Saturday, December 31, 2016

My advice to the Dept. of Homeland Security on malware protection


I see where two of my favorite journalists, Glenn Greenwald and Shaun King, are being accused by Twitter trolls of being "cheerleaders for the Russians" over their skepticism of the Putin fever now sweeping the country. I'm equally skeptical. But they can't pin that label on me.

I've been expressively down on the Gulag "socialists" since the '60s and the Czech invasion. That is, except for a brief stint playing and coaching baseball there during the final days of the Soviet empire in 1990. But that's a whole other story.

But even I have to admit I was shaken by news this morning that the Russians had hacked Vermont's electrical grid. For one thing, I didn't even knew Vermont had a power grid. I thought all you had to due to cut power to Burlington or Brattleboro was to snip the hoses leading from the pig's methane pits to the light bulbs. Oops, sorry Bernie and Howard.That was a bad joke.

The WaPo story goes as follows:
A code associated with the Russian hacking operation dubbed Grizzly Steppe [I used to play ball with a guy named Grizzly Steppe -- m.k.] by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
 Vermont Sen. Patrick Leahy issued a statement warning: “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.
 While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter [Now see that's a problem. Loose lips...], the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.[Yes, I hear both sides have been doing that since the Cold War].
But a careful read of the story shows that one laptop at the Vermont utility -- not connected to the grid -- was found to have been infected by this malware, which is available for purchase by anyone through the criminal, underground marketplaces for hacking tools.

But for argument's sake, let's say that the Ruskie hackers did penetrate the system and plant their malware. How did they do it? Simple. According to the WaPo story, they wrote fake letters.
According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
That's right, fraudulent letters. I imagine they went something like this:
Tovarich, I mean recipient. I am a high school student doing my term paper on Vermont's power grid. Pleas send me all your пароли, I mean passwords. Thanking you in advance for your help. Spasibo, Boris
Now I'm no expert, but I've come up with a few relatively easy-to-follow suggestions for the Dept. of Homeland Security on how to avoid Russian malware and password theft, short of a no-win cyber war with the Russians, Chinese, Israelis, ISIS and the rest of the rest of the worlds' hack crazies.
  1. Send a memo out to all state electric company personnel advising them not to give out their passwords over email, especially to high school students named Boris. 
  2. Change passwords every so often. 
  3. Subscribe to malware protection. I use Norton. They're pretty good. Runs me about $49/yr. 
To all the rest of us, I suggest we get our eyes back on the prize. 

See you on Jan. 21st. #ResistTrump

3 comments:

  1. This shows how easily manipulated Democrats, as well as Republicans, are by the media and by leaders of a political party willing to lead us into war to cover up its own failures. If you don't like America being hacked, look no further than the NSA.

    ReplyDelete
  2. Gulag socialists indeed, Mike. But what about the gulag Maoists in China?

    ReplyDelete

Agree? Disagree? Let me hear from you.