The Moldovan computer expert Andrey Ghinkul (known as Smilex) created Dridex (a chunk of malware), which unwary punters downloaded onto their computers after clicking on a link advising them to see a doctor because they had cancer. Obviously, there’s no point in telling Ghinkul that he’s a poisonous, loathsome little shit: he’s got £20m out of the scam. What does he care?
Dridex (described by a US Attorney as “one of the most pernicioius malware threats in the world”) was finally defeated in the past week by the combined efforts of the FBI, the NCA (National Crime Agency) and a number of private security firms. Good news there then.
But which UK banks, you may wonder (as a matter of passing interest) were affected by Dridex attacks? Ask the NCA. Or rather, don’t waste your breath. The NCA will tell you it cannot name the banks hit by the fraud in Britain because the institutions are fearful of reputational damage from the incident.
Jesus Christ. What a bunch of jokers. As if they think they have any shred of a reputation left to protect. Do they think that lying, rigging, mis-selling, over-charging, deceiving and ripping off customers before demanding billions of pounds of bail-outs from the public purse is not damage enough? Do they think that having their senior staff exposed as greedy, self-regarding, arrogant, amoral pond-life remarkable only for their capacity to disguise their professional incompetence, their naked avaraice, and their intellectual inadequacy inside a well-fitted Savile Row suit is some kind of recommendation?
I digress.
There will always be Smilexes. Banks will always lie. Sites which should know better will always have crappy security. And all of us should know better and stop acting like a bunch of idiot householders who leave their doors open, stick their cash and goods on display, and slap a sign in the window saying “I’m stupid. Come and nick my stuff”.
I am really puzzled by this. No really. How many people don’t observe the following?
Install anti-virus software. Change passwords regularly. Don’t use one for all. Don’t make them obvious. Don’t use Chrome autofill or similar. Don’t tick “yes” to any of those ever-so-helpful things that offer to remember your password. Don’t do one-click shopping. Never click on a link in a mail. Use adblocking software.
Congolese diamond mine owners don’t exist, or at least if they do, they won’t be offering you 10% commission on urgent dollar sterling transfer my accounts please my friend. Never respond to mails from mates about robberies in Mongolia, police custody, lost passports and the British Consulate being crap. Anything that’s too good to be true … is too good to be true.
Don’t tick boxes asking if it’s OK to share your details with selected third parties: it isn’t. If a bank mails you to ask for anything – ring them up to check. And don’t use the phone number on the email if there is one. If a bank rings you – put the phone down. You might think it’s far too much of a pain, but renew your debit card or whatever it is you use for the majority of your online transactions every nine months. (The CVC and last four digits will change).
Exercise just a little – just a little – self-awareness on social media. Surely that doesn’t need to be said? Unless, of course, you’re happy for your next employer/your mother/your significant other to see pictures of you drunk and vomiting over a sex-worker in Amsterdam, or unless you’re happy for some crim to know you’ve gone off on holiday for two weeks in Bali.
Make “Off” the default for location tracking on your mobile phone or other device unless you absolutely need it (Ubers, that kind of thing). Don’t buy or use iPhones or iPads or any other Apple products (that's just personal prejudice, but there's also something creepy about Apple-dependency and Apple cool at the cost of Chinese workers jumping out of factory windows). Use a search engine which doesn’t share your details with anyone. I know nothing about Tor or proxy servers or any of that (just yet) but I will do soon.
We are too trusting, we use the internet too blithely, we have no clear idea of what people know about us or how they use the information. Time to take some responsibility. Time to grow up and act like adults over this. Time to shut the windows, fit new locks, buy a burglar alarm, park the car in the garage and pull the bolt across the door.