Live by the Sword, Die by the Sword

GoogleDorking5 550x330

But it’s already too late to put the sword back in its place. The Internet, the Worldwide Web, Google Search, social networks, and other on-line miracles have given billions of people capabilities they never had dreamed of. But in their haste the makers of these tools have also enabled evil-doers capabilities beyond the masses’ worst nightmares. History is full of other technological advances that have been used for both good and evil purposes, but more recently cyberattacks have permitted individuals or small groups, sitting in safety at their personal computing devices, to wreak havoc on millions of innocent victims. These cyberattacks appear to be increasing in frequency and scope of havoc. Most recently several news sources reported the charging of an Iranian hacker on March 24 of his 2013 attack on a dam in Rye Brook, NY, which he found vulnerable using a technique called Google Dorking. (The wheels of justice certainly turn slowly … especially compared with the speed of computers and their hacker masters!)

Apparently he did not use his knowledge to operate the sluice gate of this small dam (perhaps because it was disconnected from computer control at the time). And although this dam is in a rather backwater community (pun intended) and not much of a threat to national security or even significant injury to people or damage to property, the ability of the hacker to infiltrate the computer system demonstrates a capability to attack a much bigger and more dangerous dam or other strategic infrastructure such as an electric power grid.

The really scary thing is that almost certainly many other sectors are under similar attacks. One such sector is hospitals. Within the last two months the computer systems at the Hollywood Presbyterian Medical Center, the Methodist Hospital in Henderson, KY, and the MedStar Georgetown University Hospital in Washington, DC were crippled by cyberattacks. These were not minor incidents; the overall MedStar 10-hospital group has 30,000 staff and 6,000 affiliated doctors. And patients in critical condition could die from the delays caused by inoperative computer systems.

Another sector is financial. On March 29 hackers breached the security at two large law firms whose giant Wall Street banks and corporate clients are constantly dealing with confidential matters, knowledge of which could net hackers millions of dollars through insider trading.

The general populace can only hope that the responsible governmental agencies are working hard to identify strategic facilities throughout the U.S. and its allies, and alert vulnerable ones so they can take steps to minimize the dangers from Google Dorking and other hacker nastiness. And also hope that “white hat hackers” (the good guys)–the modern-day equivalent of yesteryears’ vigilantes—step up their activities. It would help considerably if these strategic facilities would reward these hackers for their efforts.

Bloopers Beyond Technology: Theft of Bangladesh Funds is a Comedy of Errors and Law-Breaking By Humans

BangladeshMoneyLaunderedinPhilippines2snip 550x330
Technology does not exist in a vacuum. It is created by humans of varying degrees of ability and honesty. And technology involving the Internet is generally so complex, and created under time pressure, that it is more error-prone than more cautious and patient people would like.

According to the New York Times, slack security at the New York Fed (that’s the Federal Reserve Bank of New York), which most folks would consider a bastion of safe-keeping, allowed a bunch of money ($81 million or $100 million or some such sum) that rightfully belonged to poverty-stricken Bangladesh to be misappropriated by Chinese hackers and transferred to the Philippines, where in turn it was apparently transferred by above-the-law banks to putatively money-laundering casinos, who made it vanish beyond any chance of recovery. We’re not making this up. Mere prose and still images can’t do it justice. And no fiction writer could have imagined a more twisted tale.

The comedy continues if one reads the Zero Hedge blog, which apparently specializes in spreading misinformation of all sorts, including calling a spade a spade when it might not be. Entertaining to most of the world, but not to a few officials during whose watch this debacle occurred or to starving citizens of Bangladesh.

We Have Met the Enemy and He Is Us – Redux

Murphys Law Composite 600x472

If something can go wrong, it will. And in the millions, nay billions, nay trillions (or more) of lines of code that comprise the Internet and its many websites (the total reached 1 billion in September 2014) that  there are countless opportunities for errors or loopholes that let the bad guys (AKA hackers) wreak havoc. And that havoc can affect millions of innocent victims. The extent of the hacking during the past few years is enormous as can be seen from an interesting infograph.

In another recent episode that demonstrated the increasing ease of hacking, shady securities traders stole announcements from Business Wire, PR Newswire, and Marketwired after it was uploaded by the companies but before it was released to the public, and made millions by trading ahead of the public. (The former, harder method was to recruit company “insiders” to get advance tips.)

And there may be some recent disasters that were self-inflicted, e.g., the outages at the NYSE and United Airlines. Absent an identified villain, we would attribute those to faulty code that is so complex it is impossible to test thoroughly and to change as the environment changes.

Hacking has even become so widespread, and apparently so easy, that one of the leading anti-hacking software companies, the Italian company Hacking Team was recently hacked itself.

Even more scary is the almost certain hacking by unfriendly nations’ government-sponsored hackers (China, Russsia, etc.). Some of it is stealing commercial intellectual property, which can undermine the US’s economic strength (and directly or indirectly its military strength). Other of it can be military secrets, the loss of which can compromise the national security.

In the ultimate irony, The Wall Street Journal pointed out that while the giant tech firms like Apple, Facebook, and Google encrypt their data they don’t cooperate with the US government to searches that are legal under the Fourth Amendment of the Constitution.

The Most Insidious Advertisement We’ve Seen (So Far)

Advertisements Embedded Manipulatively 675x296

Few would dispute the great usefulness of Google search. And most of us are willing to put up with the numerous ads that come along with the content. They are usually a small price to pay for the convenience and completeness of the information we seek. And we rarely have a choice of ads + free content vs. paid content. Sometimes the ads are distracting and/or invasive (especially ones with audio, video, or animation). But perhaps the worst ads are the ones that don’t look like ads at all. For example, the one in the graphic above, which is formatted to look just like the usable content itself. This strains the limits of ethics; at least in paper periodicals the advertisements are either clearly advertisements (as is easily seen by their formats) or are clearly labeled “ADVERTISEMENT”. Unless you truly need the content you found, we urge you to peruse other, more ethical, websites for your information needs. (It was interesting that we found this on a website dealing with CAPTCHA’s, which is another phenomenon of dubious merits.)

How Do I Scam Thee (with SEO)? Let Me Count the Ways.

SEO Scams 1 600x450

The count must be in the billions. Our sister websites, Wilddancer.com and WhyMenDieYoung.com had been getting a few sales pitches from people who were able to breach our FormToEmail Comments security or leave comments on our WordPress blogs. But, thanks to professional advice and implementation, we were pretty immune to the automatic web crawlers, so scammers had to make considerable effort to get through. When we added our Blooper Jar, a kind of “incoming blog”, though, we started getting frequent posts from from an apparently clueless company called SwingSEO Solutions, starting with the following from Brigitte: “Hi, my name is Brigitte and I am the marketing manager at SwingSEO Solutions. I was just looking at your Worst User Interface | Blooper Jar site and see that your site has the potential to get a lot of visitors. I just want to tell you, In case you didn’t already know… There is a website network which already has more than 16 million users, and the majority of the users are looking for niches like yours. By getting your site on this service you have a chance to get your site more visitors than you can imagine. It is free to sign up and you can read more about it here: http://anders.ga/w-6×2 – Now, let me ask you… Do you need your website to be successful to maintain your business? Do you need targeted traffic who are interested in the services and products you offer? Are looking for exposure, to increase sales, and to quickly develop awareness for your site? If your answer is YES, you can achieve these things only if you get your website on the network I am talking about. This traffic network advertises you to thousands, while also giving you a chance to test the service before paying anything at all. All the popular sites are using this service to boost their readership and ad revenue! Why aren’t you? And what is better than traffic? It’s recurring traffic! That’s how running a successful site works… Here’s to your success! Read more here: http://stg2bio.co/10fz – or to unsubscribe please go here: http://todochiapas.mx/C/36p” There were small variations in the sender’s name, title, organization name, etc., but the pattern was mostly identical. Likely these were being done by a “Mechanical Turk” being paid a very small amount for each.

Likely the number of misleading missives sent by one Mechanical Turk is small in comparison to the number of companies claiming to conduct Search Engine Optimization (SEO) intended to skyrocket your site’s ranking to the very top of web searches. There must be a few legitimate experts, but they must find it tough sledding against all the illegitimate ones. Our advice: if you truly want to use one of them, do your homework first.