Ransomware has a nice scary name, which is good, because it can be really scary. It’s how the bad guys hold your computer hostage until you pay a ransom. If you don’t pay, you can lose everything on your computer.

How does it work? Well, first of all, it encrypts your computer. There’s two kinds of encryption, one way and two way. One way encryption is where your stuff is encrypted, but there’s no way back from it. Once it’s done, it’s done. Passwords are usually one-way encrypted, that way no one can reverse them and find out what your password is.

The other method of encryption is two way. I can encrypt something and turn around and un-ecrypt it (also known as decrypt). Two-way encryption uses a key to decrypt the encrypted string. If you don’t know the key, you can’t decrypt and your data stays encrypted forever. Unless you can figure out the key.

An Encryption Key

The hard part is you don’t know how long the key is, what is in the key, what isn’t in the key, you could spend the rest of your life trying to decrypt it by trying every possible string you can come up with… and still never do it.

Ransomware takes advantage of that. They encrypt your system and then demand a ransom so that they’ll give you the key. Pay them or… no more pictures, no more computer code, you lose everything on your computer, never to be seen again.

How do you get attacked? Well, the usual method is by spam. Despite what they show on tv or the movies, you generally have to let the bad guys in.

Click on that link in the spam or download a strange attachment or even find yourself surfing in a dangerous part of the Internet and you can be attacked too. Try not to let it happen! Don’t click on the link or download anything unless you’re absolutely sure it’s safe.

Fred goes spearfishing when he wants to catch that one particular fish. He picks up his spear and dives into the water and goes after that one fish for dinner. Similarly, a bad guy goes spear-phishing when they want to catch that one particular person.

Most phishing is spam.  It’s sent to as many people as possible in hopes of getting people to click on those links and get their information. It’s like what fishers do when they put nets down in the water and try for as many fish at once.

A net for fish (not phish)

The phishers (those guys sending out the emails) are after any kind of person, rich people, poor people, they aren’t going to be picky. They just want the login credentials so they can steal as much as they can.

Sometimes, though, there’s that one person the bad guy wants to go after. The head of a corporation, an Admiral, a General, someone with lots of power and access to information. Sending a wild ‘click on this link, give me your banking information!’ doesn’t get the bad guy access to that information the good guy has. It just gets them the banking information. So, they craft emails to send to these people and entice them to either click on a link in the email or download an attachment.

Once they click on the link or download the attachment, they’re infected with malware and then it can go to town. It can replicate itself, spread itself around, and generally be a nuisance. Like Ultron did.

The Ultron Threat

It wants to hang around as long as possible and steal as much information as it can. These are Advanced Persistent Threats, which isn’t a really exciting name, is it. I think we should go for the Ultron Threat, but they never asked me.

Protecting yourself from spear-phishing is similar to protecting yourself from phishing.  Don’t click on any links (even if they promise you your very own Iron Man!) and don’t download any attachments (even if they claim to be the code that Tony Stark uses to operate Iron Man).

If I want to catch a fish, then I go fishing. If I want to use social engineering and catch a user in my web of deceit, I go phishing.

A Fish not a Phish

In both cases I set out bait and hope for a bite.

Before I go further, let’s talk about what social engineering is. TV shows like to show the hacker sitting at their keyboard, clicking away and the magic occurs. They’re in the system and causing trouble.

It doesn’t always happen like that. What happens more often is that the hacker tricks the person (not the computer) into doing something that gives the attack an edge into hacking into the system. This is social engineering. It isn’t nearly as cool as the hacker sitting at the keyboard and clicking away, but it’s more effective.

In phishing, the hacker sends emails that have URLs in them they want you to click. So they have to bait you into clicking them. A common email is they pretend to be your bank and send you an email saying ‘You must log into your account because if you don’t, all the gerbils will eat your money!’ (That’s not exactly what they say, but they do give you a scary reason why you should do it). Then there’s a helpful URL in the email that you can click to log in.

A vicious money eating gerbil

This is where the attack happens. The URL may look like your bank, the page it sends you to may look like your bank, but it probably isn’t your bank. Especially if the email talks about gerbils. Once you go to that page and try to log in, you’ll probably get a ‘oops, something went wrong, bye!’ message. Or it might even send you to your real bank page and tell you to try again. Or it might just go away.

Now the bad guys have your information on how to log into your bank account, and there’s nothing stopping them from using that information to steal money from you. They didn’t even have to break into your computer to do it, they just stole it all.

How can you protect yourself? If you get an email that claims to be from your bank and wants you to do something, never ever click on any URL in the email. Or if it wants you to log into an account of any type, don’t click on that email either. If you want to check if it’s true, call your bank and ask. Or, you can type in the URL for your bank at your keyboard (NOT using the one in the email) and log in that way.

We all get email we don’t want. That email from your teacher telling you your assignment is late? Unwanted! Spam is email that is unwanted and is sent to multiple people.

Spam spam spam spam

The name came from the British Comedy group Monty Python. They had a song that talked about the meat in a can called spam and repeated the word an awful lot. The people who dealt with this in the early days of the Internet were fond of the song and the name just stuck. It’s spam.

It’s annoying and it can be dangerous. Spam can deliver malware to your system, and isn’t that just too rude for words. There’s two ways it can do it. One is to have an attachment and hope that you download it. If you download it, there’s a good chance you might get malware from it.

The other way is to hope you click on a link in the email. If you do that, you’ll probably download malware.

Either way, they want you to install malware on your system so that they can use your system for their own means.

So now comes the hard part, how do you recognize spam? Well, there are programs that do that for you. Most places that provide email have these in place, because they don’t like spam either. Gmail has one that puts all spam email into a quarantine area to keep it separate from your safe email.

Spam Quarantine

It only keeps spam email around for 30 days before deleting it. That’s because these programs aren’t perfect. They do their best to detect spam from not spam, but they aren’t perfect.

We know spam contains URLs for you to click on, but what if your friend sends you a link to an Imgur photo album for you to check out? Then the spam program could send your friends email to the quarantine area.

On the other hand, sometimes spam doesn’t get sent into the quarantine area. If you get an email with a random link on it, don’t click! If you’re not sure that the original sender sent you that, call (or text) and ask! Same for attachments. It’s better to be safe than infected.

A virus is that nasty little organism that can give you the cold or the flu, or any number of other diseases. It’s a horrdendous little critter that makes you feel awful. Good thing that there are vaccines for many of these viruses, right? I don’t want to get the flu every winter.

Viruses are not fun

Computer viruses are similar. They’re nasty little programs that can make your computer do things you don’t want it to do. They can search for information on your computer, make your computer send spam, make your computer be part of a DDOS, all sorts of things you don’t want your computer to do. In other words, viruses are bad.

Computer viruses

Which is true for both people and computers, they’re just different things. You can’t get a cold and give it to your computer and if your computer gets a virus, it won’t give it to you, I promise.

On the other hand, your computer can have a virus and you’ll never know. It’d be doing things you don’t want it to and without a monitoring program, your computer will be happily being bad. That’s why antiviruses are good for your computer.

A vaccine will stop one virus (and maybe some mutations of it). Antivirus programs try to stop all kinds of bad software, not just one kind. Without antivirus software, your computer could get that virus and did I mention how you might never know? Some computer viruses are really bad and try to make your computers useless, but most just try to make your computer do things that it wants you to do.

Computer viruses are also known as malware, which is short for malicious software. In fact, that’s the most common name for computer viruses. They’re used by bad guys to make money and we’ll talk more about the different ways they do that.

There’s lots of bad stuff on the Internet these days. In this post and the next few, I’m going to talk about some of the kinds of bad stuff and what you can do to protect yourself. The first one we’re going to talk about is a Distributed Denial of Service, or DDOS. It’s mainly called DDOS so we don’t have to type out Distributed Denial of Service every time (I admit, I copy and pasted that second one so I didn’t have to type it the second time).

A DDOS is where the attacker tries to overwhelm the target with so much traffic that they can’t do anything. Imagine your connection to the Internet as a pipe.

The Internet as a Pipe

The pipe flows both ways. It lets you send traffic to the Internet (like sending an email) or receive traffic (like reading https://computerlamp.net/). A DDOS attack fills that pipe up by sending you so much traffic you can’t do anything. You can’t send packets out, nor can you surf the web. You’re basically knocked off the net.

When a company is DDOS’d, they can lose money. For example, if I sell computer lamps on my website and someone DDOS’s it, I can’t take any more orders. I’m losing money because of this attack.

We’ve talked about how a DDOS can deny your service from happening, but where does the word distributed come in? In the old days, a massive amount of traffic would come to your computer from one IP address. It turns out, firewalls stop that attack really well.

The bad guys had to find a new way to attack and they did it by sending the traffic from many IP addresses. Blocking one IP address is easy, blocking 10,000 is not so easy. Especially when they change during the attack.

What do you do if you’re the victim of a DDOS attack? Well, if it’s just your home computer, you can probably wait it out. Or if you’re using DHCP, you can change your IP address and hope they don’t find you. If that doesn’t help, contact your ISP.

Last post we talked about firewalls and what they mean. I did a lot of talking about what the firewall should do, not how to do them. I also said the program that Linux uses is called iptables.

This time, we’ll talk about how to configure firewalls. Now, these are commands that can only be run as root, not as computerlamp or yourself. This is an informative post, not one you should run out and try. Unless you really really need firewall rules, then I suggest you Google for a more definitive list.

A firewall rule doesn’t exist by itself, it’s part of a collection. iptables calls these chains.

So, iptables has lots of flags. Lots and lots of flags. These are just a few:

The loopback (link) interface (lo) is the one where the computer talks to itself. The computer wants to talk to itself, so the command looks like:

iptables -A INPUT -i lo -j ACCEPT

That means add this rule to the INPUT chain. Now, for the loopback interface, accept all traffic coming in.

iptables -A OUTPUT -i lo -j ACCEPT

Add this rule to the OUTPUT chain and accept all traffic on the loopback interface.

Now suppose my friend is being really annoying and is attempting to hack my computer. I know what IP address his computer has, so I want to stop him at my firewall. Then he can be annoying all he wants, and I’ll never know.

iptables -A INPUT -s 8.8.8.8 -j DROP

Drop all traffic from the source 8.8.8.8 and don’t forget, add this rule to the INPUT chain.

Now 8.8.8.8 is Google’s public DNS server, so I don’t necessarily want to drop all traffic from there. I just didn’t want to publish my friend’s IP address.

Read the man page for iptables and you’ll see there’s all sorts of flags I didn’t mention. Remember, this isn’t for you to run out and try to change the firewall on your Linux system, it’s just to talk about what you could do.

We don’t want all the traffic we could possibly get to our Linux system. Some of it could be good, but some of it could also be bad. Some could just be, y’know, there. Like dust in the wind. But anyway, there’s traffic we don’t want near our system, like the traffic from people who want to do bad things to or with our computer. To prevent this, we use a firewall.

A physical firewall is a wall to prevent the spread of fire.

A Firewall for Fire

That would be spiffy, wouldn’t it? Surrounding the computer with a nice wall that prevents traffic. It would also make the computer weigh too much.

Instead, a computer firewall is a program. It’s designed to allow some traffic in and prevent other traffic from coming in. Similarly, it lets some traffic out but can prevent other traffic from going out.

For example, you want to surf the net, right? A firewall should let you do that. A web server is a server that hosts web pages (I know, I think it should have a spiffier name.) It runs on ports 80 and 443.

If you’re not running a web server, then there shouldn’t be any traffic trying to access that port. This being the Internet though, I bet someone does try. Just to be safe, let’s block it. We don’t actually put a block up like a physical firewall, we just drop the traffic. The computer says ‘what traffic? Never heard of it’.

On the other hand, if I start a connection to a web server and it says ‘well, today I’m going to reply on port 80’, you don’t want your firewall to drop that connection. You’d like your content, right? Give me http://www.computerlamp.net/ or bust!

That’s why there’s a rule that says ‘if I started the connection, let it finish’.

The standard firewall program for Linux is iptables. The rules can get quite complex, but so far, I’ve just talked about what we want the rules to do, not how to do them.

That’s next!