Search DC's Musings

Monday, October 26, 2009

Vandals and Vandalism

Think about vandalism and chances are you think about graffiti, initials etched in storefront windows, busted public property. Think about the vadals who wreak the damage and chances are you think young boys and men, pants half way down their asses, gangbangers, delinquents, school drop outs and malcontents.

Most of us are not very often directly affected by vandalism as described in the opening paragraph, unless we own a retail business, live near a sketchy part of town, or have a home with unruly teenagers in the neighborhood. Secondarily we are affected, seeing some idiots' initials painted on the highway overpass, gang signs scrolled on the alleys in an area we traverse through, initials etched in the wall over the urinal or on the mirror in the restaurant's restroom. If our garage door or block wall is tagged we get upset, blame the lowlife's with nothing better to do than cause wonton destruction of other people's property and paint over the markings. We tell the story at lunch in the office and at the next neighborhood cocktail party, "what's happening to our neighborhood?" We spend a few bucks and some time on washing and painting and on we go with our lives.

Vandalism of property, while violating, frustrating, agravating and upsetting is fairly rare for most of those who would read this blog, or who live in most areas of Long Beach, or other areas. Property vandalism and graffiti is generally confined to inner-urban areas, areas with high poverty numbers and gang membership and public facilities and structures. That said almost all of us are greatly affected by vandalism on a regular basis and pay significant amounts of money to protect ourselves from vandalism.

Do you have anti-virus software on the computer you are using to read this? Spamware to eliminate or at least filter out the majority of promotions for erectile dysfunction, free software, cheap designer watches and stocks that are guaranteed to quadruple in value in days? Anti-spyware to prevent programs that imbed on your computer and relay sites you visit and/or usernames and passwords to "bots" that store the data so it can be sold? How much are you spending to protect yourself from Trojan viruses with the binary version of Trojans?

Saturday I was working on my laptop when suddenly I was unable to close any programs, and every thing was frozen. You have probably been in that position. You hit the left-click on the mouse, you hit the right click on the mouse, you hit escape, you hit control-alt-delete, you "End Program Now", and still your computer just mocks every move. With Windows Operating Systems you get used to some amount of freezing and know the drill, close as many programs as you can and re-start (Leslie is a Mac user, it seems these things never happen to her, I take it as proof that most virus, spyware and malware writers are Apple employees). Usually this solves the problem and you continue on in Windows version of computer bliss until it happens again.

Saturday none of the standard procedures worked. So I escalated. I did the hard shut down, using the power button to turn off the computer. With my limited scope of knowledge, limited to computer pros but amazingly broad to many of my peers, I went through different steps that worked in the past--nope. My laptop was seized up. Did it die? Was it a software glitch and needs a wack like when the television goes blank? I got the sweats thinking of the amount of time that might be sucked out of my life, work hours and days lost to rebuilding my laptop with programs, databases, configurations. I just went through this early in the year when my hard drive crashed. Frustrated, defeated, helpless, angry, there were no positive emotions over this incident. One minute perfectly fine, the next a hunk of plastic and gigabytes.

Using the power of on-line networking a friend suggest "Ask Erik". When I dropped off Mr. Acer he said, "you may have an infection." But I have software that has anti-virus, anti-spyware, scans websites, scans emails, how? Feeling somewhat positive in the competence of Erik, and somewhat despondent over what my coming week could look like. Thankfully my trust in Erik was well founded. "You had a bunch of infections that appear to have built up and today they seized up your software." And, and, and??? "It works fine." Phew!

I had infections, infections that wormed around my anti-virus software and embedded in my laptop. How? Speaking with Erik and doing some research it appears that many legitimate websites, by legitimate I mean national retailers, honest retailers, media sites can have infections. One national newspaper had worked with an advertiser with a worm embedded in its pop-up ads, the paper did not find out for over a month. Hackers target whomever they wish and the more popular a site the greater the challenge. It seems just as virtually every home in Southern California has termites, even if were just fumigated last month they have already returned, almost every computer in use has some infections. The good news is many, or most, of the infections are somewhat benign--until they build up over time. Others of course are not.

There are three main types of viruses, to the experts who delve into them there are of course many, many more, but most computer viruses fall into one of these categories. The most tame is a program released by some kid seeing what he can do with his computer and programing knowledge. While it can do some harm, it is usually easily caught and removed.

The next level is somewhat more malicious and is a virus that is released that harms Operating Systems and disables or removes key components to its software. The guys who write and release this type of virus have already been at work on Microsoft Windows 7; they see a new software release as a challenge and race each other to see who can crack it first. These viruses are damaging and can result in loss of data, and significant time in trying to clean the infected computer, possibly wiping out the Operating System and re-loading it. These can cost you time and money to cure.

The third level is a virus that is written for profit by very skilled programmers uleashing trojan programs that enter your computer, release their programs and collect information. The collected information is then sent back to a series of computers where the information is collected, stored and then sold. What is taken? Anything from sites you visit that is sold to companies that generate targetted spam, to user names and passwords for your bank and credit cards. The intention of those who write and use these types of viruses are not in it for any games or just to do it, they are after big money. The purpose is to write software to infiltrate thousands, millions, of personal computers, lift targetted information and return it to a specific place, all undected. Big, big money is paid to programmers with this type of skill.

So who are these guys engaged in cyber-vandalism and crime? Guys is the correct gender, according to CyberSight. Several articles from early in the 21st Century were more specific saying virus writers were overwhelming, "14 to 34 year old males without girlfriends who spend hours on-line and on their computers." Not a shock as it represents our typical vision of a computer nerd hacking away in the dark his room filled with empty Jolt Cola bottles lit by the light off his monitor. But as the stakes go up this profile changes to a more mature, more seasoned and more dangerous character.

The are many parrallels to property vandalism and cyber vandalism. Many of the tags we see are from tagging crews of young kids in it for the thrill and "look what we did." Many are not criminals, beyond defacing and destruction of property they are not violent or ill-intended. They are really not aware of the costs to buidling owners and society for cleaning up after their crimes. Many virus writers also fall into this category, look what I did, leaving messages in their viral software for other virus writers, they have crews that work together and it is all a game done for the thrill. While their viruses are become more sophisticated, many outgrow the practice and move on to more legitimate endeavors.

Some graffiti however is used to mark territory for gangs and their main source of income: drug dealing. The graffiti lets other gangs know to stay away. The purpose of the graffiti is to mark and defend territory. Malicious viruses that are solely meant to damage as many computers as possible are often released by someone with a grudge against a particular software maker or company. The virus is a form of marking and staking territory and letting the targets know who is in control.

Behind the markings is the revenue. The guy with the drugs, the wholesaler who gets his drugs from somewhere else, the supplier who manufactures the drugs. Similarly with the trojan viruses and programs meant to capture personal information for the purpose of targeting advertising or worse, stealing funds or credit access. These are sophisticated operations that are very difficult to detect and increasingly are operating in foreign countries. From what I read if I ever go to Brazil I will not bring my laptop nor sign onto any of my bank or credit card sites. Eastern Europe and Russia are burgeoning regions for virus writers looking to capture financial information. As evidenced by the reports the last few years, their targets are moving from the personal PC to the banks and credit card companies themselves.

Vandalism is vandalism, whether we can see it in big black letters scrawled on the side of the local bank or we cannot see it as it works its way through our computers. In the one case we present the perpetrator as thugs and junior criminals with no sense of right and wrong, in the other we picture some over-caffeinated geek. The mind sets of the graffiti vandal and the viral vandal however are very similar, typically different socio-economic backgrounds but similar in their ability to connect right and wrong, and the severity of their crimes. As we move further from the junior vandal however we see a more devious and deceptive group of highly organized, highly sophisticated and very focussed individuals.

Prosecution of cyber crimes is difficult and rare. More laws do not seem to stem the tide of new viruses, scams and schemes; in fact it seems the stakes are being raised as the early virus writers have learned and refined their skills so they now feel confident attacking major financial corporations and even governments. While much is made about the visual graffiti we see and how the neighborhood is going down hill, very little is said or brought up in mainstream media and conversations of the millions and millions lost and stolen through cyber vandalism.

Here are some resources you may find useful in adding protection to your computer, as I have experienced not all are perfect!

Fight spam: Our company uses to screen our e-mails, it catches about 100 a day for me personally--once in a while a legitimate email gets caught but it is easy to view the screened emails and get the ones you want. Lately it has been stopping about 5-10 viral emails every day.

Anti-Virus: use a program that automatically updates at least once a week, ideally it updates daily as it keeps in front of newly discovered viruses.

Computer assistance: I already told you about Ask Erik in meeting with him I discovered I know several of his clients. He is a great guy and very good at what he does.

Wear protection!

No comments: