What to Do Since the Geeks Can be Compromised

By Kevin Freeman
May 30, 2017May 30, 2017

Yesterday, we sent an important post, What Happens if the Geeks are Compromised. It explained how Best Buy's Geek Squad has been connected to the FBI. While that's not a bad thing from a national security view (putting aside the privacy concerns for the moment), it does raise questions regarding the loyalty of various IT support services. The blog went on to explain how IT support can be infiltrated, and helped expose a potentially serious threat to our own Congress. If you didn't read it, be certain to do so now.

Our government has a real problem in protecting itself, let alone our national security infrastructure. Businesses are left to themselves to protect against cyber threats although required by law to do so in many cases. Sadly, there is no provision for protecting individuals. Basically, you are on your own. Worse still, this isn't something you can do alone.

Short of unplugging your computer and replacing your smart phone with a dumb phone, there is no way to protect your personal residence from cyber threats. And, even if you do unplug and downgrade, your life is already delicately intertwined with the world-wide web. There's no way of eliminating that risk unless you operate solely in cash and use a bank that doesn't exist–one that is also unplugged. You'd have to go fully "off grid," eliminating externally produced electricity, pumping your own water, avoiding doctors and medicine, and hiding in the woods to be mostly untouchable by cyber threats. It is simply not practical. And, it would be far less than fun.

The reality is that we must all take reasonable risks and precautions. And few, if any, of us are sufficiently prepared to go it alone. Most of us need serious help. But with the risk of "geek compromise," where do we turn?

First, be certain that you follow the hygiene rules we laid out in an earlier post, The Mother of All Hacks and What You Must Do About It. This includes keeping your operating system fully updated with patches. Of course, this can seem ominous, especially to the computer challenged. There are several ways to address this. Please note that we are not endorsing or maligning any products or services, merely pointing out some perceptions, opinions, and facts that you might find useful.

Some people choose Apple over Microsoft or Google operating systems. Apple computers are generally perceived to be less vulnerable to viruses. This may be due to the fact that there are fewer in service and thus the target size is smaller. Most people believe the architecture to be more secure in general. And, with an Apple purchase you get access to their Genius Bar at Apple stores. This offers a generally secure environment with hopefully uncompromised and reputable employees to call upon for service. Even still, there are a number of security software options available for Macs.

Another option is to purchase a Windows-based computer from a reputable store that provides service. Just be prepared to travel back and forth as needed for service, although remote service may also available in some cases. You will also need to install some sort of antivirus and anti-malware software, which can be pre-loaded. And, this software will need to be kept up to date. This also may require professional assistance.

Some may opt for a reputable Internet-based seller such as Dell. You can buy computers that are customized and pre-loaded with security features. You can also buy in-home service packages as well as online or telephone support. Of course, Dell computers have at times demonstrated serious security flaws as well. As stated below, there are no perfect solutions.

Having a computer requires vigilance and awareness. And it is best to have a relationship with someone you can know and trust, whether as a company or an individual.

What you MUST NOT DO, however, is to take calls over the phone claiming that you have viruses. These are virtually guaranteed to be scams. If you don't get anything else from this Blog Post, get this: Anyone who calls you claiming to be from Microsoft, Google, Apple, or even an Anti-Virus company and tells you that your computer is "sending out viruses" is a con artist. Don't talk with them regardless of how convincing they may seem. Their purpose is to get you to install viruses not to remove them.

Here is an excerpt from an article in UK's Express (April 9, 2017):

According to a top security researcher, criminals are targeting victims all over the world with .

Masquerading as employees from the likes of Microsoft, Google or Apple, the scammers are able to persuade victims into installing harmful malware onto their devices without getting their hands dirty – and then making off with your data….

"Microsoft, or Apple, or whoever they would never call your house and tell you that you have a virus on your computer – it will never happen!"

If you have already fallen victim to such a scam, the Express offers advice regarding what to do next at this link.

Just to drive the point home, here is what Microsoft says about this scam:

It is a SCAM!!! Microsoft does not do that nor do they have partners who do that nor do they hire sub-contractors or people or even get volunteers to do that. There are probably thousands of such companies out there doing this every day – we get two or three messages like this (or more) every day asking about it. You are the lucky ones who recognized the scam enough not to be sucked into it and end up with identify theft, infections, hacking of your computer, convincing you to buy software or services you either don't need or that don't really exist at all, and all sorts of nefarious tricks. You'd be surprised by how many contact us AFTER they realized they'd been suckered asking what to do. Do not waste time talking to these people, do not give them any personal information whatsoever, do not be tricked by what they may get you to see on the computer – in fact, don't do anything they suggest on your computer or even visit websites they recommend, and for heaven's sake don't give them access to your computer.

Microsoft knows this goes on but with these companies springing up like dandelions, or closing and changing names when discovered, and mostly operating in foreign countries, it would take an army of lawyers to pursue every one of them. They do the best they can, but there simply are too many and more get added every day. People have to be careful of these things. They not only occur by phone, but also by e-mail, instant messaging, regular mail and every way imaginable. Just remember that Microsoft does not do this and hang up or delete emails or messages or mail from anyone claiming they are doing this because they know information about your computer or want information from you to confirm your account so it won't be closed and ask you for your username and password and all sorts of other personal information. Microsoft DOES NOT DO THIS!

WIRED Magazine played along with one of the spammers and recorded it to show you how the same works. It gets very tedious but you can watch the scam unfold.

Another scam that happens daily is a pop-up ad that appears as a very official looking virus warning. If you click a link or call the number, you will be subject to a very similar full court press to access your computer. Here is a description of this type of scam. And here is some advice from Microsoft in dealing with it if you unfortunately see one of these pop ups. Here is an article thread from Apple users on the same subject.

A lot of this comes down to finding someone trustworthy who can help you. In light of what we shared in the last Blog, this gets a little complicated. Even if you find a reputable service team, you still need safe and secure software and hardware. At some point, you are going to have to step out in faith. Therefore, you must be as confident as possible in where you are stepping.

This raises a delicate point. Would you trust an anti-virus software produced in Iran or North Korea? Of course not. But what about China or Russia? There it gets more complicated. One of the best-known and highest regarded anti-virus packages is from Kaspersky Labs, a Russian-based company. Kaspersky has a strong track record. And yet, senior defense and intelligence officials have expressed hesitancy in employing them. This from a May 11, 2017 report at ABC News:

Senior members of the U.S. intelligence community are for the first time publicly expressing concern that one of the world's largest cyber-security firms — Moscow-based Kaspersky Lab — could pose a threat to the U.S. homeland.

The acting head of the FBI, Andrew McCabe, told the Senate Intelligence Committee today that his agency is "very concerned about it … and we are focused on it closely."

Robert Cardillo, the director of National Geospatial-Intelligence Agency, said he is "aware of the Kaspersky Lab challenge and/or threat." CIA Director Mike Pompeo said the matter "has risen to the director of the CIA as well." And the head of the National Security Agency, Adm. Mike Rogers, said he is "personally aware and involved" in "national security issues" associated with Kaspersky Lab.

Until those remarks at a Senate Intelligence Committee hearing today, such concerns have been communicated only behind closed doors and in private memos, as ABC News first disclosed in a report Tuesday….

Current and former U.S. officials worry that Russian intelligence could seek to exploit Kaspersky Lab's widely-used software to steal and manipulate users' files, read private emails or attack critical infrastructure in the United States. And they point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies…. [Read the entire article at ABC News.]

Kaspersky is a software and services company. And, they have been known to do excellent work, even one time outing a Russian hacking effort. But the concerns of senior defense officials does give reason for pause.

There are also concerns with some hardware companies as well, like the former IBM ThinkPad now a Lenovo computer. From a Bill Gertz report (October 24, 2016) in the Free Beacon:

The Pentagon's Joint Staff recently warned against using equipment made by China's Lenovo computer manufacturer amid concerns about cyber spying against Pentagon networks, according to defense officials.

A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The "supply chain" is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.

The J-2 report was sent Sept. 28, and also contained a warning that Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks.

The report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.

One official said Lenovo equipment in the past was detected "beaconing"—covertly communicating with remote users in the course of cyber intelligence-gathering.

"There is no way that company or any Chinese company should be doing business in the United States after all the recent hacking incidents," the official said.

About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute. In April, a Chinese Academy of Sciences space imagery expert, Zhou Zhixin, was named to a senior post in the Chinese military's new Strategic Support Force, a unit in charge of space, cyber, and electronic warfare. China has been linked by the National Security Agency to large-scale cyber spying against both the Pentagon and American and foreign defense contractors. [Read the entire article at Free Beacon.]

So, what is the best way to protect yourself? First, make certain you have an updated computer with an updated operating system. Look for hardware from a trustworthy manufacturer subject to U.S. law. Get professional IT support from someone you can trust. There may be someone at your church or a friend of a friend. Or, you might get support from the manufacturer.

When looking at Anti-Virus software, you might check out the 10 highest rated suppliers from PC Magazine. You should note that Kaspersky made this list. There are also well-known suppliers like Bitdefender, McAfee, and Symantec. For Mac users, check out the Top 11 list PC Mag provides. Of course, this is just for your computer. There are whole other issues to consider regarding your Smart Phone and Tablet device. We will save some of that for a future Post.

The point is this: It is essential that you begin to consider personal cyber security. You must do it with the awareness of supply chain risks. Look for a trusted supplier or support person. And by all means, DO NOT FALL for the telephone scams.