Encrypt, Encrypt, Encrypt ... or Else ...
Could the Stratfor Catastrophe happen to you? Yes.March 20, 2012 By Denny Hatch
Only a fool would continue to supply Stratfor (or anybody else) with privileged information.
On March 7 it was announced that the Anonymous group and LulzSec were victims of an inside snitch and were arrested.
My bet: It’s too late for Stratfor to survive since all of their sources have been compromised, embarrassed and many likely fired from their jobs.
The Internet Is the Greatest Crime Venue the World Has Ever Known
Whether you are a giant country like the U.S., a small business like Stratfor Global or a single individual with an email account, every time you go on the Internet, you put yourself at risk. Consider the following:
• A debate within the executive branch of the government, Department of State and the Pentagon is whether a devastating cyber attack (e.g., one the shuts down the nation's power grid or Pentagon communications) is fair game for a cyber counterattack or even a casus belli that deserves full military retaliation.
• My guess: Easily 2 million or more cyber attackers from all over the world are loose on the Internet. As a result, you and I—all of us—who operate a portal into the Internet are under continuous assault 24/7. Unless we are hyper-careful, our very existences stand to be turned into a living hell.
When Life Was Simpler...
Late in World War II during cocktail hour the family was gathered in the den to hear Edward R. Murrow's nightly broadcast from London on CBS radio when the phone rang.
My father took the call, suddenly sounded very worried, jotted down some notes and ended by saying, "I'll wire you $50 right away.
He walked out the door and drove down to the Western Union office to keep his promise.
On his return I asked what that was about. My father said the caller was a chorus girl he had kept company with in the late 1920s. She was drunk, in jail, needed bail money, and my father was the only person she could think of who might have that much cash.
"Why would you send her $50?" I asked. At the time that was a lot of money.
"Because that is what you do when somebody out of your past calls and needs help."
Fast forward to 2012. Peggy received an email from a woman she knew, who said she was stranded in England with no money and needed $2,000 right away.
Peggy emailed her to verify her plight and the plea for help was bogus. It was an online version of the Facebook Grandparent Scam.
My Yahoo Email Inbox: A Mine Field
Several weeks ago I eyeballed the 291 emails in my trash file and separated them into three categories: Legit, Spams and Scams. The result:
- 198 were legit: These were people I knew or who knew me—clients, friends, family, PR people touting a story, Amazon.com offering me books, etc.
- 94 were spams (unknown senders): People I'd never heard of.
- Of the 94 spams, 81 were scams
These were strangers on the FROM Line or SUBJECT LINE smelled bad. Some examples:
FROM SUBJECT LINE
WE'RE OVERSTOCKED Apple iPad2 SOLD for only $8.76. GET ONE NOW!
!!!WARNING!!! SOMEONE RAN A BACKGROUND CHECK ON YOU!
abdullahi musa READ AND REPLY URGENT
ClubVIP Wager Here's USD777 of house money you can wager
Monday Lottery You've been approved £1,000,000
Mr.Maliam Nuhu Ribadu SECOND NOTICE
Loan Matching Get Cash with bad or no credit
Mrs. Jessica Willard THANK GOD I'VE FOUND YOU!!!
Julius Reiner Is it you in this picture?
Mr. Andrew Lloyd Scammed Victims Compensations.
Plus of course a bunch of explicitly sexual propositions.
How to Smell a Scam
An example is found in the mediaplayer at the right—the BBB Scam. It arrived in my inbox. I clicked on it to have a look and the message was on Better Business Bureau letterhead with the official BBB logo:
Your Customer's Complaint
TO: firstname.lastname@example.orgemail@example.comfirstname.lastname@example.org+ 96 more+
RE: Case # 34631552
The Better Business Bureau has been filed the above mentioned complaint from one of your clients concerning their dealings with you.
The details of the consumer's concern are included in attached file. Please examine this case and let us know about your position.
We encourage you to open the ATTACHED REPORT to respond this complaint.
We look forward to your urgent attention to this matter.
Better Business Bureau
The Scam Tipoffs
1. A client of mine would never bother to go the BBB with a problem. An unhappy client would simply fire me.
2. I was not the recipient of the email. The sender sent it to himself and 98 others.
3. If this email was going to 99 recipients, how could we all be Case #34631552?
4. I clicked on 96 more+ and up came a screen with 96 email addresses where all the names began with den. The sender forgot to enter these in the BCC box. Us poor suckers were further compromised as our email addresses could be downloaded and rocketed all over the world into spam/scam databases.
5. I clicked on FROM: Dennis Wurster and up came his real address: email@example.com. I went to www.exoriktiki.com and it was nothing.
6. Four grammatical errors in the lede sentence (edits mine):
The Better Business Bureau has been filed [received] the above mentioned [abovementioned or above-mentioned] complaint from one of your clients considering [concerning] their [his or her] dealings with you.
Perhaps two of the people out of 5,000 were embroiled in a quarrel with the BBB. They would open the email, quickly scan the message and click on the hyperlink, ATTACHED REPORT to see the latest developments in their case.
Malware would instantly invade their computers and they would be unwitting accomplices in exacerbating what is no doubt a huge Internet scam.
Just to sure, I Googled BBB Scam, and my suspicion was confirmed.
A friend of mine named Dave sent me an email on Jan. 20, 2012 with the following subject line and message:
Fri, 20 Jan 2012 17:18:12
"When grown on poor or dry soils, the effect of covering the soil with light manure, lawn mowings, or any such material that can be spared is excellent" (c) MILO wr4ig
I have known Dave for 35 years and this was nuts. I confirmed that it did indeed come from Dave's computer and then forwarded the MariaBonilla29 email to him with the following message:
Did you send me this?
Or has your computer been hijacked?
Hope all is well.
Two hours later I heard from Dave:
No, My address book has been hacked. Sorry, Dave
I have received six such messages from various friends in the past six moths and alerted the senders, who were grateful
A Sampling of Internet Scams
Readers of this prickly publication know that since I started in 2005, I prowl the Internet every day and vacuum up stories that 1) interest me or 2) might be useful in current or future columns.
They are cataloged under 390 major categories and number in excess of 71,000 stories. Among them is an extensive file of Internet scams. Below is a tiny sampling of what can smack you over the head with a two-by-four because you have a portal into the WWW—Wild West Web:
- Attacks from Overseas Scammers
- Botnet Attacks—Hijacking Your Computer
- Eastern Europe Funds Transfer Scam
- EBay Scams—14 Things to Know
- Facebook Scam
- Grandparent scam
- ID Theft
- Hotel Guest Credit Card Thefts
- LinkedIn Is a Hacker’s Dream Tool
- Koobface Facebook Scam
- LulzSec Gang
- Nigerian Scam
- Operation Ghost Click
- Password Theft
- Pharming Scams
- Phony Caller ID
- Spear Phishing
- Stranded Traveler Facebook Scam
- Stuxnet—US-Israeli malware neutralized Iran's nuclear program
- Tim Geithner U.S. Treasury Scam
- Twitter Scam
- Vacation Rental Scam
- Zeus Trojan Horse Financial Scam
I Ask Your Help on This
What else should a consumer and/or business owner do to protect self and company from being hacked and scammed?
Please send your suggestions to the Comment Section and they will be posted.