as lucky. I have talked to victims of both crimes.

Cryptolocker can strike a lot faster. You click on a virus-embedded link that looks like it’s from a debt collector (or Dropbox, UPS, AMX etc). Because of all the client lists and sensitive info that have been stolen (data breaches left and right in the US), you might actually owe money to this entity. Therefore, it looks legit.

But when you click to straighten out the old bill, you are infected. As with any business, and it is a business, criminals are getting smarter.

A lot of tech info these days references going to the cloud. Well, it’s not just us law-abiding folks who are taking email and other business functions to the cloud. Criminals are flocking to the cloud as well.

The people who write malicious code are no longer just writing one piece of software to sell once. They are putting up malware as a service for sale. This way they make money each time it is purchased or rented.

Where could such illegal services be sold? The anonymous dark web, of course. That’s where anything is for sale and your moves are hard to trace by law enforcement.

I have seen black-market code that comes with a money-back guarantee, terms and conditions and terms of use that look just like something Microsoft might sell. The black-market tech landscape is frightening.

If you were the criminal, you would go on the dark web, lease an exploit kit and go about trying to infect PCs around the world, and depending on the attack, steal your bank info, encrypt your files and ask for ransom — or get you in a botnet scenario.

This latest move by criminals heading to the cloud is just another example of criminals getting smarter. So as a reminder, be wary if you see anything odd coming in via email — a request for money, to reset your password, enter your banking info, congrats you have won something, click here to see your pictures from last night.

Do not click, consult your IT professional. It is always better to safe than to be hacked.

***

Blake Dowling is chief business development officer at Aegis Business Technologies. His technology column is published monthly. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com Column courtesy of Context Florida.

Blake Dowling: Apple vs. FBI and the bounties for ‘bug hunters’

This battle between Apple and the FBI is one of the most controversial technology stories of the year.

The FBI, while trying to get into the phone of the two San Bernardino terrorists, took Apple to court. The agency demanded that Apple help the agency get data off the locked phone and then said “never mind.”

Apple then asked, why the “never mind”?

The FBI hired its own hackers and one or more of them were able to get the data off the iPhone, according to the Washington Post.

There were rumors that the Israeli tech firm Cellebrite was brought in to assist, but that does not seem to be the case.

Have you heard of the Bug Bounty program and bug hunters in general? Started in 1996, the program was the idea of a Netscape employee who recognized the work being done outside of the company on their products.

He pitched an idea to management about how to incentivize these outsiders and make their findings more widely available. His bosses loved the idea and the program was off and running.

The same system is in place for other firms today. Hackers and tech specialists around the world are paid to find bugs in systems. This way, the flaws can be fixed before they reach the public.

Facebook had a program where it actually issued debit cards to researchers who found bugs. Facebook is not alone. Yahoo, Google, and Microsoft all have their own bug programs and they are certainly not limited to the United States.

Russia has the most bug hunters, followed by India and then the U.S., Brazil and the UK. Payments for discovering a bug can reach up to $20,000.

So you can see why people jump into this sort of thing. Where does this leave law enforcement, tech companies and little ole me (the consumer)?

Who knows. FBI Director James Comey said this case was the hardest problem in his career. The issues with encryption and privacy cannot be magically solved in our courts.

The shelf life of the vulnerability that was found in the terrorists’ iPhone 5C seems to be very short, so Apple is not worried about pursuing the case any further.

Just wait until Hollywood gets a hold of this. You know there is a studio exec pitching this story now: “OK, super-nerd bounty hunter works with the FBI to crack the case…..”

***

Blake Dowling is chief business development officer at Aegis Business Technologies. His columns are published by several organizations. Contact him at dowlingb@aegisbiztech.com. Column courtesy of Context Florida.

Blake Dowling: Be careful of new computer viruses that target businesses

Ransomware has been a scourge since it first reared its head a few years back.

The original Cyptolocker virus continues to cause problems worldwide and has been doing so since 2013. The original version would work like this: you receive a fake email pretending to be from UPS etc. and you click the link.

BAM. First the files on your PC are infected and if you do not unplug the device, it spreads to anything connected to it. The virus still gives you access to Windows but no files, and the frightening looking clock begins its countdown to show you how long you have until your files are deleted.

There is a new version called Petya Ransomware in which a computer’s hard drive is infected. This threat is rampaging across Europe.

The new version is disguised as a Drop Box file ready for you to download. It lists an applicant applying for a job and a link from which you click to download the applicant’s resume.

The criminals do not just send this to anyone. They are not just targeting generic lists of email addresses. They are purchasing corporate email lists from the dark web or trolling for their own.

In this case they are sending to HR professionals. What is the likelihood of an HR pro whose job it is to screen applicants for potential openings clicking on a link to a resume? I would say 25 percent. Those are awesome stats for the criminal as a return rate or click rate on old school hacks was in the 1 to 2 percent range (think back to “I am a Prince in the Congo that needs your help to prepare 10 million USD for transfer).

The appearance of legitimacy is what keeps these people in business. They keep finding better ways to appear like they are the entity in question, going so far as to create domains and email addresses that are only one or two letters different from the original.

If they can pass the casual eye test for a few seconds, someone will click on it. That is why Ransomware has become one of the most prevalent online threats.

There are some other interesting variations to the Ransomware scourge that are just coming to light.

MAC users have always thought themselves impervious to such threats. Those days are over.

MACs are by far safer, but the main reason for that is they are not targeted as much because most of the corporate world is Windows based.

As more and more MACs are introduced, the hackers are along for the ride. KeRanger is a crypto attack that targets the MAC OS. Cerber is a crypto variant that takes geography into account. If you reside in Russia, it will not execute as it detects your location.

The creators of the original virus are from Russia and allegedly hiding out in Ukraine.

My advice is to never pay these ransoms but a lot of people do, with mixed results. They say the average ransom request is about $300 (it is actually paid in Bitcoin which is harder to track), and once you pay the ransom you are either sent a decryption key and you can go on your merry way. In some cases, your money is simply stolen.
Be careful where you click, as you could bring on a world of hurt to your business in an instant.

***

Blake Dowling is chief business development officer at Aegis Business Technologies. His technology column is published monthly on Wednesday. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com Column courtesy of Context Florida.

Show Buttons
Hide Buttons