Your Digital Dossier

What does your online information say about you? Does it just say your name and email address, or does it go much deeper?

When you download a new a pplication to your smartphone, do you sign up with an email address and unique password, or do you opt for the 'Sign in with Facebook' or 'Sign in with Google' option? Most people choose to login with either Facebook or Google to which they already have an account.. If we start combining the datapoints we give these companies, along with other corporations that have been known to acquire such information, it will most likely build quite the dossier on us. If we start breaking down what we allow these applications to store, we can realize how our entire identity can basically be summed up in our smartphone. 

This might have already crossed your mind, which is good, but after a recent discovery, I started rethinking everything.

In September of 2019, BuzzFeed News reported that period-tracking applications MIA Fem and Maya "sent women's use of contraception, the timings of their monthly periods, symptoms like swelling and cramps, and more directly to Facebook." This information is then used for many different reasons, one of which being using targeted advertisements based on the information you've entered into these apps. Possibly more disturbing than targeted advertisements is the fact that Facebook knows these extremely personal, intimate, and none-of-their-business datapoints about you. 

Now let's dig into an app like Maya, a period-tracking app used by more than 8 million women that’s designed for the monitor of many different, personal factors. It will automatically predict your fertility, allow you to manually enter your cycle and flow length, the ability to log your love, weight, and temperature, logging symptoms and moods, cravings, etc. This company was selling its app data to Facebook. They SOLD YOUR LOVE! Okay, maybe not your actual love, but they sold the log of your love life. This includes, but is not limited to the amount of sexual activity in which you're involved, was the sex protected or not, the date and time, even a new or current partner. I've seen many companies invade personal privacy before, but this has to be one of the most disturbing cases I have ever come across. It was sharing information that allow targeted advertisements. These ads may have been for the food you said you were craving, NSAIDs or Tylenol if you claimed to be having pain, and unfortunately, the list goes on and on. This issue, though, is two-fold. Not only is it horrendous for a company to share this information, but also, this is information we probably shouldn’t be sharing to any app or smartphone. In Apple’s most recent operating system, iOS 13, they allow for “Cycle Tracking.” Sharing personal information can build a portfolio of datapoints on you that can tells your story.

I'll give you an example, by using myself: my iPhone screen is quite organized. I keep only one complete page of apps, with all of them sectioned off into their own folder based on their "genre." Excluding the iOS apps developed by Apple-proper, I'll start with the Goliath of YouTube. I don't think there is much I need to explain. It is now part of Google. Datapoint 1 - Your viewing preferences (what you like or dislike, suggested videos that you've clicked on, etc, etc). The next application is ESPN. Now this app might seem harmless and not prone to saying much about you, but here we go: Datapoint 2 - what teams I like. This could elude to where I live (I've "Favorited" the Portland Trailblazers, Oregon State Beavers, Seattle Mariners). This shows I'm likely from the Pacific Northwest. I'm also a fan of the Toronto Raptors, Toronto Blue Jays, Toronto Maple Leafs, and Vancouver Canucks (go figure, I'm part Canadian). Now you have an idea where I live, or where I'm from, maybe both. You also can guess my heritage, as well as you know my viewing preferences, which for me is stand-up comedy, programming videos/tutorials, R&B music videos. Now you know that you can maybe ping me with Ticketmaster tickets to a comedy show, a new programming book or piece of software, a new album from Alicia Keys. I imagine you can see where I'm going with these two, seemingly innocent apps.

With any application which you’re using Google or Facebook to login through, you are giving those to monoliths the ability to capture any information you provide the app. In some situations, even if you don’t login through Google or Facebook, the provider still may sell your data to these companies. Often you can get a slight idea of what a company may do by observing their Terms and Condition, and their Privacy Policy.

I started thinking about how common this might be, and my curiosity was piqued about what other applications might sell your information to a third-party. I began my digging into the boredom of Privacy Policy text that floods the internet, and to my shock, the number of apps that sell information are more likely than not. First, I thought about what kind of apps have sensitive information. Arguably, any personal information is sensitive, but in the age of information and disinformation, I decided to narrow my focus to data that I thought the general public would deem as personal. Here are a few of the apps I found, along with their corresponding genre:

  • Headspace - Meditation

  • Sober Grid - Sobriety & Accountability

  • Lifesum - Health & Dieting

  • Tinder - Dating

  • Mint - Finance & Budgeting

  • Orgasm Tracker - Intimacy

  • Grindr - Social Networking for LGBTQ Community

With the release of Apple’s iOS 13 and watchOS 6 came an additon to their HealthKit, Cycle Tracker, yet another app to keep track of a woman’s menstrual cycle. While many people and researchers have claimed that this is a major breakthrough, I am slightly more hesitant to think that this is the smartest idea. We have provided our cellular carriers so much information and digital latitude, that we truly are selling our freedom and allowing our rights to be exploited. The First, Third, Fourth, Fifth, and Ninth Amendments to the constitution all have to do with our privacy, along with the Privacy Act of 1974, the Electronic Communications Privacy Act (ECPA), and the Children’s Online Privacy Protection Act (COPPA). Whether it be our privacy of beliefs or privacy against unreasonable searches, much of what this country is built upon is the ability to live our own lives freely. 

My last exmaple will hopefully drive this point home. I heard of this Facebook “feature” in which you can navigate to your own page, and it will guess your political views based on your online activity. I must admit that I am surprised Facebook is being this transparent with their ability to track everything we do and collect datapoints, so seeing as I haven’t had a Facebook in a year, I asked my spouse if they would give this a shot. I had them log on to Facebook in the browser, and they navigated to Settings –> Ads –> Your Information –> Your Categories –> and looked at the category of US Politics. It showed what Facebook thought was their political beliefs, and it was spot-on. It is possible to do this from your mobile device as well, using a similar sequence of Settings. This shows how much information Facebook gathers on you - enough that it can guess your political ideology and be accurate.

When choosing what applications you download to your smartphone, just remember that most everything you provide those apps can be sold to another company.

Remove a User, Keep the Applications

Sept. 1, 2019: This article was updated due to an error. Thank you to Graham Pugh for catching it.

Over the course of my career working on Macs, I have come across many different situations. Some happen repeatedly, and some are one-and-done’s.

One reoccurring issue was when someone would go through me to pick up a new computer and alongside it, purchase some security software from me at the same time. Because of this, I would need to set up a user to install the security applications. I did, however, want the users to be able to set up their own accounts, with their own preferences and password of choice. The less passwords I know, the better. Not because I'd give them away, but I believe that passwords are personal, and they shouldn't be shared with anybody.

Because of this, I wanted to be able to install software, then allow the customers to set up their information. That’s where "usernuke" comes in.

This script allows users or Apple Technicians to reset their user account without losing root information (Applications, System, /Library).

To run this script, there are a few, relatively-simple instructions.

If you have a new Mac with a T2 Security Chip, follow these instructions from HT201573:

1. Start your Mac up in macOS Recovery, by holding Cmd + R when turning on your Mac

2. Select Disk Utility for the Utilities window

3. Select which volume you’re using, click File > Mount from the menu bar. Enter your administrator password if prompted

4. Quit Disk Utility

5. Click Terminal from the Utilities menu in the toolbar

6. Follow the instructions below beginning at 3a

If you have an earlier Mac, follow these:

1. Copy this script (usernuke.sh) to the root of the Startup disk hard drive. In that same area, you should see other folders like (Users, Library, System, Applications).

2. You then reboot your computer. The caveat is that before the machine powers on, hold “Cmd + S” keys to boot into Single-User mode. There will be a bunch of text that shows up on the display. Give it a moment to finish loading.

3. Then, you will type three commands. Each will take a moment or two to run, so be patient.

a. First, type:

  •  /sbin/fsck -fy
  • This checks the filesystem to make sure that the disk is verified

b. Once the filesystem check is complete, type:

  • /sbin/mount -uw /
  • This mounts your hard drive and allows you to access it the "User Nuke" from Single-User mode

c. Last, fire off the script by typing

  • sh /usernuke
  • You will be prompted to verify that you want to delete the users, then the machine will reboot at the end.

You can download the script here


The source code for the usernuke.sh bash script is as follows:

 #!/bin/bash

/sbin/mount -uw /

echo "Found the following users:"
ls -1 /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."
declare -a userarray
userarray=( `ls /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."` )
for (( i = 0 ; i < $ ; i++ ));
do 
       echo -n "Delete user $ (Y/N)?: "
           read -n 1 answer
           case "$answer" in
        y|Y)
           rm -Rf "/Users/$/"
           echo ""
                   echo "$ deleted."
        ;;
        n|N)
            echo ""
                    echo "$ NOT deleted."
        ;;
        *)
            echo ""
                    echo "$answer unknown. Please answer Y or N." 
            let i=(i-1)
        ;;
           esac     
   echo ""
done
rm -Rf "/Users/Deleted Users/"
if [ -d /var/db/dslocal ]; then
     rm -Rf /var/db/dslocal
     mkdir -p /var/db/dslocal/nodes
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/Default /var/db/dslocal/nodes/
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/dsmappings /var/db/dslocal/
fi
rm -rf /private/var/db/netinfo
rm -rf /private/var/db/openldap
rm -rf /private/var/db/samba
rm -rf /private/var/db/dhcpclient
mv /var/db/.AppleSetupDone /var/db/.RunLanguageChooserToo
rm -rf /Library/Caches
rm -rf /Library/Logs
rm -rf /Library/Preferences.
rm /usernuke

echo "User Nuke successfully removed user databases."
echo ""
echo "Press any key to shutdown."
read -n 1 nothing
/sbin/fsck -fy
shutdown -h now

Selling Your Personal Data

Not long ago, I wrote an article about virtual kidnapping and how to avoid it. In that post, I talked about making your Facebook and Instagram profiles “Private,” so random strangers cannot look at all of your personal information (family members, where you are, what you like/dislike, political views, etc.). I did, however, not speak about the overarching reason why I find this so important. Let’s start with this…your personal data should be yours. Yes, it should be. Even though you’re voluntarily giving Facebook or Instagram your information, which you agree to do in the Terms of Agreement, this monopoly of Facebook and other analytics companies (e.g. Cambridge Analytica), are able to build full profiles on you. These profiles stretch way beyond your date of birth, preferred pronouns, or a few pictures.

These companies create comprehensive data points about you that relate to your likes and dislike, and connects you to your fellow humans. Think of it this way - you are represented by a node (a small dot on a large piece of paper). You like basketball. I like basketball. An edge (or line) connects the two of us together due to our shared interest of basketball. You can see in the sample below that the nodes are denoted by Twitter accounts; the edges by retweets. Now this is a very minor example, but when we blow this up to a large scale and add millions of people, we start to see patterns arise. Through these patterns, companies can then create algorithms to target certain groups of people. Here is a quick example for you - this graph below, created with a piece of software called Graphistry, was created by scraping (gathering) Twitter tweets over a specific point in time. What this is directly referencing is the #FalseFlag narrative that surrounded the Christchurch Mosque shooting. This graph was compiled by @JessBots on twitter. It's a brilliant account that I highly recommend.

giphy.gif

Have you ever thought, I really should purchase ‘x’, or I want to buy ‘y’, then the next day you see an advertisement specifically for that product? Isn’t it creepy? It’s creepy enough when you search for something via Google, then that product starts showing up in your Amazon suggestions, but when you have mere thoughts of something, then that product starts showing up, it becomes incredibly disturbing. What causes this? As far as I know, it’s not Alexa or Siri listening to you, although I cannot guarantee that. It’s actually because these algorithms are so good, that they predict human thought and behavior. Now this is not something that the majority of the populous can wrap their mind around - the fact that a machine can predict our behavior, but I know for a fact that it is happening.

It’s easy to see how it’s happening as well - everything we’re posting or saying online is being queried and added to a giant database that is connecting each and every one of us. Companies are easily able to do this with their Terms of Service. For example, let’s look at Instagram’s Data Policy on what kind of information they collect:

instagram_datapolicy.png

The amount of information that you are allowing them to collect is astronomical. The other issue, Instagram is owned by Facebook. That's even more data-points in one spots, but as Facebook sells your information to companies like Cambridge Analytica (CA), we see these data points get connected evermore. A New York Professor, David Carroll, filed a legal claim against CA last year, requesting all of the information they had on him. They did not comply, so Carroll is left in the dark. If CA had nothing to hide, whey not turn over the material.

We've all heard of Cambridge Analytica by now, the company that filed bankruptcy to supposedly duck from having to turn over all of their information to authorities. CA helped provide data for the Trump campaign in 2016. This is simply a fact, not some type of political statement. They also assisted with both Obama campaigns.

download.jpg

During the 2016 Presidential Election, Trump's digital media director, Brad Parscale, launched an online campaign which was budgeted at $100 million. In the end, he spent just over $12 million, while the Clinton camp spent less than $4 million, and most of those were on Politico and the NY Times. With this information, it’s easier to see why he won. They used microtargeting to target small, specific groups of people with the "Lock Her Up" campaign, “Build The Wall” (and “Mexico is going to pay for it”) which was built on the premise that there are more illegal immigrants flooding the border than ever before, which is false, and the “Muslim Ban,” claiming all Muslims are terrorists. It also was so viral that even the right wing majority leader at the time, Donald Trump, started using it in speeches.

Parscale was named as the digital media director for Trump's 2020 bid as of February 27, 2018, and he has supposedly already stashed away $7 million for the reelection.


That all being said, here is what I think we have in store. As we share more and more information online, we are giving the rich and powerful, the top 1% of the top 1%, more ways to target us. Again, if this doesn’t bother you, then more power to you (or less in the grand scheme of things). I just think that elections shouldn’t be determined by what people share on social media. They shouldn’t be determined on smear campaigns that target ads at the disenfranchised and uninformed.

I truly believe that if the Democrats want to pull a 2020 victory, they are going to have to go toe-to-toe with Trump, not just in their digital campaign but in debates as well. With so many candidates in the field for the left, they need to find one that can actually take on Trump, and not get run over by his belligerent behavior. It won’t be Pete Buttigieg, and definitely won’t be the slowly-going-insane Joe Biden.

I know I’ve completely deviated from “your private information,” however, this private information is being used against yourself and your fellow American’s in, what is equivalent to, rigged elections.

We need to be cognoscente about what we put on our social media profiles. Be weary of advertisements and don’t take everything for fact. Always, always assume that what you’re looking at is actually “fake news.” Not the kind that twists stories to fit a narrative or bias (Fox News, MSNBC, etc.), but the legitimate kind of fake news - the news that is actually not true at all.

Moving forward, all we can do is take back the data that is rightfully ours. I deleted my Facebook in early 2019, and I haven’t looked back. For about a week, I missed being able to check it, but overall, it has separated me from the drama that so easily runs rampant on Facebook. I enjoy Twitter for the connections in my industry and hobbies, and I love Instagram for being able to see other people’s photos (family pictures, friends, etc). I do, however, keep my Instagram on the Private setting.

It’s no longer a matter of if big-tech is selling your information, it’s just how. What can you do? Keep your information private. Don’t put anything on the internet that you wouldn’t be comfortable with the entire world knowing, including your parents & grandparents. Please, pretty please, for the sake of your children - make your profiles private. Don’t give these companies any more of your private information. Be weary about what you put online. It has a legitimate impact on this country and your future.

Avoiding Virtual Kidnapping

Just the title, Virtual Kidnapping, sounds scary enough. There's a good reason for that: it is. Let me provide a quick caveat - kidnapping does happen, obviously; however, this is different than that and is purely extortion.

Virtual Kidnapping is the process when scammers call you on your phone, generally using number spoofing. This will create the appearance that the number you are being called from it local. It will make both the area code and prefix look local, and with most cell phones, under the phone number, it will say the location (e.g. Portland, Oregon). However, once you answer that call, everything changes drastically. Occasionally, this call will be from an “Unknown” phone number.

The scammers will contact you and explain that your child has been kidnapped. They will then demand a ransom for their "safe return” or “(they) will (insert horrific event here).“ Scammers have gone as far as to have the voice of a young boy or girl screaming in the background, making it feel even more real. This is exacerbated when you have a daughter/son, and it is a voice that sounds familiar. Of course, when you first hear that your loved one is kidnapped, any voice could sound like your child’s. It’s part of the brain’s response. There have been two families who have fallen victim here in my home state of Oregon, but down around the US/Mexico border, the numbers skyrocket. Why? Cartels. They are actually paying people to extort victims out of thousands and thousands of dollars.

Before we dive into how this happens, let me explain that this is all a hoax. It is not true, and it's simply extortion.

So, the important question: how does this happen?

Honestly, the first issue...is you. I know this sounds silly, rude, inaccurate, and victim blaming, but stick with me for a second. How does someone know you have a child; moreover, how do they know if your child is a boy or girl? FACEBOOK. Facebook, Facebook, Facebook. First, if you don't have a private Facebook profile, you should. This means someone cannot see your Personal Information or posts. They can, however, see your Profile Picture and Name. This means that even if you have a private profile, but you Profile Picture has your child in it, a scammer knows that you have a child. Even worse, if it's public, they can see where you are, and when you're most likely to be away from your child. This primarily applies to parents with children that are not yet of legal age.

But what if your child is over 18-years-old, possibly in college or moved away? Here's where it gets tricky, and this is where the children need to be on-board with the private profile aspect as well. Think about something really quick - if you saw 25 private Facebook profiles, meaning you can just see the person's name and profile picture, and I asked you if the person in question was a college student or moved out from their parents, or if they were not, I bet you'd score over 50%. Most would probably be closer to 75%. That's what these scammers are primarily doing. They are finding college kids. God forbid those kids have public profiles, which sometime even has their Family Information (Father, Mother, Siblings, etc.), proves to a scammer that they're in college, maybe even what sorority, fraternity, or club they're involved in. From there, it's as simple as finding a phone number, which isn't as hard as you think. Google your own name, and see if you can find your own phone number. Now let's pray that the college kid's profile is private. This makes it more difficult, but definitely not impossible. Now that you've put your own name into Google, try your children's name. See if you can find your phone number simply by putting their name in the search bar. If you can't, you're in luck. You're also the exception to the rule.

My recommendation is to make all of your social media profiles private, especially anything with lots of personal data and/or photos. The two that stand out to me are Facebook and Instagram (coincidentally enough, owned by Facebook).

I will both link to articles about how to make your Facebook and Instagram private, but I will also go through it step-by-step. As I deleted my Facebook early in 2019, I can't verify that this method works. If it doesn't, please email me immediately.

Facebook:

1. Click the downward facing arrow in the top-right corner.

2. Navigate to Settings

3. Click Privacy on the left toolbar

This is where you can configure everything. At the very least, change "Who can see my stuff" to "Friends".

Instagram:

1. Go to your profile (the little person avatar in the bottom-right corner)

2. Click the three, stacked horizontal lines in the top-right corner

3. At the bottom of the sidebar that slides out, you'll see a gear icon with "Settings" next to it. Click on "Settings".

4. Click Privacy

5. Click Account Privacy (about halfway down)

6. Toggle switch to Private


The FBI issued the following tips on what you can look for if you become a victim of this scam:

  • Calls (along the border) are usually made from an outside area code

  • The incident may involve multiple phone calls

  • Calls do not come from the kidnapped victim’s phone

  • Callers go to great lengths to keep you on the phone

  • Callers prevent you from calling or locating the “kidnapped” victim

  • Ransom money is only accepted via wire transfer service

If you receive a phone call from someone who demands payment of a ransom for a kidnapped victim, the following should be considered:

  • Stay calm.

  • Try to slow the situation down.

  • Avoid sharing information about you or your family during the call.

  • Request to speak to the victim directly. Ask, “How do I know my loved one is okay?”

  • Request the kidnapped victim call back from his/her cell phone.

  • Listen carefully to the voice of the kidnapped victim if they speak, and ask questions only they would know.

  • If they don’t let you speak to the victim, ask them to describe the victim or describe the vehicle they drive, if applicable.

  • While staying on the line with alleged kidnappers, try to call the alleged kidnap victim from another phone.

  • Attempt to text, or contact the victim via social media.

  • Attempt to physically locate the victim.

  • To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to get things moving.

  • Don’t directly challenge or argue with the caller. Keep your voice low and steady.


Yes, I understand how scary this could be for a parent, but if you still are questioning whether or not having a private profile is important, I highly recommend reading THE CHAIN by Adrian McKinty. It takes the premise of virtual kidnapping to a new level. It's a great fiction thriller, and hopefully it will shed more light on this issue.

Partial Blame Should Fall on Adobe

I like to consider myself a long time Apple user, but that would be an insult to those who have been using Mac products since before my birth. However, in the last ten years, I have used Apple products, almost exclusively. I spent three years working at an Apple Authorized Service Provider, repairing Apple products, primarily working on computer hardware and software (I dabbled in iOS devices for about a year). That being said, I have repaired many Macs that are infected with malware, trying to rid them of issues. One commonly recurring problem has been one threat vector, that I would say was the cause to over 75% of malware-infected machines was the utilization of a fake Adobe Flash Player installer.

fake.png

I don’t have enough fingers and toes to count the number of times I have talked to someone who has a Mac infected with malware, and it occurred when they “received a notification for an Adobe Flash update” while perusing a website. They then click on the update link. Suddenly, they have a malware problem.

Screen Shot 2019-03-21 at 7.01.46 PM.png

Attackers have made their fake Adobe Flash Player downloaders look more and more like the real thing. Now when I say “the real thing," I don’t necessarily mean that it looks just like Adobe’s installation webpage, but they do make it look legitimate. Take a look at the image to the right. It is a piece of malware that is wrapped to look like a downloader for an Adobe Flash Player update. Now typically these pop-ups occur on websites that aren’t secure. One common theme I would see frequently is a pop-up after pirating media, whether it be ripping YouTube videos, or on well known torrenting sites. I have typically placed 99% of the blame directly on Apple for multiple reasons. The first and foremost is that they have been known to spread the rumor that “Macs don’t get viruses.” Again, this is an all-out falsehood. Apple tried very hard to make that phrase popular, but the truth is that Mac malware has been skyrocketing.

You see a large amount of the malicious software installed on users that are under 25 years of age and over 55. I think the reason for this depends on the group. For the older generation, they are typically more trustworthy. They can’t rationalize why someone would want to infect their computer, and their thought process is understanding.

I thought that there had to be more to this issue than simply Apple’s issue of not cracking down hard enough of malware. The Macs built-in protection, in the form of MRT (Malware Removal Tool) and XProtect, simply don’t work well enough. You need supplemental software to protect your machine. A follow-up issue to that is that these malware removal apps are not available in the App Store. Actually, let me clarify - there are apps in the App Store, but they are not good. To host your app in the App Store, there has to be very specific things it can and can’t do. Some of the things that Apple restricts in their App Store are necessary for a good A/V (antivirus) to have. I’ll give you some great malware-removal tools and AVs at the bottom of this post.

So where does Adobe fit into all of this?

It’s obvious that this threat vector is extremely common. But why? I started digging through Adobe’s webpages, and I started looking into their release notes. Typically, when a piece of software is provided an update by the developer, the developer also includes “Release Notes,” which is, usually, a short summary or itemized list of bugs that were fixed, glitches that were resolved, security issues patched, and on and on. When you look at the release notes for Adobe Flash Player, the list is incredibly long. Not just the list of release notes, but the number of releases.


adobeUpdates.png

It’s not unlike Adobe to push out more than one update/release per month. This is a lot of releases. They’re averaging one/month so far in 2019, and averaged above that throughout 2018. What this does is shows that Adobe’s Flash Player truly does need to be updated regularly, and as users, we have become so accustomed to this software’s need for updates that since Adobe Flash Player’s inception in 1996, users constantly blindly trust that Adobe does need to update its software. Why? Because we’re used to it actually needing to be updated. When Adobe is typically giving you monthly notifications that you need to update their software to navigate to certain websites or to watch videos on specific webpages, we don’t get surprised when we navigate to a certain website, get a pop-up saying the software needs to be updated, and click Accept. Now we definitely shouldn’t just be clicking Accept on random websites just because we see a pop-up saying that Adobe Flash Player needs to be updated, however, how come we’ve never criticized Adobe for pushing these monthly releases or for not being more forthcoming about how malware uses their logo and name to mask themselves. The only place you’ll see this type of comment on an Adobe website is on their forums, where users are asking about how to get rid of malware after installing a fake Adobe Flash Player. So I’m calling for Adobe to step up to the plate and address this issue that has be plaguing Mac users for years now.

defense.jpg

Since it’s unlikely this issue will be resolved any time soon, let’s play a little defense. There are many pieces of software that can help prevent malware and can detect these fake Adobe installers the second they hit your machine. There are also additional tools for more advanced users that can help you do a little digging.

For me, the best piece of software you have have is Malwarebytes for Mac. Malwarebytes for Mac, which used to be a piece of software called Adware Medic, was created by Thomas Reed and was used to search a computer for malware, adware, and potentially unwanted software. The software used to be free, but now it is a mostly paid software that is subscription-based. If you’re frustrated that you can’t necessarily just buy the software outright, I will explain right now that everything is going the way of subscriptions. There’s no way to get around it. For developers, subscriptions is a more effective way to get and keep subscribers. Malwarebytes still has a limited free version that will clean your Mac, but it’s preventative features will disable after the 14-day trial expires. I highly, highly recommend buying the Premium subscription, that runs at only $39.99/year for one device. You won’t find a better deal than that or a better product. (By the way, this is in no way a sponsored post, this is simply my opinion). Another great part of Malwarebytes is that now they offer an iOS app, which will help you recognize spam calls, provide web protection, and ad blocking. Again, I can’t recommend it enough.

signed.png

Another piece of software is brought to you by the incredible folks over at Objective See. All of the software you find over at Objective See is both open source and free. They offer something called What’s Your Sign. This small program, once installed, allows you to right-click on software and see if it is “signed.” All software is signed. This means that the developer has digitally signed it to show that it is authentic. When you right-click the Signing Info option, you get a small window that shows if it is signed. We see in the image to the right that the signing authority is Objective See LLC, who is the creator of What’s Your Sign. So with something like Adobe, we should see that the software is assigned by Adobe proper, similarly to how apps coming from Apple’s App Store need to be signed by Apple proper. We also see in the above photo, the lock is locked.

signed2.png

Now let’s look at this fake Adobe Flash Player. Notice how the lock is unlocked, and it says that the signing authority is unsigned.

Objective See and the app’s creator, Patrick Wardle, make fantastic tools that you should check out. Check them out at Objective-See.com.

As per usual, let me know if you have questions regarding your machine. See something suspicious, don’t hesitate to tell me.

Instagram Attempting Fentanyl Crackdown

Did you know that one of the most common way drug dealers find new clients nowadays is through social media? Facebook and Instagram aren’t all sunshine and rainbows. In fact, Instagram has still been very lax in cracking down on drug-related posts.

Mark Zuckerberg, CEO of Facebook, along with his company recently began the crackdown on these opioid-related posts. Instagram, who is also owned by Facebook, has been one of the largest purveyors of illegal substances. Zuckerberg (and Facebook proper), have been recently notorious for saying they will do something about problems or issues, apologizing, but NOT taking responsibility, then doing nothing.

zucked.jpg

Let’s take a step back a moment to talk about the opioid crisis, and why the fact that Facebook is doing little to nothing about it, is a gigantic issue:

Overdose deaths due to substance abuse has continued to increase. If we go back less than 10 years, to 2010, there were 21,089 deaths across the nation. It doubled to 42,249 in 2016. Now, after 2017, which saw numbers reach over 70,000 fatalities according to numbers from the Centers for Disease Control and Prevention, we could be looking at numbers nearing 80,000 for 2018.

800px-US_timeline._Deaths_involving_other_synthetic_opioids,_predominately_Fentanyl.jpg

A large amount of this credit has to be put on Fentanyl, where the deaths rates in only 2013 were around 3,000 overdose deaths, now hover around 28,000.

Before we dive in to how illicit substances, especially Fentanyl, have become widely sold over social networking sites, especially that of Instagram, what is Fentanyl and where did it come from?

2mg of Fentanyl, a lethal dose

2mg of Fentanyl, a lethal dose

Fentanyl, to explain it as straightforward as possible, is a synthetic opioid that is 80-100 times stronger than morphine. Its primary use was in pain management, for people with severe pain like cancer patients. Due to its short-term high and euphoric brain reaction causation, the drug has been, more and more often, cut with heroin. Dealers will frequently add Fentanyl to heroin, increasing its potency, while saving money on the heroin, instead opting for the cheaper, more intense Fentanyl. Taking less than 5 minutes to reach your blood stream and your brain, the euphoria is almost instantaneous. And due to its quick half-life, the end-users are left desiring more. Plus, when cut with heroin, it combines the two drugs to produce a brand new high. The issue that these victims of overdose are encountering is that they are shooting heroin that contains more Fentanyl than either their body can handle or more than any body can handle. It is said that 2mg of Fentanyl is a lethal dose. It is also the way Prince died, same with Tom Petty’s death, as well as the death of Mac Miller. Should I go on?

So there’s Fentanyl - extremely dangerous and deadly. Now let’s move on to the main idea behind this post: What Instagram is, or isn’t, doing.

Instagram FINALLY decided to start removing/blocking some posts containing specific hashtags. There was, no joke, the hashtag #XanaxForSale floating around Instagram. Sellers weren’t even trying to be discrete. As this crackdown happened, dealers just shifted their hashtags oh-so slightly to those that were unblocked. It became #XanaxLife and #Oxycontins. Again, creative, right? Not really. But they didn’t need to be creative! It was just that easy for them. It’s like posting an advertisement in the local newspaper for drugs, and rarely ever getting caught.

Instagram-Drug-Searches.png

When we analyze Instagram, and especially Facebook’s, recent crackdown of speech and rhetoric, it was a huge surprise to see that they didn’t take the time to enforce their drug hashtags. Although I believe that part of the poor timing is due to the face that Facebook has been pretty swamped with Congressional Hearings regarding Russia placing advertising on the webpages to influence elections, they have a large enough company that it shouldn’t make a difference. When you think about it though, this issue that over 70,000 people are overdosing on drugs each year, should be of paramount importance to Facebook and Instagram. Are you listening, Zuckerberg?!?!

The majority, 80% worth, of the United State’s Fentanyl is currently be routed from Mexico through San Diego, California before dispersing throughout the U.S., thanks to the Sinaloa Cartel. Another big push is through Texas, although San Diego has been universally the popular route.

From San Diego, CA, the drug is in the perfect location. At the base of Interstate-5, which runs from Chula Vista, which sits right at the US-Mexico border, and runs through San Diego, Los Angeles, Sacramento (and only a short jump to the bay-area), Salem, Portland, Tacoma, Olympia, Seattle, and onward to Vancouver, British Columbia, Canada. Traffickers can also take Interstate-10 to El Paso, TX, then before long, you reach Eastern Texas. Texas is an ideal location for drugs, with the perfect highways going north to Chicago, or northeast to the Baltimore, New York, Boston, Washington DC areas, or that can simply stay east, making their way to Atlanta and Florida, and ultimately, the notorious I-95. This goes for weapons as well, as they hit the I-95, also denoted the “Iron Pipeline” by the ATF, and the connecting highways. From there, they hit all of the metropolitan cities on the east coast where they are used to kill gang members, children, innocent bystanders, and police. The Iron Pipeline southern-most point is Miami, then runs directly up the east coast, hitting Washington DC, Baltimore, New York City, Philadelphia, and again, all the way through the northern-most state, Maine, and into Canada. The cartel, or drug runners, have also been branching off in southern New York, and taking I-87 through Albany, NY up to Canada where they reach Montreal. From there, it’s a short trip west to Ottawa or east to Montreal City.

I think I’ve made my point.

Interstate-87 in northern Vermont, before crossing into Canada

Interstate-87 in northern Vermont, before crossing into Canada

So the important question - how to we deal with this drug problem?

I think we can all agree that the War on Drugs of the Nixon-era didn’t work, right? Even though Nixon said, in a press conference, that drugs are "public enemy number one", he is partially right, but as a fix, the War on Drugs was a complete disaster. First, it quadrupled the prison population. I always find it interesting when people who agreed with the War on Drugs are upset when a violent offender gets released from prison on bail within 24 hours. It’s because the prisons are full of non-violent offenders who are serving lengthy or even life sentences. And these prisons weren’t just full of every age and race, it was and is disproportionally comprised of minorities. It became a prisons-for-profit that cost taxpayers close to a trillion dollars.

“Well, what about the violence of the drug trade?” Good question! Yes, drug trafficking is inherently violent. Why? It’s drug prohibition. People were quite violent during the alcohol prohibition. Let’s take a different legal drug…nicotine. Have you seen nicotine CEO’s shooting each other in the streets? No, you have not.

I think there is a good reason that makes sense to me. The CEO of Marlboro, Clifford B. Fleet, is an incredibly rich, white male and his product is legal. And don’t for a second think I’m saying that the head boss of the Sinaloa Cartel isn’t rich, but he isn’t white, and he deals with illegal drugs.. Same with the majority of those arrested in the War on Drugs. As the amazing fiction author Don Winslow put it, “The War on Drugs has largely been a war on people of color.” If (some of) these drugs were legalized, it would push the cartel back into Mexico.

I can hear it already. “But then it will flood the streets and users won’t try to stop?” Yeah, maybe, but they aren’t trying to stop now. Take Portugal for instance. In the late 1990s, the country was plagued by addiction, the HIV crisis was soaring, and the prisons were packed. Sound familiar? Well, the made some changes. They decriminalized it. Now keep in mind, decriminalization is not legalization. Drug offenders may still be penalized, but the idea is to redirect enforcement resources and prevent flooding prisons with non-violent offenders. Drugs are still illegal there, but anyone carrying less than 10 days’ worth of illicit substances will have their supply confiscated. They get an assessment with a social worker, psychologist, and lawyer. Their consequences usually range from a few days’ worth of community service to a ban on visiting venues in which the person is known to purchase or obtain or use drugs. Even high-risk patients can receive an invitation to undergo treatment. Rehab is voluntary in all but exceptional situations.

Portugal’s HIV rates among intravenous drug users have dropped from 1,482 in 2000 to only 40 in 2014. They have seen cocaine use per capita approximately one-tenth of Spains and only one-fifth that of France. According to European School Survey Project on Alcohol and Other Drugs (ESPAD):

Maybe if we at least attempted to adopt something similar, we may see some changes.

Another factor in this so-called new “War on Drugs” is that African-Americans make substantially less than white males. According to The Economist, “…Much of this difference is due to mass incarceration.” Along with this, it is proven that there is a direct link between poverty and prison, which isn’t surprising. If I was flat broke, I might be tempted to steal food, or to deal drugs to make some money to feed myself or my family. Along with poverty comes either homelessness or living in some of the worst buildings, flophouses, and locations in the country.

In a fantastic, non-fiction book by Matthew Desmond titled Evicted: Poverty and Profit in the American City, a brilliant line arises. “Every condition exists,” Martin Luther King Jr. once wrote, “simply because someone profits by its existence. This economic exploitation is crystallized in the slum.” Exploitation. Now, there’s a word that has been scrubbed out of the poverty debate.”

I believe that before we start beefing up border security, we need to take a better look at what’s happening in America. A wall won’t stop drug traffickers, and I’m assuming that’s it’s supposed use. Tunnels, airplanes, and boats. Need further evidence? These three links appeared in the first page of an internet search for “drug traffic mexico”:

A tunnel that ran from an abandoned KFC in California under the border into Mexico

A tunnel that ran from an abandoned KFC in California under the border into Mexico

A wall doesn’t stop tunnels, last I checked. Even if you agree with the wall, didn’t Trump say Mexico was going to pay for it? That was the crux of his election campaign. Now, he’s asking for $5 billion dollars to fund the wall, or he will shut down the government. Did I miss something? Regardless of where you sit on the political aisle, does this make sense to you? Even though I’m not sure why I’m surprised. When was the last time a President made a campaign promise and actually follow through with it? They’ll say whatever gets them elected.

Alright, I think I deviated far enough away from the drug problem. I just hope I made my point clear, that the people doing drugs should not be our enemy. They’re our fellow citizens, fellow human beings, and they deserve assistance. Step off of the pedestal for a few minutes to think about how difficult life would be addiction to a substance. Many people say that they don’t want their tax money to go to building homeless shelters or actually housing addicts for them to go through rehabilitation. If you’re one of these people, I sincerely am curious at your proposed solution? Leave them in the streets craving drugs, hustling for quarters, while we step over them on our way to where we want to go? Because then people complain that there are too many homeless on their streets.

Again, regardless of where your politics fall, in the final days of Obama’s Administration, we started to see a gravitation to a more sensible drug policy, which allows clemency for nonviolent offenders serving these incredibly long prison terms, a push to end mandatory minimum prison sentences, a less aggressive stance on the enforcing of the marijuana laws, which former Attorney General Jeff Sessions tried desperately to dismantle, and the abolition of prison privatization on the federal level.

As you can see, I am very passionate about this country’s current drug problem. People are overdosing everyday, in every town, and it’s about time we recognized this problem and attempted to come to some sort of resolution.

If poverty persists in America, it is not for lack of resources.
— Matthew Desmond, Evicted: Poverty and Profit in the American City
Facebook stock on 12/20/2018 at 10:41AM EST

Facebook stock on 12/20/2018 at 10:41AM EST

Facebook (and their company Instagram) are becoming a big issue when it comes to drug trafficking. With big money comes drugs. Either Facebook needs to crackdown on their drug trafficking posts on both companies, or we will only see this issue get worse. Also, their inability to help mitigate fake profiles is astounding, and this should definitely not be the case for a business of this size. Facebook, because of its size, should feel obligated to do so. This goes for Instagram as well. Unfortunately, for all of us who actually think this is problematic, Facebook is public traded. This means that it’s number one obligation is to its shareholders. That’s it - make money. On the bright side, with all of Facebooks shortcomings, especially as of late, we have start to see their stock begin to drop, as Facebook has been sharing more of our data with third-party companies. Just like how they gave user’s private Facebook messages to Netflix and Spotify, even though Mark Zuckerberg claims that it was done with user consent. We’ve been zucked again. I only pray that this will make them realize the disaster they have become. Their lack of transparency over their entire existence has been abysmal. Take for instance their Facebook iOS application updates. They just use the same template for every update description.

We've been zucked again!

facepalm.gif

I’ve been contemplating deleting my Facebook for some time. I’m tired of my data being sold, their complete and utter lack of any kind of monitoring of enforcement. Add in their nonexistent transparency with what is being done with user data. they’re about to become the open-source Equifax. If things don’t change in the ensuing months, I will most likely be calling it quits ✌️.

Guest Post: MyShopCoupon Hijack Browser

Detection of MyShopCoupon

Summary: MyShopCoupon is a browser redirector that I found in the ~/Applications directory. This was redirecting Google Chrome to use weknow[dot]ac as the default search engine for the browser. This avoided detection from KnockKnock, Malwarebytes Anti-Malware for Mac and ClamXav. It actually took me a fair amount of hunting around to grab it as this is the first occasion in which I’ve seen adware/malware hide itself in such an unlikely place as the ~/Applications directory. The point of this article IS NOT to chastise the developers of the above listed software, but simply to inform them of this files existence. Prior to this article being published, I have submitted the files and my findings to those that expressed interest in my detection.

Introduction: First, I’d like to take a moment to introduce myself. My name is Matt Jacobs and I am the senior technician at a third-party Apple retail location. I have been doing this since 2013 and have performed ~15-25 security sweeps a week since I created/curated some wonderful pieces of software together for use with Macs. The curated Apps do the majority of the work, although I have created several Automators that simplify my process. The process that I use has been implemented on a nationwide scale within the company that I work for. I am very proud of this and the work that I do. I DO NOT KNOW HOW TO CODE! I AM NOT A PROFESSIONAL MALWARE RESEARCHER! I am simply a person that has had to work around malware and INSANE amount. I say all this so you know that this article WILL NOT be an in depth discovery in the vein of Thomas Reed or Patrick Wardle, gentleman that I respect GREATLY. This is a practical analysis. Should you feel that I am disqualified to be writing such an article, you can feel free to navigate away now.

Getting on with It: I initially found this piece of adware and submitted it to Virus Total on September 14, 2018. I found this because I had completed a security sweep on a customer’s computer (the customer will remain nameless here, but they granted permission to me to copy the files for use with this analysis) in which scans were ran with the following three pieces of software, in this order: 

    1. KnockKnock,

    2. Malwarebytes Anti-Malware for Mac

    3. ClamXav.

Before & after the scans are completed, I will manually go seek out some places that I know little things like to (attempt to) hide in. After analysis, it is part of my process to clear the caches within installed browsers and verify that they are functioning properly. Everything looked to be performing as normal, so I sent the computer home with the customer. The same day, the customer returned to my store (after I had left for the day) and was showing something to the technician on duty. In Google Chrome, the default search engine was set to Google, yet when a search was performed, it was using a search engine called WeKnow. That tech did the usual and checked for various installed extensions, cleared the cache and restarted the browser. The same was still occurring. That tech then removed Google Chrome, as well as it’s associated files and folders, then re-installed Google Chrome. The issue persisted. At this point he put the machine on my desk and told the customer I would contact them again the next day. 

Upon my arrival, I see this computer that I recall completing the day before, sitting on my desk.  The tech explained what was going on and walked me through the things he attempted, which I’ve documented above. At this point I started searching for the offender. After several minutes, I couldn’t find anything out of the ordinary. So I started looking in places that were so obvious I wouldn’t usually check. MyShopCoupon was “hiding” in the Applications directory AT THE USER LEVEL in a directory titled “MyShopCoupon” along with a myshopcoupon.config file. I zipped this folder up, restarted the computer and relaunched Google Chrome. Issue solved! I called the customer and explained the situation to them and was granted permission to copy the files upon removal for further analysis. 

I temporarily copied the files to a jump drive, so I could later copy to my personal MBP for analysis. Upon uploading the files (that I had unzipped) to Virus Total, I learned that 0/59 scanning engines had been triggered by these files. Virus Total did show me that it knows about files that are considered to be related to this file. It also showed me that some of these related files HAVE triggered some of their scanning engines. This has happened to me several times before. In those circumstances, I usually send the zipped up files to someone a little more prominent than I in the malware industry to proceed through the official channels and update their own software to detect these. I didn’t this time, however, as I had very little information about them. Upon completion of my security sweep, I gather all of the files into the ~/Trash and organize them as follows:

    1. Known Bad Software

    2. Malwarebytes Removals

    3. Previously in Trash

    4. [security sweep] Docs

    5. Unnecessary iTems (I throw away .dmg, .pkg, .exe files I find in the ~/Downloads folder, even though they may not be related to security)

    6. Virus Scan Removals

The purpose of doing such a thing is to give the customer something that they can look at to see what I did. This is to provide them with some value since they have paid for the service, and (other than a better operating computer) they really have nothing to show for it. I understand that the vast majority of end users will not understand what they are looking at, but this is so they can visualize what was causing the issue and have the satisfaction of clicking the “Empty Trash” button and ridding themselves of the problematic software. In this instance, the customer had emptied the trash prior to bringing the computer back. So I really have no idea what the infection vector was, nor where it came from. I know… very anti-climactic, right?

However, the upside is that now you, the reader, know that this little piece of garbage likes to store itself in your ~/Applications folder! Go take a peak for it. The other upside is that this is making me change my process. I will now start archiving the directories that I mentioned above (with permission, of course) excluding the “Previously in Trash” directory so I can be better prepared for these occurrences. 

Virus Total Link: MyShopCoupon
SHA-256: ea99c5031c8e455352a762515831d5fa1de4f7abfae169fbaf2a3d89fe704e12

MyMacUpdater SHA-256: fa3e23154036428fa42ba843f79e9fb6a1b85585906ee9159540e506b787d2df


Further Evaluation and Update by Stuart Ashenbrenner

Matt Jacobs originally made this write up back in September, but we have delay the release of the blog post. I have done a little more digging into this piece of malware, and I will show you exactly what it looks like and where it is persisting on your machine. Over the past few months, VirusTotal has began to recognize this malware, although many antivirus programs still aren’t finding it.

.png

When I acquire a sample of the malware from Matt, I began by simply running the installer (see right).

After initializing the installer, I quickly received a notification from the Objective-See tool called Lulu. This tool helps notify you of an process trying to connect to an external IP address, just like your typical firewall. This notification flagged that a process called mm-install-macos was attempting to connect to service.macinstallerinfo.com at IP address 104.238.223.14:80. This process (PID 729) was located at path:

/private/var/folders/8r/cwfv75z56jq6njqk_macos.app/Contents/MacOS/mm-install-macos

With this, you can see that the install persists out of the /private folder in the root directly. Luckily, you can block this connection with Lulu.

Screen Shot 2018-12-17 at 10.21.57 AM.png
Screen+Shot+2018-12-17+at+10.22.35+AM.jpg

If you allow this process to run, you will see Terminal open to run the bash script that is this programs installer. This is also the time in which the program will request your administrator password. This is truly what allows the adware to persist and begin infiltrating your system.

Screen Shot 2018-12-17 at 10.23.32 AM.png

This will launch an installer for “program” called Media Player. This program initializes and gives you two types of installation options. One is the express version (below-left). The other is the customized version (below-right). Please note, you cannot actually customize the installer. You HAVE to install both Media Player and Myshopcoupon, and you cannot uncheck the option. They are basically forcing you to install both those pieces of “software.”

Screen Shot 2018-12-17 at 10.23.03 AM.png
Screen Shot 2018-12-17 at 10.23.09 AM.png

After accepting the install, Lulu alerted me with another outgoing connection. This came from a plist file located within the LaunchDaemons folder, which is what helps the adware maintain persistence. As noted in the screenshot, the actually startup binary of the file is location in the User-level Application folder, which is much less common than that root Application folder, which is where the majority of your actual apps are located.

Screen Shot 2018-12-17 at 10.25.50 AM.png

You are then taken through a slough of your System asking for permission for these programs to access ALL of the data within your browsers, whether it be Safari, Chrome, or Firefox (I tested all three). These requests look like the image to the right. There were roughly two requests per browser, one for Myshopcoupon and one for a program called “Install”. Clever name, right?

One thing of note, I did recognize a curl command running in Activity Monitor.

Screen Shot 2018-12-17 at 10.28.38 AM.png

I checked the process ID (PID) through Terminal and noticed it was trying to connect to the mediaDownloader server.

Screen Shot 2018-12-17 at 10.29.13 AM.png

This completed the installation with a large “Thank You” page, then immediately after opened Safari and directed me to a website that, in the browser was called “related-offers.” It was an ad for MacKeeper. Shocker!

.png

After exiting that garbage program, I navigated to the User/user/Applications folder, and sure enough, MyMacUpdater was sitting in that location.

Screen Shot 2018-12-17 at 10.40.27 AM.png

The job of malware, adware, or viruses is to persist, meaning if you restart your computer, the malware needs to be able to restart on either power-on or login. Because of this, most malware will attempt to persist from either the LaunchAgents or LaunchDaemons folders.

One reason why this specific piece of malware is so nefarious is because it utilizes the users directory. Because of this, some malware of adware companies don’t recognize it, as it could potentially cause unwanted data loss (according to the AV companies). While I don’t necessarily agree with the notion for malware companies to avoid blatant and obvious malware, I understand where they’re coming from, at least from a business standpoint.

With that in mind, I highly recommend tools from Objective-See. Their tools, like Lulu mentioned above can help alert you to unwanted programs, adware, or malware. On top of that, their program KnockKnock will run Launch Items (items in the LaunchAgents and LaunchDaemons folders) against a VirusTotal check. Although this malware avoided detection early on, it appears that it is now being recognized, mainly due to the malware changing over the past few months. VirusTotal will reveal how many different antivirus programs have recognized it. When I used KnockKnock after installing this Myshopcoupon on a clean system, it responded with these results:

Screen Shot 2018-12-17 at 10.45.47 AM.png

It recognized both persisting pieces of software, and returned that one (MyMacUpdater) had 2/57 hits on VirusTotal, while the other (MyShopcoupon) had 15/56.

I can’t recommend these programs enough.

If you have any questions, feel free to email or call me.


A huge thank you to Matt Jacobs for all of his research into MyShopCoupon! You can follow Matt on Twitter at @pnwbeard. When Matt isn’t working on Macs, he’s developing and designing table top games. Check out his page over on Patreon.

Also, shoutout to Patrick Wardle at Objective-See for all of their fantastic tools.

A Year After Equifax Breach: What We've Learned

A Year After Equifax Breach: What We've Learned

We've learned nothing apparently.

Looking back at the massive breach of Equifax Inc. in September of 2017, when the personal information of 143 million people, mostly in the United States, was leaked, we've seen that number climb to 148 million into 2018.

giphy.gif

It seems like with a breach of that magnitude, heads would roll. Uh, yeahhhhh, not so much…

Not only did no one worth noting get fired for the breach, at least publicly, the companies shares have all but recovered and will probably post a record annual profit next year. Not only did their CEO not get fined, fired, or face any reprimands, he was able to retired, collecting his 410k, which was probably through the roof. Again, no one was fired, but I'm guessing they were asked to retire. My assumption is the only firing that happened was to the one, single IT technician on which they blamed the hack after they failed to install the patch (a patch is finding a vulnerability in a system and fixing it, so it is no longer problematic). The only other known employees that have been fired for anything even related to the breach were employees arrested for insider trading, when they sold stock after the company knew about the breach but before the shareholders were informed. Sudhakar Reddy Bonthu, a software manager, was one of them, when he traded on the information he received while creating a website for consumers affected by the attack.

When stocks began to fall from $141.59 on September 1st, down to $92.98 a share on the 15th of September, it seemed like Equifax was at its all-time low. Now, we see the Equifax stock closing in on $140/share, which is only $5/share off of its all-time high, when it was $145.09 not long before the breach was disclosed.

As of September 14, 2018 at 2:20PM ET

As of September 14, 2018 at 2:20PM ET

So maybe we haven't learned much from Equifax, but have we learned anything as the human cog in this technical wheel? Short term? Absolutely. After the Equifax breach, there was a huge backlash by users and anger over the way the breach was approached and disclosed. However, looking back, it was short-lived. "Equifax," although now becoming near synonymous with "breach" is rebounding perfectly fine.

The important take-away is how we as people and users operate on a day-to-day basis. Do you use one password for everything? Does it just meet the minimum requirements for password strength, or does it exceed them? Are you using numbers and symbols in combination with a word that isn't related to you? These are the things we need to learn from breaches. I do understand that some things are impossible to protect against, like the Equifax breach. Whether your personal information was involved or not, no amount of password protection was going to protect you from that breach. So as far as Equifax-esque breaches go, just be weary about your personal information.

Don't just sign up for random things online, don't use your full, real name unless required, password strength is key.

There are some resources out there to see if you or you’re email has been involved in any data breaches or leaks. It is called Have I Been Pwned. It’s a good resource that I highly recommend checking out. It is one of the reasons I got a new email account some time ago. I have one email to which I get all of the coupons and other garbage sent, and then I have a different one that only people very close to me have. It is also the email I use for things like online banking or Amazon. It is also good to frequently change your password. Try your best to think of something complex that combines letters, numbers, and symbols. I took roughly a week to come up with my most recent one. It is well over eight characters, in fact, I think its over fifteen. Regardless, try to change passwords often. If you have issues remembering passwords, there are things like iCloud Keychain or 1Password that many people like and trust.

Sextortion

Less than a month ago, security researcher Brian Krebs published an article called, Sextortion Scam Uses Recipient’s Hacked Passwords, and now, it appears that extortion has spread to the Apple platform.

Sextortion, by definition, is a form of blackmail in which sexual information or images are used to extort sexual favors from the victim. 

As noted by Krebs, the perpetrators would first hack the computers password. After receiving the computer's password, the hackers would email the victim and inform them that their password was hacked. What they would do next is tell the victim that they recorded them doing nefarious things. You can read an entire email below.

porn-blackmail-scam-email-example.png

This type of email would be very convincing, as the hackers literally know your password, which would make the average user and even more advanced users assume that recording through the webcam is possible. This is one of the more intimidating and personal scams I've ever seen. This isn't simply an attempt at extortion, it's uncomfortably personal.

Quite some time ago, I wrote a blog entitled simply Should You Cover Your Computer Camera. Now, when I wrote this, I hadn't really considered something like sextortion. That being said, if you are going to be doing..."personal" things on your computer, you may be better off using a camera cover. In addition to covering your camera, it may be worth it to get a piece of camera-monitoring software that can help monitor your webcam activity and alert you to its use.

When it comes to webcam monitoring, there is nothing better than Oversight by Objective-See. This software, as I mentioned, alerts you to both your camera and your microphone becoming active. It will throw you a notification in the top-right corner of your screen, alerting you to its activation. It also allows to whitelist certain apps, meaning that when you get the alert whether to allow or block the enabling of your camera, you can choose "Yes, Always" or "Just Once." This way, you can make sure Facetime always comes through, but other applications do not. Now you may be thinking, "Isn't that what the small, green light next to the camera is for?" The short answer is: yes. The slightly longer answer is that the green light can be bypassed to remain off even while the camera is active.

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— Oversight Application for macOS

© Objective-See —— Oversight Application for macOS

There are other ways you can protect yourself, such as using a program such as Micro Snitch, which is a program by the creators of Little Snitch, or you could even use an actual camera cover. If you so desire, you even get a pair the two. I don't physically cover my camera, as I am not overly concerned of being spied on, but a large part of this is due to the fact that I purchased Micro Snitch years ago, and since then, Objective-See released Oversight, which I also have installed. I figure that between the two programs, I should be safe, although I've found myself definitely drifting towards Objective-See's tools as opposed to the creators of Little/Micro Snitch, Objective Development. TL;DR: Install Oversight.

I do understand why others may want it covered. We all remember that picture of Mark Zuckerberg holding up a sign in his office, and in the background you see a MacBook Pro with the microphone and camera covered. Many people were shocked by this, but I was not one of them. Zuckerberg has many whom I'm sure would like to access his webcam, whereas someone like myself doesn't really have to deal with creepy people like that in my reality. It's our differences in fame and fortune. Fortune will quickly make you a larger target for any type of cyber attack.

zuck_instagram.jpg

The FBI has listed a few ways to avoid sextortion scams. They are as follows:

1. Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

2. Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

3. Turn off [and/or cover] any web cameras when you are not using them.

If you or someone you know have been victims of a sextortion scam, contact the FBI toll-free at 1-800-CALL-FBI.

Finding Accurate Software Reviews: Harder Than It Looks

Preface: I recently received an email from one of my closest friends, and also one of the most knowledgeable people I know when it comes to Apple computers and Apple security. The email Matt Jacobs (@pnwbeard) sent me a short message followed by a link. His email was to the point, and I immediately knew I was going to do it. His email was as follows:

You should do an article about s***ty “review” sites that just link you to malware while running ads for malware.

https://www.soft32[dot]com/mac/?rel=menu
— Matt Jacobs

I followed the link on my iPhone, and the second the website popped up, I knew it was going to be a great article, so thanks to Matt's assistance and link to a jump-off point, here it is.


MacKeeper ad on the bottom of the Soft32 website.

MacKeeper ad on the bottom of the Soft32 website.

There are many "review" sites out there that "review software," at least that is their claim. Soft32 is one of them. They claim to review software and give you download links to software that is for PCs, Macs, and iOS/Android. It took one scroll before I crossed the first and most glaring red flag. An advertisement for...you guessed it, MACKEEPER! Clicking the link takes you directly to the MacKeeper webpage - no surprise.

 

Soft32 is just one of many terrible "review" sites. These sites provide links to free software, which is laced with malware. They also run ads for companies like MacKeeper, which are considered PUPs (Potentially Unwanted Programs). They aren't necessarily considered "malware" by anti-virus engines, but they are programs that you'd best avoid. There was even a tweet put out by Apple Support, saying that you should avoid MacKeeper. It's probably one of my all-time favorite tweets.

However, I must digress, before I dive down the rabbit hole that MacKeeper typically makes me do.

Let's get back to the review sites. There are many, and they are persistent. I think one of the other most reviled "review" sites is the one that is commonly reference by MacKeeper. It is called ShopperApproved[dot]com. It is a nightmare of a site, that seems the most jaded review site I've run across. Although this one doesn't give you free downloads of malware-infested software, it is another one you best avoid.

Another very popular site is called CNet. CNet, which used to be a somewhat trustworthy site when it comes to software and product reviews, has deteriorated immensely. While on the other side, a site like Softonic[dot]com is just pure garbage, pushing horrendous software that has no business on your machine. It is plagued by malware and advertisements that link to software that is poorly made and slows down your computer. Those pieces of software typically come bundled with malware as well, so either way, it's going to put malware on your machine.

 It's unfortunate that you have to tip-toe across the internet in order avoid stepping in a steaming pile of malware, but it is the state of the internet today. This isn't just an Apple-specific issue, but also occurs across all platforms.

reviewmacsoftware.PNG

You see, these reviews occur on sites everywhere, and they are actually the most popular sites when consumers go out looking for reviews. This is due, in part, to the fact that these sites give away "free software." Sites like Softonic, along with the aforementioned Soft32, are all sites that utilize this "free" tactic in order to get you to click on their advertisements or download malicious content. Just remember that with software, as with phone calls, "If it sounds too good to be true, it probably is."

I'm sure you may be thinking, "Well then what is a reputable review site?" Unfortunately, there aren't a ton of good ones out there, and there are a ton of bad ones.

The best, publicly acclaimed review sites begin with Tom's Guide. Although I disagree with some of their content, overall, their reviews are, if nothing else, honest. They don't try to sell you additional software or offer free downloads. Another relatively good alternative for Mac users is the Apple Discussion boards. As a reminder, this is a user-to-user to discussion board, so the opinion your are getting is just another Apple user's opinion, however, many of the most common replies on this site are avid users who have a plethora of Mac knowledge. I am very often perusing the Apple Discussion boards in an attempt to provide insight to others who may need it. Another reputable site is 9to5Mac.com, Macworld.com(NOT Macworld[dot]co[dot]uk -- that site is a nightmare), and iMore.com.

With everything listed, I would recommend them in that order, but with one exception. . .ASK ME! Just send an email to stuart@crashsecurity.com or text/call me at (541) 714-5880, and I would be more than happy to let you know if the software in question is good or bad.

Gladiator_Thumb_Down_01.gif

A special thank you to my good friend and fellow Mac user Matt Jacobs (@pnwbeard) for the idea for this post. Matt is a Table Top Game designer and developer, and he does a fantastic job. He is currently working on a game called XO. Check it out and support him on Patreon.