Phishing phish.

Phishing refers to the act of masquerading as a company or institution in order to steal information, such as usernames, passwords, and credit card details.

I presented this subject in class, and to be honest is quite a tricky one. The interesting thing about phishing is that, even if it occurs within the different communications technologies, the attacker doesn't actually need any technical knowledge about technology. The attack happens at a human level, so the attacker doesn't need to be a hacker per-se, they'll just send you an e-mail, pretending to be a company or something, saying that something is wrong with an account of yours, and they need your password to fix it. As easy as that.

The more intricate phishing scams will require technical/hacking skills, like hosting a fake websites online, with a url that's almost indistinguishable from the real deal (only different by a couple of characters, they added 'the', different extension, etc.), where users "log in", or at least they think they do, and actually give away their credentials to attackers. A recent example is what happened with the giant company Equifax because, not satisfied with having a massive security breach, they linked on Twitter to a phishing site. If a large company can be fooled, what about the rest of us. Thats why we always check, and double check the URL var.

But examples like the one above are just the tip of the iceberg, as I wrote above, attackers don't need to be technical experts, they just need to get in contact with you through an email, social media message, even phone calls.  We need to smart about protecting ourselves, if you someone approached you on the street asking for your email and/or password, even if he/she claimed to be from your bank, will you actually give them? so why should we trust an email.

There are many kinds of phishing:

1. Phishing, or wide net phishing, is basically what I described above. Attackers target many people, usually using automated systems to send mass emails. Attackers can get a hold to your email address when massive databased are leaked. Attackers may address you as 'dear costumer' or some other general way.
2. Spear Phishing refers to a phishing scam specifically directed at you. It's creepy, attackers will know information about you, social media is a main source, they will know your name and whatever other information about you is out there. Juan Martinez wrote a very in-depth article in PC Magazine that you should read. Spear Phishing attackers tend to target public figures, but anyone can be phished, so better be careful. 
3. And perhaps the creepier of all, Cat Phishing. This can be horror story territory. Like Spear Phishing, Cat Phishing targets an individual person, but instead of disguising themselves as a company, attackers pretend to be an individual, someone who wants to know you. This attacks can happen through social media, but the real 'phishing pond' is in dating websites and apps. By using fake name and pictures, the lure victims into an illusion of connection and trust, and what happens next can go in very different directions. Best case scenario is that is just some person trying to get a date by pretending to someone more attractive, but it can get much worse. The'll ask for pictures that can later be used for blackmailing, meeting these people can lead to kidnappings, and much worse things, crimes that I'm not gonna write about in this blog, yes, it is that bad. Ellen McCarthy wrote an interesting piece on the Washington Post where you can learn more about Cat Phishing. 

Phishing isn't an attack that is done with malware, so anti-virus and anti-malware are of no help here. Its almost imposible to prevent you from getting a bad email or message, so you'll need to learn how to spot it and don't get caught. There is a very nice guide in The Guardian that shows tips for spotting Phishing, Microsoft also published some good pointers on the subject. But the Cliffsnotes version is: if it looks fishy, its probably phishing, look for typos, spelling and other errors; never follow randoms links; check with the official companies separately. 

 This hyper-connected world has brought us many blessings, but also many ways to put our security on the line. We need to stay alert, be smart, and don't get caught. 

Sources: 

Dredge, Stuart. (fri Jun 6, 2014). How to protect yourself from phishing. The Guardian, website: https://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks

N.A. (N.D.). Phishing. Wikipedia, website: https://en.wikipedia.org/wiki/Phishing

Your computer has been kidnapped.

The government of {{Insert current location country name}} has found {{Insert illegal material}} on your computer, please pay the fine of {{Insert ridiculous amount of money}} to regain access to your computer. 

Kidnapped!? Really!? Yes. Thanks to this thing called Ransomware Internet pirates and other evil doers can lock all information on your computer, encrypting it so you can't use it. Now you have to pay them an amount of money to regain access to it, or say goodbye to your precious data. 

As explained above, a Ransomware attack targets your computer and encrypts various files and folders in your computer, rendering them useless. You can get attacked by it if you'r computers gets infected with a virus or you run a malicious script, the attacker hides the code as an e-mail attachment, a link on an infected webpage, videos on iffy pages, system updates, etc. Not very different than other kinds of attacks. But what makes Ransomware different from other kinds of attack is that, while others may just want to ruin your computer or steal your info, Ransomware will actually ask you to pay the rescue, and paying doesn't warranty that your information won't be copied or/and stolen, it doesn't even warranty that it will be released. 

Many times they will mask the attack as a sort of government issued computer search-warrant, claiming that illegal material has been found in your computer, and that you have to pay a fine to regain access to your machine. 

So, how can I protect myself?

•  Anti-virus, Anti-malware all the way. These are the main ways that ransomware gets distributed, so try using these layers of protection.
• Don't click random links, check the address to see if its a site you thrust, hover (without clicking) the mouse on the link to see if the address matches the text displayed, or simply browse manually, go through google to find stuff.
• Don't open email attachments, specially if its from people you don't know, only open things that 100% sure its safe. Now days there are plenty of ways to share files, so be careful of what you download. 
• BACKUP REGULARLY. In the case that you do get attacked now you know that your data is safe and sound, so you can do a reboot of your machine, make sure you wipe it clean of any malicious software and re-install from the backup.

It's important to never pay what they ask for, we don't want to encourage this kinds of attacks. Thats why we always need to backup. If you don't have a backup it may be better to loose the data, yo never, NEVER want to pay an attacker, so if you manage very important information you need to back it up.

The life and death of Aaron Swartz and why it matters. Part 1.

Aaron Swartz at Boston Wikipedia Meetup, 2009-08-18
(From Wikimedia Commons, the free media repository)

A couple of classes ago we saw the first half (and a little more) of the 2014 documentary feature "The
Internet's Own Boy: The Story of Aaron Swartz", directed by Brian Knappenberger. And, for a millenial that spends most of his time online, and is studying a mayor in computer sciences, I´m guilty, like many others, of not knowing who Aaron Swartz was. And, let me tell you, he was a pretty big deal.

As soon as the film starts I was ready for not liking this guy, he was a gifted boy genius, heavily opinionated and responsible for the creation of Reddit (a page that, to put lightly, has image problems). People with that profile usually score low on the likeability scale, they can be read as pretentious and hard to connect to in a human level. But I was pleasantly surprised that I was dead wrong, yes he was heavily invested in his work, but also he cared a lot about the PEOPLE who surrounded him, and how his work affected them.

You see, Swartz was quite a pioneer of the modern internet, maybe not a founding father per-se, but his work went from RSS, a page that can be best described as a pre-Wikipedia, and the aforementioned Reddit, all at a very young age. Swartz was all about sharing information, his brothers, interviewed on the film, mention that, apart from computers, he had a passion for teaching. He will explain what he learned at school to his brothers, he will read the entire textbook before class, he will spend his time toying with cd-encyclopedias, he wanted all that information to be accessible to the world, and he saw in the internet a way to do so.

Swartz ideas of a free open access to information are what really propelled him as a public figure, he became political, and his movement is synonymous with progressiveness. Net-neutrality, witch is still being endangered by the way, is one the things that we can thank people like Aaron for. Even doe I personally don't advocate piracy (I'm pretty much for supporting the artists and creators) I can see why the current models can be advantageous to corporations and bad for regular consumers thats why Swartz turned a blind eye (sometimes even encouraged) piracy. I was reading a Pitchfork article that mentioned Swartz about the subject and I can see why his ideals where becoming as radical as they became.

He challenged the system, he took it to himself to free information, which put a big target on his head. Giant information companies, and governments even, hated Swartz, hated him because they saw in Swartz movement a threat of losing money from their greedy hands. This lead to his arrest in 2011.

Join me in part two, in which I'm going to talk about the second half of the film and will go in depth about the political aspect of his life, the trials, and his legacy.