Tuesday, February 23, 2016

The time Thousand Foot Krutch taught me a cyber lesson


The end is where we begin
I'm a monster if that means I'm misunderstood
Cuz its alive and I can't hide it
The energy is rising
and I'm a traitor if that means I've turned on myself

"The End is Where We Begin," by Thousand Foot Krutch

It's not often that I find a security lesson by way of a rock band. In this case, the lesson was that events don't occur in a vacuum; If we overlook context, we tend to begin at the end, with pre-conceived assumptions and a misunderstanding of what really happened.

I use several security controls around my home, with varying settings depending on the age and the maturity of the user. For my older children, one of the controls is a proxy that warns (but does not block) when they browse to potentially risky sites. I figure by age 16 they are capable of making an informed decision, but the proxy interrupts "impulse clicks" (and serves as a reminder that Dad Still Knows).

Most of the proxy warnings are ad networks (which tends to eliminate popover and popunder malvertising), but occasionally something more interesting comes up. Something such as multiple click-throughs one evening to something.ru - a Russian website.

Just because a domain is hosted in Russia does not make it malicious. In fact, a not insignificant number of my readers are in Russia and its neighboring countries. Still, as Brian Krebs' recent book Spam Nation documents, there is an active criminal element operating out of that part of the world. I don't normally expect my children to be browsing Russian domains, so it piqued my curiosity.

Whether a father or a business owner, context plays an important role in cyber security. If your business comes entirely from North America, Great Britain, or Australia, traffic to or from Russia, China, or Brazil should at least catch your attention. It may even be appropriate to block it entirely (while still recognizing that with TOR or a VPN, someone may well appear to be somewhere they are not). Why leave yourself open to an attack from a part of the world you never do business with?

Conversely, if your business primarily centers on Asia, then Internet traffic to and from the Americas might be suspect, and might be worth blocking. The lesson isn't that ".ru" is evil and ".com" is good - it's just as likely that ".ru" could be a legitimate domain while ".com" is malicious. The lesson is to understand the context.

Which is what I discovered when I asked my son about this unexpected event. It turns out that one of his favorite rock bands, Thousand Foot Krutch, is about to embark on a concert tour covering Russia, Ukraine, and Belarus; my son was (with the help of Google Translate) reading a Russian forum dedicated to the band. With this context, a visit to a Russian web site was entirely understandable.

Ah, if only the story ended there. He was perusing the forum, yes ... but the reason was a rumor that the band had released their new single to the Russian market first, two weeks before it would begin radio play elsewhere. I can't say whether or not that was in fact the case; either way, it opened the door to another conversation about the forms of bait criminals will use to lure in a victim. Oh well - that's what parenting is all about.



Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.