If a serial killer is on the loose, law enforcement may use a “criminal profiler”—someone who is trained to analyze all facets of the crime, including the modus operandi, frequency, habits, and psychology of the prospective killer. With enough information and evidence, a hauntingly accurate portrait of the killer can be drawn—for example, “repressed, white male, approximately 30 to 40 years of age, who has narcissistic tendencies, may have served in the military, and is now living in the South”.
Profiling is also used in many ways to monitor some of your daily activities without you even realizing it. It can include what items get scanned at the checkout when you sweep your store discount card, what magazines you subscribe to, what car loans you have, and so on. Instead of a criminal profiler, marketing specialists target your personal habits. They want to know as much as they can about you to target you for potential sales.
Privacy advocates often vent about how much information the FBI has in its files, but that’s nothing compared to what your online profile says about you. Think for a minute about what your online habits can tell a marketing company:
• You prefer foreign cars over domestic because you visit eBay autos and go to the foreign car section.
• You are gay because you frequently visit The Advocate online.
• You are a Christian because you visit online bible study groups.
• You have a dog because you visit online pet stores. (Then again, marketers might already know if you have a dog if your town has published your pet registration information online.)
• You love country music because you stream country channels.
• You have fibromyalgia because you frequent online support groups.
• You prefer fine wine because you have an online subscription to notify you when a new vintage is released.
We cannot emphasize this enough—the Internet, despite everything you think of it as being, is really just a product. It has, perhaps, the largest customer base of any conceivable product. Millions of people want to take advantage of this potential customer base. Anyone who knows anything about marketing knows that information is invaluable to direct sales. The more a company knows about its customers, the easier it is to steer sales their way. This is why top sales executives always approach a sales meeting with a “profile” portfolio containing as much information about their potential customers as they can. The more they know about their customers, the easier it will be to sell to them.
The Internet presents a unique challenge to marketers because an expectation of privacy is attached to it. No one wants to think that what they do in the privacy of their own home can be disseminated, but the truth is, it can and it does.
A cookie, in computing terms, is a tiny bit of text sent by a “big” computer or server to your computer’s web browser (such as Internet Explorer or Firefox). This text is subsequently sent back to the server whenever you visit the website. For example, if you go to www.nytimes.com, a cookie will be downloaded to your computer. You won’t know it’s there unless you specifically look for it, but it is there.
Cookies are sometimes used for authentication—in other words, if you log into a social networking site that requires a username and password, a cookie can verify that you are legitimate and will allow you back in without requiring you to reenter that information.
Cookies can be used to personalize the websites you visit. For example, you might want to customize what you see on a newspaper’s website so that you see all the local news, but not the sports page. A cookie can be used to customize your view and retain that information each time you visit the site.
Cookies can also track your web history—where you’ve gone, what sites you’ve visited. This is where privacy advocates have issues. Although the cookie returned to the server is not supposed to include personally identifying information, it could. It could easily include your email address or, in the case of a form-based cookie such as an online shopping cart, your name and address—whatever you provide to the site.
Because cookies are like mini scratch pads, different websites can share tracking cookies, and each website with the same tracking cookie can read the information and write new information into it.
It is possible to set your browser settings to reject cookies, but guess what? You may not be able to get to many of the sites you regularly visit unless you allow their cookies to be set. If you’re so inclined to not allow any cookies, here’s how to set that in Internet Explorer:
1 Go to Tools, Internet Options.
2 Select the Privacy and then click the Advanced button.
3 Check the Override Automatic Cookie Handling option in the resulting dialog box.
4 Select Third Party Cookies.
5 Check the Block option.
6 Click OK and then click OK again.
Many people are split on the issue of cookies, but the reality is that they’ve been around for a long time, and most people don’t even realize they’re there. We operate under the premise that everything you do on a computer is traceable, not just what sites you’ve visited, but what emails you’ve sent, what online chats you’ve had while instant messaging, what images you’ve viewed, what files you’ve downloaded, and so on. From a computer forensic standpoint, this is generally true, so unless you’re conducting some untoward business that is going to cause your computer to end up being dissected and analyzed by a computer forensic analyst, you shouldn’t worry that much about the cookie that gets dropped onto your computer because you went to a medical site. That information is being tracked along with the golf clubs you just bought and the hotel and flight you reserved with your credit card.
You’ve probably seen a EULA dozens of times and didn’t realize what it was. A EULA (or End User License Agreement) is the pop-up box of legalese that appears whenever you install software on a computer. Sometimes you have to actually scroll through the box and then click I Agree, but most times you can just click I Agree and keep the installation going.
EULAs are the legal backbone for companies to do all sorts of things, and it behooves everyone to at least be aware of what some of those potential things are. Primarily, a EULA controls the license of the software on your computer. It usually has language stating that the software can only be installed on one machine, and to install it on other machines requires additional licenses. When you click I Agree, you’re basically signing an electronic contract stating that you will abide by the terms of the agreement.
What many people don’t realize is that a EULA will often specify rights related to privacy and the protection of your computer. For example, many EULAs will clearly state that in the future, they may install software on your computer without your consent. They may install tracking software to get better demographics on who is using their programs. A EULA may also stipulate that it will automatically patch your computer with software updates, and, yes, if something goes wrong, you can guarantee that the EULA will stipulate it is not responsible for any damage as a result.
Does this mean that people are not going to install software they need or want because of what is stipulated in the EULA? Probably not, but it’s a smart idea to at least read the EULA before you click I Agree to know what the potential for problems is, especially if you have privacy concerns.
In an ironic twist, Symantec Corporation, producer of a suite of antivirus programs, recently announced on its blog that it had noticed a Russian posting that essentially was a EULA for hackers. It read as follows:
The customer can’t resell the product, examine its underlying coding, use it to control other bot nets, or submit it to antivirus companies and agrees to pay the seller a fee for product updates.
The punishment if other hackers don’t comply with this rule?
Violate the terms, and we’ll report you ourselves to the antivirus companies by giving them information about how to dismantle your bot network or prevent it from growing bigger.
A Symantec Corporation senior principal security researcher described this EULA as “humorous”.
It is estimated that millions of computers are being used unwittingly to propagate cyber crime. Your computer could very well be part of it. A bot attack happens when your computer is hijacked via malicious software (called “malware”) installed on it. This allows remote control of your computer to spread viruses, send spam, or even commit fraud. Once your computer is infected, it becomes part of a “botnet,” or network of remotely controlled computers. The people who launch these attacks are called “bot herders”. They use your computer to perform all kinds of criminal activity, including launching spam, viruses, phishing schemes, and DDoS (Distributed Denial of Service) attacks, where they basically tie up a network to render it useless.
Beginning in 2007, millions of computers were infected with an email Trojan-horse program called “Storm Worm”. Computers infected with the Storm Worm Trojan became botnets that were used almost exclusively to send out spam. Machines infected with the Storm Worm have also been affiliated with money mule recruitment emails.
Think about it for a moment: How else could cyber crime propagate across the Internet so quickly if it weren’t for the fact that millions of computers act as a pass-through gateway and actually aid in the propagation unbeknownst to their owners? That’s what bot herders are counting on—quick, pervasive attacks and launches using your computer as a part of their network so they can wreak as much havoc in the shortest amount of time. Your computer is used solely as a “resender” of spam, without you knowing it, through backdoor programs. If someone tapped into your electrical circuit to steal electricity to tape illicit videos of children, you’d be furious, wouldn’t you? Yet every day, computers are “tapped” into to send spam and phishing attempts, and you may not even know that your computer is part of it.
Bot herders are so clever at what they do that they can “virtually” change locations overnight by infiltrating thousands of computers at a time. It is not unusual for a bot herder to completely shift operations within a matter of days. This is why it is so difficult for law enforcement to shut down these operations. And you may inadvertently be helping them. Fortunately for you, those who are trained to detect herding operations also know that the bot attacks happen unbeknownst to the computer’s owner.
In July of 2008, Commtouch, a cyber security vendor, released a report based on the automated analysis of billions of email messages weekly. The company concluded that 10 million “zombie” (infected) computers are online each day around the world contributing to the propagation of spam (source: www.commtouch.com).
That’s 10 million computers under someone else’s control. We will confess that we are often dubious of claims made by vendors, especially security vendors, because the darker the picture they can portray, the better the chances they have of selling their product, but in this case, we don’t doubt these figures. The report goes on to say that by the time analysis systems have identified compromised PCs, most botnets will have shifted to new machines. We’d have a better chance at chasing the wind.
In June of 2007, the FBI announced “Operation Bot Roast” (no comment on the name choice), a joint effort with the Department of Justice to “disrupt and dismantle” botnet operations whose specific target is to phish account information from victims. We’ll talk more later on about botnets and what they are, but in this first phase, the FBI was able to identify over one million infected computers by their IP (Internet Protocol) addresses. In November of 2007, they launched phase two. In May of 2008, the U.S. Department of Justice (DOJ) charged 33 individuals in a 65-count indictment for their alleged participation in an international racketeering scheme that used the Internet to defraud thousands of individual victims and hundreds of financial institutions. Thus far, they’ve uncovered more than $20 million in economic losses, but what makes this case unusual is how the criminals operated in real time across multiple countries using multiple technologies in a very organized manner—all through the use of botnets and machines that were compromised (one of which could have been yours).
According to the DOJ, thousands of credit and ATM cards were phished when mobile phone users received a text message that said, “We’re confirming that you’ve signed up for our service. You will be charged $2 per day unless you cancel your order at this website: [omitted]”.
The website was a ploy to gather specific account details such as account numbers and so on. That information was quickly passed to the U.S.-based part of the operations, which used this information to manufacture fake cards with the stolen credit and ATM card details imprinted on the magnetic strip.
Understand that these card printers are readily available from a variety of sources for under $1,000. The cards were then turned over to “runners” who would drain the accounts at ATMs and POS (point of sale) terminals in stores. The FBI worked this case in conjunction with Romanian law-enforcement officials. The 33 individuals indicted included U.S. citizens, Canadians, and foreign nationals (Romanian, Mexican, Vietnamese, Cambodian) who operated from the U.S., Canada, Romania, and Portugal.
This was a sophisticated operation that clearly crossed international boundaries. We know how comprehensive these types of investigations are, particularly when they cross jurisdictional lines (let alone international lines), so it is encouraging to know that these types of criminal enterprises can be shut down. Unfortunately, for every one that does get shut down, hundreds are still in operation.
We’ve been hearing through the cyber grapevine that bot herders are scaling down their operations significantly, not in terms of their attack, but in terms of the number of computers they will infect at the same time. Apparently, they now realize that massive botnet operations are much easier to detect than smaller-scaled operations that only control a thousand computers at the same time. This “downsizing” also makes shifting operations much easier.
The difficulty with this type of infection is that the software code that allows the bot herder to take control of your computer is extremely hard to detect. Just like a virus, the bot code can be part of a web link you clicked, an email you opened, or a file you downloaded.
The botnet code is very difficult to detect and remove, so you need to be alert to specific symptoms that can be indicative of your computer being a “bot” (but bear in mind that these symptoms can be from other causes as well):
• Your computer becomes unusually slow.We’ll assume (please say “yes”) that you have adequate virus protection and you’re keeping your computer up to date with patches. Is your machine slow only when you’re on the Internet, or is it slow in general? The first thing we recommend if your machine is slow when accessing the Internet is to unplug your Internet router for about 5 minutes (make sure it’s completely powered off because many have internal backup batteries) and then plug it back in. This will reset the router and sometimes clear up any speed issues.
• Your hard drive runs even when you’re not active on the computer.Bear in mind that this could also be the result of built-in services running or programs performing automatic updates. It’s just another symptom to be aware of.
• You have items in your Sent mail folder that you know you did not send.This is a big warning sign that you need to get your computer reviewed by a professional.
• Someone sends you a nasty email accusing you of sending them spam.
• Your software programs suddenly don’t run.Again, there could be a multitude of reasons for this, but anything that has suddenly changed should raise a red flag and you need to determine why.
If there’s any doubt in your mind, we recommend you seek professional computer help. As we said, trying to remove botware is difficult and can cause even more problems. Your best bet is to go to a computer professional and ask him or her to run the necessary scans on your computer to make sure it’s clean.
In the meantime, if you think your computer is clean, keep it so by always applying virus and operating system patches. Shut off your computer when not in use! The bot herders will scan for computers that are on and have vulnerabilities. Shut off your computer when you’re not using it to keep it further at bay. Also, make sure your firewall is turned on—always.
We’ll give you one more reason to be concerned about all this. Consider what gift you are giving to the bad guys by not minding the state of your computer’s system security. Let’s say all you do is pay your utility bill online—many people do. If your computer is compromised, you’ve first of all given someone access to your bank account information. With that, the bad guys may very well either steal directly from your account or pass your account information on for a few dollars to someone else, who will then steal you blind.
Because we know that many of these bot herders are made up of highly organized groups that operate under the radar and are sometimes linked to countries we don’t trust, consider that you’ve now potentially given them an access point into the utility company as well. We already know that public utilities are a cyber terrorist’s dream target. Why give them anymore to work with?
Read on, because the next chapter outlines the three most important steps you can take to protect your system.