More than ever, the bad guys are trying to get you to part with your money.

 

Scenario #1 – the phone rings.  Either a recorded voice or a live person with a foreign accent tells you that your computer is infected with viruses and your data and banking transactions are at risk.  They claim to be with Microsoft, Windows, Apple, iCloud, Verizon, Comcast and others.  They will say anything to give themselves enough credibility that you don’t hang up on them!

 

Scenario #2 – you’re surfing the web or fiddling on social media.  Maybe you simply mistyped a web address, but you end up on a website you did not intend.  Then it happens.  A scary screen shows up saying you’re infected and your data and banking transaction are at risk.  Sometimes it even talks to you or a siren begins blaring.  It says to call the 800 number or really bad things will happen.  So you call.

 

Scenario #3 – you’re struggling with some tech item.  Maybe a printer or your wifi.  So you google “tech support phone number XYZ company” and you see the number and call.  The only problem is that’s not the company you were looking for and the bad guys with money advertise so heavily on Google that they appear at the top of the search results.  You call and speak to the pleasant sounding bad guys.

 

Scenario #4 – like #3 above, you’re having a tech problem, but this time you know the right number to call.  You have it printed on the manual or some other documentation.  You call and speak to a tech from the right company.  During the conversation, maybe it’s discovered you have some malware or other bad software installed on your computer causing you problems, so the tech gives you another number to call.  A number that IS NOT for the company you called in the first place!  It’s his buddy somewhere else who’s trying to get money from you.

 

With any of the above scenarios, the bad guys convince you to allow them to connect remotely to your computer so they can show you the problem.  Many people smell a rat at this point, but others remain concerned their data may actually be at risk or that they are spreading a virus and they let the bad guys in.  They point you to a website and have put in a code and click a few buttons, and voila!  They are on your computer and moving your mouse around.  It’s fascinating.  To a point.  To watch the mouse move, letters being typed and windows popping up is oddly…well, fascinating!  Also, very dangerous if the one’s moving the mouse are the bad guys.

They show you some scary things that they pawn off as viruses.  The fact is, every computer has scary looking stuff on it.  The key here is scary “looking”.  If you don’t know what you’re looking at, it can be scary for sure.  At this point the bad guys convince you they can clean up the infections and make it all better.  They install some programs (which are all legitimate by the way) to clean-up some junk files that all computers have.  They may even install an anti-virus program and sell you on a subscription.  They want your credit card info so they overcharge you for the software and their services.  Sometimes as much as $1000 for “lifetime” protection.  They may even tell you to go to Walgreens or CVS and get some gift cards to pay for the items.  This is the second point where people smell a rat.  Some will just hang up the phone.  The bad guys call back and maybe you yell at them or hang up again.  That’s when they put a password on your computer so you can’t get back in again.  Terrible stuff.  They keep calling you back and then you pack up your computer and bring it to your local computer repair shop.

 

We see this so often here at Two River Computer that we gave it a name; Unauthorized Access.  Read more about it by clicking here.  If this happens to you, just turn the computer off or close the lid if it’s a laptop.  Then call your local computer repair shop for help.  Don’t be too quick to cancel all your bank accounts and credit cards, but if you’re genuinely concerned ask them to put a “watch” on the accounts for suspicious activity.

 

Trust your instincts when it comes to this stuff.  If you’re on the phone with someone and you don’t feel right about what they are asking you to do, just hang up!

It’s possible, but probably not based on what we know at this moment.

 

However, like many stories in the headlines of the newspapers, TV and social media the numbers and facts can change.  It’s true.  How many times have you read about a tragedy only to find it’s actually 10 times worse than originally reported.  Likely because it’s more important to be first, than to be accurate.  It was originally reported that Russian hackers had attacked some internet routers.  Now they are saying that even more countries were targeted than initially thought, though the Ukraine was notably the largest. And the number of affected routers is growing.

 

So here’s what we know right now.

 

On Friday May 25, 2018 the FBI reported that hundreds of thousands of home and small office routers had been compromised by Russian computer hackers with malware called VPNFilter.  Their goals are typically to collect user data (browsing habits, identity info, passwords), shut down your network or attack another network using your devices.

 

Scary to be sure.

 

The original suspected intent of this attack was to target all those devices inside your home that connect to the internet and don’t have a person sitting at them.  Video cameras, nanny-cams, thermostats, speakers, alarms, personal assistants (Amazon Echo, Google Home), smart TVs and more can all become an army of robots that can attack and bring down websites and servers.

 

Now they are saying that the attack can alter info you see on the internet if your network is compromised.  Imagine seeing your bank balance at a steady number, but the bad guys are siphoning off your money?  You could even be making a purchase at a familiar place, but your payment is going somewhere else and you never get your item.

 

They are also saying even more countries were targeted than initially reported…and the total number of targeted routers now exceeds 700,000.  And the number of manufacturers named in the router list has expanded greatly from initial reports.

 

So now what?

 

We are all concerned, even if only mildly, that our money will get stolen or our identity will get hijacked while surfing.  My opinion is that I think we are all pretty safe.  The same safe feeling you get when you get in your car and you buckle up and see that airbag light on.  But that doesn’t mean some idiot won’t hit us because they’re updating their Instagram while driving!  We need to always be diligent even if we feel safe.

 

The fact is there’s loads of safeguards to protect our online surfing.  Your local computer has protection, your bank has protection, the Amazon web servers all the big companies use all have military-grade firewalls for protection and Google is always on-guard to secure its traffic.  And even if something did happen to you, it can and will be fixed.  It may be a colossal pain in the butt, but even an identity theft can be undone.

 

What we were told to do to fight this attack was to reboot (restart) our routers.  Yup, simply unplug them from power, wait 30 seconds and then plug them back in.  That action will “flush out” any malicious code that was injected into your router.  For the time being.  There’s software that runs on your router, called firmware.  It should be updated if your router is on the list.  And perhaps more importantly, the default administrative password that came with your router needs to be changed NOW!  You may even want to consider performing a “factory reset” of your router, or better yet, a new router if this whole thing makes you nervous.

 

List of affected routers

 

You can contact the router manufacturer for assistance in upgrading firmware and changing the default password.  You can also call your local computer repair folks.  They can handle this for you.

 

PLEASE NOTE: as of this writing, Verizon FiOS and Comcast/Xfinity routers ARE NOT AFFECTED.  Primarily because they have unique default passwords and firmware upgrades are handled directly by them.

 

So, will the list of affected routers get bigger?  Will the attack be more widespread?  The FBI actually seized the server that started all this, but they believe the bad code is still out there and may even have a delayed payload and attack later on.  We feel that it’s better to be safe than sorry and you should do something if your router is on the list.  Maybe even if it isn’t.

 

Heed the warnings and carry on.

Looking at this as a parent myself, and a technologist, I say “just enough” control is all I really need.

 

I want something that will lessen my own anxiety and make me feel like I’m in charge…not my kids.  I’m one of the few parents I know that actually knows more than their kids about technology.  So I can only imagine some of the genuine fear that some may have when the kids are behind closed doors or little Johnny’s friend brings over his laptop or iPad for a playdate.  What are they watching?  Why do they keep hiding the screen when I walk in the room?

 

As I am prone to say, “the fun never stops”.

 

There have been many approaches to the concept of “parental controls” since computers began appearing in kitchens and family rooms in the mid-1990s.  Some of the early players were software programs that got installed into a computer and could filter internet requests.  It was sometimes tedious to work with because you often had to create your own “black list” of websites or keywords that you didn’t want your kids to see.  And then came the “white list” when good things got blocked.

 

We saw a lot of this being applied when classrooms full of computers started appearing.  Products like NetNanny, SafeEyes and K9 were popular and did the job.  In homes, some parents would put the computer with the screen pointing into an open area so they could see everything.  That was a great deterrent.  The software helped too, but kids are curious.  Naturally.  It’s normal.

 

Next, we saw some internet routers that had some of this web-filtering capability built-in already.  That was helpful in homes with more than 1 computer, which started in the early 2000s.  It was a great start to what I call “whole-house” protection.  Anything that connected to the router to get internet access had the parental controls applied.  Sounds good, but it was cumbersome.  Again, you had to create white and black lists of websites and keywords.

 

As time marched on, these products got better.  Then the websites themselves got classified based on content, which helped a lot.  Like the movie or video game rating system; G, PG, MA, R, etc.  The software installed on the computer or built-in to the router could filter by category.  You could easily block things like guns, drugs, sex, hate and more.  They also started using their own database of dirty words and phrases so you didn’t have to make your own lists.  Some of those words…wow!

 

These days with each person having 2 or more devices (and some of those persons are under the age of 5!) managing the internet access and content allowed has become a real job to manage.  Software and apps can do a lot, but they are device-dependent.  If the software gets removed or another device is used, then it doesn’t work.  I run into parents all the time that tell me about the best app they just put on their kids’ phone and how they feel so safe knowing they are being protected.  Until I show them the workaround that kids can usually find a few hours after you put something on the device.  I often say, “install something at breakfast and they found a workaround by dinner”.  This is not true for all, but I see this a lot.

 

So what’s a concerned parent to do?

 

I prescribe to the idea that in life there is “an acceptable amount of abuse”.  This may not be popular, and abuse is a strong word, but somehow fitting.  In the 1980s it was using the work phone to talk to your sister in Indiana.  In the 1990s it was using AOL instant messenger to chat with your friends.  In the 2000s it was using company internet to sell your Beanie Babies on eBay.  Now it’s social media and texting while working.  It’s OK to do these things a little.  We sometimes need to look the other way…but not for long.  I think the same thing applies to the kids and internet access.  We hope they make good choices based on how we raised them.

 

Back to the “whole-house” solutions.  The concept here is that ANY device that enters your home can have filters applied.  Individual profiles can be created for each family member and their respective devices to allow the proper amount of access.  A 5 year-old shouldn’t have the same access as a 15 year-old.  The bigger bonus these days is how much control we can actually have.  Things like a “bedtime” when the internet will cutoff for a user and ALL their devices.  You can even assign an amount of time per day they can spend on their devices; even how much time per app can be assigned also.  Some devices even allow for a PAUSE the WHOLE HOUSE for when it’s dinner time.  Game changer!

 

In the end, parental controls are good.  They can help us feel better about what our kids our seeing and how much they are seeing. But it’s no substitute for good parenting.  Tell your kids why the internet can be bad…or addictive…or hurtful…or helpful.  Teach them about time.  Good time.  Bad time.  Wasted time.  Time well spent.  You get the idea.

It depends if you like to gamble or not.

It seems that not a week goes by when we are not reading about some kind of cyber security breach at a big-name retailer or corporate giant.  Sometimes they can be attacks by a rogue government, or even by a teenager in the Ukraine.

 

But what about me?  Am I safe?  Surely these problems won’t ever affect me, will they?

 

Well, that depends on a lot of things.  Cyber security requires that we adhere to same basic rules:

1. limit physical access to our device(s)
2. have strong passwords in place to access our information
3. keep devices and operating system software up to date
4. use a good security program
5. have a plan if things go bad

 

Allow me to elaborate a little on each of the rules.

Rule 1 – Limiting physical access.  This may seem really basic, but its importance cannot be stressed too much.  Lock your doors, keep your phone in your purse or pocket and don’t let other people use your stuff.

Rule 2 – Strong passwords are always a must.  Here’s some things to help you make them.  Use special characters to replace letters; use a $ instead of an S, how about a 3 instead of an E, or maybe a ! instead of a 1.  Those can definitely help make the password stronger.  A phrase “sandwiched” between some numbers, like 19BornToRun75! As a Springsteen fan you would easily remember that this album came out in 1975 and adding the ! at the end makes it stronger.

Rule 3 – If the hardware or software manufacturer issues you an update, you need to install it.  We all need to be sure we have a proper backup before installing the update (also referred to as a patch) in case something goes wrong.  Microsoft and Adobe routinely release updates, but not so for Apple.  We sigh when we see the pop-up about even more Microsoft updates, but they are all still important.  And when Apple releases a security update, it’s usually pretty serious so do it right away.

Rule 4 – Have a good security program installed on your computer.  And yes Virginia, Macs so get infected.  And don’t forget about backup.  The best plan is 3-pronged; the original data on your computer, a local backup device like a USB external drive or even a flash drive, and also a cloud copy using a service like Carbonite or CrashPlan.

Rule 5 – What if my device is compromised, now what?  First, we need to assess what it really means.  Most of our devices are not that important to be attacked.  Nor is the data on them…at least not to anyone but ourselves.  The best plan is prevention.  That and have a someone to call for help, whether that’s your neighborhood computer folks, banker, attorney or kid brother.  Don’t panic, just ask for help.

 

For business, cyber security has an enormous and scary downside if the data gets compromised.  They even sell insurance now in case your data gets stolen.  But for consumers, it’s really about identity theft.  Long gone are the days when our contact list was stolen and emails about Viagra, Low-Interest Mortgages and Weight-Loss were sent out.  Embarrassing to be sure, but pretty harmless in the end.

 

Now the bad guys are more surgical.  They are hijacking your email and looking for conversations between you and your brokerage house; searching for terms like “wire transfer” and other things that will allow them to see a pattern and try to have money re-routed to their account instead of yours.  We witnessed it enough because the protocols of the bank or broker are not followed precisely, but it shouldn’t have happened in the first place, right?

 

Right.

 

And identity theft…this can be the worst.  Accounts opened in your name or tax returns filed on your behalf are obvious signs your identity has been stolen.  You have resources to help you at the Federal Trade Commission – www.identitytheft.gov.  Go there to report an event if it ever happens to you.

 

Keep your devices near you.  Have strong passwords.  Install software updates.  Use a security program.  Know what to do if something does go wrong.