ICT and you and me


12 July 2021 (posted on 26 July) (BBC News):
Voice cloning of growing interest to … cybercriminals
Told ya! (See “What to do if you are being stalked”. See also link below to article in WSJ.)


2 May 2021 (BBC news and Dutch news):

UK behind in tackling number spoofing, says Ofcom, and another major organization in the Netherlands – bol.com – just paid the wrong party a lot of money (€750,000 this time)
No, yours truly ain’t no silly delusional or paranoid ol’ cow. If you said to me that you thought so, it likely was because I confronted you with uncomfortable truths that you weren’t aware of yet and that upset you too much. I won’t mention the alternative, namely that you’re simply pretty stupid and rude and sexist/misogynist, in my humble opinion.


January 2020: 
Dutch museum scammed out of 2.66 million euros
This happened when criminals hijacked its e-mail communication with a British art dealer. In spite of what most people think, e-mail hijacking is a very common occurrence, also according to this article in Dutch newspaper TROUW:
https://www.trouw.nl/binnenland/het-rijksmuseum-twenthe-is-niet-de-eerste-die-werd-opgelicht-via-e-mail~ba4fba79/


February 2020: Phone line interference, another example of how communications can be interfered with.
That the British police officers who bungled this case consider it “sophisticated” indicates how far behind these self-proclaimed “experts” really are. This is the digital age, people. These cops also pounced on two innocent bystanders, at least one of whom they should have been able to recognise. That mistake alerted the criminals to the police presence.
https://www.theguardian.com/money/2020/feb/08/bank-couple-lose-43000-but-cant-get-a-refund

August 2019: Fraudsters get CEO of British energy company to transfer 220,000 euros by faking the voice of the parent company’s CEO. (voice cloning, voice conversion, voice spoofing)
https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402


January 2018: Dutch intelligence agencies hack into the equipment including cameras of Russian “Cozy Bear” hackers who meddled in the US elections. 
Put your hands together for these “girly swots”, working under a government with a girly swot science professor in it (Ronald Plasterk).

Wake up!

Most people, including most police officers, still have no idea what “hacking” really is.

Most people still believe that it is a mere matter of needing to change one’s e-mail password. If only it was that simple. Hacking often means that someone else has full control over your equipment, including your e-mail and including whether you receive your e-mail or not and whether people you e-mail receive your outgoing e-mails.

Something similar goes for phone calls and texts.

Did you know that a hacker can also generate messages and emails in someone’s computer or phone after that equipment has gotten hacked into?

Did you now that some hackers will go as far as pick someone’s locks to be able to access that equipment? Many hackers are also into picking locks as well as into hacking people, the latter better known as “social engineering”.

No, folks, blocking the hacker on Facebook or changing your Yahoo password will not remedy the problem.

Cyber mischief and cyber crime affect many people around the world these days, in various ways.

No, you do not have to be stupid to run into and fall for cyber mischief and cyber crime.

No, I am not an IT expert.

Keep reading, though, and you’ll learn a few things.

I was taught a tiny little bit of UNIX and Turbo Pascal at university (VU University Amsterdam).

Before that, I had tried to teach myself Basic without having a computer.

I also looked into AI back then (1982, roughly), got a list of books they were using at the computer science department of one of the two local universities and purchased some of the books (one was by Tanenbaum who was one of its professors), when I was deciding what to enrol in before I quit my job in my mid-twenties. The idea of AI, and also computer science in general, interested me, but I enrolled in earth sciences because it is so wonderfully multidisciplinary (even requiring you to speak other languages because of the fieldwork you do).

I started banking electronically in 1992 or 1993, with a dial-up modem.

A few years later, I became one of the first people in Europe with a PayPal account because, in those days, it required having a US bank account, and I used to have one. (After I moved to Britain in 2004, I was forced to close that PayPal account, and open a new one.)

My first computer was used, bought from a fellow earth science student who was about to move to the US. My second computer was a used one too. They were later XTs, the same model. (Which means a 286, I suppose.) I e-mailed with those XTs (and for a long time, people told me that this wasn’t possible).

I reprogrammed the second-hand modem to be able to use it with my second XT computer, for e-mail and some rudimentary web access. That took a while. Getting the first XT to cooperate with the modem was much easier, as that modem already had (most of) the right settings.

At the university, I had worked with Windows as well as with Apple computers (and of course, the kind of computers that are attached to pieces of equipment). 

I briefly worked at an IT helpdesk where I had to familiarise myself with three new “packages” in one or two days (one of which was the predecessor to DOS).

My first new-bought computer was, I think, a 386? It may have been still before Windows 95. (It was a deal offered by my Dutch bank. (Why? Because in those days banks still did things for their clients, I suppose. They somehow had made a deal with a computer company and were offering computers to clients. I decided to go for it.)

My first web pages were on Fortunecity. I had voice comms on my Fortunecity pages before most people’s computers even had speakers, let alone microphones.

I bought my first internet domain (armadillo-research.com) in 1998 or 1999, from Easynet. I coded my web sites as text in notepad (and still do, at times). One of those sites had hundreds of pages and several links from Wikipedia (which means that it also served as a knowledge resource for others).

I built the first website for the Environmental Chemistry (and Toxicology) Section of the Royal Netherlands Chemical Society, took part in a meeting concerning its parent organization’s new website (kncv.nl).

I contributed to Ben Vroom’s “Checklist voor goede websites” (Kluwer, 2002), a booklet on the usability of websites.

For the Department of Water Engineering and Management at the University of Twente, I helped teach grad students water flow modelling with SOBEK, a package that I had not used myself and had to learn about very quickly.

After I moved to the UK, I decided to build a computer from scratch at some point and was astonished that it worked right away. It also had a really cool case (by Ultra) that was hard to get and delightfully easy to work in. (Still the best-looking case I’ve ever seen!)

(2019 situation in the UK)

I became the target of persistent hacking in 2008. (It’s targeted at me in person, not random.) I have learned a lot from that, including the fact that if none of the steps you take help for more than a few days, you have to consider the possibility that people are simply going into your home to obtain physical access to your equipment. That’s what happened in my case. I didn’t see it coming.

Yes, I have been in contact with the ICO about it at some point and I had a complicated protocol in place to safeguard certain clients’ interests for a while. [Many law firms had and likely still have almost no data security, by contrast. See this post and this post.] Most or all of my clients know or knew about my challenges. 

Equipment purchases I made, such as a more expensive router (not using wireless), made no difference and a UPS I bought to be able to operate a PC fully off-grid (air-gapped) got accessed too. That baffled me, but that was before I discovered that my locks were getting picked a lot.

(Other types of mischief also often go on in my home when I am out.)

Lock-picking and hacking require similar skills. Just as any computer can get hacked, any lock can be picked or eventually circumvented. What differs is how much time it takes someone.

I have no hacking skills and no lock-picking skills, but I know a tiny little bit about how it is done.

You can roughly divide hacking into three areas:

  1. Software hacking
  2. Hardware hacking
  3. People hacking (social engineering)
  4. The fourth component is taken up by staff that works at providers.

Until 2008, I had been using computers at a high level of security and had always been able to solve any problems on my own. I knew my equipment very well and as soon as anything was amiss, I knew it. For many years, I was part of a related online community in the Netherlands so I used to be up-to-date on the latest threats and vulnerabilities and other information.

I used to do simple things like traceroutes, and in Southsea one day, it enabled me to confirm that my internet traffic was being diverted so that I could not access my domain e-mail and website. I already knew that, but having the printed proof of it is nice (output piped to lpt1).

You can’t take anything like that to police as evidence. Police officers would have had no clue what a traceroute meant. The police does nothing with cyber crime in any case. Below is more information about UK police and cyber crimes.)

Read on.

If, to your astonishment, you find that someone is accessing your offline computer(s), rest assured that you’re probably not going crazy, because let’s face it… It is very hard to imagine something like that!

Yes, that too has happened to me. I had a feeling that something like that was going on. Then one day, when I had just left the building, realised I’d forgotten something and walked back into my office in which a computer was on but offline – with no ability to go online – I found a new program opened on it. I’ve seen similar things since.

It is very likely happening via the electrical circuits in the building in which you’re living, if they haven’t been separated properly. It can also be done by accessing your equipment and somehow making it accept power-line networking and then making use of the power-line network leakage that is often present in buildings. 

If you then place a timer in the circuit (which I did) you may hear it click frantically for a while, but a day or so later, that’s been circumvented too (although that may be because you haven’t realised yet that people are actually going into your flat when you’re out). In my case, it was followed by the message “Thought you could keep me out?” on my screen.

Oh, and my Windows key got reported as stolen, too, and so on and so forth. That put a stop to my LLFs and freshly installing that Windows version time and time again.

Another interesting experience is walking into your office in the middle of the night and finding that your computer has switched itself on. (You may be able to tackle that in the BIOS. It also teaches you, perhaps, not to have your PC plugged into cable or adsl unless you’re using it.)

And do you know what it feels like when your keyboard input becomes randomised, so that your keywords stop working? I have set my PCs up such that when I switch it on, it asks for one or more passwords. That is not the only time when a randomiser can play up. Hackers can do this on mobiles and tablets as well. (I’ve seen it happened on one of mine, when I was typing visible text.)

On another occasion, when I still had a landline, whenever I picked up my phone, it would tell me “You have reached the mailbox of Death’s Door Quest.” followed by the announcement that there was no more space or that the mailbox was full. That lasted about two weeks; I simply stopped checking after a while.

I also knew about the “invisible text message” phone hack before others did because I saw it on my own phone, but nobody believed me. It eventually hit the media.

It turned out that I was not quite the delusional old cow many people thought I was with regard to this either: https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/#5a630cf12034. (I had an iPad for a short while.)

Among other things, I advise you to watch this video:

Pay attention to the WOMAN who calls from her phone which displays the MAN’s phone number on the screens of the parties she calls and who sounds like a MAN when she does that.

I’ve been aware that this is possible and quite easy to do for many years – alerted to it by occurrences in my life, I should say – but people tend to think you escaped from the “lunatic asylum” when you mention something like that. They prefer telling themselves fairy tales.

Watch this one, too:

Most people are shockingly ill-informed about digital security and related matters; their awareness is hopelessly outdated.

I remain utterly astonished by the bullshit all sorts of people and organisations tell each other and notably themselves about their own IT security, and all the excuses they make up to enable their complacency. They’re saying, in essence, that their cybersecurity is better than the Pentagon’s. Ya think?

I’ve been told all sorts of nonsense too, such as “tablets can’t get hacked” even by people who really should know better.

Not surprisingly, perhaps, British police does not even bother dealing with IT issues any longer. These days, most of its officers literally have as much IT knowledge as any homeless meth addict or industrious takeaway owner without website. If they’re lucky, people who have fallen victim to economic computer-related criminality and contact their local police are referred to Action Fraud UK. They then usually contact Action Fraud while entertaining the illusion that Action Fraud actually investigates the crimes they report. It does not. It says so loud and clear on its website, but most people simply don’t want to hear this either.

British police generally no longer investigates crimes committed against members of the public, other than murder and violent assaults (unless you are a prominent person, maybe). This has been the case for over a decade. If you talk to random police officers and ask what you should do after a break-in, you’re likely to be told that you can report it, but that police will only use it as “intelligence” (that is, you will be providing the police with information), but no more than that. Being a police officer has become one of the most stressful and ungrateful jobs there are.

You are allowed to investigate crimes against you and are allowed to try and prevent them, but if you do, police officers may arrest you for criminal harassment without informing you of the exception in the Protection from Harassment Act 1997, which states the following:

(The duty solicitor who is supposed to do his or her duty if you’re arrested likely won’t tell you about this either!)

These days, you need to stand up for yourself all by yourself in the fight against crimes committed against you. As I already indicated, police will usually only come into action after you’ve already passed away or came close to passing away (as a result of a crime, I mean). It’s good to be aware of that and use common sense in anything you do.

Coming back to IT… my most embarrassing “IT experience” occurred when I was using an electronic calculator for water modelling exercises (for the above-mentioned SOBEK class). My calculator was giving me bogus results because the batteries were running empty, without me realizing that in time. For a while, nothing added up!

Gaming
Gaming is extremely important within science, but still not used enough. In a gaming environment, scientific solutions are found much quicker. Chemistry as well as water engineering and management are two areas in which gaming can make a crucial difference.

I haven’t done any gaming myself. I briefly had a Second Life, I had a phase in which I played Tetris a lot and a phase in which I played PacMan a lot. That’s it. (My own life has amply made up for the lack of gaming experience.)

Blockchain technology, cryptocurrencies and IOT
I was way too late with that (but I have excellent reasons). Then I started reading up a bit and watching YouTube videos. I carried out a few teeny tiny (pennies and cents) BTC purchases and transfers to find out a little bit about how it all worked when cryptocurrencies still had mostly a bad rep. (I remember being nervous about it when I took the first steps.) That experience taught me a little bit about the advantages and disadvantages of using cryptos back then, just a few years ago. Things have improved a lot, as there is more integration with fiat, for example.

I participated in one ICO (a fintech utility token), for about EUR 90 and I spent a mere 3 bucks or so on one top altcoin. The latter may make me 5000 bucks or so one day. If it doesn’t, that’ll be fine too. The ICO may eventually give me a small income stream or maybe I can cash out on it one day. It’s still too early to say, but I am not holding my breath, although this crypto usually features in the top-200 on coinmarketcap. I’m hanging onto my holdings for now. Waiting for the tokens to be released and finally actually seeing them in the blockchain they use was quite cool. It also showed me that there was still a lot of work to be done for this new technology to take over the world. (No, they are not sitting in my mobile.)

I don’t have any experience with IOT, but I know that IOT is already being used to monitor air pollution in Nuremberg. I have heard that it is also used, in combination with blockchain technology, in track-and-trace applications, with as specific example tracking food from farmer to consumer, so it is likely that this will become a pivotal part of the circular economy. IOT is also being used in several lung health applications.

This you do not want to read, by the way: https://www.bbc.co.uk/news/technology-48935111

(Or this: https://www.bbc.co.uk/news/technology-47812475)

In the 1990s, something that I loved to do quite often was to tell my modem in Amsterdam to dial into the measuring equipment in Tampa Bay in Florida, so that I got the local water temperature, and other data, in real time. I thought it was amazing. (It was called the P.O.R.T.S. system; it still exists and it’s online, available to everyone now. See images below.)

It was just as amazing to put my hand on the ripples of a fossilised beach in Scotland or in the Belgian Ardennes and make a data connection across a humanly unimaginably large temporal distance.

And if you’re a geologist, you can look at most fossil ripples and tell whether they existed in a marine (wave) environment or in a stream. That, too, constitutes a data connection across a temporal distance. The chemical (and/or fossil) compositions of many rocks also provide a data connection with the past, telling you the temperature and pressure path they experienced, or which water temperatures, water depths etc.

By the way, the turquoise colours on the left in the images below, that’s the Gulf of Mexico, with a long line of barrier islands.

A few years ago, I wrote “Biella’s in love” (Biella = Gabriella Coleman, who holds the Wolfe Chair in Scientific & Technological Literacy at McGill University, Montreal, Quebec, Canada). You may want to read it. I do think it rambles a little, lol.

I wrote “Why I don’t do Instagram” on LinkedIn some time ago, about the utter lack of scruples at Facebook. It’s why I quit Instagram and WhatsApp and am wary of Facebook.
Why I don’t do Instagram