Monthly Archives: July 2014
How to safely dispose of computers and other technology devices
When you get rid of sensitive paper documents, it’s a good idea to shred or burn them to help protect your privacy and prevent identity theft. Similarly, it’s important to erase your personal information from computers (desktop, laptop, or tablet) and other devices (smartphone, gaming consoles) before you dispose of or donate them.
If your device was provided to you by your employer, or if you own a small business, you may also risk loss of intellectual property, legal penalties, and potential damage to your corporate reputation.
So, what should you do?
1: First you should back up the files or data you want to keep
Start the process by making a copy of your information somewhere else like a portable USB drive. To create a backup of the files on a computer running Windows, you can use the Backup and Restore feature that’s built into Windows Vista and Windows 7, or File History in Windows 8. If you’re moving your files to a new computer, you can use Windows Easy Transfer to transfer your files from one computer running Windows to another.
2: Choose the best option for removing your data
Simply reformatting a disk or reinstalling the operating system does not guarantee the old data is unreadable. Your two best options for data removal are to use a certified refurbisher (this is the preferred course of action for business computers) or you can do it yourself. The following information will help you choose what is most suitable for your situation.
Microsoft has a listing of authorized technology refurbishers that can help you with data destruction and proper disposal practices. You can see them at this website: http://www.microsoft.com/refurbishedpcs/Disposal.aspx
If this high end disposal service is beyond your needs, you do have a couple FREE download options to Do-It-Yourself:
1: Softpedia’s DP Wiper:
2: Active @ KillDisk:
The 2 FREE applications mentioned above are tried and true and their websites are not infected with any drive by Trojan attacks. I DO NOT recommend simply opening up Google or any other search engine and searching for Disk Wipe utilities. In testing this, I found that more than ½ of the links I checked were in fact infected with some type of Trojan trying to infect my system. REMEMBER – anytime you search for something “FREE” you’re apt to get more trouble than you bargain for…
The DOJ has declared a victory over the Cryptolocker Trojan stating that it is now out of commission.
Authorities in 10 countries seized servers believed to be connected to Gameover Zeus, a tightly controlled botnet that has plagued computer users worldwide. The botnet was also believed to be connected to CryptoLocker, the ransomware that locked up the files of victims and businesses and attempted to extort money for the key to access the frozen files. Police seized servers connected to the botnet in Canada, France, Germany Luxemboug, the Netherlands, Ukraine and the United Kingdom, investigators said. The FBI added Evgeniy Mikhailovich Bogachev to its most wanted list on Monday. The 30-year-old Anapa, Russia, resident was allegedly the principal administrator behind the Gameover Zeus botnet. Others are believed to be in Russia or Ukraine.
That’s very good news for computer users worldwide, unfortunately – this could be a short lived respite: Ransomware kits, which automate the process for criminals, are becoming more prevalent, Intel Security announced, predicting malware infections to increase on mobile devices. Security vendor Sophos has detected Simplelocker, an Android Trojan that encrypts mobile files and demands payment using the similar Cryptolocker extortion scam.
The FBI estimates that there were $27 million in ransom payments made in the first two months of CryptoLocker’s emergence. Constant vigilance and a good, solid offsite backup solution is our only salvation when confronted with attacks like this. It’s been so lucrative for the criminals, you can bet we haven’t seen the last of this type of attack yet.
The following list was compiled from the victims identified in court documents unsealed Monday in U.S. District Court of Western Pennsylvania.
Pennsylvania Manufacturer: $375,000 Stolen
Haysite Reinforced Plastics, an Erie, Penn.-based manufacturer was bilked of more than $375,000 in October, 2011. Several employees at the company had their computers infected with malware and in a two day period Bogachev’s group allegedly transferred money from Haysite’s PNC bank account to a money mule accounts at banks in Atlanta and New York City. Investigators said the attackers could inject additional information in the form fields into the website displayed in the victim’s browser to request a Social Security number, credit card information and other sensitive information often used as a challenge mechanism by financial institutions to validate the authenticity of a transaction
Washington Indian tribe: $277,000 Stolen
An Indian tribe, based in Washington, lost more than $277,000 after an authorized wire transfer was initiated with its bank using stolen credentials, according to the court documents. Stealing banking credentials was the principal aim of Gameover Zeus, but the botnet of infected systems also was used to send out spam and conduct attacks to steal other types of sensitive data.
Assisted Living Facility Operator: $190,800 Stolen
Thieves allegedly stole more than $190,800 after stealing account credentials from an employee at an assisted living facility operator based in Eastern Pennsylvania. Investigators say Gameover Zeus was increasingly used to conduct other attacks, including phishing and spam campaigns. Between 500,000 and 1 million computers were infected with the Gameover Zeus malware globally
Regional Bank: $7 Million Stolen
A regional bank in Northern Florida lost nearly $7 million after the criminals allegedly used stolen account credentials to transfer funds out of its main bank account. The Zeus Gameover operators conduct denial of service attacks in conjunction with their fraudulent wire transfers, according to the FBI warning.
Insurance Company: $70,000 Loss
A Pittsburgh-based insurance company had critical business files encrypted by a CrytpoLocker infection. The company repaired the damage by wiping the infected systems and restoring from backup but estimates the loss of business — it sent employees home during the remediation — and the cost of wiping and reimaging infected systems at $70,000.
Restaurant Operator: $30,000 Loss
A Florida restaurant operator had more than 10,000 files encrypted by CryptoLocker, according to investigators. Employees were locked out of the company’s team training documents, franchise operation files and recipe folders. Remediation costs associated with the infection were estimated at $30,000. The criminals behind the threat gave victims 72 hours to pay the CryptoLocker ransom in Bitcoins or face permanent destruction of the private key. In addition, the thieves threatened to destroy the private key to unlock the files if it detected any attempt to remove CryptoLocker.
Massachusetts Police Department: $750 Ransom
A local police department based in Swansea, Mass., paid a $750 ransom to the criminals behind CryptoLocker after the agency’s main file server, including administrative documents, investigative materials and digital photo mug shots were encrypted by the malware. The department paid funds last November to send two Bitcoins to the thieves for the key to unlock the files.
Pest Control Company: $80,000 Loss
A North Carolina-based pest control company said it racked up $80,000 in infection removal costs associated with CryptoLocker when an infection spread to its customer database and schedule of appointments. The company’s backup server also was encrypted by the malware.
It’s hard to imagine that just a few short years ago, we were all using digital cameras with removable storage cards to take and store our photos. Vacation time used to be when we took the most photos. These days, many of us would be completely lost if we didn’t have a smart phone in our pocket to record every little thing that happened during a normal day. I even find myself taking pictures of parts I need to refer back to as well as documents and instructions. The day of the pocket notepad and pen is long gone.
The challenge today is in managing all of this digital data. The pre-installed apps that come with a mobile device are usually sorely lacking in features. Aside from editing and adding titles to your photos, we all need a way to easily upload and share our images with family, friends and more importantly with our other digital devices and computer systems. Here are two good add-on options for organizing your smartphone photos and to keep your Cape photos separate from your Nantasket Beach photos.
1: Flickr – automatically uploads smartphone photos to a “cloud-based” Flickr account, so you can access them from your computer or table, not just your phone. Flickr offers one terabyte of free cloud storage, enough for upwards of 500,000 digital images. You can later download the photos to your computer and adding tags and titles so that you can use a keyword search to find them later. Both the App and the storage are free, and the images are stored at full resolution, with no compression, You can even arrange your photos into “collections” or ”sets” on Flickr to keep them organized. Check it out at www.flickr.com
2: Picturelife – Picturelife doesn’t just automatically upload your smartphone photos to the cloud, it also uploads from your computer and social-media pages, consolidating all of your digital images in one place. Only the first 1,700 or so of your photos are stored for free, however. To store up to 34,000 photos will cost you $7.00 per month…up to 100,000 is only $15.00 per month. As with Flickr, uploaded images are saved at full resolution and can be sorted into albums. You can also add keywords :”tags” to them for better searching. www.Picturelife.com
Microsoft’s cybercrime-related seizure of 23 domains from No-IP.com, a Reno, Nev.-based company that provides a popular free dynamic DNS service, is causing outages for millions of legitimate users of the service — and at least one security vendor.
The No-IP.com outages are having an impact on some customers with SonicWall firewalls. SonicWall, which Dell acquired in 2012, supports No-IP.com and other dynamic DNS services in its products.
Hundreds of his SonicWall customers began experiencing outages on Monday. Some of these customers are apartment complexes that run security surveillance cameras behind SonicWall firewalls, using No-IP.com’s dynamic DNS service to relay the video feeds.
No-IP.com and other dynamic DNS services are commonly used by remote workers to connect VoIP phones and video cameras to the Internet. Their popularity stems in large part from the fact that purchasing static IP addresses are expensive.
Microsoft has justified its actions by claiming that No-IP.com’s domains have been regularly used in malware attacks against millions of Windows users. And in Microsoft’s view, No-IP.com hasn’t done enough to stop this activity.
Microsoft filed a restraining order against No-IP.com in the U.S. District Court for Nevada on June 19. The court transferred DNS authority over the domains to Microsoft a week later.
Microsoft, which has a well-established track record of using legal means to break up botnets, said No-IP.com bears the brunt of the blame for allowing criminals to use its service for nefarious purposes.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure,” Richard Domingues Boscovich, assistant general counsel in Microsoft’s Digital Crimes Unit, said in a blog post Monday.
If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online.
However, in seizing the domains, Microsoft has disrupted service for a large chunk of the dynamic DNS service’s users, No-IP.com said in a statement Monday. The company also claims that Microsoft never reached out to it first before going to the courts. “Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors,” No-IP.com said in the statement.
Security experts applaud Microsoft’s malware-fighting tactics. Big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move. With DNS names black-holed, the botnet essentially becomes useless since it cannot communicate back to its command infrastructure.
Unfortunately, it’s unclear how much of a long-term benefit Microsoft’s latest antimalware actions will have. Malware creators are always developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems.
Was Microsoft right in taking this action? Even though they had a court order, did they overstep their bounds? Let us know what you think.