1 00:00:00,320 --> 00:00:02,880 Speaker 1: Brought to you by the reinvented two thousand twelve camera. 2 00:00:03,200 --> 00:00:08,960 Speaker 1: It's ready. Are you get in touch with technology? With 3 00:00:09,039 --> 00:00:17,680 Speaker 1: tech Stuff from how stuff looks dot com. Hello again, everyone, 4 00:00:17,720 --> 00:00:21,799 Speaker 1: Welcome to tex Stuff. My name is Chris Polett, and 5 00:00:21,800 --> 00:00:23,920 Speaker 1: I'm an editor at how Stuff works dot com. I'm 6 00:00:24,000 --> 00:00:26,920 Speaker 1: trying to crack up the person sitting across from me, 7 00:00:27,000 --> 00:00:29,800 Speaker 1: and that's the person I usually talked to on these podcasts. 8 00:00:29,840 --> 00:00:32,600 Speaker 1: His name is Jonathan Strickler and and he is a 9 00:00:32,640 --> 00:00:35,760 Speaker 1: senior writer here. To get there, you follow Highway fifty 10 00:00:35,840 --> 00:00:37,920 Speaker 1: eight going northeast out of the city, and it is 11 00:00:37,960 --> 00:00:42,440 Speaker 1: a good highway and New all right, We're we're talking 12 00:00:42,479 --> 00:00:45,360 Speaker 1: about numbers today, Yes we are. We're talking about getting 13 00:00:45,400 --> 00:00:49,160 Speaker 1: to where you're going and getting diverted along the way. So, 14 00:00:49,880 --> 00:00:51,800 Speaker 1: as of the recording of this podcast, which is in 15 00:00:51,960 --> 00:00:56,080 Speaker 1: April of there is a story that's actually not a 16 00:00:56,080 --> 00:00:59,720 Speaker 1: news story necessarily. It first started to kind of make 17 00:00:59,720 --> 00:01:03,240 Speaker 1: the New is way back in November, but it's kind 18 00:01:03,280 --> 00:01:06,640 Speaker 1: of sort of bubbled up and it's an operation that 19 00:01:06,720 --> 00:01:10,520 Speaker 1: the FBI, the Federal Bureau of Investigations, has headed up 20 00:01:10,959 --> 00:01:16,280 Speaker 1: and it all involves hacking into the Internet and uh, 21 00:01:16,360 --> 00:01:21,320 Speaker 1: and and messing around with Internet traffic. It's called Operation 22 00:01:22,200 --> 00:01:26,880 Speaker 1: Ghost Click. That's a nice name. I always love hearing 23 00:01:26,920 --> 00:01:32,280 Speaker 1: the operation names. It is a wacky doctors game. So um, 24 00:01:32,319 --> 00:01:34,720 Speaker 1: I think first, before we get into too much detail, 25 00:01:34,760 --> 00:01:37,959 Speaker 1: we should probably talk about how internet traffic works. We've 26 00:01:37,959 --> 00:01:41,560 Speaker 1: mentioned that on the podcast on a handful of occasions. 27 00:01:41,600 --> 00:01:43,880 Speaker 1: I think when in fact we got into the domain 28 00:01:44,000 --> 00:01:48,920 Speaker 1: name system DNS system or sorry that was redundant, the 29 00:01:49,000 --> 00:01:52,400 Speaker 1: d N s uh no was servers um Well are 30 00:01:52,440 --> 00:01:55,440 Speaker 1: both because DNS can can mean both, but right, right, right, 31 00:01:55,640 --> 00:01:58,279 Speaker 1: So yeah, we talked about it before. And basically every 32 00:01:58,320 --> 00:02:04,200 Speaker 1: website has a is um as an address, a physical address, 33 00:02:04,280 --> 00:02:07,600 Speaker 1: well physical address on on a hard drive, a physical 34 00:02:07,640 --> 00:02:10,800 Speaker 1: hard drive somewhere, and these numbers, there are are four 35 00:02:10,840 --> 00:02:14,960 Speaker 1: sets of numbers separated by periods, and that address is 36 00:02:15,080 --> 00:02:20,560 Speaker 1: unique to that um space on that physical hard drive somewhere. 37 00:02:20,639 --> 00:02:23,560 Speaker 1: And so if you typed in UM h T T 38 00:02:23,680 --> 00:02:27,000 Speaker 1: P colon slash slash and these this number, you will 39 00:02:27,040 --> 00:02:29,960 Speaker 1: get to a website. Of course, that's very inconvenient because 40 00:02:30,000 --> 00:02:31,880 Speaker 1: then you either have to write down these numbers or 41 00:02:31,880 --> 00:02:34,720 Speaker 1: bookmark them or you know, yeah, you have to have 42 00:02:34,800 --> 00:02:38,760 Speaker 1: some sort of weird total recall thing going on where 43 00:02:38,800 --> 00:02:43,600 Speaker 1: you can just easily remember any series of numbers, which would, 44 00:02:43,680 --> 00:02:49,440 Speaker 1: uh would would make you incredibly useful, but it would 45 00:02:49,440 --> 00:02:51,160 Speaker 1: also make you very rare. Most of us, most of 46 00:02:51,240 --> 00:02:55,040 Speaker 1: us are just not It's not something humans are particularly 47 00:02:55,080 --> 00:02:58,720 Speaker 1: good at doing on average. So that is what kind 48 00:02:58,760 --> 00:03:01,200 Speaker 1: of gave rise to the idea of having this domain 49 00:03:01,360 --> 00:03:04,600 Speaker 1: name system. Yes, now, domain name system, what it does 50 00:03:04,800 --> 00:03:08,639 Speaker 1: is it allows you to create a domain name as 51 00:03:08,680 --> 00:03:13,600 Speaker 1: in words that correspond to whatever your site is, and 52 00:03:13,639 --> 00:03:17,720 Speaker 1: then that itself is mapped to this series of numbers, 53 00:03:17,720 --> 00:03:22,160 Speaker 1: this i P address right, the i P being Internet 54 00:03:22,240 --> 00:03:26,240 Speaker 1: protocols UM, which is the the language that gets uh, 55 00:03:26,480 --> 00:03:29,000 Speaker 1: you know, you from one place to another on the Internet, 56 00:03:29,040 --> 00:03:31,840 Speaker 1: regardless of whether you're using a Windows machine, Mac or 57 00:03:31,880 --> 00:03:35,200 Speaker 1: Linux or mobile thing. It gets you to the same place. 58 00:03:35,240 --> 00:03:37,960 Speaker 1: And what allows you to type in how stuff works 59 00:03:38,000 --> 00:03:41,320 Speaker 1: dot com and get to our website. Yes, so if 60 00:03:41,320 --> 00:03:43,600 Speaker 1: you were to type how stuff works dot com, what 61 00:03:43,720 --> 00:03:47,360 Speaker 1: happens is that request you know, what you're essentially doing 62 00:03:47,400 --> 00:03:49,640 Speaker 1: is you're telling your browser I want access to this 63 00:03:49,720 --> 00:03:54,800 Speaker 1: particular website. Your browser sends this message along up a 64 00:03:54,920 --> 00:03:58,640 Speaker 1: chain of command, and uh, you know, it has to 65 00:03:58,680 --> 00:04:02,440 Speaker 1: go out to the right computer that has the website 66 00:04:02,600 --> 00:04:05,880 Speaker 1: living on it and retrieve that so that you get 67 00:04:05,920 --> 00:04:09,400 Speaker 1: an instance of it back at your machine. In order 68 00:04:09,440 --> 00:04:12,920 Speaker 1: to do that, it has to first map that what 69 00:04:13,040 --> 00:04:14,960 Speaker 1: needs to have is the name that you're typing. It 70 00:04:15,000 --> 00:04:19,840 Speaker 1: has to be mapped to that physical machine, that physical drive, uh, 71 00:04:20,120 --> 00:04:23,080 Speaker 1: and it does this by going through domain name servers. 72 00:04:23,400 --> 00:04:25,800 Speaker 1: A domain name server is essentially like think of it 73 00:04:25,920 --> 00:04:29,480 Speaker 1: kind of like a phone book. Yeah, so that all 74 00:04:29,560 --> 00:04:31,600 Speaker 1: the different u r l s you could type in 75 00:04:32,240 --> 00:04:38,599 Speaker 1: are indexed against these number numerical addresses. And then that way, 76 00:04:38,680 --> 00:04:41,000 Speaker 1: once you type in the u r L, it looks 77 00:04:41,040 --> 00:04:46,320 Speaker 1: for the corresponding numeric address, pulls information from that that 78 00:04:46,360 --> 00:04:50,719 Speaker 1: particular source, and then serves it back to you so 79 00:04:50,800 --> 00:04:54,000 Speaker 1: that you get what you asked for. Well that you 80 00:04:54,120 --> 00:04:59,200 Speaker 1: asked for it, you got it anyway. So, um, the 81 00:04:59,760 --> 00:05:02,720 Speaker 1: whole deal here is that you are going to get 82 00:05:02,960 --> 00:05:07,680 Speaker 1: the right information assuming that everything's working correctly, and occasionally 83 00:05:07,720 --> 00:05:10,960 Speaker 1: stuff messes up. There might be uh the computer that 84 00:05:11,000 --> 00:05:13,720 Speaker 1: hosts the site might be down, in which case you're 85 00:05:13,720 --> 00:05:15,599 Speaker 1: going to get something like a four or four error 86 00:05:16,320 --> 00:05:19,440 Speaker 1: because the Internet is not going to be able to 87 00:05:19,480 --> 00:05:22,520 Speaker 1: find the file that you've requested. Very sorry, the Internet 88 00:05:22,600 --> 00:05:25,760 Speaker 1: is broken. The elders of the Internet called and they said, 89 00:05:25,920 --> 00:05:29,839 Speaker 1: no more Internet for you. But most of the time 90 00:05:30,040 --> 00:05:33,760 Speaker 1: it's gonna work just fine. However, what happened in the 91 00:05:33,839 --> 00:05:38,120 Speaker 1: case of Operation ghost Click is that, uh, the FBI 92 00:05:38,240 --> 00:05:43,839 Speaker 1: discovered there were some people who had created some rogue 93 00:05:43,960 --> 00:05:48,200 Speaker 1: DNS servers. So, in other words, these get these folks, 94 00:05:48,560 --> 00:05:53,680 Speaker 1: six Estonian nationals, according to the FBI, um got together 95 00:05:54,320 --> 00:05:58,279 Speaker 1: and created these servers that acted just as a domain 96 00:05:58,360 --> 00:06:01,520 Speaker 1: named server would. So in other words, it had a 97 00:06:01,600 --> 00:06:03,760 Speaker 1: collection of u r l s and index of u 98 00:06:03,839 --> 00:06:08,360 Speaker 1: r l s and an index of addresses numeric addresses. 99 00:06:08,440 --> 00:06:11,280 Speaker 1: So it's like a fake phone book, right exactly. Some 100 00:06:11,440 --> 00:06:14,919 Speaker 1: of the entries in this fake phone book went to 101 00:06:15,240 --> 00:06:20,040 Speaker 1: different phone numbers, so instead literally, yeah, but we're since 102 00:06:20,080 --> 00:06:23,120 Speaker 1: we're sticking with the analogy, sticking with that analogy. So 103 00:06:23,240 --> 00:06:27,200 Speaker 1: instead of the official phone number for a particular website, 104 00:06:27,200 --> 00:06:29,560 Speaker 1: you would get a fake one, and it would, in 105 00:06:29,600 --> 00:06:31,880 Speaker 1: other words, that you would go to a fake numeric 106 00:06:31,920 --> 00:06:35,000 Speaker 1: address for a real site, so you might type in 107 00:06:35,080 --> 00:06:39,240 Speaker 1: the address perfect in your u r L bar. Right, 108 00:06:39,560 --> 00:06:43,200 Speaker 1: So let's take a random example let's just say Yahoo. 109 00:06:43,760 --> 00:06:48,000 Speaker 1: So you do www dot Yahoo dot com, you hit enter. Now, normally, 110 00:06:48,200 --> 00:06:50,760 Speaker 1: in a regular DNS server, it would look up that 111 00:06:50,920 --> 00:06:54,599 Speaker 1: you are L, look to see what the numeric address 112 00:06:54,720 --> 00:06:57,200 Speaker 1: is for that u r L, send that information out, 113 00:06:57,279 --> 00:07:00,159 Speaker 1: retrieve the website, and serve it up to you. A 114 00:07:00,279 --> 00:07:03,240 Speaker 1: rogue DNS server would look up that u r L, 115 00:07:04,160 --> 00:07:07,599 Speaker 1: look at the numeric address that was created for that 116 00:07:07,760 --> 00:07:10,640 Speaker 1: u r L. But it isn't actually the address for Yahoo. 117 00:07:10,640 --> 00:07:14,040 Speaker 1: It's an address for something else, and it serves that 118 00:07:14,240 --> 00:07:17,480 Speaker 1: up to you. Now, why would anyone do this? There 119 00:07:17,480 --> 00:07:19,480 Speaker 1: are a couple of different reasons. Now, in the case 120 00:07:19,560 --> 00:07:23,280 Speaker 1: of the Estonians and uh, they were doing something I 121 00:07:23,360 --> 00:07:28,320 Speaker 1: think that was kind of uh deediously clever. They were 122 00:07:28,360 --> 00:07:32,720 Speaker 1: doing this in order to reroute traffic to break in 123 00:07:33,040 --> 00:07:36,400 Speaker 1: advertising money. So, in other words, what they wanted to 124 00:07:36,440 --> 00:07:39,880 Speaker 1: do was the way advertising on the internetworks in general 125 00:07:40,000 --> 00:07:42,440 Speaker 1: is that you get paid for a certain number of 126 00:07:42,560 --> 00:07:46,120 Speaker 1: views of that ad It's called impressions. The number of 127 00:07:46,160 --> 00:07:50,360 Speaker 1: impressions and ad gets that translates to money, And if 128 00:07:50,400 --> 00:07:52,720 Speaker 1: you get lots and lots and lots of impressions, you 129 00:07:52,760 --> 00:07:55,720 Speaker 1: get lots of money. Um. Then in general, a single 130 00:07:55,720 --> 00:07:59,320 Speaker 1: impression is worth a fraction of assent. Yeah, but if 131 00:07:59,320 --> 00:08:01,720 Speaker 1: you can say, hey, you know, I can promise you 132 00:08:02,080 --> 00:08:04,800 Speaker 1: that five million people are going to see your ad, 133 00:08:04,960 --> 00:08:09,400 Speaker 1: then you can command a good price for your services. Right, So, 134 00:08:09,560 --> 00:08:13,960 Speaker 1: very popular websites can tend to charge more than sites 135 00:08:14,040 --> 00:08:16,720 Speaker 1: that don't get a lot of traffic. Makes sense, Right, 136 00:08:17,080 --> 00:08:18,920 Speaker 1: Let's say that you have a billboard next to a 137 00:08:18,920 --> 00:08:23,239 Speaker 1: busy highway. That the price for that billboard to to 138 00:08:23,240 --> 00:08:25,000 Speaker 1: to put it out on that billboard, it's probably gonna 139 00:08:25,000 --> 00:08:27,520 Speaker 1: be higher than a billboard that's next to a rural 140 00:08:27,640 --> 00:08:30,640 Speaker 1: road that doesn't get a lot of traffic. So anyway, 141 00:08:30,720 --> 00:08:33,360 Speaker 1: the same sort of logic applies on on the web. 142 00:08:33,960 --> 00:08:36,680 Speaker 1: So what these guys were doing, I say, guys, what 143 00:08:36,800 --> 00:08:39,680 Speaker 1: these Estonians were doing because I don't know their gender, Uh, 144 00:08:39,720 --> 00:08:42,760 Speaker 1: they were they were using these rogue DNS servers to 145 00:08:42,880 --> 00:08:47,240 Speaker 1: reroute traffic to go to different websites and that had 146 00:08:47,320 --> 00:08:51,240 Speaker 1: specific ads on them that the Estonians were administering, and 147 00:08:51,240 --> 00:08:52,880 Speaker 1: then they were pulling in the money. So they were 148 00:08:53,320 --> 00:08:57,440 Speaker 1: redirecting traffic. It's like putting in a detour in your route, 149 00:08:57,800 --> 00:09:00,120 Speaker 1: and so you're going down your normal route to to 150 00:09:00,120 --> 00:09:02,760 Speaker 1: wherever you're going, and you see a sign and says, oh, nope, 151 00:09:02,760 --> 00:09:05,280 Speaker 1: the road is out up ahead, take a right instead 152 00:09:05,280 --> 00:09:08,320 Speaker 1: of going straight, and you will go through a different route. 153 00:09:08,520 --> 00:09:10,800 Speaker 1: And along that route you decided to stop and eat. 154 00:09:11,000 --> 00:09:13,200 Speaker 1: And normally you would stop and eat at your favorite restaurant, 155 00:09:13,200 --> 00:09:14,880 Speaker 1: but you can't get to that one because it's on 156 00:09:14,920 --> 00:09:16,880 Speaker 1: the road that's been closed. So you go to this 157 00:09:16,920 --> 00:09:19,480 Speaker 1: other restaurant and it all turns out that it was 158 00:09:19,520 --> 00:09:21,920 Speaker 1: employed by the other restaurant in the first place. They 159 00:09:21,920 --> 00:09:24,679 Speaker 1: put that detour sign up because they wanted to get 160 00:09:24,800 --> 00:09:27,880 Speaker 1: some more foot traffic or some more some more diners 161 00:09:28,080 --> 00:09:31,800 Speaker 1: to come in. That was the general plan. Now the 162 00:09:31,880 --> 00:09:35,959 Speaker 1: question is how do you get that rogue DNS server 163 00:09:36,400 --> 00:09:39,160 Speaker 1: to get in the line of traffic so that people 164 00:09:39,200 --> 00:09:41,560 Speaker 1: will visit it in the first place. Yeah, because if 165 00:09:41,559 --> 00:09:44,640 Speaker 1: you're typing in an address that you already know, say 166 00:09:44,679 --> 00:09:48,720 Speaker 1: Discovery dot com, you should theoretically be routed to the 167 00:09:48,800 --> 00:09:51,160 Speaker 1: right place as long as your computer is configured correctly 168 00:09:51,559 --> 00:09:53,440 Speaker 1: and the internet's working the way it's supposed to. I mean, 169 00:09:53,440 --> 00:09:54,960 Speaker 1: what are they gonna do. Are they gonna go in 170 00:09:55,120 --> 00:09:59,840 Speaker 1: and kick out the legitimate DNS machine and replace it. No, 171 00:10:00,559 --> 00:10:03,760 Speaker 1: it was very clever. They created a kind of malware, 172 00:10:04,480 --> 00:10:07,520 Speaker 1: and the malware is essentially called d n s changer, 173 00:10:08,400 --> 00:10:12,680 Speaker 1: and so DNS changer would change the DNS settings on 174 00:10:12,880 --> 00:10:16,520 Speaker 1: your computer or other device, or even router, which was 175 00:10:17,160 --> 00:10:20,439 Speaker 1: particularly nasty because if it changed on the router, then 176 00:10:20,520 --> 00:10:23,920 Speaker 1: any device that connects through that router would be affected. Also, 177 00:10:24,679 --> 00:10:27,719 Speaker 1: it's unlikely that you're going to have anti virus software 178 00:10:28,160 --> 00:10:31,240 Speaker 1: on your router, although you might on your computer now. 179 00:10:31,360 --> 00:10:33,120 Speaker 1: The way that they did this with the router was 180 00:10:33,160 --> 00:10:36,360 Speaker 1: the easiest way, and it's the easiest way for someone 181 00:10:36,360 --> 00:10:38,800 Speaker 1: to prevent it from happening to them. The way that 182 00:10:38,880 --> 00:10:41,240 Speaker 1: worked on the router was that they just ended up 183 00:10:41,360 --> 00:10:45,080 Speaker 1: using a list of generic user names and passwords that 184 00:10:45,120 --> 00:10:51,040 Speaker 1: are that tend to be UMU administered over various routers. 185 00:10:51,080 --> 00:10:54,600 Speaker 1: So you pick pick a router, like whatever router you 186 00:10:54,600 --> 00:10:57,920 Speaker 1: you happen to use, that router tends to have a 187 00:10:57,960 --> 00:11:01,120 Speaker 1: standard user name and standard password you are supposed to 188 00:11:01,200 --> 00:11:04,560 Speaker 1: change once you install it into your home network, but 189 00:11:04,640 --> 00:11:07,400 Speaker 1: a lot of people never get around to doing that. 190 00:11:07,800 --> 00:11:11,640 Speaker 1: They install the the the router and then they don't 191 00:11:11,679 --> 00:11:14,120 Speaker 1: bother changing the user name and password, which means that 192 00:11:14,200 --> 00:11:18,000 Speaker 1: anyone who knows what the standard user name and password 193 00:11:18,040 --> 00:11:20,680 Speaker 1: is for that brand of router could get access to 194 00:11:20,720 --> 00:11:23,720 Speaker 1: that network. That's what they were doing in this case. 195 00:11:23,920 --> 00:11:27,240 Speaker 1: But in order to change the computers themselves, not the router, 196 00:11:27,600 --> 00:11:30,160 Speaker 1: what they had to do was convince people to download 197 00:11:30,240 --> 00:11:34,720 Speaker 1: some malware and execute that. Now social engineering, Yeah, lots 198 00:11:34,760 --> 00:11:36,920 Speaker 1: of different ways of doing that. Yeah, you know, there's 199 00:11:36,960 --> 00:11:41,760 Speaker 1: the very standard way where they include some uh they 200 00:11:41,840 --> 00:11:44,400 Speaker 1: put on on a website that you might encounter a 201 00:11:44,440 --> 00:11:48,120 Speaker 1: little pop up that says, hey, you're anti virus software 202 00:11:48,160 --> 00:11:50,280 Speaker 1: is out of date. Install this and we will scan 203 00:11:50,400 --> 00:11:54,400 Speaker 1: your computer for viruses and free, yeah, for free. And 204 00:11:54,440 --> 00:11:58,120 Speaker 1: in fact it really is a virus itself that installs 205 00:11:58,120 --> 00:12:00,200 Speaker 1: to your computer. You know, you think you are trying 206 00:12:00,280 --> 00:12:03,400 Speaker 1: to head off some sort of malware and in fact 207 00:12:03,440 --> 00:12:06,240 Speaker 1: you're actually installing malware to your computer at the time. 208 00:12:07,160 --> 00:12:09,959 Speaker 1: Or it could be through email attachments, you know, all 209 00:12:10,000 --> 00:12:14,360 Speaker 1: the standard ways that malware propagates across the web, any 210 00:12:14,400 --> 00:12:16,920 Speaker 1: of that would work to get this this particular kind 211 00:12:16,920 --> 00:12:20,640 Speaker 1: of malware onto your machine. Once you installed it, whether 212 00:12:20,679 --> 00:12:24,079 Speaker 1: it was through a trojan program or whatever, it would 213 00:12:24,080 --> 00:12:28,560 Speaker 1: go and reset the DNS settings on your computer, and 214 00:12:28,679 --> 00:12:31,240 Speaker 1: it would direct your computer to go to these rogue 215 00:12:31,360 --> 00:12:36,480 Speaker 1: DNS servers as opposed to your Internet service providers DNS servers, 216 00:12:36,840 --> 00:12:39,679 Speaker 1: because h I SP has its own right that passes 217 00:12:39,720 --> 00:12:44,079 Speaker 1: the information up along the chain of command. So uh, 218 00:12:44,280 --> 00:12:46,760 Speaker 1: you would bypass your I s P S servers. You 219 00:12:46,760 --> 00:12:48,760 Speaker 1: would go to these rogue servers, and then you would 220 00:12:48,760 --> 00:12:52,240 Speaker 1: be directed to whatever website they wanted to direct YouTube 221 00:12:52,280 --> 00:12:54,800 Speaker 1: for any particular u r L. For some u r 222 00:12:54,960 --> 00:12:57,199 Speaker 1: l s, you might just get the regular website you 223 00:12:57,440 --> 00:13:01,199 Speaker 1: you're sent along and nothing bad happen. For other u 224 00:13:01,320 --> 00:13:03,440 Speaker 1: r l s, you might be directed to a site 225 00:13:03,480 --> 00:13:05,920 Speaker 1: that looks very similar to the one you wanted, but 226 00:13:06,160 --> 00:13:08,959 Speaker 1: something isn't quite right, and it tends that again, they 227 00:13:08,960 --> 00:13:11,320 Speaker 1: were just doing it for the advertising money. The scary 228 00:13:11,360 --> 00:13:13,600 Speaker 1: thing is they could have done this for any other 229 00:13:13,679 --> 00:13:17,640 Speaker 1: reason and actually tried to steal stuff directly from the user. 230 00:13:18,559 --> 00:13:20,800 Speaker 1: Now in this case, that doesn't seem to be what 231 00:13:20,880 --> 00:13:23,760 Speaker 1: they were up to. They were up to just redirecting 232 00:13:23,760 --> 00:13:27,240 Speaker 1: that traffic. So you might think, well, that's annoying. I mean, 233 00:13:27,280 --> 00:13:28,800 Speaker 1: I'm not going to get to the website I want 234 00:13:28,800 --> 00:13:31,840 Speaker 1: to go to unless I type in the actual uh, 235 00:13:31,960 --> 00:13:36,040 Speaker 1: numeric address physically, then I would go to it. But UH, 236 00:13:36,240 --> 00:13:37,960 Speaker 1: while it's annoying that I wouldn't go to the site 237 00:13:37,960 --> 00:13:39,400 Speaker 1: that I wanted to go to, at least they're not 238 00:13:39,440 --> 00:13:42,360 Speaker 1: stealing from me. But they could have. They could have 239 00:13:42,440 --> 00:13:45,400 Speaker 1: directed things so that you would go to dummy websites 240 00:13:45,440 --> 00:13:49,480 Speaker 1: that look similar to official ones and put in a 241 00:13:49,559 --> 00:13:51,840 Speaker 1: system where you type in your user name and password 242 00:13:52,120 --> 00:13:54,640 Speaker 1: and they would log it. They could have logged it, 243 00:13:54,679 --> 00:13:57,839 Speaker 1: they didn't. They could have logged that information, thus getting 244 00:13:57,880 --> 00:14:00,600 Speaker 1: access to various accounts across the net. They could have 245 00:14:00,600 --> 00:14:04,480 Speaker 1: gotten access to email accounts, bank accounts, you know, any 246 00:14:04,520 --> 00:14:08,600 Speaker 1: other sort of anything that would require authorization. They could 247 00:14:08,679 --> 00:14:12,240 Speaker 1: have done that. Uh, And what would probably have happened 248 00:14:12,240 --> 00:14:13,680 Speaker 1: is that you would have logged in. Let's say that 249 00:14:13,720 --> 00:14:17,040 Speaker 1: you try to go to your banks online banking site, 250 00:14:17,640 --> 00:14:19,920 Speaker 1: and you might get a site that looks very much 251 00:14:20,160 --> 00:14:22,920 Speaker 1: like your banks site. In fact, it might even look 252 00:14:22,960 --> 00:14:26,440 Speaker 1: almost identical. Um, the address might look a little hinky, 253 00:14:26,880 --> 00:14:28,440 Speaker 1: but if you were to type an years the name 254 00:14:28,440 --> 00:14:31,320 Speaker 1: and password, likely you would get a response saying, oh, 255 00:14:31,640 --> 00:14:35,560 Speaker 1: sites down for maintenance. But what's really happened is that 256 00:14:35,560 --> 00:14:38,080 Speaker 1: that information has been logged by hackers, so that could 257 00:14:38,160 --> 00:14:41,560 Speaker 1: have happened, or they could have directed you to a 258 00:14:41,680 --> 00:14:44,720 Speaker 1: site where you would have been encouraged to download even 259 00:14:44,760 --> 00:14:49,240 Speaker 1: more malware, perhaps a back door access programs that you 260 00:14:49,320 --> 00:14:51,280 Speaker 1: are your computer would become part of a bot net 261 00:14:51,720 --> 00:14:56,880 Speaker 1: or any other kind of of hacking tool. It's it's 262 00:14:57,000 --> 00:14:59,680 Speaker 1: really the options are pretty much unlimited. Now. In this case, 263 00:14:59,720 --> 00:15:02,040 Speaker 1: again it was just to redirect traffic. However, there were 264 00:15:02,080 --> 00:15:07,360 Speaker 1: some other problems that would happen if you were affected 265 00:15:07,360 --> 00:15:10,200 Speaker 1: by this virus. You might not you know, you might 266 00:15:10,240 --> 00:15:13,000 Speaker 1: not have anyone stealing from your bank account or anything. 267 00:15:13,200 --> 00:15:15,560 Speaker 1: But one of the things the virus does, which is 268 00:15:15,600 --> 00:15:19,640 Speaker 1: pretty much standard operating procedure for viruses, is it turned 269 00:15:19,760 --> 00:15:23,320 Speaker 1: off the features on your operating system and your anti 270 00:15:23,360 --> 00:15:28,080 Speaker 1: virus from updating, so that you wouldn't be able to 271 00:15:28,120 --> 00:15:31,480 Speaker 1: get the latest security patches that would prevent this this 272 00:15:31,680 --> 00:15:36,400 Speaker 1: UH program from working. So first step pretty much of 273 00:15:36,440 --> 00:15:39,640 Speaker 1: any malware is let's disable the stuff that can turn 274 00:15:40,000 --> 00:15:44,960 Speaker 1: this off. So anything that would automatically turn the malware 275 00:15:44,960 --> 00:15:47,960 Speaker 1: off was disabled. So that's a problem because it means 276 00:15:48,000 --> 00:15:53,360 Speaker 1: that even if you aren't being actively preyed upon by 277 00:15:53,520 --> 00:15:58,120 Speaker 1: these particular hackers, uh, future attacks could hit you much 278 00:15:58,120 --> 00:16:00,840 Speaker 1: more easily because you are no longer protected it, yeah, 279 00:16:01,200 --> 00:16:03,680 Speaker 1: which is pretty bad. That's what we call a bad 280 00:16:03,720 --> 00:16:07,000 Speaker 1: thing and internet security. And they were about what four 281 00:16:07,040 --> 00:16:10,440 Speaker 1: million people around the world and about a hundred countries 282 00:16:10,800 --> 00:16:13,280 Speaker 1: that were affected by this, and then five thousand in 283 00:16:13,280 --> 00:16:16,040 Speaker 1: the United States. And it wasn't just uh, you know, 284 00:16:16,160 --> 00:16:20,400 Speaker 1: citizen users, it was also businesses, government, government computers. UM. 285 00:16:20,400 --> 00:16:22,360 Speaker 1: I think there were even like a couple of computers 286 00:16:22,360 --> 00:16:26,280 Speaker 1: over at NASA that were affected to and uh. And 287 00:16:27,120 --> 00:16:29,800 Speaker 1: the good news that we have is that the FBI 288 00:16:30,040 --> 00:16:34,120 Speaker 1: arrested these six Estonian nationals that were identified as being 289 00:16:34,240 --> 00:16:37,240 Speaker 1: part of this running actually running this ring. Yeah, they 290 00:16:37,280 --> 00:16:38,800 Speaker 1: were going to try to have them extradited into the 291 00:16:38,880 --> 00:16:43,080 Speaker 1: United States. Yeah. And they've also taken over the rogue 292 00:16:43,160 --> 00:16:45,880 Speaker 1: DNS servers they have identified as being part of this, 293 00:16:46,560 --> 00:16:50,440 Speaker 1: and those rogue DNS servers are now acting like legitimate 294 00:16:50,520 --> 00:16:53,800 Speaker 1: DNS servers, which is great. That means that as a user, 295 00:16:54,080 --> 00:16:56,240 Speaker 1: when you try to visit a website, you should get 296 00:16:56,280 --> 00:17:00,000 Speaker 1: what you're supposed to get. However, there's a problem because 297 00:17:00,000 --> 00:17:03,600 Speaker 1: as your computer is still have if you're affected, your 298 00:17:03,600 --> 00:17:07,280 Speaker 1: computer still is directing you to the wrong set of servers. 299 00:17:07,359 --> 00:17:10,200 Speaker 1: You're still getting the right result, but you're going and 300 00:17:10,240 --> 00:17:12,800 Speaker 1: you're not going to the regular chain of command that 301 00:17:12,840 --> 00:17:15,240 Speaker 1: you should go to. And the FBI is not going 302 00:17:15,280 --> 00:17:18,800 Speaker 1: to be running these servers forever, and in fact, in 303 00:17:18,800 --> 00:17:23,240 Speaker 1: in July, they're going to turn them off. And once 304 00:17:23,280 --> 00:17:25,800 Speaker 1: those turn off, if your computer is being directed to 305 00:17:25,840 --> 00:17:29,640 Speaker 1: those DNS servers, you may not have any more Web access, 306 00:17:30,400 --> 00:17:33,240 Speaker 1: at least not through typing in a normal u r L, 307 00:17:33,400 --> 00:17:35,520 Speaker 1: because your computer is going to try and go through 308 00:17:35,520 --> 00:17:40,400 Speaker 1: a pathway that doesn't exist anymore. So the important thing 309 00:17:40,400 --> 00:17:44,240 Speaker 1: to do is to determine whether or not your computer 310 00:17:44,680 --> 00:17:47,720 Speaker 1: has this infection, and if it does have the infection, 311 00:17:47,800 --> 00:17:51,480 Speaker 1: to clear it up. And uh, it's the first one 312 00:17:51,560 --> 00:17:54,159 Speaker 1: is easier than the second one. Yeah, the FBI actually 313 00:17:54,200 --> 00:17:58,359 Speaker 1: set up a website designed to help you identify whether 314 00:17:58,440 --> 00:18:01,560 Speaker 1: or not you have been affected. Yes, um, you can 315 00:18:01,600 --> 00:18:04,960 Speaker 1: go to the FBI's website and follow the links to 316 00:18:05,000 --> 00:18:11,480 Speaker 1: find out about whether or not your computer has this problem. 317 00:18:11,560 --> 00:18:14,000 Speaker 1: And there's actually a couple different ways of doing it. 318 00:18:14,080 --> 00:18:16,639 Speaker 1: There's they've they've set up a u r L where 319 00:18:16,680 --> 00:18:18,720 Speaker 1: what it does is it pings a server and if 320 00:18:18,720 --> 00:18:22,160 Speaker 1: it gets a positive results saying that you're fine. Uh, 321 00:18:22,200 --> 00:18:24,240 Speaker 1: you get a screen that has this big green icon 322 00:18:24,320 --> 00:18:27,679 Speaker 1: on it and says you're good. Um. If you're not fine, 323 00:18:27,760 --> 00:18:30,159 Speaker 1: you get a big red icon which says this is 324 00:18:30,200 --> 00:18:32,199 Speaker 1: saying that you're you know, it's going through one of 325 00:18:32,240 --> 00:18:36,560 Speaker 1: the rogue DNS servers. They've also identified a range of 326 00:18:36,600 --> 00:18:41,119 Speaker 1: the IP addresses that you know. You can check your 327 00:18:41,200 --> 00:18:43,600 Speaker 1: DNS settings on your computer yourself. If you're using a 328 00:18:43,640 --> 00:18:46,560 Speaker 1: Windows machine, you go to a run command and you 329 00:18:46,600 --> 00:18:50,359 Speaker 1: type an IP configured slash all uh, and then that'll 330 00:18:50,400 --> 00:18:53,520 Speaker 1: pull up your DNS settings and you can see what 331 00:18:53,760 --> 00:18:57,679 Speaker 1: the what the numeric address is for the server that 332 00:18:57,760 --> 00:18:59,920 Speaker 1: you go to, and if it falls within the rain 333 00:19:00,200 --> 00:19:02,920 Speaker 1: that's been identified by the FBI, you know that your 334 00:19:03,040 --> 00:19:06,919 Speaker 1: DNS settings are wrong. Clearing this up and getting rid 335 00:19:06,960 --> 00:19:09,920 Speaker 1: of the malware is a little tricky. Uh. The easiest 336 00:19:09,960 --> 00:19:11,919 Speaker 1: way I can think of to do it, if I 337 00:19:11,920 --> 00:19:14,320 Speaker 1: were doing it myself, is going to a computer that 338 00:19:14,400 --> 00:19:19,600 Speaker 1: I know has not been affected and downloading the latest 339 00:19:19,640 --> 00:19:23,320 Speaker 1: anti virus software I can find and putting Most of 340 00:19:23,320 --> 00:19:27,000 Speaker 1: them have an option where you can put a version 341 00:19:27,040 --> 00:19:30,800 Speaker 1: of that onto a thumb drive. Do that, then take 342 00:19:30,840 --> 00:19:34,439 Speaker 1: the thumb drive over to the infective machine and booted 343 00:19:34,480 --> 00:19:38,040 Speaker 1: into safe mode and load up the antivirus software from 344 00:19:38,080 --> 00:19:40,960 Speaker 1: the thumb drive, and that should be able. Depending upon 345 00:19:41,640 --> 00:19:43,720 Speaker 1: the anti virus software, it should be able to scan 346 00:19:43,800 --> 00:19:47,399 Speaker 1: it and remove it. Um. The FBI also points to 347 00:19:47,520 --> 00:19:52,400 Speaker 1: several web assets that can help you if your computer 348 00:19:52,880 --> 00:19:54,640 Speaker 1: does appear to be one of the ones that infected, 349 00:19:54,680 --> 00:19:57,320 Speaker 1: and those may work very well for you. I tend 350 00:19:57,400 --> 00:19:59,920 Speaker 1: to go with the anti virus approach whenever I can, 351 00:20:00,000 --> 00:20:04,639 Speaker 1: and UM, it just I don't know, I don't know 352 00:20:04,680 --> 00:20:07,280 Speaker 1: it is. I just have a preference for that as 353 00:20:07,320 --> 00:20:11,640 Speaker 1: opposed to going like a web based route. Yea, um, 354 00:20:11,680 --> 00:20:14,760 Speaker 1: but it is. It is fairly easy to uh to 355 00:20:14,800 --> 00:20:17,000 Speaker 1: get rid of the problem in this case. It's not 356 00:20:17,040 --> 00:20:19,680 Speaker 1: like some of the others where you have to UH 357 00:20:19,720 --> 00:20:23,440 Speaker 1: reformat your hard drive to get it back. Yeah, there's 358 00:20:23,480 --> 00:20:28,080 Speaker 1: there's something. Depending on how tech savvy you are, it's 359 00:20:28,080 --> 00:20:30,880 Speaker 1: pretty easy. If you're not terribly tech savvy, it may 360 00:20:30,920 --> 00:20:32,919 Speaker 1: be it may be worth it to take it to 361 00:20:33,119 --> 00:20:36,480 Speaker 1: a computer professional to have them scan it and remove 362 00:20:36,520 --> 00:20:39,240 Speaker 1: it and take care of it for you, because the 363 00:20:39,280 --> 00:20:42,000 Speaker 1: more you mess with your computer settings, the more you 364 00:20:42,200 --> 00:20:48,280 Speaker 1: may inadvertently cause some problems that can turn your machine 365 00:20:48,359 --> 00:20:52,439 Speaker 1: into a nightmare. Um. And and sometimes depending on the malware, 366 00:20:52,520 --> 00:20:54,639 Speaker 1: like if you've had this on your computer for a while, 367 00:20:55,200 --> 00:20:57,600 Speaker 1: that might not be the only malware that's affecting you. 368 00:20:58,359 --> 00:21:01,359 Speaker 1: You might have other problems, in which case, uh, you know, 369 00:21:01,400 --> 00:21:05,040 Speaker 1: a simple scan and remove may not be enough. In 370 00:21:05,080 --> 00:21:07,919 Speaker 1: a worst case scenario, you might have to do something 371 00:21:07,960 --> 00:21:11,280 Speaker 1: like wipe your computer and reinstall the uprating system, in 372 00:21:11,280 --> 00:21:12,919 Speaker 1: which case the first thing you want to do is 373 00:21:12,960 --> 00:21:15,040 Speaker 1: back up as much of your data as you possibly 374 00:21:15,160 --> 00:21:19,280 Speaker 1: can and then you do the wipe. But that even 375 00:21:19,320 --> 00:21:22,040 Speaker 1: that is I mean, that's that's like a worst case 376 00:21:22,080 --> 00:21:26,280 Speaker 1: scenario type of thing, and hopefully none of our listeners 377 00:21:26,320 --> 00:21:27,760 Speaker 1: are in that. Well. First of all, hopefully none of 378 00:21:27,800 --> 00:21:30,560 Speaker 1: our listeners have been affected by this malware. But if 379 00:21:30,600 --> 00:21:33,040 Speaker 1: they have, hopefully it's not so severe that and they 380 00:21:33,080 --> 00:21:37,440 Speaker 1: don't have other forms of malware that they can't you know, uh, 381 00:21:37,600 --> 00:21:41,280 Speaker 1: take care of it themselves. Yeah. Um. And of course 382 00:21:41,280 --> 00:21:42,840 Speaker 1: it's always a good idea to back up your hard 383 00:21:42,920 --> 00:21:45,680 Speaker 1: drive on a regular basis anyway, just to make sure 384 00:21:45,760 --> 00:21:48,520 Speaker 1: they always back up your hard drive, to to make 385 00:21:48,560 --> 00:21:51,679 Speaker 1: sure that you have a version of your operating system 386 00:21:52,119 --> 00:21:54,119 Speaker 1: uh installed on there that you can go back to 387 00:21:54,200 --> 00:21:58,040 Speaker 1: that you know is not infected at least hopefully. Yeah. 388 00:21:58,880 --> 00:22:01,159 Speaker 1: But that's that's that's pretty impressive. I mean, the FBI 389 00:22:01,240 --> 00:22:04,560 Speaker 1: has really been promoting the fact that they they had 390 00:22:04,560 --> 00:22:07,760 Speaker 1: this success in taking down or apparent success I should say, 391 00:22:07,800 --> 00:22:11,959 Speaker 1: and taking down this uh this ring, this ring, because um, 392 00:22:12,000 --> 00:22:13,879 Speaker 1: you know this is this is pretty significant. They took 393 00:22:13,920 --> 00:22:19,399 Speaker 1: away traffic from uh legitimate websites in addition to making 394 00:22:19,400 --> 00:22:24,080 Speaker 1: money for themselves with the the alternate fake websites. Um. 395 00:22:24,080 --> 00:22:27,760 Speaker 1: And it does expose the fact that most people are 396 00:22:27,800 --> 00:22:31,359 Speaker 1: are you know, still having to uh to think about 397 00:22:31,359 --> 00:22:34,760 Speaker 1: what they do because they they may very well be 398 00:22:34,840 --> 00:22:37,080 Speaker 1: letting somebody in. It could have been a lot worse 399 00:22:37,080 --> 00:22:41,399 Speaker 1: than it was. Yeah, exploiting the DNS system, which again 400 00:22:41,520 --> 00:22:47,040 Speaker 1: I know, redundant at M machine, exploiting that pin number, um, 401 00:22:47,080 --> 00:22:49,960 Speaker 1: it was pretty ingenious, you know. Essentially, it just shows 402 00:22:50,000 --> 00:22:54,439 Speaker 1: that understanding how the Internet works and building this parallel 403 00:22:54,560 --> 00:23:00,000 Speaker 1: system that exploits the way Internet works was very clear. 404 00:23:00,040 --> 00:23:04,320 Speaker 1: Her Now, of course, it's still depended upon user behavior 405 00:23:04,520 --> 00:23:07,520 Speaker 1: to work, because if no one had downloaded the malware, 406 00:23:07,560 --> 00:23:12,160 Speaker 1: if no one had installed the malware, it wouldn't have um, 407 00:23:12,440 --> 00:23:14,960 Speaker 1: nothing would have happened. You would have had these DNS, 408 00:23:15,040 --> 00:23:18,000 Speaker 1: these rogue DNS servers that would be online and would 409 00:23:18,000 --> 00:23:20,720 Speaker 1: be ready to redirect traffic to wherever they wanted it 410 00:23:20,760 --> 00:23:23,560 Speaker 1: to go. But if no one downloaded the malware, the 411 00:23:23,560 --> 00:23:27,680 Speaker 1: traffic would never have been redirected. So really, the other 412 00:23:27,960 --> 00:23:31,639 Speaker 1: lesson to take away from this is just practice good 413 00:23:31,760 --> 00:23:36,040 Speaker 1: Internet security rules of thumb, things like don't open strange 414 00:23:36,840 --> 00:23:40,840 Speaker 1: attachments from you know, in random emails. Make sure you 415 00:23:40,920 --> 00:23:43,440 Speaker 1: ask people if they've sent you an attachment, asked them 416 00:23:43,440 --> 00:23:45,040 Speaker 1: like did you really send this to me? You know, 417 00:23:45,040 --> 00:23:50,720 Speaker 1: because sometimes people their email address gets compromised and they 418 00:23:50,840 --> 00:23:56,280 Speaker 1: randomly start sending out files two people, often in uncharacteristically 419 00:23:57,280 --> 00:24:00,680 Speaker 1: uh worded ways, like you might read and Usage and think, 420 00:24:01,440 --> 00:24:08,000 Speaker 1: either my friend is taking a terrible fall and decided 421 00:24:08,040 --> 00:24:12,639 Speaker 1: to email me immediately afterwards, or is under the influence 422 00:24:12,800 --> 00:24:17,359 Speaker 1: of some powerful alcohol, or you know, it just doesn't 423 00:24:17,400 --> 00:24:18,840 Speaker 1: make any sense, Like you read it and you're like, 424 00:24:18,880 --> 00:24:22,919 Speaker 1: this doesn't sound like Chris. Chris never emails me in 425 00:24:23,000 --> 00:24:27,240 Speaker 1: all caps with lots of letters missing. UM send this 426 00:24:27,320 --> 00:24:30,560 Speaker 1: to everyone you know, UM. Bill Gates will give you 427 00:24:30,640 --> 00:24:34,440 Speaker 1: twenty five cents for every email that you've forward anyway, 428 00:24:35,200 --> 00:24:38,240 Speaker 1: don't don't open those email attachments. Yeah, and you know 429 00:24:38,280 --> 00:24:41,720 Speaker 1: what I've recently realized, Um, every once in a whilehile 430 00:24:41,880 --> 00:24:44,080 Speaker 1: find a story that I want to send to somebody, 431 00:24:44,520 --> 00:24:47,800 Speaker 1: and I've I've realized as I was sending it, I'd say, hey, 432 00:24:47,920 --> 00:24:50,040 Speaker 1: I just saw this, you should check it out. You 433 00:24:50,080 --> 00:24:52,760 Speaker 1: know what? That sounds just like something a spammer would 434 00:24:52,760 --> 00:24:55,920 Speaker 1: writ So I try to make it a little more personally, 435 00:24:55,960 --> 00:24:58,320 Speaker 1: more personal so that the well, for one thing, the 436 00:24:58,359 --> 00:25:02,160 Speaker 1: spam filter will on a lot of these uh services 437 00:25:02,160 --> 00:25:04,120 Speaker 1: will pull it right out of there if you if 438 00:25:04,160 --> 00:25:07,560 Speaker 1: it's something that that minimal, So if it fits that 439 00:25:07,640 --> 00:25:11,159 Speaker 1: pattern of hey I saw this, check it out, and 440 00:25:11,160 --> 00:25:15,760 Speaker 1: then yeah, it can fall into the spam filter pretty easily. Also, 441 00:25:16,080 --> 00:25:19,400 Speaker 1: and it doesn't just go with attachments like I mean, 442 00:25:19,720 --> 00:25:22,919 Speaker 1: or links. Their links, plenty of links are problems. But 443 00:25:23,080 --> 00:25:26,040 Speaker 1: think about like, gosh, I've seen this so many times 444 00:25:26,040 --> 00:25:30,600 Speaker 1: on Facebook, clickjacking on Facebook. So if you've ever gone 445 00:25:30,840 --> 00:25:33,199 Speaker 1: I'm sure most of you have, anyone who's had a 446 00:25:33,240 --> 00:25:36,600 Speaker 1: Facebook account long enough has seen this happen with their friends. 447 00:25:37,680 --> 00:25:42,919 Speaker 1: You'll look and there'll be some video link. You know, 448 00:25:42,960 --> 00:25:45,520 Speaker 1: it'll say it won't be an embedded video, so it's 449 00:25:45,560 --> 00:25:48,520 Speaker 1: not something that plays within Facebook. But you'll see like 450 00:25:48,560 --> 00:25:51,920 Speaker 1: a link to some incredible video and it usually has 451 00:25:51,960 --> 00:25:54,359 Speaker 1: to do with either violence or sex. Those tend to 452 00:25:54,400 --> 00:25:57,720 Speaker 1: be the two big ones. Yeah. Yeah, you go for 453 00:25:57,800 --> 00:26:01,240 Speaker 1: those base instincts that we human have and uh, and 454 00:26:01,640 --> 00:26:03,560 Speaker 1: you get a lot of results, which is kind of 455 00:26:03,880 --> 00:26:07,639 Speaker 1: a sad commentary, but that's a different podcast. Anyway, there's 456 00:26:07,680 --> 00:26:10,119 Speaker 1: a you know, you'll you'll see this link and I 457 00:26:10,160 --> 00:26:14,080 Speaker 1: saw one recently and immediately I was like, my the 458 00:26:14,080 --> 00:26:15,800 Speaker 1: red flag went up. As soon as I saw it. 459 00:26:15,800 --> 00:26:17,879 Speaker 1: First of all, I was like, this doesn't seem like 460 00:26:17,920 --> 00:26:20,639 Speaker 1: the kind of thing this person would have shared, Like 461 00:26:20,680 --> 00:26:22,520 Speaker 1: they might have clicked on a link, but it doesn't 462 00:26:22,560 --> 00:26:24,720 Speaker 1: seem like something they would have themselves shared. And it 463 00:26:24,800 --> 00:26:28,600 Speaker 1: was a supposedly a video about Justin Bieber being stabbed 464 00:26:28,680 --> 00:26:31,480 Speaker 1: at a concert, And as soon as I saw it, 465 00:26:31,520 --> 00:26:37,639 Speaker 1: I thought, Uh, this has click clickjacking written all over it, 466 00:26:37,640 --> 00:26:40,920 Speaker 1: And immediately I went to one of my favorite references 467 00:26:40,920 --> 00:26:44,360 Speaker 1: for this sort of thing, snopes dot com. So Snopes 468 00:26:44,480 --> 00:26:47,000 Speaker 1: is all about urban legends, but they also look at 469 00:26:47,040 --> 00:26:51,360 Speaker 1: things like internet hoaxes and and clickjacking. And I did 470 00:26:51,400 --> 00:26:53,440 Speaker 1: a quick search and sure enough, this is something that's 471 00:26:53,440 --> 00:26:55,560 Speaker 1: been around for a while, and it just it's just 472 00:26:55,640 --> 00:26:58,359 Speaker 1: like a lot of other clickjacking. It has these cycles 473 00:26:58,400 --> 00:27:02,479 Speaker 1: that goes through where you'll have an initial pop up 474 00:27:02,480 --> 00:27:05,120 Speaker 1: of this and then dies down, and then it'll pop 475 00:27:05,200 --> 00:27:07,800 Speaker 1: up again, and I'll do that three or four times. Yeah. 476 00:27:07,880 --> 00:27:10,600 Speaker 1: Current events are often yeah, and I mean it's it's 477 00:27:10,800 --> 00:27:12,800 Speaker 1: you'll find some of these that that have lasted for 478 00:27:12,920 --> 00:27:16,480 Speaker 1: years that basically they don't necessarily have to be about. 479 00:27:16,560 --> 00:27:20,880 Speaker 1: Justin Bieber for example, that maybe the uh, the click 480 00:27:20,960 --> 00:27:24,800 Speaker 1: jack to your Yeah, exactly, or you know, five years 481 00:27:24,800 --> 00:27:27,400 Speaker 1: ago it could have been about for example, Britney Spears. Yeah, 482 00:27:27,440 --> 00:27:29,880 Speaker 1: that would be a very popular one. And Jennifer Aniston 483 00:27:30,000 --> 00:27:32,680 Speaker 1: or somebody somebody that's in the news right that moment. Yeah, 484 00:27:32,720 --> 00:27:35,040 Speaker 1: And it tends to be like or it'll be like 485 00:27:35,560 --> 00:27:39,879 Speaker 1: this this this news anchor had an embarrassing uh moment 486 00:27:40,000 --> 00:27:42,919 Speaker 1: on the news. Click to find out that sort of stuff. 487 00:27:43,119 --> 00:27:45,960 Speaker 1: And what happens is if you do click that, you'll 488 00:27:46,000 --> 00:27:49,520 Speaker 1: get a message that essentially says usually something like, uh, 489 00:27:49,600 --> 00:27:53,159 Speaker 1: your your you need to install this extension or you 490 00:27:53,200 --> 00:27:55,720 Speaker 1: need to install this video player in order to watch 491 00:27:55,800 --> 00:27:59,720 Speaker 1: this video. And if you allow it, then it gets 492 00:27:59,800 --> 00:28:02,760 Speaker 1: at says to things like your Facebook feed and as 493 00:28:02,760 --> 00:28:07,399 Speaker 1: well as possibly other stuff. It may involve other you know, 494 00:28:07,960 --> 00:28:11,359 Speaker 1: kinds of malware, but in general, you've seen see this 495 00:28:11,480 --> 00:28:15,080 Speaker 1: get propagated across Facebook where someone who has fallen from 496 00:28:15,080 --> 00:28:18,240 Speaker 1: the trick agrees to it and then it continues to 497 00:28:19,160 --> 00:28:21,720 Speaker 1: go across Facebook because it starts to use that person's feed. 498 00:28:22,400 --> 00:28:25,359 Speaker 1: So whenever I see one of these, here's what I do, guys. 499 00:28:25,640 --> 00:28:28,320 Speaker 1: I immediately, you know, I see something that that raises 500 00:28:28,359 --> 00:28:30,800 Speaker 1: a red flag like that. First way I do is 501 00:28:30,840 --> 00:28:35,000 Speaker 1: I do a search on Google for whatever the video 502 00:28:35,600 --> 00:28:39,040 Speaker 1: supposedly shows, because nine times out of ten it's just 503 00:28:39,080 --> 00:28:42,400 Speaker 1: completely made up, and you can usually find up. I 504 00:28:42,440 --> 00:28:44,240 Speaker 1: find an article written on it, or it'll be on 505 00:28:44,320 --> 00:28:47,000 Speaker 1: Snopes or something like that where I'll say, you know, 506 00:28:47,080 --> 00:28:49,880 Speaker 1: this new Facebook scam is going around, so watch out 507 00:28:49,920 --> 00:28:52,840 Speaker 1: for it. Once I have confirmed that it's a scam, 508 00:28:52,880 --> 00:28:55,080 Speaker 1: I go back to Facebook and I comment on the 509 00:28:55,800 --> 00:28:58,800 Speaker 1: entry and I say, hey, it looks like this is 510 00:28:58,880 --> 00:29:02,480 Speaker 1: a click jacking attempt. You may want to go and 511 00:29:02,480 --> 00:29:06,880 Speaker 1: and change your Facebook password and delete this post, because 512 00:29:06,880 --> 00:29:10,040 Speaker 1: by deleting the post, you're going to help remove that 513 00:29:10,040 --> 00:29:13,240 Speaker 1: that step for other people to fall victim to that 514 00:29:13,360 --> 00:29:17,320 Speaker 1: same problem. So I do that fairly regularly because I've 515 00:29:17,320 --> 00:29:19,840 Speaker 1: got a lot of friends on Facebook, and this sort 516 00:29:19,840 --> 00:29:22,480 Speaker 1: of thing can happen to anyone. It's uh and and 517 00:29:22,720 --> 00:29:27,200 Speaker 1: it's not necessarily something that's that's sort of either appealing 518 00:29:27,280 --> 00:29:31,880 Speaker 1: to violence or sex. Sometimes it's something that's just interesting 519 00:29:32,040 --> 00:29:34,880 Speaker 1: and it has nothing to do with any of those 520 00:29:35,000 --> 00:29:40,680 Speaker 1: uh uh kind of more base subject matter writing. And also, 521 00:29:40,880 --> 00:29:43,360 Speaker 1: I mean in general, when there's a link in Facebook, 522 00:29:43,400 --> 00:29:45,800 Speaker 1: if it's a link in Facebook, I tend to go 523 00:29:45,840 --> 00:29:48,880 Speaker 1: to Google anyway and try and get to that link 524 00:29:48,920 --> 00:29:52,000 Speaker 1: without going through Facebook, because you never know when it's 525 00:29:52,000 --> 00:29:55,480 Speaker 1: a clickjacking attempt. If it's an embedded video within Facebook, 526 00:29:55,520 --> 00:29:57,800 Speaker 1: like a YouTube video that's been embedded in Facebook something 527 00:29:57,840 --> 00:30:00,120 Speaker 1: like that, I'm all right with that. I'll watch it 528 00:30:00,200 --> 00:30:03,840 Speaker 1: that way. But for links, I tend to go outside 529 00:30:03,840 --> 00:30:05,240 Speaker 1: of Facebook to do it, just to be on the 530 00:30:05,280 --> 00:30:09,440 Speaker 1: safe side, which I'm sure Facebook hates. That's not what 531 00:30:09,480 --> 00:30:12,800 Speaker 1: Facebook wants to hear. But until they want to track you, right, 532 00:30:12,920 --> 00:30:15,960 Speaker 1: until there's better security around that so that I'm not 533 00:30:16,760 --> 00:30:19,440 Speaker 1: throwing caution to the wind and infecting my computer. I 534 00:30:19,480 --> 00:30:23,600 Speaker 1: just I can't justify it. So that's just my own 535 00:30:23,600 --> 00:30:26,280 Speaker 1: personal approach. Guys, I'm sure all of you probably have 536 00:30:26,360 --> 00:30:28,320 Speaker 1: your own sort of way of dealing with this and 537 00:30:28,440 --> 00:30:31,640 Speaker 1: avoiding problems, but it's always something that's good to keep 538 00:30:31,680 --> 00:30:34,600 Speaker 1: in mind. Uh and um. Anyway, So if you, guys, 539 00:30:34,760 --> 00:30:38,080 Speaker 1: suspect that you might have this DNS change your malware 540 00:30:38,120 --> 00:30:41,360 Speaker 1: on your computer, go to the FBI's website. Use their 541 00:30:41,360 --> 00:30:44,280 Speaker 1: tool first of all to see if you get a 542 00:30:44,320 --> 00:30:47,320 Speaker 1: result back. If you don't get a result back, you're 543 00:30:47,600 --> 00:30:51,520 Speaker 1: probably okay, not necessarily okay. You can pull up that 544 00:30:51,640 --> 00:30:56,760 Speaker 1: list of addresses that do map to these rogue servers 545 00:30:57,200 --> 00:30:59,960 Speaker 1: and go through your computer settings and confirm it that way, 546 00:31:00,920 --> 00:31:07,320 Speaker 1: warning rogue servers. So just check your computers, make sure 547 00:31:07,320 --> 00:31:10,720 Speaker 1: you're you're fine, because if you're not fine, then once 548 00:31:10,760 --> 00:31:13,280 Speaker 1: the FBI turns these servers off, you may have some 549 00:31:13,360 --> 00:31:16,320 Speaker 1: problems accessing stuff over the web, and then you're thinking, 550 00:31:16,480 --> 00:31:19,200 Speaker 1: what the heck happened? And the real nasty part about 551 00:31:19,200 --> 00:31:21,160 Speaker 1: not being able to access the web is not being 552 00:31:21,160 --> 00:31:24,680 Speaker 1: able to access Why you can't access the web I've 553 00:31:24,720 --> 00:31:28,400 Speaker 1: had that happen. Apparently, did I not pay my internet bill? 554 00:31:28,960 --> 00:31:32,480 Speaker 1: Is my router down? I don't know how to check 555 00:31:32,520 --> 00:31:37,520 Speaker 1: because I can't look anything up. Yes, I'm that guy anyway. 556 00:31:37,560 --> 00:31:39,360 Speaker 1: So do you have anything else you want to add 557 00:31:39,400 --> 00:31:42,040 Speaker 1: about this? Not really, not really know, So let us 558 00:31:42,400 --> 00:31:45,680 Speaker 1: wrap this up. Guys, if you have any suggestions for 559 00:31:45,800 --> 00:31:48,640 Speaker 1: future topics on tech Stuff podcasts, you can let us 560 00:31:48,680 --> 00:31:52,240 Speaker 1: know through email that addresses tech stuff add discovery dot 561 00:31:52,320 --> 00:31:55,600 Speaker 1: com or you less know on Facebook or Twitter or 562 00:31:55,640 --> 00:31:59,880 Speaker 1: handle us both those social networks. Is text stuff each 563 00:32:00,160 --> 00:32:02,040 Speaker 1: s W and Chris and I will talk to you 564 00:32:02,120 --> 00:32:06,480 Speaker 1: again really soon. For more on this and thousands of 565 00:32:06,480 --> 00:32:14,760 Speaker 1: other topics, visit how stuff Works dot com. Brought to 566 00:32:14,760 --> 00:32:17,880 Speaker 1: you by the reinvented two thousand twelve camera. It's ready, 567 00:32:18,080 --> 00:32:18,480 Speaker 1: are you