ToddHDow Studios

Category: Technology

  • Damn you, computer “hackers”!

    Damn you, computer “hackers”!

    My mom got scammed online earlier this week. This is the second time in a year that someone close to me has gotten burned by a scummy, sleazy, no good, prey-on-the-weakness-of-others-rather-than-get-a-real-job jackass. And it is so annoying!

    In this case, the person that hooked my mom didn’t do any real damage. But it inconvenienced her and I for a few hours this week. And that really sucks. And, if it was worse, it would have taken me a bunch of hours more to rebuild her computer from scratch and get it reconfigured to the point where I wouldn’t have to field tech support calls from her for the next two months asking me where her missing icons or browser shortcuts have gone.

    So… here’s what happened:

    She ordered some stuff from Amazon.ca a few weeks ago and her order was taking forever to be delivered. She wanted to call amazon to inquire about her order. So, she opened a web browser and typed amazon.ca phone number in the default search bar. When she pressed enter, she received a google search results page that showed a bunch of options for amazon.ca customer service. This included a malicious (bad) customer support website. Unfortunately, my mom clicked on this link, and that’s where the fun began.

    The link she clicked on was a phishing page (as per wikipedia: Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.). The link she clicked on went to a compromised website. The website had been designed to look exactly like amazon.ca and it had a blurb on the page with their phone number.

    Unwittingly, she called the number on the malicious webpage. The helpful customer service rep (let’s call him Nedry, named after the inept hacker from Jurassic Park) that answered informed her that her amazon account had been red flagged. Nedry said someone else was trying to get into her account. He said not to worry though as he could help find out who it was and clear it up for her.

    Nedry then instructed her to go to a website (citrixonline.com – a legitimate website with a legitimate app) and download an app so that they could connect to her computer. This first app wouldn’t install on my mom’s super old computer. This almost stumped Nedry, as he had to call on his supervisor to help up his game and keep my mom on the hook. His supervisor suggested using LogMeIn123 instead (another legitimate website and app). Luckily for Nedry, this second effort kept him in the game.

    Once my mom downloaded and ran LogMeIn123, she connected with Nedry and gave Nedry control of her computer. LogMeIn123 provides the ability for you to share your screen with someone else and then that person can do anything on your computer.

    And this is where Nedry really got to show off his stuff. Here’s what he did:

    1. He opened a terminal window and continued to show my mom what was wrong with her computer by typing these commands:
      1. ping http://www.amazon.com
      2. top
      3. netstat -n
      4. ifconfig
      5. All of the above commands spit out a bunch of fancy stats and other confusing data to the uninitiated. Nedry showed my mom some of the data and explained that it was the virus taking hold and making a mess of things.
    2. He told her that she had a bad virus on her computer. He said she had something called Torpig. He opened a web browser and went to the Wikipedia entry for Torpig. He read enough of that entry to my mom to really scare her.
    3. Then he used google to search for a website called “geektyper”. He then opened the site directly: GEEKTyper.com – Hacking Simulator. The tagline for this website is “HACK LIKE A PROGRAMMER IN MOVIES AND GAMES!” It has a subsite (geektyper.com/scp) that looks SUPER legit if you’ve ever seen a scary hacking movie.
    4. He even showed her THE GUY that was doing this to her computer!
    5. The he told her that this virus was so bad that it was everywhere in her house: it was on her computer, it was on her TV, it was on her ipad – it was on EVERYTHING!

    Quick side note: I’m actually really impressed with Nedry so far. As far as social engineering goes, this guy is making all the right moves… If you’re trying to hack my mom.

    And this is where things went downhill for Nedry. He had been laying things on really thick up to this point. He had my mom convinced that something bad was happening. He had ratcheted up the drama sufficiently to scare my mom. But now he had to go in for the close. This is the part of the scam where he brings home the bacon.

    He explained that my mom would have to take her equipment to a local computer repair shop. But not just any shop would do. Nedry told my mom that she would need a “Level 6 Certified Anti-Hacking Network Professional”. (This sounds pretty serious! I work in IT security and I’ve never heard of these guys! They must be really hardcore!) Luckily, one of these technicians is located quite close – in Ancaster! However, my mom would have to take all of her equipment to him – her computer, her TV, her ipad, EVERYTHING. This was really stressing my mom out.

    But then, like a white knight, Nedry offered to come through in the clinch: he said, but wait! There’s another way. Are you over 45? My mom said yes. He said you’re in luck! He has an offer for people over 45. He can help you remotely to fix your problem and you won’t have to take your equipment anywhere. (what a guy – this Nedry certainly seems like a super hero, doesn’t he!)

    And it was at that point that my mom made me proud (kinda, even though she’d already given up control of her computer to this goon): she said, “no, I will get my son to look after it.” As soon as she said that, he got nasty and said, “I’m not helping you. I’m done.” My mom asked him to take all of the stuff off of her computer and Nedry replied, “Turn it off. I’m done.” Then he hung up.

    Creative Commons Don also brings in a big one by J. Todd Poling is licensed under CC BY 2.0

    Poor Nedry… he thought he had caught a live one and was just reeling her in. But at the last second, she cut the line and escaped. He must have been pretty pissed because he had spent so much time reeling her in. I almost feel sorry for the guy. Almost.

    That’s when my mom called me. At that point, I told her to unplug the computer from the wall and I’d come by and see what had happened.

    I stopped by today and replayed what happened to my mom based on her story and the evidence on the computer (web browsing history, system logs, diagnostic info, etc.). I was able to restore her computer without a great deal of effort, but I’m still debating on rebuilding her computer from scratch just in case Nedry did or installed something that I didn’t catch in my analysis.

    Regardless, Nedry certainly messed up my mom’s week (no computer from Monday until Friday as she waited for me to come check out the damage), and it messed up my Friday night too to take care of this mess. So yeah… thanks Nedry, wherever you are.

    Is there a lesson to be learned from this? For sure… there are at least three:

    1. Be careful where you go on the internet: Make sure the sites you visit are legitimate. Check the URL in your browser – if you’re trying to find amazon.ca’s customer service phone number, make sure the URL of the site is amazon.ca.
    2. Don’t let people you don’t know connect to your computer: No matter what! When in doubt, everyone knows someone who is computer savvy and who can help out in a pinch (spouse, cousin, grandkid, neighbour, etc.). Even if you have to pay some kid in your neighbourhood $20 to check it out, that is money well spent if it helps you avoid being scammed.
    3. When in doubt, walk away: If you find yourself stuck in the middle of an uncomfortable scenario like the one I described above, just walk away. Hang up the phone, turn off the computer and call your local tech-savvy friend to help you out. And, if you’re worried about offending the person, just mention that your <friend, son/daughter, neighbour, etc.> knows this stuff and you want to check with them. I’m pretty sure the person on the phone will get belligerent, which is a great indication that you’re talking to someone you shouldn’t be.

    And note that this scam also occurs as a cold call from time to time. Someone will call you claiming that they know your computer is infected. Don’t fall for that one either! Again, use common sense and don’t let these scammers into your computer. If you’re nervous, call on your local techie to talk it through with you.

    These people are relentless. They succeed with their scams often enough that it is a very lucrative trade for these scammers. And they can be quite convincing. But the best defense against them is awareness and common sense. That’s why I’m sharing this – I battle this kind of scammer every day in my day job and I’m getting really tired of it. Their techniques are so low tech and they aren’t even very good – they simply circle the pack and pick off the naive people using smooth talk instead of using sophisticated hacking skills. Awareness is a great defense and this is part of my way of fighting back against these folks.

    So yeah… it was a bit of a wasted night for my mom and I. I would have rather sat with her for the evening and visited. Instead, I spent three or four hours piecing things together and documenting this story to share with you.

    But I did get to stop in for a visit and I got a Swiss Chalet dinner out of it so I guess the evening wasn’t a total bust. 🙂

    How about you… have you been scammed by these people? Did you get caught up in it or did you avoid getting scammed? How’d they affect you? Do tell in the comments below!

    Talk soon!

    Todd

     

  • True Fans – Even the NY Times knows about them!

    Facebook - Building a Better News FeedIn my recent Wordcamp Hamilton presentation, I talked about how to build your own fanbase to support your writing. In that presentation, I talked about Kevin Kelly’s suggestion that all you need is 1,000 True Fans to support your creative career.

    A recent article on Medium.com by Lydia Polgreen, Editorial Director, NYT Global, entitled “Why people pay to read The New York Times“, mentioned the following:

    We used Facebook to push stories out to potential readers, to get people to sign up for our Spanish-language newsletter, Boletín, and to drive traffic to our home page. Just as it does for so many other businesses, Facebook helped us find our true fans.

    This is spot on with my talk, where I mentioned that you should use social media to drive traffic to your home page and to get people to sign up for your newsletters. Social media is a fantastic generator of eyeballs. The key is to use it to drive traffic to your site. Be wary of building audience on someone else’s turf (like Facebook or Twitter or Snapchat or <insert flavour of the moment here>).

    And, almost on queue, Facebook popped up today to say that they are going to change the behaviour of content delivered to people’s newsfeed on Facebook. Facebook is going to fine tune your feed so that “friends and family come first”. This means less of a focus on publisher’s content and more focus on status updates and photos and videos from your friends. (additional commentary from NYTimes here)

    It’ll be interesting to see how this alters the dynamic between the Social Network and its publishing competitors/partners as they continue their courtship dance in the online world.

    And, let this serve as yet another reminder to build your own home and foster community where you can control it.

    That’s it. G’night!

    Todd

     

  • SC Congress 2016 – free passes & VIP ticket draw!

    SC Congress 2016 – free passes & VIP ticket draw!

    SCCongress-logo-2015Folks,

    SC Congress is coming up fast. The conference is next week! If you don’t have your ticket yet, I’m here to help. The team at SC Magazine has given me a unique opportunity to pass on to you:

    • free Expo Only VIP Passes ($150 value) – simply register using promo code “DOWEXPO”; and
    • a chance to win one of five VIP Two-Day Full Conference Passes ($1,295 value);

    Here’s the deal:

    Each free Expo Only Pass provides you:

    • Network with 1,000 cybersecurity luminaries and peers
    • Learn valuable insights for safeguarding your organization during our five Keynote Addresses
    • Attend one additional session of your choice
    • Visit leading brands in our Exhibit Hall
    • Participate in SC Congress’ signature Passport to Prizes program: network for a chance to win a hot, new gadget
    • Earn up to 5 CPE credits – just for attending our sessions

    register now

    Also, SC Magazine has given me five VIP Two-Day Full Conference Passes to give away. To be entered to win one of these five tickets, here’s what you need to do:

    1. Register for a free Expo Only VIP Pass before next Monday morning (May 30); and
    2. Tweet the following: “Got my free Expo Plus Pass to @SCCongress Toronto June 1/2. Get yours & chance to win a VIP pass at toddhdow.com #infosec” (We’ll accept a similar shoutout on Facebook if you aren’t on Twitter); OR
    3. Sign up for my newsletter here at toddhdow.com (link);
    4. Email me at toddhdow [at] gmail. [dot] com to let me know that you’ve completed the above steps;

    And yes, if you have previously registered for an Expo Only pass and you want to upgrade, just tweet or share on Facebook or sign up for my newsletter and you’re all set.

    So don’t delay… register today!

    And, while you’re at it, sign up for a complimentary digital subscription to SC Magazine.

    Are you going to SC Congress 2016? Let me know in the comments!

    Talk soon!

    Todd

     

  • Top 10 posts from the last 10 years – All you need is love!

    Top 10 posts from the last 10 years – All you need is love!

    toddhdow trafficIn my earlier post celebrating 10 years of blogging, I promised to share my top 10 posts from the last 10 years (based on page views). I’m not really surprised by the results. But, that’s because I watch my traffic stats on a regular basis. You might be a bit surprised though. The top results are not what you’d probably expect. In reverse order, here are my top 10 posts from the last 10 years based on page views (with a bit of commentary along the way):

    Juravinski Hospital10. I had cancer… Wait… what?
    I’m a bit surprised that this post made the top 10 as I just posted it a month ago. But, it was a pretty alarming story and a lot of my friends and family were aware that I was sick, but they didn’t know all of the details. So, this summary post was shared far and wide. (and, everyone loves a good story of doom and gloom, right?) 🙂

    The God Solution9. Dawkins Part 4: The Objective Roots of Morality
    My Dawkins series has received a lot of traffic over the last few years. Atheism is a popular topic and my objections to Dawkins’ The God Delusion have received a lot of traffic (and hateful comments). And, my book The God Solution has generated a fair amount of traffic as well. It is no surprise that some of my Dawkins writing has made the top 10.

    8. Should atheists have children?
    This is the most controversial post on my blog. I am not surprised that it made the top 10, but I am a bit surprised that it wasn’t higher on the list.

    7. Is there any difference between pacifism and nonresistance?
    This post was a response to a reader comment. I do get a fair amount of referral traffic from search engines, and I suspect that this is the source for a lot of the traffic to this post. (I haven’t done an exhaustive analysis of the relationship between referrers and my posts so I can’t say for certain).

    6. Dawkins Part 7: The Slippery Slope of Abortion
    This is a perfect storm of traffic generated by an interesting blog series (I had plenty of readers during the time when I ran this series) and great SEO. I regularly see high traffic to this post due to the popular keywords associated with this page: Dawkins, abortion & atheism.

    5. AGAPE – unconditional love
    Here’s where things get interesting. I am constantly surprised by the amount of traffic that my series on love has generated over the years. Although it wasn’t the intent, these posts continue to be huge SEO traffic generators for my site. My site consistently gets listed in the first page of search results for search terms like “philia love”, “examples of eros love”and “types of philia”. I see plenty of traffic to these posts on love on a daily basis.

    God Delusion book4. The Atheist Delusion – Why I don’t agree with Richard Dawkins in 10 parts
    I dedicated a great deal of time writing a response to Dawkins’ book, “The God Delusion“. I even wrote a book on this subject! Therefore, I’m relieved that my Dawkins posts are listed in the top 10 for my blog.

    3. Dawkins Part 3: Problems with Organized Religion
    Organized religion is an easy target for atheists and theists alike. There is lots of common ground in this discussion. Thus, this post really resonated with a lot of people. And, I do regularly see some SEO juice via Google referrals coming to the site by people searching for “problems with organized religion”.

    2. EROS – romantic love
    SEO generates a lot of traffic for this post. I’m the top beneficiary of this search query: “examples of eros love”, which appears to be a very popular search term.

    philia love search result1. PHILIA – friendship love
    It seems that plenty of people are looking for love on the internet. My series on love has generated a lot of traffic to my site, and my post on “PHILIA – friendship love” has generated over twice as much traffic as the second most trafficked post (EROS – romantic love). Searching for “examples of philia love” delivers this post as the top search result on Google. This wasn’t my intent when I wrote these posts, but it has become clear that these posts are seen by Google as great reference sites for these terms. I won’t complain!

    Who would have thought that my posts on love would dominate the top of this list? I’ve been watching my traffic over the long term and my posts on love regularly generate a lot of traffic, so I wasn’t surprised that they came out on top. But, without knowing my stats, I would have been very surprised to see these posts at the top of the list.

    What do you think? Any surprises? Any questions? And, more importantly, what can I learn and do differently after examining my top 10 posts from the last 10 years?

    Todd

     

     

  • I’m speaking at Wordcamp Hamilton 2016!

    I’m speaking at Wordcamp Hamilton 2016!

    Wordcamp Hamilton 2016Two posts ago, I spoke at length about how I would prefer to write about things other than technology. So, it is kind of ironic that my next two posts are geek-related. But, it can’t be helped. I’ve got some cool news. I’m speaking at an upcoming tech event: Wordcamp Hamilton 2016 on Saturday June 4 2016.

    My presentation is entitled, “How to Find Your 1,000 True Fans” and here’s the description of the session:

    In 2008, Kevin Kelly argued that creators (authors, musicians, artists, photographers, etc.) can make a living if they have “1,000 True Fans”. A creator blog is key to building such a community. In this fast-paced session, Todd will walk the audience through the critical WordPress-related pieces required to build and maintain a dedicated, engaged and responsive audience.

    It’s going to be a fun time. I’ve attended (and presented) at previous Wordcamp Hamilton events. It’s low cost (only $20!), filled with plenty of great content and attended by a lot of super friendly and really talented people. (and there will be lots of free swag!)

    Wordpress LogoIf you’ll be in the Hamilton area on June 4 and you’re interested in blogging, writing and WordPress, you should not miss this event.

    And, if you want to go, be sure to buy your ticket soon – tickets sell out every year.

    Are you going to Wordcamp Hamilton 2016? If so, let me know in the comments or on Twitter and be sure to say hi to me on the day of the conference.

    See you then!

    Todd