I really enjoy World War II British movies. In a time of adversity, the British people pulled together. With rationing, nightly blackouts and regular air raids, you would expect some very cranky people. Knowing their way of life was being threatened allowed them to pull together and display some of the finer moments of humanity.  Of course, very movie seems to have that one man that doesn’t believe his windows need to be blacked out, only to have everyone come down on him for endangering them all. It’s taken me a worthwhile to realize it but we’re involved in a similar war ourselves and we’re losing.

No, I don’t mean Afghanistan and I don’t mean Iraq or Iran. I’m talking about cyber terrorism. That got your attention, I’m glad to see that most of you agree with me. We all know that the cyber terrorists live in China or Russia or North Korea. These are people out to take away our Internet, our bank accounts and our freedom of speech. I used to think you would fight back if you could but some of you seem dead set on helping these terrorists.

We see news stories every day about some big company being hacked and all our personal records being taken to finance the Russian mafia. If you believe in the law of diminishing returns, my personal information is becoming less and less valuable. As near as I can tell, they already have copies of my personal data from at least ten different sources. Some days I get so much spam I feel like the British being bombed and on any given day I will probably have 20 to 30 visitors trying to hack into my website.

Another disappointed website visitor looking for an unpatched exploit

Another disappointed website visitor looking for an unpatched exploit

This is one time I’m happy to see our government reacting to the problem. They’ve been a bit slow to recognize how serious it is but they’re creating their own cyber corps and starting to train people in the art of defending against and engaging in cyber terrorism ourselves. Yes, I’m going to ignore the big purple elephant in the room with NSA painted on his side.

I don’t enjoy all the spam I get or the people constantly trying to hack in to my website.  I’m tired of all the people constantly trying to get my banking credentials, I think these people are criminals and should be treated as criminals. It should go without saying that if I had enough training and knowledge I would volunteer to help hunt these criminals down. I was shocked when I realized I was helping these criminals.

I like to start my day slowly so I spend my first few minutes in the morning reviewing my email and the visitors to Opinionbypen.com  before I take my shower and head off to work. It was one of those mornings that I ended up deleting all but one of the emails before hitting the shower.  I was in the shower, still irritated about the spam when I realized I’m as bad as those criminals. Every time I use a weak password, every time I use the same password to sign up on another gaming site, every time I don’t update my software, I’m encouraging the cyber criminals. In other words, like the people in my British movies, I’m one of the folks with light streaming out of my window providing a target for the German bombers.

Wonder if this person knows they've been hacked?

Wonder if this person knows they’ve been hacked?

Surely not you say. Maybe it’s morbid curiosity but when I get spam I often take the time to look at the actual sender. Very, very, seldom is it a Gmail or Yahoo account that was obviously set up to send out the spam. Usually it’s coming from a website or private address that has been hacked. For example, I’m currently being flooded by emails telling me that I have a Whats App message. When I look at who actually sent them, I’m not surprised to see it’s somebody having no relation to Whats App but instead of dfgas43327@gmail.con, I see real names and companies.

I’ve never taken the time to determine if the Whats App messages are phishing messages, such as those telling you your bank account has just been frozen unless you go to a special site where you will have to enter all your banking information, or if it’s just more spam telling me where I can buy male enhancement drugs. I don’t care, but it does upset me that I got that particular piece of spam because somebody had their email account hacked and now I’m next in line. With that small foothold, the hacker is one step closer to getting me, or you, to click on something that we will forever regret.

For them, it’s a matter of numbers. All they have to do is send out enough emails and somebody will click on the right thing. Of course, having a server to send out all those emails is expensive and sooner or later all of us potential victims would recognize the email addresses and block them. It makes much more sense to simply steal the addresses and send out the spam hoping that that a few of the potential victims will recognize the stolen name and open that attachment guaranteed to introduce us to unbelievable wealth. All because somebody wasn’t careful with their password.

That’s right, when you use a weak password for your email, you’re no better than that Londoner who never thinks the blackout should apply to him. Microsoft, Google, Apple and hundreds of other companies are all engaged in trying to protect us from hackers. But as long as you refuse to take even basic precautions then I have to regard you as a hacker sympathizer. You’re doing your best to help the enemy, even in some cases unwillingly donating all the money from your bank account.

While we’re talking about email, I’d greatly appreciate it if you would start using Bcc: for all those large distribution lists. Bcc: is blind copy and means no one can see the names.  It’s usually just below Cc: on most email clients. I know it makes reply all impossible but that’s not always a bad thing. It also means you’re not exposing the emails of all your friends if somebody has been hacked.

One more thing while I have your attention. Do you know why your email has a show image function that’s usually off by default? Most of the images in emails are actually embedded links. In other words, an address telling your email client where to fetch the picture from. When you have “show images” on, your email client goes to the image server and retrieves the picture. What’s the harm in that?

When you retrieve that image, the spammer knows he’s hit an active email address. He also knows your geographic location, your IP address, your browser and your operating system. Just a few more datapoints in his quest to acquire your money. If that doesn’t scare you, I’ll add that the retrieved images sometimes contain more than just an image. Microsoft, Google and Apple are patching on a regular basis to keep you safe but they need your help.

This week I had a friend fall victim to ransomware because somebody in his doctor office wasn’t taking the precautions they should have. You would think you could trust your doctor but I’m finding out they often know less than you do about computers.

It’s a free country and you have the right to ignore me. Your behavior is a personal choice, like riding a motorcycle without a helmet and having warned you, I would consider your soon to be empty bank account a fitting punishment for you but unlike the motorcyclist, now that you’ve given all your money to the hacker, he needs a new source of money and you pointed him in my direction. It’s a war and just like World War II, if you’re not taking the right precautions, you’re aiding the enemy.

blackout

© 2015 – 2019, Byron Seastrunk. All rights reserved.