In addition, I know from other social media that folks are wondering about things that happen on their computers. Some issues are annoying, like spam in your email, others are scary, like activity that suggests you’ve been hacked, to just plain terrifying, like extortionary fraudulent emails.
Computer questions answered at the Ferndale Public Library
Until the pandemic lockdown began in March of 2020, my grandson, Christopher, and I held one hour public sessions at the Ferndale Public Library twice a month to answer computer questions. During these sessions we offered to try to help folks with any kind of computer problem. The problems ranged from annoying but minor email settings issues to high level discussions of XML data structuring for application interfaces. Both Christopher and I miss these sessions. We both like to help people, and, I’ll be frank, I think we both get pleasure out of showing off the knowledge of computing that we have accumulated.
Now that the grip of the pandemic is beginning to loosen a little, the possibility of reopening those computer questions sessions arises. My wife and I have each gotten our first vaccine injection and expect, following CDC guidelines, to begin mixing more in April.
Most likely not until Fall 2021
However, I don’t think it is realistic to expect sessions at least until fall of 2021. The vaccine statistics so far show the vaccines are effective at protecting people who are vaccinated, but there is not yet strong evidence that the vaccines stop the spread of the virus. The folks who study the course of the virus don’t know how many people have to be vaccinated to prevent unvaccinated people from continuing to get sick at high rates.
The big question is when will vaccination prevent the virus from continuing to trouble our nation and the world? We have been troubled. More people are dead in one year of covid than from WWII, the Korean War, and Vietnam combined. I’m old enough to know that those wars were hard on us. Having all that hurt condensed into a single year is difficult to comprehend.
For me, stopping the spread of the virus is as important as protecting myself. Until the spread is stopped, our economy will only limp along and none of us will live the lives we want and deserve. Therefore, I plan to do everything I can to stop the spread, not just keep myself and loved ones alive. That’s selfishness, not altruism!
On top of that, hands-on help with computer problems in a small conference room is probably one of the more hazardous things a person can do in the presence a deadly and contagious airborne virus. So we won’t be restarting in person sessions at the library until covid cases are down. Way down.
A new Computer Questions page
But I don’t want to leave folks in the lurch.
But I don’t want to leave folks in the lurch. Therefore, I’ve opened a “Computer Questions” page on this site. Just enter your questions in the Reply section of the page. I’ll get back to you in a comment or write a post if I think enough people will be interested.
I really hope this can become as lively, helpful, and as much fun as our sessions at the Ferndale Library.
The SolarWinds hack is worrisome, but probably not for home computer users, although some caution is warranted. This week, the president of Microsoft, Brad Smith, declared the SolarWinds hack was the most sophisticated ever. Before we get to precautions, I’ll explain why the hack is such a big deal.
“I’ve been following this story closely as it has unrolled, and, frankly, it gets worse every day.”
Supply chain hacks
I’ve been following the story closely as it has unrolled, and, frankly, it gets worse every day. It is what the industry calls a “supply chain hack,” an indirect attack on an element in a target’s supply chain.
Instead of striking the target directly— for example, the inventory management system used by the U.S. Treasury Bullion Depository at Fort Knox— the hacker attacks the development facilities of an externally developed product that Treasury uses, an element in the Treasury digital supply chain.
The external product development lab is probably far less protected than Fort Knox. After gaining access, the hackers write in a nasty bit of malware, then wait for the Treasury to install the hacked product. When the product is installed, the hacker has an open door into Fort Knox and can begin dispatching shipments of gold bullion to an off-shore warehouse, Free On Board by the U.S. Army.
I doubt that Fort Knox is vulnerable in the way I’ve described, but a supply chain hack is a method for getting into a highly secure system without confronting the measures put in place by an institution that is guarded like Fort Knox.
SolarWinds hack
SolarWinds, an enterprise software company whose products I once competed with, was an outstanding choice for a supply chain attack. In the last few years, SolarWinds network management system has become popular among Fortune 500 enterprises and government agencies, including the U.S. Treasury.
Network management systems are used to monitor and control computing equipment on a network. Any organization with more than a few dozen computing devices is almost certain to have some sort of network management installed and that system is likely to touch every computer in the organization.
Personally, I have to think hard about this hack because I could have been a manager responsible for it. I was the technical leader in charge of products similar to SolarWinds. I made many decisions that affected the vulnerability of our products. Could my products have been infiltrated and subverted the same way SolarWinds was caught? I’ve been retired for almost ten years now, so be aware that anything I describe here is likely to have changed.
Nevertheless, I have to say yes. My projects could have been hacked. Quality assurance was a high priority. Some of our best customers were financial institutions and insurance companies who pushed us on security and we increased our security efforts with each release, but portions of our code were written before 2000 when security was not a high priority.
Also, hacking into development often has little connection with engineering. Dishonest, bribed or threatened employees, and rogue contractors all contribute to security vulnerability. Every large organization is bound to have a few bad eggs or weak links.
“In any large public corporation, the stock analysts often hold more sway than the security experts.”
And I must be honest. In any large public corporation, the stock analysts often hold more sway than the security experts. This is one reason I favor products that are certified secure with third party security audits. The best security audits include examination of both engineering and corporate governance, such as hiring procedures and controls on employee integrity. Stock analysts pay more attention to certification, especially certification by prestigious accounting and consulting firms, than opinions from security experts with qualifications a stock analyst probably knows nothing about.
Security at SolarWinds
“A key server is said to have been publicly accessible via a weak password “solarwinds123.”
Unfortunately, there are ample reports that SolarWinds security was poor. A key server is said to have been publicly accessible via a weak password “solarwinds123.” I have wandered computing convention show floors trying passwords like “oracle123” or “goibm” on unattended computers. In the early 2000s, those guesses quit working. Apparently, SolarWinds had some old timers setting passwords. Other poor security practices are said to have been common. Access to SolarWinds servers was also said to be on sale on the dark web.
Ironically, SolarWinds also develops and markets security auditing tools.
Origin of the SolarWinds hack
“I am reminded of the “mole” in author John le Carré’s 1974 spy novel Tinker Tailor Soldier Spy.”
Odds are great that it is a Russian government hack and more likely aimed at espionage and theft of plans and trade secrets than monetary gain. Which is good news for most home users, but the extent of the distribution of SolarWinds transported malware threatens both the U.S. government and economy. The U.S. may be dealing with this breach for years to come. I am reminded of the “mole” in author John le Carré’s 1974 spy novel Tinker Tailor Soldier Spy.
The bad news for home computer users is that criminal hackers may figure out ways to take advantage of the malware installed by the SolarWinds hack to gain access to software installed on home computers.
What to do?
Double down on basic computer security hygiene. I know that hygiene gets tedious, but criminals always go for the weakest victim. A few simple practices go a long way toward making a hack improbable. See my Six Rules for Online Security.
The SolarWinds hack underscores the importance of being careful when downloading and installing new software. Getting your software from established app stores, like the Microsoft Store, Google Play, or the Apple App Store is good practice because the stores vet the software they deliver. You still must be careful: malware has gotten through all of the stores. Software with tons of good reviews that has been downloaded frequently is safest. Never ever download anything from a site that does not show the https locked symbol on your browser. Check the reputation of your vendors and be sure you are on the real site, not a clever spoof.
Also, update your software regularly. Sign up for automatic updates whenever you can. The SolarWinds hack was spread by a software update, but that is not a reason to quit updating. The hack is also being neutralized by automatic updates and will be around far longer if folks neglect updates.
Run anti-malware regularly. The full extent and details of the hack are not yet known, but already anti-malware is cleaning up some of the mess.
Someone on social media messaged me asking how to tell if their phone was hacked. Rather than provide a private answer, I’m posting an answer here.
Diagnosing a hacked phone is a complex problem. Ambiguities abound.
Hacked phone symptoms
General sluggishness. When you tap or click, the response feels slower than normal.
Shortened battery life. If your phone normally goes all day, or several days without recharging, unexpected low power messages midday after normal recharging may be a red flag.
Unexpected “ghost typing”, unseen fingers seem to have taken over your keyboard.
Unexpected pop-ups.
Out going calls you did not make.
Ransomware messages, demands for money to regain control of your device. (Other than those from your cell provider!)
Symptoms don’t always mean a hacked phone
In my experience, people think they have been hacked much more often than hacks actually occur because dire warnings of phone hacks catch attention and folks are on edge.
With the exception of ransomware messages, these signs are all ambiguous and each could be more or less innocent. When they occur, think carefully what could be causing them. The first question to ask is: What changed? Did you install a new app? Did you start using an app you have installed but have not used often? Have you changed your habits?
For example, general sluggishness can come from many different sources. If you run short of storage, performance can be affected. Installing an app that squanders resources, or is just too much for your device, can do the same thing. Loading a big batch of photos or videos onto your phone can be also the culprit. Most phones have a storage cleanup utility that may help.
Shortened battery life may be a sign that someone has gotten control of your phone and is using it heavily without your knowledge. However, battery life decreases over time and it may just be old age creeping up on your battery. Or you may have installed an app that is a power hog. Or your habits may have changed.
Ghost typing could be an over-zealous smart keyboard anticipating your thoughts. Or, my own failing, clumsy fat fingers. And for mysterious out-going calls, don’t forget the infamous “pocket dial,” (which occurs much less often with newer phones.) I’ve been fooled into thinking I had a hacked phone when an automatic upgrade kicked in and took over my phone.
Some legitimate apps pop up messages unexpectedly.
Some steps to take
Restarting your phone whenever it acts strange is a good idea. I won’t get into why now, but it often helps. If all is well after a restart, you are probably okay. If your phone is still acting up, try uninstalling anything new. Restart again.
Whenever you suspect you are hacked, try installing and running an anti-malware tool like Malwarebytes or McAfee. Your cell service provider, like T-Mobile or Verizon, may have a free anti-malware tool for you. Phones are less often vulnerable to hacks than other computers because Google and Apple exercise greater control over what you can install on them. I run anti-malware on my phone, but the overhead is high and many of my colleagues prefer not to until they suspect a hacked phone.
If this does not help, the next step is to go to a professional for help. A factory reset is probably on your dance ticket. You can do that yourself, but you may lose stored data, such as photos, contact lists, and stored email and you will probably have to reinstall some apps. Help from a pro can minimize these hassles.
General hack symptoms
Sometimes you are hacked without any of the above symptoms. Skilled hackers work hard to cover their tracks and you may never know how you were hacked. It might have been through your phone, but it could have been through your laptop, even your work computer. Sometimes, you are hacked through a system that you use rather than a computer that you access. Here are some signs that you have been hacked in some way that could have come via a phone hack or somewhere else:
Your friends and contacts suddenly get a spate of spam from your email address, indicating that your email has been hacked. The hack could come via your phone or another of your computers. Or it could have been an assault on your email service. (Most of the time, you getting a flood of spam is not a sign that you have been hacked. It’s when your friends complain that you have to worry.)
Activity on accounts that you did not initiate. For instance, posts in your name to your Facebook account that you did not post. Worse, credit card or bank account activity that you did not initiate.
The first step is to change the passwords on the bad accounts and contact the account provider. This is especially important for bank and credit card accounts. If you inform your bank or credit card provider promptly, they are required by law to minimize the damage to you. Usually, the bogus transactions will be reversed with no ill effect on you. This is a good reason to review your financial accounts frequently and regularly.
In these cases, I assume that one of my devices have been compromised and look hard for signs of hacking. Then I take steps to clean the computers up, starting with restarts and malware scans. Possibly ending with a reinstall, although that is usually not necessary. In 25 years online, I’ve reinstalled due to hacking only once that I remember. But I’m very careful. If you need professional help, get it.
Final advice
In my experience, people think they have been hacked much more often than hacks actually occur because dire warnings of phone hacks catch attention and folks are on edge. You should on the lookout for hacking, but practicing sound computer security hygiene, the chances you will be victimized go way down, especially if you are not a public figure with a target on your back. Cybercrime is more prevalent than ever before, but the victims are most often deep-pocketed businesses and public figures. Check out my six rules for online security.
In a comment on a previous post, Steve Stroh suggested explaining the nuances of routable and non-routable addresses. This distinction is important for home network security, but without a little background in computer networking, the concept doesn’t mean much. This post explains a little about how the global computer network operates.
Traditional telephone service
I’ll begin with traditional telephone service works because, without realizing it, most people have it tucked away somewhere in their brain that computer networks work like an old telephone system.
Circuits
Traditional telephones are based on circuits. Imagine an old-fashioned switch board with a bunch of incoming wires and outgoing sockets. When an incoming wire from your phone is plugged into an outgoing socket a circuit is completed and you can speak to and hear a person on a telephone at the other end of the circuit.
In a simple time, when Fred and Ethel were struggling performers, they both roomed at The Algonquin. Its switch board could manage the handful of telephones in the hotel. Fred could pick up his phone, tell the switch board operator to connect him to Ethel, a circuit between Fred’s phone and Ethel’s phone was made and Fred and Ethel could plan, dream, and toss whoopie.
When Ethel’s fan dance made headlines, she moved to The Ritz. Fred, who was a baggy pants comic with a fake Yiddish accent, was stuck at the Algonquin. For Fred to call Ethel, the Algonquin operator had to connect to the Ritz operator, who then connected Fred’s line into Ethel’s phone. Unfortunately, Ethel no longer talked to lowlifes like Fred and she immediately hung up. The operators unplugged the lines, and the circuit was gone.
The pattern of connecting switch board to switch board was repeated until the phone network covered the entire U.S. and transoceanic cables extended the network to Europe. Getting a connection could take hours, but the system worked. Over time it was automated, first by mechanical relays, later by transistors and computer chips. Connections became faster. Nonetheless, for most purposes, the circuit system was eventually abandoned in all but metaphor.
Packet switching
Computer networks replaced circuits with an older approach: mail packets.
Mail works differently than the telephone. Writing an address on an envelope is only superficially similar to dialing or asking an operator for a phone number. When you drop an envelope in the mail, you have a promise that the post office will try to deliver it, but that promise is no guarantee and the office that first receives the letter is likely not to have any knowledge of the letter’s destination.
A mailbox will accept a letter addressed to T. H. E. Wiz, 1 Emerald Way, Oz, Kansas without a murmur, although neither T.H.E Wiz, Emerald Way, nor Oz exists in Kansas. You may or may not find out later your letter was undeliverable. It will rattle around the postal system until it is eventually returned or falls into a dead letter bin.
On the other hand, try dialing a stage number, like The Bionic Woman’s number, 311-555-2368. You are told that a connection is impossible as soon as you finish dialing.
The crucial difference is that before your message is transmitted by phone, i.e. you begin to speak, the path you will use to communicate is either is made or fails. The postal system, on the other hand, accepts your message, then passes it on until it lands in an office that recognizes the address and the intended recipient.
Circuits v. packets
Off-hand, the telephone seems like the smarter way. Why go to all the trouble of shipping an envelope around the country when you can decide before sending the message if delivery is possible? Isn’t the post office method a step backward?
Well, no. Circuits may seem more efficient, but they don’t fit well into the reality of the global internet, which is huge, ever changing, and implemented in a patchwork of wildly varying speed and reliability; a salmagundi of large and small, public and private entities that is closer to a frontier pony express than an orderly telephone system.
No single entity understands the complexity of the global network. However, piecing together a workable, let alone optimal, circuit requires just that.
A typical computer message is broken up into a series of independent small packets, each with its own address. These are dumped willy-nilly into the network and each is passed from router (the computer equivalent of a switchboard or a post office) to router until they arrive at their destination and are reassembled. Some will be duplicated to be sent on alternate routes or further broken down into smaller packets to optimize transmission on equipment that can’t handle large packets. The process is messy, but resilient and makes good use of available resources.
Packets in the network hop from router to router approaching light speeds, i.e. almost instantaneously, but then they sit in a buffer while the router decides what to do with it. A packet can hop to another router faster than a router can respond to a query on traffic conditions, so why bother asking? Sending packets to find their own way only requires local knowledge of the condition of the communications infrastructure. With a network as extensive and varied as the global computer network, this is a critical advantage.
Today, most telephone service, including cellphones, travels in switched packets that simulate circuits. We still tend to think of a single wire connection that runs from one phone to the next through a myriad of automated switch boards, but in fact most of the time, our voice is carried in packets drifting through a global network.
Permanent (static) addresses
In the old days, computer addresses, IP addresses, were more or less permanent. Businesses requested and were assigned blocks of addresses. A system administrator had to keep track of those addresses and dole out new addresses from the list as computers were added to the network and return old addresses to the available list as computers were decommissioned.
It was an exacting job. If the list got scrambled and two devices used the same address, the network would behave erratically. Small businesses typically had only a few addresses, which limited the number of computers they could use.
Private non-routable addresses
Giving every computer a public IP address was also a security problem. Each of those publicly addressed computers were vulnerable to direct outside attacks. They had to be managed carefully to prevent intrusion. Individual users seldom had the training and temperament to do that job well.
A solution from the mid-1990s was to declare blocks of addresses private or non-routable. The largest private block (10.0.0.0 – 10.255.255.255) has over 17 million individual addresses. The second block (172.16.0.0 – 172.31.255.255) over a million addresses. The smallest block (192.168.0.0 – 192.168.255.255) has over 65 thousand addresses.
This had lots of advantages. System administrators could devise address assignment schemes for the private address blocks that were relatively easy to manage with subsets for buildings, floors, departments, etc. and not worry about clashing with other businesses. Since the addresses were non-routable, computers with private addresses were easier to isolate from intruders.
Dynamic Host Control Protocol (DHCP)
The process of assigning and re-assigning IP addresses was automated with Dynamic Host Control Protocol (DHCP). When a computer connects to a home network, the home router, following DHCP rules, assigns the computer an IP address from one of the private blocks. Which block depends on how DHCP is implemented on the router.
When an Internet service provider connects a home router to the global network, the service provider uses DHCP rules to assign a unique public and global IP address to the home router.
Network Address Translation (NAT)
From the outside, each home network looks like a single computer with one IP address. This presents a problem: how to connect those internal private addresses with the single outward-facing address. Non-routable private IP addresses combine with DHCP and Network Address Translation (NAT) to solve this problem. Network Address Translation (NAT) is a protocol implemented on routers that handles coordinating internal non-routable IP addresses with the single external public IP address that the router presents to the global network.
Without private addresses, DHCP, and NAT, connecting a new computer to a home network would be a tricky and exacting job. I won’t say that connecting a new device is easy today, but I assure you, when I think about managing networks thirty years ago, I am amazed. Our grandsons have our wireless network id and password stored on their phones and laptops. When they walk into our house, their laptop or phone connects with our wireless network, an IP address is assigned, and they connect with the global network without me doing anything. Astounding!