Should you trust public wireless internet?

Don’t let me get bored. Ever. I tend to do things I probably shouldn’t. Sometimes it’s harmless like acting a bit quirky to get a laugh or a reaction, other times I’ll just casually scan an open network looking to see whether the IT guy has a clue or not.

This is a story about one of those times. The latter of the two.

A few months ago I attended a conference at a fairly well known venue on the Gold Coast. They had a bunch of speakers talking on various topics and when one of the presenters started talking about cash-flow management my attention span went flying out the window.

Maybe I’ve been spoilt by too many truly engaging speakers, but it does seem like this is one subject matter most fail to deliver in an engaging way.

ANYWAY. I’ve got about 5 1/2 minutes before the next speaker to kill and realise that the venue offers a free guest WiFi service. “HAZZAH! This should kill a few minutes!” I think to myself.

So I sign my mobile phone onto the wireless network and quickly open up my trusty network discovery tool to see if it’ll show me anything.

Let me stop here for a second and explain a few things.

Firstly, the tools I use are publicly available in the Google Play (Android) store. They are not some special hacking or penetration testing software. You can download them too. I use Wifi Analyzer and Network Discovery. Enjoy.

Secondly, a guest wireless service should enforce a few basic security features.

  • Captive Portal. A captive portal is a system which forces you to a web page to authenticate in some manner to get access to the internet. You will see one every time you visit a hotel, the Qantas Club, or wherever some form of guest WiFi service is available – free or charged.
  • Client Isolation. Client isolation blocks access between devices on the wireless network. Effectively no device can see another. This stops one device from trying to ‘break into’ (or infect) another device on the network, or perform simple man-in-the-middle attacks by telling every other device on the wireless service that ‘it’ is the router.
  • Restrict Access to Infrastructure. No client signed onto the wireless network should be able to see any of the businesses infrastructure other than the captive portal website and the internet itself. No access to the router, wireless access points, switches, servers, etc etc.

So with all this in mind, let’s continue…..

My network discovery comes back and there’s about 50 or 60 devices on the network. I take a closer look and realise that some of the devices are mobile devices and laptops signed onto the network, but that’s not all. I can see the network switch managing the network and a bunch of other pieces of infrastructure.

This is wrong Dave!!

If I wanted to be malicious I could have launched a simple ARP-based poisoning man-in-the-middle attack which would have tricked every device on the network to think I was the router, pushing all their internet access through my mobile phone (yes, my mobile phone!!). This in turn would have let me collect a dump of all internet access on that network and with a small amount of effort I can guarantee I would have obtained someones username and password for an email account or some system they used that wasn’t properly secured.

But I’m not a malicious person. Instead I took a bunch of screenshots of what I found and searched for the General Managers details. I found them on his current IT providers website (in the testimonial section), searched his name on LinkedIn and sent him an email outlining what I’d found. He in turn forwarded the information to his IT Guy, who then promptly fixed the problem. Or at least, that’s what he told me. I haven’t been back there to see if the problem is fixed.

I don’t want to point fingers, but I had to laugh. Shortly after I reported the security issue I noticed the IT provider had updated their website to offer “Security Audits”….

ANYWAY. This a prime example of why using free wireless services is dangerous. We talk about hackers setting up fake wireless networks, but this was the venues own service and it was completely open to the world.

In this particular instance it was a fairly prominent venue, which means there is an intrinsic expectation of ‘trust’ we give them. Trust that their infrastructure is secure. Trust that we are safe.

How long had this problem existed for? I don’t know. Since whenever the wireless service was installed or upgraded, or whenever the last technician made changes to it. Who knows.

Do I think someone could have already exploited this problem? Quite possibly.

Should the venue notify guests that their security could have been compromised? That’s a really tough call. But if we change the question to “Would I want to know if my security was potentially violated?”, I would hazard the answer would be a resounding “YES!”.

What can you do?

  1. Don’t just sign on to every public wireless internet service because it’s there.
  2. Make sure that every account on your devices uses encrypted communications.
    1. If you’re using older style email services like POP and IMAP, use POPS over POP, IMAPS over IMAP, SMTPS over SMTP.
    2. Don’t enter account details into unsecure websites (HTTP).
  3. Don’t sign on to a public WiFi service because it’s there. Yes I’m repeating myself. You have data on your phone!!!

And don’t just trust that every IT guy out there knows about security. If your business is in the spotlight, get an external contractor to pentest (Penetration Test) your environment regularly and make sure you’re not being lulled into a false sense of security. The ramifications of this particular issue could have been monumental.

Your Anti Virus Won’t Save You Now…

In the last week, two of our clients got hit with the latest variant of CryptoLocker. CryptoLocker (and it’s variants) is the notorious malware that encrypts all your data and holds the decryption key to ransom, sometimes for thousands of dollars.

There is no way to decrypt the data. The malware will scan your personal computer first, appearing to start with your Desktop, working through your My Documents folder and then scanning through any mapped network drives you have. This all appears to be done in alphabetical order. (This is based on our observation of the two incidents.)

If you get hit, you have two options – restore from a backup, or pay the ransom!

The scariest part of all this is that one of these clients had implemented a good anti virus program on every computer, all emails go through a cloud based spam and malware filter, and they have an advanced firewall that scans all internet traffic for malware.

The good news is that this client also had our Back-Up and Disaster Recovery (BUDR) solution in place, which backs up their data every hour – so it was a trivial matter of restoring their data to the hour before the incident; although the time between infection and data restoration was 4 hours. Half a day of business that was lost, which could have otherwise been avoided.

How did this virus get in?

The 2nd client told me she had received a speeding infringement in her email, and even though she was dubious – she clicked it.

Ironically as I sat down to write this email I got a notification from our spam filter that an email from the “Australian Federal Police” with subject “Driving infringement notice” had been held in spam, I like to live on the edge, so I went ahead and released it from the spam quarantine so I could take a closer look.

NOTE: Don’t try this yourself. I used an isolated computer in a quarantined network. And this is the email that hit my Inbox shortly after.

It looks rather legit, although if you look closely the Engrish isn’t great and some of the words are spelt wrong. (“You’ve got been recently given having a drive intrusion” and at the bottom “Austrlian……”)

Taking a deep breath and clicking the link brought up the following website.

And lo and behold, entering the captcha (it actually did check to see if it was correct) allowed me to download a ZIP file called notice_262897.zip, which contained a single file. The file inside the ZIP archive has a display icon that mimics the icon used by PDF documents (Adobe Acrobat/Reader).

And here’s where the wheels fall off the cart….

At some point in the last 10 years, Microsoft wanted to make Windows “tidier” and thus hides the extensions of “known file types” by default. We as Users are so used to identifying a file type by the little picture, and this little sucker preys on that.

With “show file extensions” turned on, we realise that this PDF is not a PDF, but actually an EXE (Executable Program File).

And because I’m crazy like this. I ran it.

And sure enough, CryptoLocker strikes!

I didn’t have much on the computer, but whatever data files I had (Word, Excel, ZIPs, PDFs, etc) were all now encrypted (extension .encrypted). Attempting to rename them didn’t resolve the issue.

That computer has now been blown away. I don’t trust that the malware didn’t install something in the background to come back and attempt further malicious activities.

Why are we losing the war on modern threats like CryptoLocker?

I was at the Queensland Police “Fraud & Cyber-Crime” symposium last year and got chatting to an Iranian white-hat hacker (they’re the good guys). He basically told me that anti virus software as we know it is useless to modern attacks.

Why is that?

Cyber-Crime, the billion dollar industry it is, sells software that allows cyber-criminals to create new variants of the virus/malware at every run. The problem here is that even if they only created one new variant every 24 hours, for your anti virus to be able to detect the threat, the virus companies have to get their hands on a copy of the virus, analyse it, identify it’s unique signature, update their anti virus databases, AND THEN your computer has to download those updates.

That process generally takes longer than 24 hours, even if your anti virus software updated itself every hour.

So by the time your computer can detect the threat, it’s already been changed several times over. It’s a never ending game and you, the end user, aren’t going to be the winner.

That’s the first problem.

The second problem is that these attacks prey on our fear.

Since when did the AFP send out traffic infringement notices? I’m not intending to make you feel stupid. The bottom line is that the people sending out these attacks are extremely clever and they have worked out that if they focus on people’s fears they will get a better hit rate.

My own accounts lady got a number of emails that appeared to come from ME, asking her to organise a wire transfer. When she hit reply the return email address was [email protected] (not @insane.net.au). She very nearly replied to the email, except she was quick enough to notice the email address had changed!

So how do you protect yourself against modern threats like CryptoLocker?

You can have all the advanced defenses in the world – anti virus software; anti malware software; email filtering; internet scanning/filtering firewall; even lock the computers down so no one can change a thing or install anything and yet these threats can still hit you.

The #1 defense in this war is Education.

Your team need to better understand these threats, where they come from, how they target them, and how to work more safely.

We can help you with this. We can provide your business with a group training session designed to educate you and your team on these threats, how they attack you and how to be more vigilant. And this is information you can then go on and help educate your own clients with – which helps raise your profile as the “Trusted Advisor”, which is especially valuable in Business 2 Business relationships.

If you’re interested in a group training session for your business on the topic of Computer Security, give us a call on (07) 5539-6116. Group sessions are $240ex per hour and must be booked in advance.

What about the fundamentals? Do we still need anti virus?

Even if modern threats are not detectable by current anti virus software, there are still a lot of viruses, malware and spyware that cause problems for your computers that are detectable, by so no means should you give up on having the best protection you can afford for your business.

Our best practice for our clients is to have:

  • Up to date Anti Virus software on every computer.
  • Unified Threat Management (UTM) firewall scanning all internet traffic, limiting Internet access to approved, work related websites. (And blocking access to anything that is unknown or not approved!)
  • Spam and Virus filtering for Email.
  • Show file extensions for ALL file types and educate your team on what each of them means!
  • Block access to staff installing software themselves.
  • Block access to staff making changes to their computers.
  • Block access to USB sticks (Yes, I know everyone uses these for real business reasons).
  • Block ZIP, RAR, EXE, VBS, TAR.GZ and other email file attachments.
  • Use DropBox* or some other system to transfer files to and from clients/other businesses.
  • A reliable backup strategy that will allow you to recover your files quickly in the event of an outbreak.

And if you get hit, TURN THE COMPUTER OFF IMMEDIATELY.

Don’t leave it sitting there. Most of these attacks install other malicious code that try and use your computer as a launch point for their next attack, or leave something around that they can re-activate later or use in a BotNet to launch a distributed attack on someone else.

NOTE: The other day I got sent a link to an attachment that was hosted by a DropBox account. The file was a ZIP file, with an executable program in it. I didn’t run this one, but my money is on it being another threat.

If you’re wondering how protected your business is, give us a call on (07) 5539-6116 and we will come out and provide you with our proprietary 90-Point Network Assessment, which looks at all aspects of your business technology, and not just the physical equipment!

Different Kinds of Computer Repairs

In order to get the right service with regards to computer repairs on the Gold Coast, it is important to have a good idea about the different kinds of specialisations in that field. Mentioned below are some of the common types of repair jobs done by reputed service providers in this city.

Virus Removal

Companies involved in cloud computing often require expert advice to handle the infestation of viruses from in-house systems, without risking their critical data. Computer repair agencies and individuals go a long way in getting their systems back in order.

Hardware Repairs

IT services on the Gold Coast are incomplete without the help of those who deal and correct the many physical damages incurred to computers and/ or their peripherals. From paint jobs to dents, and other structural issues, these third party service providers do it all.

Accessories Repair

Computers in professional as well as home setups come packaged with a host of essential accessories such as scanners, printers, copiers and so forth that require repairing from time to time. Experts in hardware repairs may not be fully equipped with the methods of repairing the accessories as they have different components.

Data Recovery

Certain issues may lead to the loss of valuable data. Under the circumstances, specialists in the field come to the rescue and help in tracking lost information and preventing permanent loss of data; thereafter experienced professionals can be called in to recover the same.

Maintenance services, troubleshooting as well as correction of networking errors are some of the other complicated repair areas that require the attention of professionals in the field.

IT Consultant Services – Guaranteeing Data Safety and Security

A common problem most online industries confront every day is slow or poor system performance. With everything digitized, industries like medical, with massive databases often encounter difficulties in accessing and using the patient data effectively and efficiently. This could affect the performance and productivity and needs to be resolved at the earliest possible.

Adding salt to the injury, online threats will worsen the situation and this would be detrimental for any business. Data and identity theft are the most common threats that impact 90% of medical industries today and this can eventually lead to loss of customers as well. Besides, the patients’ information stolen can be used for fraudulent activities and this will create a negative impact about the medical organisation in the minds of customers. In short, ensuring the safety and security of your client database is crucial.

An effective solution to overcome this persistent issue is by hiring medical practice IT Support. A professional or expertise with the technical know-how on data security will help any industry with necessary solutions to prevent the system from various online threats liking hacking, malware, or virus etc. Industries often miss out customers when focusing on making money and this could be a fatal blow to their success.

Outsourcing innovative medical practice IT support services is recommended as they understand the nature of the industry and provide the business with most formidable and reliable solutions that help keep the patients’ data safe and secure. Besides, the services are highly affordable as well.

How Cloud Technology Can Help Medical Practices

The use of technology has enhanced the way medical practice’s operate over the years. Almost every medical practice has its records stored digitally in a server-based environment. The most recent enhancement in the field of information storage comes as a result of “the cloud”. The advantage of storing information in the cloud are many. Here are some major benefits the cloud offers toward medical practice IT support.

Easy data access:

The cloud can help medical practices with more effective storage and retrieval of patient data. Records updated in the cloud can be accessed from remote locations. Due to the enhanced resources offered by cloud providers, data access is more efficient, resulting in fewer delays for staff.

Faster implementation and learning:

The cloud approach enables a medical practice to have information always available. Training of a new system is always the biggest impact in the implementation of a new project or system. As most current Practice Management System’s are cloud-ready, the training impact is severely minimised.

Always available:

Due to the nature of most Cloud technology, the data is always available, meaning there is no risk of being unable to access critical data in a time of a medical emergency.

Less infrastructure investment:

Many advanced systems can be used with limited or no hardware investment. Cloud technology enables medical data to be stored securely on remote servers not owned by the practice. This ultimately leads to monetary benefits to the practice. The cloud ensures the best technology to all across the medical fraternity, ultimately benefiting the patient through best healthcare.

If you are planning on outsourcing your medical practice IT support look out for quality and credibility. Experience over a wide are of computer related support is preferred.

If you’re a medical practice on the Gold Coast with 5 or more computers, we offer two hours of free computer support so you can experience first-hand how we will take your computer problems away finally and forever! Visit http://www.insane.net.au/ for more information.

Upcoming Webinars

Upcoming Webinars

We run monthly educational webinars on the last Thursday of every month @ 11.00am.

These webinars generally go for between 30 and 60 minutes, depending on the topic and any questions you may have.

To register for the next webinar, click the topic you’re interested in.

  • September 25th – Are FREE Public Wi-Fi Services Putting You At Risk?

    Free Wi-Fi is pretty much everywhere these days – it’s available in hotels, café’s, restaurants, and some businesses are even offering it for their customers. But could you be putting yourself at risk by “signing on” to that “FREE” service?

    What you probably don’t realise is how easy it is for hackers to take advantage of your willingness to use FREE Wi-Fi so they can steal passwords, credit card details, your identify, and infect your computer so that it can be used later in their botnets.

    Register NOW for this upcoming webinar.

  • October 30th – Are Your Staff Inadvertently Leaking Confidential Information and Putting Your Business and Your Clients At Risk?
  • November 27th – What Does Your Business Need To Have In Place NOW, To Be Able To Protect Your Data From Disasters, Accidental Human Error, Hackers and Viruses
  • December – No Webinar
  • January 29th – TBA
  • February 26th – TBA
  • March 26th – TBA