What's your passion?

What’s your passion? You know, that topic that gets you fired up. Something inside you awakens and makes you want to DO something. Everyone should have at least one passion. These are the things that make us interesting.

You may not know this, but for roughly 13 years or so, my passion has been internet safety. Wha…?? (My musician friends just did a complete 360 in their chairs).  As a founding member and vice president of Predator-hunter.com, I was deeply involved with finding ways to keep kids (and to some extent adults) safe online. At one time, our organization was large (at least as big as Perverted Justice was a few years ago – maybe bigger). We had people trolling the net looking for trouble to report – reports always went to NCMEC. We worked with some law enforcement groups, helping provide technical work on cases. We even helped a young hacker called “OmniPotent” get his valuable evidence to the proper authorities, bringing down a pedophile judge. We built a training site for teaching law enforcement how to use tech tools. We provided awareness training for parents. I worked for a while with Laura Chappell, presenting information to parents, teachers and anyone who would listen about internet safety for kids.

These days, there is little need for organizations like Predator-hunter. And groups like Perverted Justice have given internet safety organizations a bad name. Sorry PeeJ folks – your program started out with the right idea. It just became - umm – perverted along the way. Most law enforcement agencies have their own training available – or have personnel who have experience with the tools they need. Computer forensics has come a long way in the last 13 years. It’s difficult to get parents to an internet safety training presentation these days, as most parents of teens in 2011 have some experience with computers and don’t think they need more information. Organizations like NCMEC have improved their own education programs and created great education modules that schools can use to educate kids on everything from school yard bullies to the dangers of sexting. There’s so much information out there, one could get lost for days.

I still believe in keeping kids safe. I’ve just decided there are so many other people out there doing the work, I can focus on something else for a while. Thanks Michael Vaughan, Amy Baglan, Laura Chappell, Gary Dimmock, Wendell Krueth (rest his soul), and all the other people I worked with over the years… I’m still here, but in a different capacity. Internet Safety will always be a topic that will get my attention.

Public Service Announcement!

Today is Veterans Day. My intention for today’s post was to say a little about the meaning of Veterans Day and then cover the local band activities this weekend. Instead – I’m going to start out with a very important public service announcement:

DNS Changer

What’s so important about DNS Changer? Why should I care?

I’ve been following information on what appears to be the biggest ever arrest of cybercriminals. “Operation Ghost Click” has been a huge investigation, involving multiple law enforcement agencies and covering a span of several years. 6 men were arrested in Estonia, breaking a malware ring that is said to have affected 4 million or more computers in more than 100 countries. Perhaps as many as 500k in the U. S. alone were affected. This includes Apple products.

The malware they used is called DNSChanger. It hijacks the computer and aims the browsers at “pay-per-click” advertising. Pay-per-click ads generate income for whoever is hosting the ads, as the advertiser pays the host for each time someone accesses the ad. If the browser goes to the ads automatically, that generates more clicks. The Ghost Click ring took in more than $14 million through this fraudulent activity.

Unlike many malware infections, the DNSChanger infection can go undetected, replacing advertisements on legitimate pages with the fraudulent advertising. The computer user could be completely unaware their computer is being used in this fashion.

The malware generally is disguised as a video codec, and could be picked up by a user trying to view a video from an infected site. Once installed, DNSChanger goes deep into the system – sometimes to the boot sector – which makes it difficult to spot and difficult to remove. Some variations of the malware infect Apple products, and there are even some that will make changes to routers. DNSChanger then changes the DNS settings to point the computer to their servers instead of the normal DNS servers. Once the settings are changed, the owner of the fraudulent DNS servers can then redirect any part of the browsing session to any server they wish.

The FBI is working towards notifying Internet Service Providers of infected systems using their service. They’ve also posted some information about how to check your DNS settings and what to do if your computer is infected.

See this handy PDF document for information with screen shots:

http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

FakeAV

You are cruising the web, looking at whatever interests you (this could be scrapbooking sites for all I care…) and suddenly – a big red warning screen pops up, and an antivirus starts scanning your computer – with a zillion infected files listed. You’re infected, and it’s bad!

Not yet, perhaps… but click on that screen that says “start removal now” or “do you wish to scan your computer?” and you will be! One of the most common scams on the internet today is the FakeAV scam. Also known as scareware (my favorite is extortionware), this malware infects your computer under the guise of fixing an infection. Generally, the computer isn’t infected until you click that button, thus authorizing the page to download files to your computer. In some cases, the writer of the malware has set up the page so that any click downloads the files. Even an attempt to close the page might start an install.

What is the purpose of extortionware? Well, exactly that – extortion. Once the files are downloaded to your computer, the malware installs itself and reports to you that your computer is infected (it is, but that’s the malware that just installed), and in order to remove the malware you must purchase the antivirus. Sometimes your credit card isn’t even charged for the malware – but is compromised and sold to the highest bidder.

Don’t fall for the “you must purchase this program to clean your computer” scam. Instead, run your regular antivirus (if you can). If it is unable to run, then the malware has disabled it. You’ll need something like Malwarebytes anti-malware to do an initial scan. MBAM is available in a free or paid version – the free version is all that is needed for an initial scan and clean. If you are uncomfortable with doing this sort of task, take it to a local computer shop. Some of them even offer low-cost cleanings because they can scan multiple computers at once. Otherwise, install and run the legitimate scanner and then enable and update your regular antivirus to scan as well. You can also check an antivirus website like Sophos or Symantec for further instructions.

You’re probably wondering why your antivirus didn’t stop FakeAV in the first place. FakeAV is a name for a “class” of malware. Every day, multiple new versions of FakeAV are created and sent out into the wild before the antivirus companies can update your antivirus. Often, you won’t run across a new version until after your update, but the writers count on at least some people hitting on an infected site before their antivirus is updated.  And there’s no formula for avoiding FakeAV infected pages. Sometimes, the most legitimate websites have become infected because of ad space they sell or a missed patch.

Now – for my friends who use the same computer for business and play. Stop it! (You know who you are. I promise not to divulge names…) FakeAV is only one possible risk – there are virus writers churning out much worse stuff as well. Letting the grandkids play on your business computer is bad business in general. Files could get lost or damaged.  Home businesses have been thriving thanks to the availability of inexpensive PCs. If you have a home business, have those files on a separate computer that no one else uses! You’ll be much happier in the long run.  We’ll discuss your lack of back-ups another time.

Contingency Planning

Today was the Iowa Contingency Planners’ annual conference. One of my many hats is business continuity/disaster recovery. So I toddle off to meetings 3 times a year, and once a year to the conference. Contingency Planners is a diverse bunch. Many of us are IT or started in IT, but there are HR people and accounting people as well as first responders and government types. After a few years of business continuity planning, I honestly believe the planner starts sinking into your skin. One day I was driving to work and noticed a plane approaching the Davenport airport – the approach path was directly over our building. Mental note: time to include plane crash in the BCP (the airport built a new runway, and that changed approach paths for jets). I tend to have a heightened awareness of impending issues, thanks to this part of my job.

The first speaker today gave us a presentation on Crisis Communication. She spoke mostly about the reasons our organizations need to be prepared to communicate in crisis situations, and how to prepare for that inevitability. There was quite a bit of discussion about Twitter, Facebook, and bloggers. It seems that a year ago quite a few people were skeptical that Twitter would ever amount to much. The speaker specified fifty-something men – but I’m sure there were others as well. Fast forward to this year, and hurricane Irene. Twitter was one of the biggest sources of information – and people took to Twitter to look for information. The governor of New Jersey tweeted updates regularly in order to make sure the correct information was being communicated. With all of the communication avenues technology gives us, it is very easy for misinformation to be spread – and for the public to express their anger and frustration about not getting information in a timely manner.

I was a little disappointed that the speaker categorized all bloggers as young men sitting in their mothers’ basements in their boxer shorts. Ma’am, there are a lot of bloggers just like myself who are indeed living in the real world. I also tweeted about your presentation – and your comment that people who tweet couldn’t have anything interesting to say.

FEMA gave their presentation just as the Emergency Alert System test started… I suppose they planned it that way so we could hear the EAS test. If you’ve ever wondered what goes on in the background during a disaster, sit in on a FEMA presentation or after action. Talk about organized chaos! There’s the Emergency Operations Center, meetings with state agencies, procuring resources and supplies, Information Technology needs, media to keep informed, governors promising the moon, presidential tours… it goes on and on. FEMA presenter said one of the issues they had was information security was so locked down they had trouble doing their jobs. Infosec can still be locked down but have the flexibility to allow what is needed. Perhaps I should offer my services?