With Congress recently giving the FBI permission to hack any phone or computer without a warrant, we the people need to begin serious discussions about protecting ourselves (regardless of whether we have anything to hide). With the approach of the Internet of Things and the extra vulnerability that will create, this conversation is long overdue, and it isn’t one that most people are interested in.
Recently, something like a million phones were used in the Mirai Botnet, and I would venture the guess that 99% of those phones are still infected, their owners blissfully unaware. This week I removed nine–yes, NINE–password stealers at a client’s business, which I found simply because of that spidey sense I.T. people develop that tells us when something is wrong.
Then, of course, there’s Standard Confused Reply #1: “I don’t understand. Don’t we have an anti-virus?”
I’ve been clear about antiviruses for years. They’re garbage. They are pacifiers and nothing else, which is, funnily enough, exactly why I install them for clients: to pacify them. They don’t do anything of any use or value to anyone. I’ve not run an AV on my personal computer in more than a decade, and it’s fine–it’s always been fine. Meanwhile, I watch porn, browse Tor, download torrents…
Whatever pacification value they have, antiviruses certainly become useless when you’re running unsupported operating systems, defunct software, and have legitimately disabled your firewall. And if the password for your business Wi-Fi is simple enough that I can guess it in ten tries, any single one of your customers could have strolled in and accessed everything on your network they wanted.
I didn’t set up this hacker’s dream. I’d never do such a thing. But they won’t pay me to do it right, and the guy who set it up isn’t as security-minded as I am. Most people aren’t, honestly. Security is almost never a point of contention, as even other I.T. people take it for granted that the SonicWall will protect the client, Windows will protect the client, an anti-virus will protect the client…
But that’s not why I’m writing this. The point of the above is to say that if you think those tools are protecting you, then you’re in a blissful state of ignorance. They protect you only as far as you’ve never needed to be protected. They’re more like smoke alarms than anything else; they won’t put out a fire, but they’ll probably let you know that you have one.
The more important consideration isn’t even your computer. It’s your phone. Whatever information your computer has about you, it is nothing to what your phone knows about you, and Gooligan just infected 1.5 million devices to gain access to a ton of people’s information. As I mentioned before, the Internet of Things is on its way, and we couldn’t possibly be less equipped and ready to deal with such a momentous undertaking.
Ready or not, here I come.
And oh yes. It’s coming.
It’s largely already here.
Do you have any idea how absolutely critical your smartphone has become to your life? If you’re anything like the average American,
- it is how you check Facebook.
- It is how you check Twitter.
- It is how you check your email addresses.
- It is how you text message.
- It is how you Facetime or Skype.
- It is how you read the news.
- It is even how you make calls. lol
Odds are that your smartphone is critical to your life and that you would be almost helpless without it. If you really want to see how much it affects you, have a friend of yours take your phone away from you for one day, and let me know how long you last before you’re begging and on the edge of tears, asking for your phone back. Now that–that device we’re talking about, the one critical to your mental well-being and your connectivity to the world–that device that is the critical linchpin of your world–is also the most insecure device in your world.
First things first–Apple or Android?
For the I.T. professional, there’s no question. Android. However, there’s a caveat to that. When I say “Android” I don’t mean the stock rom that your Galaxy S7 came with. No, I mean a custom rom, something like CyanogenMod or SlimROM.
Slimroms, is back, baby!
Now, let’s be clear here–installing a custom rom to your device is no easy feat. We can discuss the legality of it, if that’s your thing, but I don’t care to. For the sake of your privacy and security, it is necessary. However, you should be technologically adept enough to be comfortable finding and following a guide on how to do it. If you’re not, then congratulations–you are part of the 1.5 million people infected by Gooligan, almost certainly.
These things are critical to our lives, and they know almost everything there is to know about us. They know our pictures, our email addresses, our friends, our ex-girlfriends–even if the device itself is too dumb to know what all that information is, the fact remains that, unless you wipe your phone every six months, then all that information is right there, ready for anyone who can make sense of it to access it and make sense of it. Your phone is the ultimate Trojan Horse–brought into your life because of its awesomeness, its convenience, and its wonderful features, where it then learned almost everything there is to know about you, and where it functioned as a tunnel directly into your “city” from the outside world, because you don’t understand enough engineering to recognize that large tunnel under the horse that happens to lead right back to the encampment of enemy soldiers.
Okay, that… got away from me a bit.
Are you familiar with the show King of the Hill? In one episode, hyper-paranoid Dale Gribble is given a fish from the tobacco company that he is suing and stupidly takes it into his home. Being the paranoid that he is, he notices the wires and realizes that he is being bugged.
Well, if you have a smartphone, you are being bugged. The only question is whether someone is listening on the other end.
There is no “ten steps to ensure you’re protected” guide that I can write, and if anyone presents you with such a guide, you can be sure of two things: they either overestimate their own skills or they’re trying to sell you something, with item #10 being “install our totally awesome software that will do all this for you!!!!”
Months ago, I wrote about Windows 10, how I love it, how I hate what it stands for, and simple steps that you can take to ensure that your computer isn’t sending all of your information back to Microsoft. What, you think Microsoft suddenly gave away an operating system out of the goodness of their hearts? No, the operating system itself is spyware, just as Google Chrome is. What, you think Google just gave you a free search engine and web browser out of the kindness of their hearts? No. They’re collecting information on you, and selling that information to advertisers. Well–sort of. Since they are the advertising platform, they aren’t actually selling the information but using it as leverage to get advertisers to buy adspace with them. It’s complicated, but I’ve gone into it too many times to do it again.
Microsoft, having failed with Bing to chip into Google’s Search engine, and having lost the browser wars with the trashy IE getting stomped by Firefox and then Chrome, saw one last opportunity and went for the operating system itself. By default, they win. That’s what it’s all about–these companies, including Apple–are competing with one another for you, because they want that information on you, and they want that information on you because it gives them leverage to make more money from advertisers. Seeing their web browser bite the dust, Microsoft tried Bing. Seeing their search engine bite the dust, Microsoft went one step deeper, and so far they’ve been successful. Why do you think Windows 10 was practically forced onto people?
For fuck’s sake, if you had a pirated copy of Windows 7 or 8, they made your copy of Windows legitimate.
Anyone who knew anything about Microsoft knew the whole thing smelled fishy.
But even those steps I gave won’t help you protect yourself. They’ll just help you keep your data from going to Microsoft. They won’t do a damned bit of good to keep your info out of Google’s hands, and, if you’re using Google Chrome, then nothing can keep your info out of Google’s hands–you’re agreeing to give them that information when you click “Yes” to all those terms. You may or may not think this is a problem, but when the FBI gets permission to hack anyone they want, we can safely assume that the NSA either already has that permission under the table or, more likely, is doing it without explicit permission.
Did you know that your monitor’s heat signatures and radiation can be detected up to one and a half miles away, and that the NSA has developed equipment that can read that radiation and use it to determine what your screen is displaying? Did you know that recently developed malware can change your CPU fan’s speed, and detection equipment can use those speed changes to steal data directly off your computer? And if you’re using a WEP password on your access point, may God bless your soul. Even a WPA2-PSK isn’t going to do you a lot of good.
This is the reality of the world you’re living in.
All it takes to hack into your wifi and gain LAN-access to all of your devices–built-in vulnerabilities in most versions of Windows–is a bit of time and expertise. Hell, you can probably find a youtube video showing you exactly how to hack your neighbor’s wifi. You are living in a soup of digital communications, and almost none of them are protected or secure.
Do you even know why it’s important to check to make sure that the website you’re visiting has “https://” rather than “http://”? The “s,” of course, stands for secure, and of course you’ll find it here at www.anarchistshemale.com. It took me about an extra two hours to set up and verify, but http://anarchistshemale.com won’t even work. It will automatically redirect you to https://anarchistshemale.com. That’s right. I won’t LET you visit my page unsecurely.
In effect, what this means is that your web browser and my website have agreed on a huge character string that will act as the “proof” that each one is who they claim to be, and communications between your browser and my website will be encrypted with that character string. Anyone who intercepts the data between my website and your browser won’t have that string, and–generally–your browser will immediately alert you that something is wrong. Additionally, whoever intercepts the data will have encrypted garbage that realistically can’t be brute-forced. With something like some anarchist shemale ranting, that’s not a big deal, but we can see how important that really is for things like log-in sites–Facebook, Twitter, Gmail. Someone who has hacked your wifi–which, again, is ridiculously easy to do–can be sniffing out all the traffic on your network, intercepting all the data sent back and forth, but because you’re browsing an https:// site, the information they intercept will be encrypted and useless to them.
I have full confidence that my phone cannot be hacked. I welcome the FBI to give it their best effort. The only way they can get information from my device is to go through my mobile carrier with subpoenas; they can’t get directly into my phone. It’s not just because I’m running a custom rom. It’s because I know exactly what that custom rom entails. I know exactly what .com processes are critical to my phone’s function, which ones are suspicious, and which ones shouldn’t be there. Of course, it’s possible that they could hijack a legitimate process–a Trojan–and rewrite it. In fact, we know the NSA is capable of doing exactly that, up to and including rewriting the firmware of hardware itself. But short of John McAfee, I doubt there are many people who have devices more secure than my own.
And I know that my computer can’t be hacked, because I don’t use an always-on Internet connection. My computer is connected to the Internet when I’m using it, and the moment something odd starts happening indicative of a hack, I will pull the plug. But given the hoops people would have to jump through to even get that far, it’s unlikely it could happen in the first place. Besides which, I’ve got nothing they’d be interested in seeing. Really, I don’t. And they know that, because they once sent goons to entrap me. Yes, really. The simplest explanation is by far the most likely, and here the simplest explanation is that I was visited by goons. It was the strangest morning of my life.
Actually, the strangest moment of my life would be a “glitch in the matrix” moment that I’ve never talked about publicly because it’s just so freaking weird, and remains totally unexplained, but that’s not on the table today.
Why Android over Apple? Honestly? Because Apple is more popular and that is less you can do to protect yourself. You know how people say that Macs don’t get viruses? It’s true–primarily because almost no one uses Macs. The opposite is true with phones. Windows phones don’t get viruses because no one uses them; people use Apple or Android, so those are the ones that get hacked. If you’re someone who needs to be protected from being able to do anything because you don’t know what is and isn’t safe to do, then Apple is the device for you, hands down.
But stack my phone against the average iPhone, and I’d bet my company that your phone gets hacked before mine does.
So what’s the point? What’s my point?
Nothing can protect you. Windows Firewall won’t protect you, a $1500 SonicWall won’t protect you, AVG/SAS/MBAM/McAfee/Norton won’t protect you. A non-rooted phone won’t protect you. A stock rom won’t protect you. What can protect you?
What’s the difference, you know? How is it that I can run without a firewall, without an antivirus, and without all that other crap for a decade and never get a virus, while other people end up with tons of viruses? The difference is knowledge. Being technologically ignorant in the modern world is, frankly, irresponsible. It’s like driving a vehicle without knowing what “D” means, or without knowing even the basics of how a combustion engine works. Sure, it’s only a danger to you–you’ll be the one broken down on the side of the road asking, “Why isn’t it working?” But, believe it or not, I care about you and don’t want you to be broken down on the freeway.
Where should you start educating yourself? Fuck, man, I don’t know. But I do know that only you can keep your devices from being hacked. Microsoft can’t, Malwarebytes can’t, Google can’t, and Apple can’t. As I said in my last article on the subject, hardly a week goes by that we don’t hear about some massive hack, some massive leak, or some massive botnet. This is the world we live in now, and nothing can protect you. The same things you’re relying on to protect you–your “mostly default” ROM, your “mostly default” Windows, your antiviruses–they are the same things that caused these enormous botnets to spring up.
The only person who can protect you is you.