Tuesday, February 24, 2015

It Wasn't Englebart's Fault! (part 1)

   Douglas Englebart was an engineer, inventor and pioneer of the early internet.  He died in 2013.  He was known for a number of key ideas and inventions.  In 1967, he invented a very useful computer device that is a key component in propagating malware and facilitating phishing attacks... the Mouse!

   Of course, Englebart didn't invent email, email attachments, phishing emails or malicious links.

   The media is always buzzing with information about the latest breach or computer break-in.  We hear about advanced attacks, nation-states and possibility of cyber-war.  Many of these major attacks start with a simple click (or many clicks).

   Two of the main ways that malware is distributed or information is stolen is via:

  • malicious attachments sent in an email, and;
  • phishing emails with malicious links.
   For either of these methods to work, the recipient of the email needs to click... with a mouse! (well, you could also use a track-pad or track-ball).  The attachment needs to be opened.  If it's a zip file, it needs to be unzip'd.  If it's a link, clicking the link might either download malware or lead to a form asking for personal information.  Any of these actions could cause major problems.

   Let's discuss two issues:
  • what do these viruses do?
  • why can't my organization stop these? (or why can't I stop them at home?)
   This is, unfortunately, pretty complex and we'll probably handle these in two separate posts.

Why Viruses?

   As I've discussed in the past, this is really an economics issue.  There's illicit money to be made and there are smart people out there coming up with new ways to attack and take over systems.

   A typical computer virus does 1 of 3 things (I'm using the term virus generically - a virus is actually just one of a number of different types of malware (malicious software)).  It can even do more than one of these:
  1. connect "home" and download more viruses;
        This is an optional step.  The real goals are items #2 and #3.
  2. take over a computer so it can be remotely controlled, or;
        An attacker can take over a bunch of computers and use them to attack other computers or sell that capability to others. The computers taken over are called robots or bots.  They can be used to spread spam and more malware; to send a lot of traffic at target computers so they won't work properly or at all (this is called Denial of Service or DoS), or; might use other attack methods.
  3. steal information (the techy word for this is exfiltration).
        The stolen personal or corporate information can be sold or used to steal money from existing or newly created accounts.
  4. (bonus item) threaten to do the above (blackmail).
        An attacker might threaten to crash computers if not paid.  One kind of malware called "ransomware" encrypts your files so that only the attacker can decrypt them and charges you a fee to get your access back.
What can we do?

   This is a complex issue and we'll talk about protection methods next time.  For now, the best advice is to take measures we've often discussed here:
  • use anti-malware software
  • use care when opening attachments
  • use care when clicking on links
  • know who sent you that email, message, tweet, social network message, etc.
   I discussed these and other steps you can take in a post last year.

No comments:

Post a Comment