Elaborate Phishing Hack

A friend of mine was recently a victim of a phishing scam which was quite elaborate. The story begins where most of them do – with one of those emails that your IT department constantly reminds you not to open. She clicked on the attachment therein – a miscalculated action that kicked off a series of events that left her over $1,000 poorer. The attachment was an excel file that obviously had a script to do either one of these things: a) download an executable file on the PC and commandeer the machine, or b) Retrieve cookies from the browser’s history and send the files to a server in Estonia. Whatever the method used, the hacker was able to log in my friend’s Amazon account and more importantly her gmail account, the holy grail of all accesses.

Here is where it gets interesting – it took all of my inner Columbo to figure it out. First, the hacker accessed the gmail account and set a filter to delete all emails coming from Amazon. Second, the hacker accessed Amazon and retrieved my friend’s full name and shipping address. They then signed up for UPS My Choice using my friend’s name, address and email. Remember they already have access to the email. If you don’t know, UPS My Choice allows you to track all packages shipped to you; enables you to schedule a delivery time and, you guessed it, route your shipments somewhere else if you are away from home.

At this point the stage was set for our hacker to execute the final phase of their devious plan. They logged back into Amazon, ordered a laptop and chose next day shipping. The best part is that all they simply had to do was select the same shipping address and credit card that my friend typically uses for her Amazon orders. After the order was placed, they archived the order so that it wasn’t readily apparent that an order had been placed. The icing on the cake is that it appears that the item was ordered by my friend and shipped to her house.

The last step must have been the easiest, simply logging into UPS My Choice and rerouting the package to Tifton, GA.

So, be careful my friends.

A couple lessons from this experience.

1. Do not open emails which you don’t know who the sender is
2. Do not especially open attachments from those emails
3. Ensure that all your online accounts are double secured using two-factor authentication
4. Check your bank statements every day
5. Sign up for UPS My Choice before the hacker does
6. Clear cookies/history on your browser often
7. Make sure you log off from your email after you have completed sending and receiving emails

Cryptocurrency

If you are like me, Cryptocurrency is a mystery. The very name hints of something sinister. Something so cryptic that even its authors did not even bother to explain what it is. It sounds like something the CIA would have concocted in their Moscow station at the height of the Cold War in order to escape the prying eyes of the KGB. In a huddle room during one of those snowy winters in Moscow an agent would have briefed the CIA agents of KGB’s latest attempts at infiltrating Swiss banks. Knowing full well the importance of Swiss banks in their espionage activities, the CIA would task the agent with creating a viable alternative to compensating the numerous Russian spies the CIA had on its payroll. After months of consultations, the CIA agent would regroup the team and present her findings and recommendations. CRYPTOCURRENCY, would be her recommendation. In consultation with the CIA bosses at Langley, the recommendation would be put into use. Much later, history books would vehemently point to Cryptocurreny as the turning point in the fall of the Soviet Empire.

But no. Cryptocurrency is not a historical remnant of the cold war but rather an annoying presence in my daily Facebook feeds. These days, not a single day passes before posts flood my feed detailing remarkable spikes in the price of Bitcoin. I often cringe whenever I see one of these charts. Not because they are eerily similar to those textbook cases of bubbles and bursts, but because I too missed this gravy train. But did I? Is cryptocurrency a realistic progression to where we should be heading in how we conduct monetary transactions or is it one big farce? Are we being fooled to covert our hard currency into something intangible, merely bytes on servers distributed on unknown servers across the world? More importantly, what is Bitcoin?

The history of bitcoin sprouts from a maiden white paper by Satayoshi Nakamoto which described bitcoin and created its original reference implementation. I first read Satayoshi’s white paper a few years ago. Somehow, I tossed it aside, mostly because I did not understand it, but I also assumed that it was way ahead of its time. From what I remember of my first impression, Bitcoin was untested, held no real value and proposed to destabilize proven and functional modes of commerce which, while not perfect, are intricately integrated into our way of life.

Novella One – 1

Anton looked up from his Rubik cube and stared blankly at the widest of the three monitors in front of him. This is the one monitor that Anton was quite pleased with. It was a decent size, 27″ Samsung LED that was always pointed to a page on his website. This page was one of many on Anton’s private website which was hosted on an AWS server halfway across the globe. A 32-character password was required to access the website. Once logged in, the multiple pages on the website provided a delightful aggregation of data points that Anton collected on different parts of the globe.

The page currently showing on Anton’s second monitor was a simple but quite powerful. The page showcased a global map detailing each country and the associated capital cities. Simple yes, but the magic happened behind the scenes, in the back-end DotNet code and SQL databases rather.

It had been a slow morning up until now. Typically, blue, green, and the occasional orange lights illuminated the different parts of this global map. What caught Anton’s attention was the brightest of them all, a single fiery-orange blinking light. While similar milder hues of this same light were blinking all over the map in different spots around the world, this particular one caught his attention as it was the brightest one in the East African region of the map. Anton zoomed into that section of the map, now revealing multiple blue lights and a single fiery-orange one in Kenya. As he zoomed in deeper into the central part of Kenya, Anton’s pulse quickened, well aware of the Tier 1 project that was active in that region. A fiery-orange blinker could only mean one thing, a high-value target system had been successfully penetrated.

Pyramid-schemes Pushers

I have this arcane ability to spot pyramid-scheme-pushers from a mile away. They are typically well dressed, they smile widely and are skillful at making eye contact. They will be the only ones in the room eager to make conversation with anyone. It is hard to miss them. They have a certain air about them that reeks of a desperate urge to impress. They often exude the implied success in not-so-subtle ways. It is not unexpected for one of these specimens to boisterously answer a call like this, “10k per square foot? Jesus! That’s not what we agreed. Call me back with a better quote”. They will then quickly hang up and apologize to everyone around them, muttering how imported Italian marble is tightly controlled by the mafia.

My first instinct is usually to ignore them. This is typically one of those moments that I will start liking posts on Facebook, or read a book. My latest by the way is Ben Okri’s, The Famished Road, my first foray into the world of magical realism.

What are you reading? The bespectacled gentleman has finally zoomed in on me. I answer him and continue reading. Undeterred, he starts to engage me in small talk. As he talks I somehow begin to feel sad. It is plainly obvious that he is not interested in Ben Okri or the awards that he has won for this very book.

I am positive that he is on a fishing expedition for suckers. I am his next target. I now feel even more sad. What about my appearance made him think I need saving? He must think that I am devoid of income-generating ideas that I will quickly grasp at his every pathetic attempt at explaining the potential windfalls in his so-called business. He must have somehow summarized my goals and ambitions to be null and void and that I will happily toss them all aside and jump on his gravy train. And what a gravy train it will be, he will tell me. I can almost narrate word for word how he will start that conversation. You look familiar, he’ll say, feigning a recollection pause. He’ll certainly ask me what I do for a living. Out of politeness, I’ll answer him and then brace for the punchline. Oh. We have engineers in our company too. He’ll pause to give me an opportunity to ask him what company he works for. I’ll ask, not because I care, but because I want to get over the conversation quickly. And then the sales pitch will begin,

..our company is a multi-channel global business dedicated to bettering the lives of its members through collaboration and access to discounted merchandise from a wide array of products. Through a system of peer-to-peer marketing you can certainly earn a living while buying the products you need and getting your friends to …..

I’ll zone out at this point, carefully avoiding the urge to roll my eyes.

At the end, he’ll try to convince me to attend a meeting on Thursday. It’s always on Thursday for some reason. He’ll be sure to let me know that Jay and John, who are making a killing in this business, will be at the meeting as well. He’ll probably make a joke about whether Jay will be driving the Maserati or the Lambo that day.

I hope my email server flags his email as spam.

First-class passengers

I have always disliked the smug look on those first-class passengers. Often too engrossed in their crisp Wall Street Journals, they hardly ever make eye contact. Unless of course it is to take pity on you. As if to further rub in your face your demeaning zone-3 status, they sip their club soda pretentiously while eyeing you from the corner of their eyes to detect if you are admiring them. Every time I walk past them, I analyze them to figure out which of them is an upgrade-recipient and who is considering buying a Gulfstream. I always smile at them expecting at the very least a nod. Usually I get nothing. And so I stroll past their hallowed section towards 34D, passing the equally-smug exit-rowers. With only my thoughts, miniature pretzels, and cheap cranberry juice to comfort me; I often wonder about life on the other side of the curtain.

On my last flight back to Hartsfield, I was upgraded to first class.

Isabela

Some names elicit deep emotions. Like Kenya’s Nduko, Isabela reeks of passion and seduction with a hint of lust. I picture Isabela playing the object of everyone’s affection in a Mexican soap opera. In the final scene, set in a Mexican beach, she stands tall in a beautiful silk gown. Her body glows beautifully against the sunset rays falling on her exposed back. Ricardo, her lover, is on bended knee looking up longingly at Isabela. Maintaining a self-assured pose, Isabela looks out to the sea and declines Ricardo’s offer. She then walks away, taking long graceful steps like a lioness. She never once looks back at poor Ricardo.

Isabela, the hostess at The Carmen Playa, welcomed us and recommended the seaside bar. Recently built, The Carmen Playa dots the beautiful coastal landscape. It is the kind of place James Bond would stay at. On the morning of the big day, he would come downstairs, order a shaken Martini and admire the sunbathing bond-girl. Anyway, there is strong Brazilian influence in the decor at The Carmen Playa. So, it was only natural that I ordered their world-famous caipirinha. As I sipped this delightful goodness, I looked across the gulf of Mexico and ran through the script of my life so far. As Cessaria’s Besame Mucho played from the Bose speakers up above, I realized this is the closest I have been to a heaven.