We will, however, continue to provide the finest data recovery services.  We will not be able to investigate the results for you, so if that is a service you need, we can no longer assist you.

Due to personal reasons, I no longer choose to participate in computer forensics, preferring to focus my energies in other directions.  Those of you who know me well will understand why.

If you’ve lost critical files, photos or emails – whether on your computer of mobile phone, contact me and I will do my best to recover your data.  As usual.

New Mac Infection

DevilRobber, the latest in a growing trend of Mac-centric infections, hijacks the GPU to generate Bitcoins, while harvesting sensitive user data.   Also known as “OSX/Miner-D”, DevilRobber was discovered embedded in “Torrent” downloads of Graphic Converter 7.4 obtained from bit-torrent file-sharing sites.

Detailed in a security report from Sophos released last Saturday, this particular Trojan operates as a keystroke logger, taking snapshots of  user activity and stealing usernames / passwords.  DevilRobber can also run information harvesting scripts “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and bash_history” to a text file.

This infestation has been found searching for “pthc” files, a term apparently associated with pre-teen hardcore porn.  The exact reason for this search is unclear at this time.

A performance-robbing capability of this infestation is it’s ability to redirect the Mac’s GPU to generate Bitcoins, a form of Internet currency, trading at roughly $3.20 USD per Bitcoin at this time.  Bitcoin Miner is the application used to create Bitcoins on a Mac, Windows or Linux system.  A local wallet is used to store generated Bitcoins and DevilRobber is capable of stealing this wallet.

Signs of infestation include a general slowdown of performance.  As always, Sophos recommends not downloading software from untrusted sources.

We recommend never downloading software from sharing sites.

How it works:

Smartphones have a GPS built in so you can use mapping functions and a compass in addition to other native functions.  This is a very valuable tool.  However…  They also have the option to record the exact location where your photos are taken.  This information is then embedded in the picture data and follows that photo wherever it is uploaded.

Anyone who can see your photos on Facebook, Twitter or any photo sharing network can read this information and knows where the picture was taken.  This is incredibly useful to criminals, pedophiles and the like.

Think about the possibilities.

They are.

You can disable the feature in your smartphone.  For an iPhone, go to Settings / Location Services and make sure the option for Camera is turned off.

Clever crooks are gaining access to parked cars just long enough to gather your “Home” information out of your GPS so they know right where to go – while your car is in the mall parking lot (or wherever…).  They may take a couple of credit cards out of your purse to make it look like the target was theft from your car, but beware.  It is just as likely they want to burglarize your home – or worse.

This is happening primarily in Ford and General Motors vehicles, but others are at risk as well.  See the photo below so you know what to look for.  Just under the door handle will be a fairly small hole – almost unnoticeable with some body colors.  This is all they need to open the door, record your home information, take a couple of things they may want, lock your door (how thoughtful) and disappear like a puff of smoke.  A puff of smoke headed right for your house.

Also, you may want to change the name for “Home” in your GPS to something like “JC’s Diner” or another innocuous label that will not give the crooks your home location.

Check Your Door!

CRIME WATCH BULLETIN

PLANO POLICE DEPARTMENT

OFFENSE TYPE: Cybercrime

DESCRIPTION: Taking these simple precautions helps make Craigslist safer for everyone!

Protect Yourself From a “Robbery By Appointment”

If you use Craigslist, there’s a new cybercrime we want to tell you about. According to MSNBC, a growing number of Craigslist users are being targeted for something known as “robbery by appointment.” That’s the term for when you agree to meet someone in person – to buy or sell an item advertised online – only to be robbed at gun-point, or worse. Experts say Craigslist robberies have be-come so common that the city of Oakland, California, now averages one per day! In at least one case in Washing-ton, a man was murdered during a Craigslist robbery gone bad. Most of the robberies involve high-ticket items – like cars, jewelry, computers, or smart phones, but they can just as easily involve bicycles! That’s because thieves may be more interested in grabbing your wallet than the item you’re trying to sell. So how can you protect yourself from a Craigslist “robbery by appointment”?

• Insist on a public meeting place like a café
• Do not meet in a secluded place, or invite strangers into your home
• Be especially careful when buying/selling high value items
• Take your cell phone along if you have one
• Consider having a friend accompany you
• Trust your instincts
• Try using the Date Check app.  It’s not just useful for dating situations – it’s useful anytime you’re meeting a stranger.  Just punch in the name of the person, and in seconds you’ll have access to records showing whether they’re a convicted criminal.

Also: Be suspicious of anyone who’s overly eager to meet in person. In other words: If they spend more time discussing where to meet – instead of negotiating a price – that’s a red flag!

Finally: If you do agree to meet face-to-face, police now recommend asking to meet at your local police station!  As one officer put it: “We’re open 24 hours a day. So if a buyer won’t agree to meet you there, then don’t bother with them.”

STAY SAFE

MacDefender Attacks

Just this week, Antivirus vendor Intego announced the discovery of a new and virulent strain of malware referred to as “MacDefender”, which specifically targets Mac OS X systems.  It gains access through the Safari browser, deployed as a compressed .zip file and transmitted via Javascript.

If an OS X user’s Safari preferences are set to ‘Open “safe” files after downloading’ the infection is immediately opened, launched and installed without user intervention.  The only sign of infection with be when the Malware asks for a credit card number to sign up for their bogus “virus protection”.

End users running in “Administrator” mode and with their browser preferences set to ‘Open “safe” files…’ are the most at risk.

It has been reported the the infection is also showing up directly in Google image searches.

The following steps are recommended for those infected by the MacDefender Malware.

1. Open Applications > Utilities > Activity Monitor and quit any MacDefender processes.
2. Delete MacDefender from the Applications folder
3. Check System Preferences > Accounts > Login Items for bogus entries and remove them if found.
4. Perform a Spotlight search for “MacDefender” and delete any remaining files.
5. In Safari > Preferences > General – make sure ‘Open “safe” files…’ is unchecked.
6. Do the same for any other browsers you may be running.

No Way to Treat Your Data

There are types of damage that result in un-recoverable scenarios.  Handle your computer and storage devices with care.  This hard drive came out of a laptop computer that was literally beaten to death by a client.  No data could possibly be recovered from this drive.

UNPLUG it.  Completely.

In other words, unplug every cable that goes out of your computer to the outside world:

• Power cord
• Telephone cord (if you use a modem to fax or connect)
• Ethernet cable
• Speaker power cord
• Monitor power cord
• Printer power cord
• Fax telephone cord

“But I have a surge protector…”

That’s very nice.  Maybe it’s adequate and maybe it’s not.  But if you sustain a direct strike to the building you’re in – or even next door – that surge protector is likely as useless as an outlet strip.

Another factor you may not have considered is the fact that during electrical storms we frequently have intermittent power outages.  Having your power flicker on and off can destroy your computer’s power supply during the rapid power cycles.  Sometimes you won’t even have time to unplug everything before the damage is done and a very large repair bill looms in the near future.

“But I have a UPS…”

Again… Very nice.  A good thing to have to be sure, but if you don’t want your UPS fried right along with your computer, unplug both of them from the wall and turn the UPS off when you know an electrical storm is coming.

Do what we do and unplug everything.

Lightning Fried RJ45 jack

Here is the network jack on the back of a computer, fried during a lightning strike in Plano a few years ago, followed by a photo of the plug that was literally welded into this jack.  This is all avoidable by simply unplugging everything when you know a storm is coming…

In this case, we were able to recover all the data, but the computer itself was a complete loss.  This was fortunate.  The hard drive itself, sustained no damage.  Not everyone is so lucky.

Fried RJ45 Plug

Facebook Email Scam

Just today I received this email:

Subject: Your password is changed

Dear Customer

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it’s automatic mail notification!

Thank you for your attention.
Your Facebook!

Attached is the file FacebookP762151.zip which is simply a viral infection.

Notice the numerous grammatical and punctuation errors.  This is your primary clue that this is a SCAM.

Never respond to these scams.  Never open the attachment.  Never bother reporting them.  Simply delete the email immediately and think nothing further about it.

We are all now subjected to either groping by TSA personnel or full body scans by machines that cost millions of dollars and can still miss concealed weapons – and emit radiation that poses unknown risks to travelers.  More than a few scientists and doctors have registered their concern about the harmful effects of this type of radiation that is concentrated in the skin – the most radiation-sensitive organ in our bodies.

Read this article from the London Daily Mail

The latest report, published yesterday in the Archives of Internal Medicine, on the use of “backscatter” scanners, still leaves doubts about the long-term risk of exposure to these devices.  Health risks are not the only cause for concern.  For many, being subjected to a full body scan is the same as a strip search.

My question is why we need to spend hysterical sums of money for full body scanners when the Israeli security system seems to get along just fine without such invasive procedures or expensive hardware.  When was the last time you heard of an Israeli plane being hijacked or blown up?  Think about it.  The Israeli anti-terrorist approach seems to be working pretty well – and they are located right in the middle of a region where they are not the most popular of neighbors.

Former AMR Chief Bob Crandall, now free to say as he thinks, has had a few choice words to say on this very topic of late.  Click on the link above to watch his interview on NBC.  Crandall feels we are paying “way too much” for a system that not only inconveniences the traveling public, but produces an inferior job of security.  He feels looking for behavior patterns is much more effective that invasive security screening.  The Israeli approach to airline security is much more effective according to Crandall.

These are all things I’ve  been saying for years.  When we put the screws to our own people – our traveling public, the terrorists win.  They have inconvenienced us all, changed our way of life and negatively impacted our economy as a result of these few pathetic “attempts” to down a plane.  Frightened and abused American travelers who have decided not to fly as a result, are a bonus to the terrorists – and we’re doing it to ourselves.

Stay tuned for an update to this post in a couple of weeks – to be followed by a story of our experiences of a 3-1/2 hour ordeal in 2002 involving airline security.