Some of you may have noticed my recent lack of blog updates. I've also been completely off the Internet. You probably didn't notice my absence.
That's cool; I'm a nobody.
But, why so mum?
As an internet entrepreneur, being offline costs money, right?
Was it my choice?
No. I didn't feel safe online.
I've been the victim of repeated identity thefts, cyber attacks, and financial fraud at 2 to 3-week intervals since July 2016. I've been burdened with computer viruses that wiped my system, leaked personal data, and mail theft. Most recently, I verified someone has been opening Bank accounts and credit cards using my information starting in November 2016.
There are many ways data could have fallen into the wrong hands, but how safe are you? Really?
First, disclaimer, I have no personal stake or interest in this site. It is simply a resource I stumbled upon researching my tribulations. Haveibeenpwned.com is a non-profit database of 2.2 million recent data breaches made available to the public.
Type in your primary email, you might be surprised what comes back:
I've yet to see someone walk away unscathed. What's downright scary is there are a lot of big companies on this list such as Adobe, XBox, LinkedIn, VK, and a large number of adult sites owned by Brazzers (aka Mandwin, aka Think Geek). What's downright scary is that many of these breaches failed to garner any media attention. I'm not sure if corporate money, poor media ratings, loss of advertising or a combination kept these major breaches so quiet.
First thing, there is no need to freak out and change your Social Security number. At the minimum, consider:
1. Changing your passwords on sites of significance such as banking, Facebook, and anything else containing sensitive data. Make new passwords of at least eight characters in length using uppercase, lowercase, at least 1 number and a unique character (“*” or “^”). This isn't full encryption. Depending on who the attacker's CPU and you ask, cracking one of these passwords can take eight days to 15 months.
2. The creators used some strict criteria to define “Pnwed.” The Yahoo information breach was the biggest hack of all time. Do you know how long it took for Yahoo to go public? Three years
3. I know it's a pain in the ass: Don't use the same password on more than one site. A good hacker can clean your clock in an hour if they figure out you’ve been lazy.
4. Deleting your profile on any of these given services does no good. If you want to keep your LinkedIn profile, there's no reason not to. The damage is done. I recommend to remove that particular password and email combo anywhere else it is used.
5. Also, consider creating a cloud-based public facing (rouge identity) e-mail not opened my a desktop email client that would give away your home IP. Your IP address is one of the most critical assets I hacker can possess. A common method hackers use before the attack is sending me an email to what they believe to be the victim's email to get a “ping” these triggers tell them the e-mail is valid. To add security, there are some good VPN services to encrypt conversations and mask your real IP.
Before we get into my iCloud theory I think it's important we touch on this:
If you browse the Apple community forums or do any Google search for an OS X related technical problem, this is where you'll likely wind up. The prevailing attitude in the MAC Community Forums is virus or keylogger on Macintosh is unlikely as a successful parole hearing for Charles Manson. The mantra is: If for any reason your Mac becomes infected it is some fault of your own.This reasoning is both unintelligent, pompous, and counterproductive.
The reason Macs have a lower rate of infection is simple: MATH! Until up to just a few years ago, Apple had 15% market share and in 2017 the mobile share is dropping!
Put yourself in the mind of one of the cyber terrorists: If you can devise a weapon that decimates 85% of cell phones vs. less than 15%: Which would you pick? Add to the equation mobile now accounting for up to 60% of all online traffic.
I know this is a controversial and unpopular opinion. Let me make my case before you tell me to put away my tin foil hat. So what keeps re-enabling these attacks after multiple security enhancements? There could be many reasons, but I think it would be idiotic to take Apple's iCloud off the table.
I will be straight up with you. I'm far from the world's greatest IT guy! As I had mentioned earlier in the article, you shouldn't use the same passwords on multiple sites. If you polled a stranger on the street if they use secure passwords, of course, they're going to say yes. Reminiscent of the classic chapter inFreakonomics when they polled the men exiting an airport restroom if they have washed their hands after using the bathroom. 80% said yes. The authors knew the actual percentage was somewhere near 10% because they had someone inside the bathroom tracking the true rate of hand washers.
I only mention this because lying to yourself isn't going to help.
Okay, now the iCloud theory:
1. Despite what, you might construe as Apple bashing, I too, am a member of The Cult of Mac: And that's part of the problem. I have been there through the many re-brands including MAC.com emails, ME, MobileMe, and finally iCloud. With each rebrand comes a new e-mail address you don't need. In all the clutter it's easy to set up an “extra” iCloud account.
I am one person. I have one primary e-mail, 1 Cloud account is all I want! Apple has told me that there is no way to delete these emails. “The Best thing you can do his combine into a “family plan.” It's this kind of confusion make's a socially engineered hack even easier. I wasn't even sure who “me” really was in the 11 different aliases. I wasn't the only one confused, so were the folks at the Genius Bar.
2. I was so frustrated with the repetition of events I put enough thread on the Mac forums. Which they immediately change the title of from “I think my Mac has malware or a virus” to “I believe a key logger still has access to two my devices.” What is a community without censorship?
3. The ONLY explanation I could come up with is everything is coming downstream FROM MY KEYCHAIN. So, I looked for an outside opinion. My brother worked as head of security for Bank of America for nearly a decade. I wanted to ask about all of the strange “Kerberos” log files, and before I could even say the word, he said, “Apple has been having some issues with Kerberos.”
4. Out of desperation, I posted my original log file in the Apple support forums here – https://discussions.apple.com/message/31415662?start=0&tstart=0. I posted the Kerberos log files, and the first person to comment on it was Linc Davis (who is apparently the head moderator, #1 Apple Fanboy or Apple themselves). Linc Davis posts are helpful, sometimes just copy and paste. When he initially replied he stated that something seemed odd with the logs but didn't get into much detail other than saying “he would ask for a second opinion.” I returned to the thread the next day only to see this post was mysteriously deleted.
5. Using any Mac device sans iCloud virtually impossible. To be honest, I never was a fan of iCloud. I know what Apple was trying to make it simple, but somewhere it became convoluted. When it comes to cloud computing, I much prefer GDrive to iCloud, with the caveat that any companies that have to retire their “Don't be evil slogan… let's not even get me started! To enable “find my iPhone” which is a feature I love. You can no longer do it without activating the iCloud.
6. I've had an Adobe developers account since the early 2000's. One of the issues you have with it was if you were to change your username and password it would often stop custom made extensions stop running. For that reason only, I left a relatively weak password at Adobe to avoid headaches. Now, this leads back to my Kernbos theory. Kerberos is your best friends as long as you can connect to it. If your computer is overrun with interference that you're on iCloud and Kerobos can no longer communicate, this either leaves all of your information vulnerable to swapping an invalid certificate for your golden ticket (to hell).
7. Each time an attack was attempted, but in my activity monitor, I would see all of my “Adobe core” Extensions to make sure you were the proper owner wake up and start going crazy. At that time I wasn't running any Adobe software. These “helpers” to be gobbling up over 90% of my CPU. I could go into my activity Monitor and manually shut down the processes only need to see them “come back to life” over and over again.
8. Thinking it would help, I would disconnect my computer completely from the Internet but the malicious applications that we're now masquerading as launched(1) and Kerobos. I'm not a hacker either, but I do have a decent understanding of PHP and Linux, and I understand the value both making a malicious process look benign. LaunchD(1) was hogging a disproportionate percentage of resources. I know LauchD is a standard process, but had it been modified?To check, killed it the activity monitor and my computer would shut down. I also noticed the Kernal task was running way harder than it should. Apparently, if I shut that down it would power my computer off.
After previous hacks, I thought I hadn't done the okay job of purging any various codes that might still be looking to resurrect themselves. This time I took it to extremes. Including only accessing wireless through VPN, enabling 2 tier authentication everywhere possible, and completely wiping all of my hard drives using seven pass encryption.
Now that all of that behind me I have the unpleasant task of rebuilding and reconfiguring everything. Yes, while it might sound overkill fool me one-time shame on you, fool me twice shame on me, fool me six times, I think you see my point.
If by chance someone from Apple is reading this just remember that time is not free and “denile” is not just a place in Egypt!
The name Kernbos it Is derived from Cerberus “the guard dog the gates of hell“. If I'm going to entrust all of my information to a dog like that, his teeth have better be just as sharp!