Twelve Things You Can Do To Protect Yourself Online

THE INTERNET OF THINGS BUT THE NETWORK IS FRIGHTENED OF A FRIDGE

 

This week I have been helping a few people out with their technical problems. Digital artists in particular who have come across some surprising glitches, and also people who have started buying in to the whole concept of IOT.

The Internet of Things (IOT) is becoming a bigger monster by the day. Just three-years ago much was heard about this revolutionary idea, three-years later and it seems everything you buy with any electrical connection wants to join your network and talk to the World-Wide-Web.

My tablet, graphics tablet, of course my Mac and PC, and even my stylus, they all want to talk to the web frequently, as does my Amazon Echo and the smart fridge that isn’t as smart as they said it was, and now even a few lightbulbs are all queuing to get some bandwidth allocated to them on my paltry 70Mbps internet connection.

Think about that last bit, 70Mbps is actually a lot of bandwidth, and more so when you compare it to what was available three-or four years ago. I remember a 14.4k, and a 28.8k dial up modem, and then the big one came in to my life, 512k fast broadband. I had no idea how I had managed to live without it, although I still couldn’t take or make a phone call unless I dropped whatever I was doing online.

Then along came superfast, up to 20MBPS, although no one ever got 20MBPS, it was usually about 4MBPS by the time the signal had travelled the three miles from the local exchange through outdated copper wire. Then we saw Superfast broadband, speeds up to 38MBPS, and then it has doubled every few years, In many places in the United States, 1Gigabit fibre is the order of the day, over here in blighty, not so much.

Still 70MBPS is fast right? Not really when you consider that everything these days can and wants to join your home network.

Where once a candle stood, now we have a lightbulb that refuses to turn on, never mind cycle through a spectrum of millions of colours, unless it has a software update. It was fine last night. Tonight though it knows that unless I download a patch, it will cease to be anything other than a dull statue.

The fridge I was told at the time of purchase was future proof, in fact it was the future. It connected via Wi-Fi to your home router and would alert you if the temperature was wrong, if you were running out of bacon, or if the door had been left open. I was promised that it would in time order replacement items that I regularly used, that future update is still apparently in the future.

I am a technology sucker, an early adopter, a bit of a geek, and mostly broke from buying all this tech that would supposedly make my life smarter, not harder, and more than anything I would never have to walk around the supermarket being tripped up by the walking dead who are collecting Pokémon thingies on their phones that are glued to their hand. 

The other Saturday I took my daughter to London on the train. For me it was a busman’s holiday, I visit the capital two, sometimes three times a week on business. I have an office there, and I go, I carry out my work, and I get home back to the countryside as quick as I can.

What struck me more than anything when walking around these shops that my fridge seller told me I would never again have to frequent (subject to a future update), was that people literally were glued to their phones.

I came out of Oxford Circus tube station and it took forever to climb a flight of stairs, not because I was slow, nor was it overly crowded, but because someone who can only be described as a complete tool, was stationary on the stairs crushing some candy. This complete tool had brought single handily, the centre of the capitals commerce to a standstill.

Out on the street it was just as bad. I walked in to a well-known store spread over three floors, and they sold organic bath bombs and shower gels. Boy am I in the wrong business. People were taking whole powdered balls off the shelves and throwing them in sinks of warm water to see how they fizzed. I looked at the sign on the wall, calm down and take a bath. It actually said much more than this but I couldn’t read it because of the other tool stood in front of it who was capturing pretend characters.

The only light hearted relief I got was when he walked straight in to the sign. Other than the fizzer testers, the rest of the shop was filled with people all Facetiming their friends to ask if this white and blue ball was the flavour they wanted for Christmas.

I will remain permanently scarred from this shopping experience, and I have vowed to never step foot on Oxford Street again. Even that bastion of Britishness Harrods left me disappointed when what I wanted wasn’t in stock. It’s OK Sir, you can order the right size online. No, I am here, you sell everything, apart from a size 6 boot?

It was time to relax at home. I would fire up the PlayStation 4 and hunker down with Lara Croft for a few hours of me time. Except I couldn’t because some other tools had decided to DDOS attack every large corporations network and this included Sony. I felt like Michael Douglas in Falling Down. The game wouldn’t play because it couldn’t offer me in-app purchases or validate my email address to sign up for a newsletter that I didn’t want. It just kept crashing, no online play was available.

 

THE RISE OF THE FAN BOY HACKERS

It could have been Russia, it could have been a false red flag exercise, it was more likely that some geeky 16-year old had decided that X-Box was better than PS4, but essentially whoever it was, used internet-connected devices including CCTV, printers, and cameras, to launch an attack on the world of cyber.

This attack was different to all of the others that have happened recently, it actually used the Internet of Things to launch an assault on every-day folk. Usually Christmas day is a prime time for DDOS attacks particularly against the video games manufacturers, and usually it is a group of barely-teens who decide that no child or adult child should enjoy a bit of gaming on the game they have been waiting all year to get for Christmas.

A DDOS attack is a distributed denial of service attack. Imagine for a moment that the bell rings on your front door, you answer it and you find 30-million people outside all shouting your name and wanting you to speak to them. You quickly close the door, the battery in your doorbell eventually drains, as do you. Then, when you replace the battery, gain some strength, they start knocking rather than using the doorbell.

Essentially it’s the same principle. The two people who wanted to wish you well were somewhere in the crowd but at least a million rows back. You couldn’t see them or hear them, and they ended up going away.

A security firm called Flashpoint, very well respected in the industry suggested that the attack had used Botnets infected with the “Mirai” malware. Many of the affected devices originated from China, as does that useless fridge I own. You cannot reset the password, or if you can it takes a degree in computer science to work out how to do it, and they become vulnerable, exactly what malware developers love.

You see, Mirai essentially goes on its own shopping trip, looking for vulnerable devices to infect that are connected to the web, it then infects the device and starts throwing traffic at it until such point that it essentially turns away every legitimate request because it cannot tell if something is legitimate any more.

The really scary thing, you have no idea your device is infected unless you have an industrial quality network in your home that monitors everything.

This time though, things were very different. The way the malware took over every-day items was something that was previously for the most-part, unheard of. This attack was a game changer.

The malware was released in September, this gave those committed to causing some disruption a whole month and more to utilise it and plan an attack. In cyber-security terms, that’s about the equivalent of a hundred-years or more.

For the most part it was the cheap technologies that have little in the way of embedded user security that were affected, according to an assistant Professor (Matthew Green) at the John Hopkins Information Security Institute.

WHAT YOU NEED TO DO

So whilst we have pretty much built a system we label as the backbone of the internet that can resist destruction from a nuclear device, we have built an internet backbone that is afraid of a fridge.

Unless you have everything set up at home properly, and possibly are already an expert in cyber-security, you are going to need to know a few things so that you can sleep soundly in the knowledge that you have done what you can to stop the spread of these malicious pieces of code which can destroy the concept of a peaceful weekend.

 

HOW TO SPOT SOMETHING IS NOT RIGHT

If you have had broadband for any length of time, you will have noticed the various times in the day when the connection is slower than off-peak times, and you will have noticed when the kids get home from school, your work connection will grind to an almost halt.

You might not notice anything untoward at all if you are generally just browsing online, doing a little shopping, or reading this blog, but you might start noticing a little more buffering than usual when watching online TV.

Surprisingly services such as Amazon Prime Video and Netflix are extremely well protected, they also do not need as much bandwidth as you think they would need to give you a high definition viewing experience. If you experience unusual amounts of buffering, something could be amiss.

You can utilise freely available network scanning tools, and you should always have an up-to-date anti-virus package installed on your PC and Mac. But some of the network tools are overly complex for the casual user who might just wish to figure out if there is any unusual activity across their home network.

Webcams it seems are particularly vulnerable, if your webcam or printer is hijacked then that could lead to other devices on your network becoming compromised. If they are affected, at this point you essentially have an intruder in your home, it’s just that you cannot see them. Tracking them down is next to impossible for the home user too. Even worse, they might be able to see you.

Webcams, printers, and unsecured devices connected to the internet are easy targets. Certainly easier than a well-protected PC to compromise, and where once the hackers would hire the computing power needed to launch such attacks, it is becoming increasingly easy to hijack poorly configured and unsecured devices with which they can create what is called a botnet.

Originally DDOS was something that arose in the year 2000, gambling sites were originally targeted and held to ransom. Now we see stories in the media of ransom-ware being applied to a home users PC, often asking for money in exchange for an encrypted key. Sometimes that encrypted-key just doesn’t actually exist. No matter if or what you pay, the result is usually that your data is lost.

Everyone in the cyber-security industry expected that the Internet of Things would be fine for a little while longer, but with these new styles of attacks emerging, it could be a sign that IOT attacks are going to increase sooner rather than later.

I recently wrote about backing up your cherished art and photography collection, it is even more important to do this now than ever before. But there are other things that you should do too. 

1. Change from the default passwords, and make sure that your chosen passwords are complex. No sequential characters, no names, (names can be guessed in a dictionary attack), don’t even use words. Random characters of between 8 and 16 are probably your best bet. 

2. Remember that many of the Internet of Things devices whilst they may look unique, are possibly exactly the same under the hood. Make sure you buy good quality devices that allow you to change the passwords easily, and always, always, keep them updated with new firmware releases.

3. Cheaper devices might not allow you to change anything yet alone update them. As soon as they are broken by the attacker, they are fair game to be used in future attacks. Pay a little more and get protection, because the difference is hardly noticeable when something goes wrong.

4. Update any anti-virus programs on your computer. This is essential, and it is surprising just how many attacks come from the older vulnerabilities which should have been fixed years ago.

5. Change your routers name and password as soon as you get it. Many are set up with factory defaults, often passwords are set on every device created at a factory, all with very generic and easy to guess passwords and device names. Even name your Wi-Fi connection differently and change the name occasionally too. As much as a pain this can be when you have lots of devices connected, it can be one of the best defences against people hijacking your Wi-Fi and using it to carry out an attack.

6. Never ever tell other people what your password is, and try to create separate passwords for children. I have lost count of the times I have had to reset my daughter’s devices because she had changed the passcode to a popular bands name. Now she is older she has the most complex passwords, probably to keep my eyes from prying.

7. If you are a member of gaming networks make sure you change your email/username as well as your password periodically too, and if you store credit cards on the systems, make the settings so that you have to input the number each time, and set up 2 factor authentication and use your mobile to receive the pin.

8. Also, don't let people know your every move on social media, and if you get repeat requests from people who are already on your friends lists, check them out first.

9. Be wary of scammers who pretend to be a company. Look carefully at the email address, and never click on attachments unless you know where they have come from.

Another give away is that the spelling is often atrocious. Something like "why you not responded" is a give away. Don't be tempted to write back saying "because you are a tool". It just validates that your address is real as does clicking on unsubscribe.

Most Internet Service Providers have good spam detection for their email services but there are a few, and one of the UK's big ones that really haven't got a grip with the simplest spam scams.

10. If you notice anything suspicious, there is a cyber crime team attached to most law enforcement agencies around the world. Here's the UK link: http://www.actionfraud.police.uk

In the USA, check out: https://www.fbi.gov/investigate/cyber

In Canada, http://www.rcmp-grc.gc.ca/scams-fraudes/rep-sig-eng.htm

Let me know if you need links for your country. Let's make it as difficult as we can for criminals. Prevention and detection is a never ending task but by doing your bit, it makes the job of enforcement a tiny bit easier. If you have avoided being a victim of cyber-crime to date, you are one of the lucky ones.

11. Before you sign up to mailing lists from unknown organisations ask yourself, would I give them my phone number?

12. Also check the privacy when you grant permission for certain pages to view your Facebook profile. Look at what the company is asking for, and then ask yourself if taking an IQ test is worth giving them access to your digital life.

So there are Twelve tips that will help to keep you a little more protected than you were twenty-minutes ago, and over the coming months I am planning to give out little tips and snippets to make sure your artwork and everything else is protected online.

If there is one other thing you can do, it would be to make sure that your friends and family are aware of these tips too. Please feel free to share this post, and let's do everything we can to make it harder for cyber-criminals to ruin people's days, and even lives.

Please do get in touch if you have had any experiences you would like to share, or if you have any tips that might help others. If you have specific cyber-security problems, let me know and I will try to help. If you sign up to my email updates on this page, that is all you will be signing up to. No spam, just every new post delivered direct to your inbox.

 

ABOUT M.A

Mark “M.A” Taylor is a UK based artist who specialises in contemporary, abstract, landscape, and digital art and has more than 30-years of experience. His works are available through online stores such as http://fineartamerica.com/profiles/10-mark-taylor/shop and at Pixels through http://10-Mark-Taylor.pixels.com and at Zazzle https://www.zazzle.co.uk/beechhouse* Mark will also soon be producing stunning new designs that will be exclusive to Designed By Humans.

His work is sold all over the world and also in more than 150 of the largest brick and mortar physical retail art stores in the USA and Canada, such as The Great Frame Up, and Deck the Walls.

Mark supports other local and international artists with advice and promotion through this website, and his successful Facebook groups The Artists Exchange, and The Artist Hangout and regularly promotes other artists from around the world. By purchasing Marks artwork you are helping to keep this website maintained and for Mark to continue supporting other artists in such a highly competitive market.

Not only is his work unique, you will also receive a 30-day money back guarantee included with all sales through Fine Art America, Pixels, and Zazzle. His work is available on a wide range of quality print mediums, and other products through his Pixels site.