Mad About Science: Cybersecurity

By Brenden Bobby
Reader Columnist

In the wake of the recent ransomeware attack that went global in a matter of hours, cybersecurity has taken the media by storm and has returned front and center to most people’s minds.

How much of your life is digitized? Would you be able to complete your job if all of your devices suddenly became useless?

We don’t consciously realize our dependency on technology until we’re left without it. Computers give us an incredible edge against our competition, and are rapidly becoming a mandatory part of daily life. Calendars, appointments, calculation are increasingly being delegated to machines, but even simple things like the recipe for dinner tonight or the kids’ soccer coach’s contact info are all digitized.

Technology is evolving faster than most of us can adapt to it, and that’s always a scary thing. At the end of the article, I’ll go over some ways to stay safe and organized.

First, here’s the scary stuff:

What is a computer virus?

A computer virus is a broad term for malicious software (malware) that can take on one of many forms. A virus acts much like a biological virus, in that it exists within another program and then spreads itself once the other program is installed on your computer. The virus could replicate itself to a degree that nothing functions on your computer, or it takes forever to do anything. It could be trying to obtain your personal information. It could just be spreading itself for the sake of spreading itself or any combination of the above (and more).

Trojan horses are one of the more common and destructive forms of malware. A Trojan, as the name implies, is presented to someone as a helpful program. Once the user installs the program, it will reveal itself to be harmful. Trojans are developed to wreak havoc on a system, obtain personal information and/or halt function of the computer or network, or oftentimes will allow a third party user/criminal to access the computer and its data with ease.

Trojans usually won’t replicate themselves like a virus. By installing it, you did all of the hard work.

Scareware is something more and more users are beginning to see. You may have even run into it.

Occasionally while browsing the internet, your screen will lock up with a long-winded warning message, demanding you click OK or Cancel to move on. Clicking either one will allow some form of Malware to execute on your computer.

To work around some of this, you can use ctrl+alt+del to open your task manager and use the End Process button to kill your browser. It’d be a good idea to scan for a virus after this, and if it’s from a site you regularly visit, report it to the site’s administrator, usually under a “support” or “contact us” tab.

Phishing is another term you’ve probably heard recently. It’s exactly what it sounds like: Malicious entities are trying to bait you into clicking something you shouldn’t so they can catch information.

Usually what will happen is you will get an email or message from a source that appears legitimate, like a department store or a website you visit, or someone trying to get you to click a link for a prize.

Most phishing scams are littered with typos and filled with telltale signs that it’s illegitimate, but these scammers are getting smarter and more careful with every scam.

Sometimes, if someone you know has fallen for a phishing scam, the scammer could be using their email to try and trick you. If they send you something out of the blue and it seems unlike them, reply back or give them a call before you click anything funny. They may even be unaware that anything is wrong.

There are many more forms of malware and illicit activity that I don’t have the space to cover here, but here are some important ones:

Keylogger. It logs the keys you type then sends it back to the person that sent it to you.

Browser Hijack. It takes over your browser to fill it full of advertisements, will alter your homepage and usually give you a bogus search engine that will compound the problem.

DDoS. DDoS stands for Distributed Denial of Service attack. Here, someone will use a single, or several thousand IP addresses (usually through a botnet) to flood a server several million, billion, or trillion times per second until the server becomes overwhelmed and stops working.

Botnet. A group of network-connected devices around the world infected with software that a hacker, or group of hackers can use to boost their own productivity in a task, or more easily surveil or infect more computers to add to the network. This isn’t strictly restricted to computers, as cybercriminals have been found to use infected items like Google Home controllers, Amazon Echo devices and other things connected through the Internet of Things.

RDP Attack. RDP stands for Remote Desktop Protocol. This is someone else remotely accessing your computer and using it to perform malicious activity. RDP isn’t always malicious, it’s actually built into most computer systems for a network administer to fix problems remotely.

Brute Force. This is when a hacker or a program will attempt to force their way into your account by guessing your password. If a program is doing it, it will attempt every combination of letters, numbers and symbols that are mathematically possible until it eventually cracks the password.

It’s not all gloom and doom! Here are some things you can do to keep yourself safe online.

Get an antivirus. It doesn’t have to be expensive, it doesn’t even have to cost money; ask your friends and family what they use, and if you have a particularly techie friend that you were nice to in high school, see if they’ll give you a list of ones they would recommend, and where to get them.

Verify validity. If Home Depot is sending you an email where half of it is misspelled and asking you for personal information, spoiler alert: It’s not Home Depot.

This can be applied to phone calls, too. Most corporate entities have policies set in place where they will not ask you for any personal information when they call you. So if someone from your TV provider calls you and asks you for specific information about your receiver, your home address, your credit card info, or anything else, hang up and call the actual customer service line online or on your bill. This is an active scam in our area right now.

Check the address bar. If there is a locked padlock or if the website starts with “https://” then it’s secured with encryption, meaning no one that shouldn’t be looking at the info will be able to look at the info.

Use different passwords. Make them complex!

Believe it or not, 12345 is not a safe password. Neither is qwerty. Neither is Password. Neither is your birthday.

Personally, I keep a set of super complex passwords (something like !xC3ojD$2) I had to write down for anything related to my social security number, my bank and my cards.

I use passwords I can remember for things not tied to my identity or primary email.

Never tell your computer to “Remember Password” on anything that you wouldn’t want to lose. This information is stored on your computer and pretty easy for someone to access.

Most of what happens in these hacks are just evolved forms of large scams people used to pull off before the invention of the internet.

“Cast a net, and see what you catch”.

I would also like to invite you to a Cybersecurity class hosted at the Sandpoint Library on Saturday, June 17, at 8:00 a.m. sharp, hosted by our awesome lifelong learning coordinator, Mike! This program has limited space, so be sure to call and register a couple of days in advance.

Stay smart and safe out there, and when in doubt: Ask a librarian!