Slashdot Mirror
What a Hacked PC Can Be Used For
An anonymous reader points out that the Security Fix blog is running a feature looking at the different ways hacked/cracked computers can be abused by cyber scammers. "Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common — yet often overlooked — ways that cyber crooks can put your PC to criminal use."
Having read over the list I can tell you with absolute certainty that the common user will not care for one specific reason:
None of the items listed affects them directly.
Computer security for the common goo does not interest the average user one bit, ultimately the responsibility falls of the developers of the compromised software for not designing the software in a safe and secure way. In my home I run ALL PC's on limited user accounts, this should have been made standard 8 years ago when the push for security came about. The unwillingness to enforce this of most fundamental security provision highlights that:
As well as the average user, developers don't care about security either.
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
I wonder why people would use a computer as an appliance. Could it be that the OEMs, software companies, and retailers are selling the computer as an appliance for online shopping, banking, and entertainment?
I wonder why they don't care when they are repeatedly told by the software companies that their brand of OS is very secure and it even has a "red, yellow, green" warning system to show how secure it is.
I wonder why users (who are told their computer is so simple to use properly, that there is no training required) don't train themselves?
From the time people are old enough to use a lock, they are told by parents, teachers, police, media, etc. to lock their doors.
There is no comparison for the average person regarding computer security. If the software companies cannot provide the level of security, without training, that they promise, then there should be a warning constantly flashing on the screen telling the person that anything and everything on that computer is likely to be stolen or used to commit a crime.
Any ISP relaying openly malicious traffic needs to face consequences for it
Now define "openly malicious". Here are some minimal pairs to consider when legislating what traffic will invoke consequences:
They do not feel responsible for malware running on their computer.
There is one exception ... one thing that scares the bejeezus out of most people ... and that's when you tell them their computer is being used as part of a kiddie porn ring. Somehow, when people learn that their machine is being used to host images of 8-year-olds being sexually abused, they suddenly take the concept of computer security a lot more seriously.
Not that I'm advocating anybody should tell a devious lie to a friend in order to make him/her smarten the hell up ... I'm just saying is all.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
I'm a former signal corps officer who once held the electronic security officer position in a S-2 shop (that's military intelligence), and I personally know of three cases where a military computer intrusion resulted in serving a warrant at some person's home. One of them was on post and was served by MPs - the other two at civilian addresses. In ALL cases, persons bearing M-16s were present (MPs, FBI or SWAT). In ALL cases, all computer and related equipment in the home was impounded and held at least until trial.
In one of the three cases, a firearm was actually pointed by police in my presence, and the civilian policeman informed the suspect (a 16 year old kid), "Step away from the computer NOW! Or I will splatter your dumbass fucking head all over the fucking wall". fortunately he complied at that point, although later, one of the police told me it was probably because a non-cop was present that his buddy didn't bang the kid against said wall 'just a little' before handcuffing him. Even though I was only along as a witness to identify presence of the suspected software on his machine, since this was a civilian related case, I ended up having to testify at the trial that the kid appeared to be trying to destroy evidence, because he argued at first that the language and being cuffed constituted excessive force.
So yes, if that something is intrusion in a military system, someone may very well point a gun at you. I think the police were reasonably professional in the cases I was connected to, and I recommend that people don't rely on that. I got to where I really feared having a case come up in some areas where I would expect the police to get overexcited about it. We always had to assume a cases such as this might be espionage by foreign agent, but the police typically reacted like they never heard the word 'might' in that - to them it simply was spying and sabotage, and I also heard the word 'treason' thrown around a lot when we briefed the local DAs that the suspects were believed to be U.S. citizens. Many cops damned well may go a lot farther than pointing, and you are giving out very, very bad advice.
Who is John Cabal?