How your mom may get hacked - Embedded.com

How your mom may get hacked

A recent New York Times article details how the writer’s mother was hit by the CryptoWall virus, which encrypted her mother’s files and demanded a $500 ransom for access to the key.

I had three reactions to this article.

First, is the threat itself. Like most of us I was aware of ransomware but didn’t really think that much about it. Just another nasty virus that can corrupt the system. But this one seems to be spreading quickly (http://www.symantec.com/security_response/writeup.jsp?docid=2014-061923-2824-99).

It’s insidious in that all files on all drives mapped to letters will be encrypted. That backup drive? You’ll lose access to it. A networked drive? Ditto. Mapped cloud services, too, will be attacked. This is a serious problem in that we really need to use automatic backups; ones that are scheduled daily (at least). But because of these sorts of threats, that backup drive must be disconnected from the network to preserve the files if the main system gets compromised.

It would be nice to have a command-line utility that locked access to a drive with a password, so the automatic backup program can invoke a batch file to open it, do the backup, and then lock the drive down. I have not been able to find such a program.

Here in Ganssleville we use SecondCopy to roll changed files to a separate internal disk and to a USB-connected disk every night. Once a week I swap that USB drive with another, which is kept at a remote location. So we’re at risk for, at most, a week’s worth of data, which can be rather a lot. I may change to a daily swap, but that is really a pain.

Weekly, I do a manual backup to a Mac and to a big thumb drive. Both are air-gapped from the network at all times except during the backup. The flash drive is stored off-site.

My second reaction was one of disgust. Pre-computers one had to actually walk into a bank with a gun to commit a robbery. That barrier which required physical presence and entailed considerable risk seems to have kept a lid on this sort of behavior. Today any script kiddie or 419er can drain someone’s accounts from thousands of miles away. Cloak some in the anonymity of the Internet and the veneer of civilization evaporates. Presumably this applies to a small portion of society. But how were these people brought up? What moral sense debases, in their minds, human beings to nothing more than targets of opportunities? What makes these people (I use that word loosely) so amoral? It’s terribly sad the world is rife with these criminal predators.

My last thought was of the author’s mother. The article leads me to suspect she is relatively young. Many aren’t. My parents, in their very late 80s, recently moved to an elder-care facility. A computer room there has a handful of PCs, all with bright yellow keys emblazoned with huge letters for the faint of sight. Other residents, like my folks, have their own computers. I often give them the rules for safe surfing, but those rules, which have been explained many times, are now received as new information with each retelling. Increasing confusion makes me worry that a costly mistake is just a click away. The elderly, most of whom are not particularly computer literate, have always been targets for the evil who prey on our society.

We engineers take computer-savviness to be a given, but a preponderance of PC users know little about their machines or the threats to them. One mistaken click on what looks like a completely innocent link can lead to CryptoWare or thousands of other viruses to hugely disrupt life. Probably very few outside of the cognoscenti have an in-depth defense system. Their machines are like unguarded banks whose vaults are stuffed with cash, unlocked, and a big sign outside reading “easy-to-steal cash.”

What’s your take?

Jack G. Ganssle
is a lecturer and consultant on embedded developmentissues. He conducts seminars on embedded systems and helps companieswith their embedded challenges, and works as an expert witness onembedded issues. Contact him at . His website is.

9 thoughts on “How your mom may get hacked

  1. “On my home systems (inc. that used by my wife and kids) everything worth anything is kept on Linux. That doesn't have “letter disks” :-).nnTrash anything on a Windows machine in my house and I really won't cry.nnSurely your Mac is safe from this par

    Log in to Reply
  2. “@Cdhmanning, that's a fairly short term view, there are a lot of security advantages on Linux, but it's still possible to create a 'virus' that destroys or corrupts all the files the user can write (photos, music, documents etc) even without root access.

    Log in to Reply
  3. “I am well aware that one day the bastards will start attacking Linux, but that “short term view” has been working well for me for about 15 years and right now that still looks a reasonable policy.nnI don't know which is worse in Windows: Getting infec

    Log in to Reply
  4. “As long as we're talking about hacking, what about Mom's garage door opener or her residential water supply?nnI think it's really cool that my son can monitor and control his new garage door opener while he is at work by communicating with the device us

    Log in to Reply
  5. “I just hung up a call from someone with a thick accent telling me they were from New York informing me that my computer had a problem and they were here to help fix it… I agree Jack, where is the moral compass? Anyone with a little bit of tech savvy k

    Log in to Reply
  6. “… following the Zeitgeist reasoning, software viruses are developed by anti-virus companies as a market expansion policy, and probably by other software companies as a threat to minimize piracy. As almost none of them have businesses on Linux, you'll be

    Log in to Reply
  7. “If ransomware is file kidnapping (filenapping ?), so, file erasing is the equivalent of murder.nHow come kidnapping your files and asking for ransom is worse than killing them ?nErasing people's information just for the fun of it is in no way better tha

    Log in to Reply
  8. “What's scary to think about is the growing ability to hack beyond just computers. Just like Bob mentioned, as everything moves into this 'internet-of-marketingschemes' the more vulnerabilities we will have. nnI remembered an article I read a few months

    Log in to Reply
  9. “Another option for leak mitigation – I was researching water heaters lately, so I came across automatic shutoff valves that will turn the water supply off entirely if they detect a leak. Floodstop is one brand (never used them, just read about), there ar

    Log in to Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.