A bad guy with a keyboard hacked Neil Young’s Twitter account last week and posted pornographic images promoting a certain website to Mr. Young’s 165k followers with the hashtag #neilslayed (it’s unclear if this hashtag was supposed to mean neil is layed or neil slayed).
Maybe you didn’t hear about this since Twitter accounts with a large follower base seem to be compromised on a daily basis and Twitter was able to resolve this one pretty quickly. You probably have heard about a host of popular websites admitting that user data has been compromised, including Ebay, which has announced that users should change their password but for reasons I don’t understand has not forced or even prompted users to do that when they attempt to login. Almost immediately after the announcement, phishy spoof emails were discovered offering to help users change their Ebay passwords.
It’s no wonder that so many people have become tired of responding to these non-stop attacks and many users are apathetic about changing their passwords even when they know they are at risk.
There’s a lot of advice out there about how to manage your passwords. There are many password manager utilities which are pretty easy to use and are highly recommended over that old excel spreadsheet that you have saved on your unencrypted hard drive called “passwords.xls” and that you haven’t bothered to even update in three years because you simply use the same credentials at every website you are registered at. Certainly if you have less than 100 twitter followers and $300 in the bank then you are probably safe, right??
Nope. $200 is enough to make you a target.
One of the hottest trends in ruining people’s personal data is ransomware which locks users out of their computers (or cell phone) and typically demands a bitcoin payment to restore control to the user. The FBI took down a network last week that was being used to distribute a particularly insidious piece of malware called CryptoLocker, a Trojan that primarily affected unpatched Windows PCs via infected advertisements displayed on mainstream websites. Once infected, the computers browser would open on a page that taunted users by displaying a message like, “If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist,” (BTW, they do exist). Yesterday, The Durham North Carolina Police Department had to take down their computer network to address a CryptoLocker infection that left the entire department without computer resources. The FBI’s takedown on the botnet has not stopped the CryptoLocker nightmare from rolling on, even though the mastermind behind it all was identified earlier this morning.
Fellow internet users, I feel your pain. You are tired of changing your passwords and you are sick of hearing that you need to update the operating system on your devices. I know it seems like a never-ending cycle. I’m sorry that there is no one password that can “rule them all.” You really must, for now, embrace a personal password strategy that includes weekly software updating, malware scanning on top of your traditional anti-virus software, and at least changing your passwords at those critical websites that you use frequently. (And please never ever turn off your firewall. It’s not the reason you can’t do that thing you want to do anyways.)
I recommend that you schedule this as a regular chore, right next to doing laundry or taking out the garbage. We’ll probably all need to embrace a certain amount of digital discipline until fingerprint scanners (or some such biometric combined with two-part authentication) are built in to every device which is happening pretty quickly now.
Here’s some links to help you get started on first making sure your device is safe and then working on managing those passwords. There’s a fantastic website at shouldIchangemypassword.com where you can check to see if perhaps your user credentials are known to be compromised (One of mine was!). It would not be wise to simply check this site and then think your Ebay account or whatever was fine. This is not a short cut. But it may be useful to know if you have credential information “out there” that has already been compromised. They also have a lot of good advice so do check them out, after you have run a fresh malware scan on your computer and updated your anti-virus software.