Monday, 2 June 2014

Two weeks to prepare for cyber attack


This has all the hallmarks of an incipient panic. I remember the panics over Jerusalem, Datacrime, Michelangelo and others. The big thing that those had in common, was a deadline The National Crime Agency (NCA) is stirring this one up, and they've set a deadline - two weeks, meaning June 16. And what are they recommending?

Update your operating system (modern OSes already do this automatically).

Think twice before clicking on links or attachments in unsolicited emails (aren't people already doing that?).

Do a backup.

Of all their advice, the third is the most useful, and the least likely to be followed.

"Users are typically infected by clicking on attachments or links in emails which may look like they have been sent by genuine contacts". So these aren't unsolicited emails, they're emails from people you already knew.

I predict:

An increasingly loud series of warnings from the media, who simply love this sort of thing, it's a real circulation-booster. And then, on June 16 (two weeks from now), the media switches smartly into reverse and castigates anyone who issued a warning (except themselves, of course) because on June 16 ... nothing happens.

A big increase in fake security software - you can read my recent blogs for an incident where a scammer tried to convince me to pay them loads-a-money and install a trojan on my computer. Lots of emails warning about the two week deadline, and advising "click in this link to protect yourself".

The NCA thinks that 15,500 UK computers have this thing (which they name as GOZeuS or P2PZeuS. If they're right, that's actually a very small number out of the many millions of computers in the UK.

But what I haven't seen anywhere, is any reason for the two week deadline. What is supposed to happen on June 16?

So, here's some advice from someone who has been in this field for 25 years. Me, that is.

1. Do a backup, at least once a week, probably once a day. Yes, I know you aren't actually going to do this because it's "too difficult". But the reason for doing it, is that your computer will fail. Probably not on June 16, probably not this year, probably not next year. But one day, it will simply not work. What, did you think computers lasted for ever?

2. Run Linux, not Windows. Linux, as of 2014, doesn't get hit by this sort of thing. Yes, I know you have some wonderful program that only works with Windows and you aren't going to run Linux.

3. Don't do banking online. I don't. I don't use cash machines, either. Because A) I don't see how either of those can be made secure, and B) as far as I can tell, banks don't really care about computer security. A cash machine on the inside (not on the outside) of a bank might be OK.

When I buy things online, I go via Ebay, Amazon, or one of a very, very small number of other sites. Ebay offers a conflict resolution - I can get a refund if I'm scammed. I pay via Paypal; Paypal offers a conflict resolution - I can get a refund if I'm scammed. And my payment to Paypal is via a credit card with limited funds, and if you use a credit card, you can dispute the transation and *always* get a full refund, unless you've actually, physically, signed a sales slip. So I have three layers of protection.

Roll on June 16th. It's always fun to watch a panic in action.


  1. I suspect the 2-week deadline derives from the wholly theoretical assumption that the ZeuS/Cryptolocker botnet commanders would need at least that amount of time to put in place another infrastructure for their malware. With said malware not currently functional (i.e. it has nowhere to phone home to for instructions/updates) it can be more easily removed from any currently infected system.
    I suspect that the ZeuS infrastructure has been terminally affected. We await with interest the phoenix that will - undoubtedly - arise from those ashes, given that one estimate posits that US$27million were paid over to the ransomers in just two months (

  2. "Known losses caused by the malware are estimated to be around EUR 75 million"

    Are they "known" or are they "estimated"? My guess is, they're guessed.

  3. Ok, here goes
    No 1 I don't do a back up, you are right, is it too difficult, probably not, just don't want to pay for the hardware to back it up and "can't be bovvered". But, every time I use my machine i work on the basis, if this doesn't power up next time whats the damage? So I only put on it what I don't mind losing.

    No 2 Been there done that got the TEE shirt. There IS nothing on Windows you cant run on Linux!... is there?

    No 3 Tough one this, unlike you, I cant ramble around the countryside during the day looking for caches, I mean banks! So, I use my Linux machine hardwired to the router and surely that "https:" thing MEANS something!! :)

    ps I too have a credit card with limited funds, :)))))

    Enjoy your day out, it looks like it will be dry today!