Elaborate Phishing Hack

A friend of mine was recently a victim of a phishing scam which was quite elaborate. The story begins where most of them do – with one of those emails that your IT department constantly reminds you not to open. She clicked on the attachment therein – a miscalculated action that kicked off a series of events that left her over $1,000 poorer. The attachment was an excel file that obviously had a script to do either one of these things: a) download an executable file on the PC and commandeer the machine, or b) Retrieve cookies from the browser’s history and send the files to a server in Estonia. Whatever the method used, the hacker was able to log in my friend’s Amazon account and more importantly her gmail account, the holy grail of all accesses.

Here is where it gets interesting – it took all of my inner Columbo to figure it out. First, the hacker accessed the gmail account and set a filter to delete all emails coming from Amazon. Second, the hacker accessed Amazon and retrieved my friend’s full name and shipping address. They then signed up for UPS My Choice using my friend’s name, address and email. Remember they already have access to the email. If you don’t know, UPS My Choice allows you to track all packages shipped to you; enables you to schedule a delivery time and, you guessed it, route your shipments somewhere else if you are away from home.

At this point the stage was set for our hacker to execute the final phase of their devious plan. They logged back into Amazon, ordered a laptop and chose next day shipping. The best part is that all they simply had to do was select the same shipping address and credit card that my friend typically uses for her Amazon orders. After the order was placed, they archived the order so that it wasn’t readily apparent that an order had been placed. The icing on the cake is that it appears that the item was ordered by my friend and shipped to her house.

The last step must have been the easiest, simply logging into UPS My Choice and rerouting the package to Tifton, GA.

So, be careful my friends.

A couple lessons from this experience.

1. Do not open emails which you don’t know who the sender is
2. Do not especially open attachments from those emails
3. Ensure that all your online accounts are double secured using two-factor authentication
4. Check your bank statements every day
5. Sign up for UPS My Choice before the hacker does
6. Clear cookies/history on your browser often
7. Make sure you log off from your email after you have completed sending and receiving emails

Cryptocurrency

If you are like me, Cryptocurrency is a mystery. The very name hints of something sinister. Something so cryptic that even its authors did not even bother to explain what it is. It sounds like something the CIA would have concocted in their Moscow station at the height of the Cold War in order to escape the prying eyes of the KGB. In a huddle room during one of those snowy winters in Moscow an agent would have briefed the CIA agents of KGB’s latest attempts at infiltrating Swiss banks. Knowing full well the importance of Swiss banks in their espionage activities, the CIA would task the agent with creating a viable alternative to compensating the numerous Russian spies the CIA had on its payroll. After months of consultations, the CIA agent would regroup the team and present her findings and recommendations. CRYPTOCURRENCY, would be her recommendation. In consultation with the CIA bosses at Langley, the recommendation would be put into use. Much later, history books would vehemently point to Cryptocurreny as the turning point in the fall of the Soviet Empire.

But no. Cryptocurrency is not a historical remnant of the cold war but rather an annoying presence in my daily Facebook feeds. These days, not a single day passes before posts flood my feed detailing remarkable spikes in the price of Bitcoin. I often cringe whenever I see one of these charts. Not because they are eerily similar to those textbook cases of bubbles and bursts, but because I too missed this gravy train. But did I? Is cryptocurrency a realistic progression to where we should be heading in how we conduct monetary transactions or is it one big farce? Are we being fooled to covert our hard currency into something intangible, merely bytes on servers distributed on unknown servers across the world? More importantly, what is Bitcoin?

The history of bitcoin sprouts from a maiden white paper by Satayoshi Nakamoto which described bitcoin and created its original reference implementation. I first read Satayoshi’s white paper a few years ago. Somehow, I tossed it aside, mostly because I did not understand it, but I also assumed that it was way ahead of its time. From what I remember of my first impression, Bitcoin was untested, held no real value and proposed to destabilize proven and functional modes of commerce which, while not perfect, are intricately integrated into our way of life.