Michael Abraham, author

Rob Jones is one of those rare computer security professionals who is reasonable in price, does house-calls, and speaks human English. He was in my office the other day to help me configure a new peripheral and we got on the subject of computer security.

 “There are lots of bad people out there who want to make your life miserable, either for amusement or profit,” he shrugged.

Rob has been in the business for a long time, following a stint in the Navy. He went to ECPI University and took an electronics course that focused on computers. This was back in the 1990s, the days of the infancy of personal computers, with early IBM PCs and Apple Macintoshes. Computers were often linked in offices but not as much to the wider world. “These machines had 8086 and 80286 processors and a 40MB hard drive you thought you’d never fill up. They had 1 MB of RAM. Processors were measured in MHz, rather than GHz.” There was some connectivity, but it was glacial by today’s standards. “You had to wait a long time for anything to happen.

“The pace of the advancement of computers is far outstripping the ability to protect them from bad things. Because there is lots of money to be made from nefarious activity, there are untold numbers of cyber-criminals. And because your computer and everybody else’s is tied to the internet, there is the potential for theft of sensitive information. Thieves can be private or working for foreign governments who want to know more about us. Recently there was a breach at the (Federal Government’s) OPM (office of Personnel Management). Twenty-two million records at last count were stolen, including that of people with top-security clearances.”

Rob explained that many other everyday items are soon to be wired to the internet, things like kitchen appliances and even washing machines, security systems, and cars. They have no security protections. Hackers have found a way to disable ignitions in cars driving down the highway. It’s dangerous out there.

“I see lots of problems with malicious documents. Most malicious code arrives in email attachments. When you download something that is infected, it can infect your computer. Particularly PDF files can come with infections. So if someone sends you a PDF file, make sure you know what it is and who it’s from before you open it. There are hundreds of thousands of new pieces of malware being generated and released every day. It’s too much for the good guys to keep up with.

“Some of the bad guys are in business. Some just do it as a hobby. It is a method for gathering data for nation-states. Some people create malware and then rent it to other criminals. There are websites, forums, and chat groups that tell how to distribute and optimize malware. There is malware out there that can disable a corporation’s website by inundating it with requests. There is malware out there that can infect your computer and encrypt all your files so your computer can’t read them unless you pay a ransom. Sometimes the ransom is $500, increasing to $1000 within a week.

“There are really no policemen. The bad guys may live in a country where the government is unable or unwilling to seek them out and prosecute them. So they’re untouchable.”

We talked for awhile about Stuxnet, which is thought to be the world’s first major cyber weapon. It infected only the centrifuges of a nation using them to produce nuclear bomb-grade materials. It was an intensely sophisticated piece of software, likely created by a government agency. The sheer volume of code indicated that many people worked on it. Once it was released, it sped up the centrifuges to the point where they self-destructed. But by then, the Pandora’s Box of code was open and other people could see and understand and potentially use the code themselves. “It showed a lot of people how to do nasty things,” he admitted, ruefully. These days, it may be possible for bad guys to disable power stations or cripple the electrical grid.

I asked Rob how he keeps up. “I listen to lots of PodCasts. I go to lots of (security) websites. I study for industry certifications.”

In terms of protection, Rob reiterated, “Education is the key. Don’t go to websites you don’t know. Don’t open attachments from strangers. If you find a USB drive, don’t stick it in your computer. Never ‘unsubscribe’ to anything, because that certifies a valid email address. Do regular backups.”

In spite of the risks, Rob insists not living in fear. “There are certain disasters that might happen that are out of my hands. It’s too much to worry about. I’m not the kind of person who dwells in fear. I figure we’ll solve problems as they arise.”