Monday, January 15, 2007

"Baaack it up!" * (Before the Botnets get it)

Here’s one of the most ancient and didactic of the sacred injunctions of Computerdom, but one which potentially carries an even greater urgency for us now:


(How boring, I know: it tends to fall into that same bin with your dear sainted Mother telling you to clean up your room, or to stop doing whatever it was that you kept doing that just really drove your mother up the wall. But it’s one of those simple essentials we all know is true, yet somehow still need regular reminders to do.)

What sparked this particular ringing of the alarm was a positively scarifyin’ article by John Markoff in the New York Times last week, on the “Attack of the Zombie Computers” (which, damn, they've already archived and are charging for).

Botnets -- programs that secretly install themselves on perhaps millions of personal computers and band them together into a network to commit Internet crimes – “are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft. Security researchers have been concerned about botnets for some time... what is new is the vastly escalating scale of the problem."

"A security researcher analyzed the information contained in one 200-megabyte file that he had intercepted. The data came from 793 infected computers, and in a 30-day period, it generated 54,926 log-in credentials and 281 credit-card numbers, affecting 1,239 companies, including 35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts."
That was in one file.
Said “David J. Farber, a Carnegie Mellon computer scientist and an Internet pioneer, ‘It’s an insidious threat, and what worries me is that the scope of the problem is still not clear to most people.’ Referring to Windows computers, he added, ‘The popular machines are so easy to penetrate, and that’s scary.’”

“The consensus among scientists is that botnet programs are present on about 11 percent of the more than 650 million computers attached to the Internet. A computer security researcher… who coordinates an international volunteer effort to fight botnets (said,) ‘The war to make the Internet safe was lost long ago, and we need to figure out what to do now.’”
Let’s revisit that last statement: “The war to make the Internet safe was lost long ago.” You know, just a moment of consideration of this concept, assuming it’s credible, must give one pause. We could quite possibly wake up one day and find the Internet down. Really down; brought to its knees.

But you don’t need the Web to crash for it to be a disaster; it could be your own personal information swiped from your computer, or the system of a company you’d entrusted some juicy bits to. Perhaps you’d hear a lonely whistling sound, as the breeze blew through your empty bank account.

I really don’t think this is alarmist in any extreme way. “Shift Happens.” We’ve just got to be truly prudent, and create our own backups. Then, if the unimaginable does occur, you can say, with considerable relief, “Well, at least I’ve got a copy of everything.” (That might be handy if you had to go to court to get your money back from the bank, for instance. You know, the one that charges you $35 for any oversight or slip of the pen?)

Protecting the data on your machine is just the start. For example, I’ve got one bank account that I use (sparingly) to buy things over the phone or Web, but I just leave a little in there, and the bulk in other, disconnected accounts. It’s not foolproof, but it lessens the odds of potentially getting thoroughly cleaned out in one swell foop.

Related, here:
"Hey, NYT, What About Fair Use?"
* - “Baaack it up!” Couldn’t resist quoting the anonymous garbageman who woke me with this cry every early morning, numerous years ago, as he guided his truck in backwards to pick up the refuse from the restaurant I lived next door to.
(That was “Maddies,” for you Marbleheaders, which is actually named “The Sail Loft.”)

No comments: