Data Encryption And Securing Personal Information: Hacker Blackmails Women Into Making Porn.

It’s not every day you come across a story so bizarre that you just have to mention it.  According to stories making the rounds, a hacker blackmailed women into making porn for him after he got his hands on their personal information.  I’ve often mentioned “black swan situations” and the “you never know what’s going to happen” factor as a reason for using data encryption programs like AlertBoot to safeguard information.  This story is truly out there, though.


Hacker Used P2P to Spread Keystroke Loggers and Other Malware



The hacker in question–already arrested by the FBI, by the way–used P2P networks to spread his wares that were used to compromise people.  He disguised his malware as popular songs, and went to work once a victim’s computer was infected.


Taking over the computers remotely, the hacker looked for “intimate images” and used it to blackmail the same women to create porn for him.  Otherwise, he would release the images.  It hasn’t been revealed, as far as I can tell, whether he succeeded, although he did manage to get some women to create such videos by posing as their boyfriend (he found usernames and passwords for e-mails, instant messengers, etc.)


Data Security and “Black Swans”



The black swan I’m referring to is the one popularized by Taleb, where a remote event, unimagined by anyone, materializes to render previous arguments moot.


(The term goes back to when black swans were found in Australia.  Before that, it was believed that all swans were white because…well, they could only find white ones.  But, just because you can only find white ones doesn’t necessarily mean black ones don’t exist.)


Some data security products, such as antivirus software, are products that will always have their work cut out for them: AV can only protect against viruses that are found in the wilderness that is the internet.  AV can’t protect you against “black swan” viruses, i.e., the ones that are out in the wild but haven’t been identified or found yet.


Other data security products, like full disk encryption software (FDE), are meant as a defense of such black swan events.  For example, think of all the ways that you wouldn’t expect your computer to be stolen, because you assume your computer will be safe.  And then, pow!, black swan event: That nun?  She’s a he, he’s a con, and the nun’s on the run…with your laptop under his habit.


FDE will protect the contents of the laptop in such an event, since it’s always on when your computer is off.  However, FDE cannot protect against all scenarios.  If a laptop computer is stolen while it’s on, FDE is useless as a protective tool, unless the thief shuts down the computer (meaning FDE will kick in at that point).  Also, it can’t protect you against viruses.  Which is why you need to have data security in layers.


In the above case with our bizarro hacker, there were potentially two solutions: the first, making sure you don’t create intimate videos and save it on your computer.  The best way not to have a breach is to not have the data in the first place.


Second, use file encryption.  Unlike FDE, file encryption is specific to the file, and requires you to get rid of the protection each time you want to access it (which is why FDE is so much more popular).


Neither solution, however, would ultimately have been successful, if given time, since the hacker would have been able to gain passwords that would have allowed him to override any type of protection.


Actually, now that I think about it, there is one absolute solution in this case: don’t engage in activities that increase the threat of becoming a victim.



Related Articles and Sites:
http://www.theregister.co.uk/2010/06/22/malware_extortion_charges/
http://www.ocregister.com/news/mijangos-254531-victims-affidavit.html



Comments (0)


Let us know what you think