Your IT Solutions Expert

It's likely about to be a very bad day for three medical facilities and 655,000 patients whose information has been put up for sale on the TheRealDeal market, a marketplace, located on TOR, that specializes in selling numerous illegal items.  

In an interview from 2015 with the market's admin, "...basically we consist of 4 partners who have a lot of experience in infosec...We decided it would be much better if there was a place where people can trade such pieces of information and code combined with a system that will prevent fraud and also provide high anonymity."  Fantastic!  We certainly wouldn't want those in the business of perpetrating fraud on others to be defrauded themselves... (Yes, that's sarcasm.)  Included in the list of items for sale are a variety of exploits (both known and unknown / not yet patched), databases (like the ones TheDarkOverlord is selling), code, drugs, hardware including physical hacking tools, and specialty services offered by hackers (such as paying for a hacker to access a specific email account or acquisition of a specific document - think corporate espionage).

So nearly everyone is talking about Apple and security, but almost no one is providing the facts in the conversation.  On the one side you have SECURITY, PRIVACY, GOVERNMENT OVERREACH, on the other side you have NATIONAL SECURITY and SAFETY OF ALL AMERICANS.  But around the hype what are the actual facts?

For anyone unfamiliar with the case, this surrounds an iPhone recovered by the FBI that belonged to one of the San Bernadino terrorist's who attacked a holiday party, December 2, 2015, killing 14 and wounding 22.  The phone in question is reported to have belonged to Syed Farook.

Tim Cook wrote in a letter issued to their customers, "We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."  That reads so pro Apple customers and the protection of their devices that how can you possible disagree with Apple?  

A client of ours arrived at work to discover an email from the IRS in her inbox.  Concerned about it's legitimacy she contacted us.  Below is a copy of the email.

The first hint that this is fake, for those who haven't heard the IRS announcements that they will never email you, is the email was in her Junk mail. Typically important / legitimate emails don't get routed directly to the Junk mail box.  Sure it happens occasionally, but it's certainly an easy first test of legitimacy.

As per their MO we see the scammers are hoping to work on people's fear instead of common sense, with the last line being the threat of "Failure to comply..."

So you're busy shopping on the Internet when for one reason or another, you've clicked on a website link, clicked on a link in an email, etc, and this Paypal page opens. But did you check to see if it's really Paypal before attempting to put in your username and password?

While this website is an awfully good imitation of Paypal the domain name / web address is the giveaway. preinformized.com is most certainly not Paypal.

For reference, here is what Paypal's website currently looks like.  Notably, until very recently Paypal did have the login on the top right of the front page of the site, however as their website is being spoofed frequently it is good to make frequent changes, like this, to help consumers differentiate their site from the fake ones.

Business owners love planning, creating, promoting and selling their business, and most dread dealing with technology – so then why do so many insist on trying to manage it?

The answer for many is simple, it’s a nuisance that is an absolute requirement for their business’s functionality, any down time hurts the bottom line, but it can be so hard to find a company you trust to take care of your technology for you.

How many have experienced hiring a new IT company only to have them come in and start putting their stickers on everything? Or more concerning to the bottom line, come in and tell them it’s all old, out of date and needs to be replaced? Have you become accustomed to wait times for service of a day or longer, making it easier to just try and fix it yourself? Or worse a persistent problem, like a virus on a computer that no matter how many times your IT company comes out they just can’t seem to get it removed?

You've heard over and over again that you must have a secure backup of your company data, but have you stopped to consider what you'd do in the event of a disaster?  How would that data be restored to a fully functioning office environment?

The answer to those questions hinges on two variables - first what was the nature of the disaster? Second what type of backup do you have?

Put in slightly different terms, having a backup of your company's data merely means that you have a copy stored somewhere, it does not mean you have an instantaneous way to restore your company's network back to full functionality.  This is not what you want to hear and comes as a shock to many business owners who thought they'd done what they needed to do by having a backup of their data.

Welcome to your next parental nightmare!  Boys at one local Reno high school, are reportedly coaxing topless photographs out of high school girls then trading and collecting them like baseball cards. This information has been brought to us by a high school student's parent who says her son informed her of the trading game. It is unclear if the school's administration is aware this game is going on.

As parents we know that sexting is a serious problem and do the best we can to dissuade girls from turning themselves from young women into mere sex objects, but this account takes the issue to a level only seen in a handful of cases, like the Vermont Sexting Ring. Not only are these girls sharing naked photographs with one boy, possibly believing that he will keep it to himself, they are literally sharing it with most of the boys in the school and depending on the true extent of this game perhaps across multiple local high schools.

Recently we've had several people come to us having been hit by a nasty piece of Adware.  This particular pop-up is insidious as it's a two part pop-up, see the attached screenshot.  First you have the large underlying pop-up with the information that says "Call XXX-XXX-XXXX immediately."

Have you been locked out of an account due to entering the wrong password too many times? That was rhetorical; unless your password is "password" (and it better not be) everyone has managed to lock themselves out. Even someone using "password" can manage it if they don't realize Caps Lock is on. But here's the real question - why don't hackers get locked out when attempting to get into their victim's accounts?

If you've been watching USA's new serious Mr. Robot you might be under the belief that, like Elliott, hackers research you and then using a well thought out plan they try passwords that include information about your birth date, family, pets, sports teams, nicknames, address/phone numbers, etc until they find the magic combination to your password.  That scenario doesn't hold water when you look at the facts of an account lockout - it doesn't matter if it's you or a hacker if the lockout says 5 tries and you're locked out, that's what's going to happen.  Even the few variables listed above amount to thousands of options.

So how do hackers do it?