CBC News Report - Cyber Ransom [[Including Detroit)

[401don]

This piece ran on CBC TV News tonight. It involves cyber crooks who, instead of stealing your identity, simply encrypt everything on your computer until a ransom is paid and then release it. It states the City of Detroit refused to pay a ransom of $800,000. Maybe this is why so many citizens are having problems with records. Never heard of this being public previously.

http://www.google.ca/url?sa=t&rct=j&...pK64UBAw32npdg

[LiveWire]

It states the City of Detroit refused to pay a ransom of $800,000

Of all the cities, they pick one that just filed bankruptcy and is completely broke. Too funny!

[sumas]

Something like that happened to one of our computers. I was on line and bells whistles and sirens went off. A notice came on the screen saying don't attempt to fix this yourself and listed a number to call. They actually ended up calling us and passing themselves off as microsoft techs. We let them walk us through clearing the incredible amount of junk they loaded. They tried to sell us services but once it was cleaned up my husband said no thanks.

How they got our number, I have no clue. Our service is wireless but guess it runs through the phone line somehow. Just recently added a landline back and apparently the the guys name was James Moore, that's who they asked for. Upgraded virus protections as a result.

Wierd stuff.

[JBMcB]

IT security 101: Mission critical systems are not internet-facing. Machines that have internet access should not have direct access to these systems, either.

If CryptoWall got onto a mission critical system as the article suggests, someone in CoD IT needs to be fired. This is gross incompetence.

CryptoWall is like a vampire - it won't get onto your system unless you let it in [[assuming you have a patched and basically-secure system to begin with)

Get some decent antivirus and keep it updated. I recommend Bitdefender - it finds and cleans more viruses than any other package, and has the fewest false-positives. Also make sure Windows, your browser, email client, and Flash plugins are kept updated. I recommend using the Chrome browser, which does most of this for you.

[sumas]

IT security 101: Mission critical systems are not internet-facing. Machines that have internet access should not have direct access to these systems, either.

If CryptoWall got onto a mission critical system as the article suggests, someone in CoD IT needs to be fired. This is gross incompetence.

CryptoWall is like a vampire - it won't get onto your system unless you let it in [[assuming you have a patched and basically-secure system to begin with)

Get some decent antivirus and keep it updated. I recommend Bitdefender - it finds and cleans more viruses than any other package, and has the fewest false-positives. Also make sure Windows, your browser, email client, and Flash plugins are kept updated. I recommend using the Chrome browser, which does most of this for you.

Thank you for advice, I stay intentianally ignorant. My husband is disabled and these are the things he can do. It was a bit bizzare having my computer screaming at me. I really do not like inanimate objects talking to me unless commanded.

[WKL]

Much like banks, Microsoft will not contact you by phone. You may get marketing email from them. If you get an email saying to click the link to upgrade or fix a bug DON'T. Don't call the phone number in the email either. It won't be Microsoft's. They don't do that either. Their help desk phone number is almost impossible to find. They really don't want anyone calling them - ever.

Check you system settings, most of the Microsoft just pushes upgrades and bug fixes out. You usually see that when you shutdown your PC and it tells you it's updating and not to turn it off with the switch.

[sumas]

A different thread is talking about home invasion. Computer invasion seems a bit on par. Have a friend who uses our computer on occaision. He found out 10 dollars or so were being leaked from his account monthly. Caught on after a few months. Was it the fault of my computer?

Last year my email got comandeered,purportedly from me. you're too fat letters were sent. If so many people were not mad at me, it was kind of funny. All got cleared up, changed passcodes etc. Personally would never open an email sans title.

[WKL]

Sumas - We got any email at work from the mothership [[corp. offices) that was blasted world wide. Had an attachment and some text about not opening emails and attachments if the email didn't have a subject.

Wait for it....there was no subject on the email.

[JBMcB]

Email is like regular mail. Anyone can send an email as anybody - they don't need access to your email account. Just like anyone can drop a letter in a mailbox saying it came from a particular person.

If someone is breaking into your email, they probably want your contacts list. They'll spam those people with mail coming from yourself, though it probably isn't going through your own email server.

The funniest one I got was from a co-worker claiming he was stranded in England and to wire him a bunch of money for a plane ticket. So I walked 40 feet over to his desk to make sure he was OK.

[sumas]

I have shared that story with 8 people now. Glad to be retired. Corporate ignorance is stellar.

[sumas]

Thank you for that story too. Walk over/ see he is not in England, great office stuff.

Kind of down, I was supposed to visit a friend today for a few day visit and had to put it off til tomorrow. Bag packed, I travel light. Anything to keep me laughing is so great.

[EastsideAl]

Something like that happened to one of our computers. I was on line and bells whistles and sirens went off. A notice came on the screen saying don't attempt to fix this yourself and listed a number to call. They actually ended up calling us and passing themselves off as microsoft techs. We let them walk us through clearing the incredible amount of junk they loaded. They tried to sell us services but once it was cleaned up my husband said no thanks.

How they got our number, I have no clue. Our service is wireless but guess it runs through the phone line somehow. Just recently added a landline back and apparently the the guys name was James Moore, that's who they asked for. Upgraded virus protections as a result.

Wierd stuff.

They tried this on my then-88 year old Dad. He went for it for a few minutes, then he called me. I extracted him from the situation after a lot of yelling and threats. But cleaning out all of the junk spyware they left on his computer was a real pain, and more of it kept cropping up for months.

[EastsideAl]

The funniest one I got was from a co-worker claiming he was stranded in England and to wire him a bunch of money for a plane ticket. So I walked 40 feet over to his desk to make sure he was OK.

My Dad got this one too. He received an email spoofing the email address of an old friend, which said he was stranded overseas and in need of some quick cash [[this friend does travel a lot, so it at first sounded plausible to Dad). He got the money ready to go, but then called me.

I assured him that this was a well-known internet scam. When he said "But what if it isn't? I'd hate to leave him stranded...", I said "Did you try calling him?" He did so, and the phone was immediately answered by his friend, safe at home in Grosse Pointe Woods.

[Wesley Mouch]

..If CryptoWall got onto a mission critical system as the article suggests, someone in CoD IT needs to be fired. This is gross incompetence.

CryptoWall is like a vampire - it won't get onto your system unless you let it in [[assuming you have a patched and basically-secure system to begin with)

...

If you think you can just fire city staff for something like this, you missed that they are protected from that sort of indignity. And while I disagree with much protection for workers in management [[who of course is responsible), there's something to it. Problem at CoD are rarely single-person issues. They are usually systemic.

It may be that the person in charge of IT security has their hands tied by dozens of factors. I can easily imagine the IT department implementing a valid firewall rule, and then being told by others [[administration, political, council, mayor, etc.) that this is unacceptable because it causes them some inconvenience. And that if they don't open it up, they'll be fired. What do you do then? Some stand up to the beast -- and they get sidelined. Others take the risk, and hope that they get through somehow. And knowing they can't -- they just have to build a cover story.

Life in bureaucracies is not simple. Banks or IT companies listen to their IT staff [[at least sometimes). Cities likely less so.

[EastsideAl]

If you think you can just fire city staff for something like this, you missed that they are protected from that sort of indignity. And while I disagree with much protection for workers in management [[who of course is responsible), there's something to it. Problem at CoD are rarely single-person issues. They are usually systemic.

It may be that the person in charge of IT security has their hands tied by dozens of factors. I can easily imagine the IT department implementing a valid firewall rule, and then being told by others [[administration, political, council, mayor, etc.) that this is unacceptable because it causes them some inconvenience. And that if they don't open it up, they'll be fired. What do you do then? Some stand up to the beast -- and they get sidelined. Others take the risk, and hope that they get through somehow. And knowing they can't -- they just have to build a cover story.

Life in bureaucracies is not simple. Banks or IT companies listen to their IT staff [[at least sometimes). Cities likely less so.

The voice of experience?

I worked at a major university several years ago where they tried to institute better security on our network. However, several of the older professors and administrators balked at having to enter and keep passwords, and they couldn't ever remember and hated the firewall rules. So our IT department was forced to take the protections down. Of course, it didn't take long for a virus to get in and screw everything up for weeks.

[JBMcB]

Part of IT is getting sign-in from users for a decent security policy. Usually this is done with training.

It's not as much of an issue in the corporate world as you need to be SOx compliant, so if you have lousy security a good reaming from your auditor will usually fix things. Assuming you have a decent auditor, that is.

I can see this being a problem with local governments, where there is little to no oversight.

[sumas]

They tried this on my then-88 year old Dad. He went for it for a few minutes, then he called me. I extracted him from the situation after a lot of yelling and threats. But cleaning out all of the junk spyware they left on his computer was a real pain, and more of it kept cropping up for months.

Funney stuff, my last remaining aunt @ 90 is way more computer savy then myself. She would not buy into that bull either. She is my last remaining link to my family ties and hope to visit her this spring. Sorry waxing poetic.

[ronaldj]

This is to back up and verify sumas's posts regarding the so-called computer glitches. She was on the laptop HP, a little over a year old. TV news weather report Klaxon came on. I was in the other room but heard its distinctive bleep. Told her to ignore, turn off the machine and re-start. Within5 minutes, we did get a call on newly installed land line asking for the owner of the machine by name. Not me or sumas. The caller purported to be from Microsoft and would help us through the apparent crisis.

Indian/Pakistani accent all you want. Dominic, Frank and James were their names. Helpful as hell and all get out. Got to the supervisor for some strange reason. They could not explain how they got a brand new land line number which we have given out to very few folk, Oh, it's like GPS is how we got your number.

I may be a liitle bit computer illiterate but I ain't stupid. The firm calling was actually PCCleaner. They installed software and offered to sell lifetime computer protection for both machines for about $280. It was a soft soap used car buying experience. No offense to used car salesmen out there. Bought a great one in Royak Oak a year and a half ago.

Somehow, the phone went dead on their end. They called back about six times. Thank God for caller ID and answereing machines. Have not heard from since and still have $280 in my pocket but the goddamned computer keeps telling me in that wondrous female voice that the scan is completed.

I purchased AVG virus protection. I am not sure how they did not catch this horsedhit and will go on-line with their techs tomorrow to try to sort it out and repair the corrections PCCleaner made to my machine. I am alittle slow on the uptake and just remembered that AVG offers the service.

Anyway, I should also be contacting MS as PCCleaner indicates that they are MicroSoft partners. Thieving bastards.

Enough for now. Beware.
ronaldj

[archfan]

I really do not like inanimate objects talking to me unless commanded.

Yes, but the toaster has this dry humor that gets me every time!

[sumas]

Yes, but the toaster has this dry humor that gets me every time!

Oh heck, even my micro wave bitches at me. Turned on my computer and get a screaming voice saying, "scan is completed". Fortunately, my fridge is old, makes ice sometimes, sometimes not. At least it doesn't talk to me. My washer and dryer don't talk either. I consider them old friends now. Silence is golden.

[WKL]

We had to get a new washer a year or so ago. I makes what can only be described as a joyful chirp when it's done. I like a machine that's happy in its work. I've noticed that every new appliance [[I'm looking at you coffee maker), beeps, buzzes or chirps when it does something. If I could get the darn thing open, I'd yank the wires of the noise maker.

[Wesley Mouch]

The voice of experience?

I worked at a major university several years ago where they tried to institute better security on our network. However, several of the older professors and administrators balked at having to enter and keep passwords, and they couldn't ever remember and hated the firewall rules. So our IT department was forced to take the protections down. Of course, it didn't take long for a virus to get in and screw everything up for weeks.

Not experience with virus attack. Just experience with bureaucracies.

Tis why I prefer greedy corporate interests over well-intentioned government policies. Actual progress occurs because they have real risk. Target's data breach has taught retail American to improve data security. Detroit's experience w/ Cyber Ransom just means we get to pay higher taxes for the bureaucracy to hire some favored firm to overcharge because they hire the right percentage of residents.