When I tell people we’re all on the cyber-war front lines, they often remind me of anti-vaxxers. Cybersecurity is somebody else’s problem. Many act like they think I’m delusional. Or worse. One group called me a paranoid, condescending, fear-monger a couple years ago. And I recently read this in a social media thread.
Honestly, other than the neighbor kid hacker wanna be, I highly doubt hackers these days are going for individual computers when they can get into giant corporations and get way more personal data then on one measly computer.
Are internet anti-vaxxers right? Is cybersecurity mostly a waste of time for the general public?
Not So Fast
The short answer is, no.
The image above is a screenshot of a couple days of my website comments. 138 new comments, all spam. The volume is growing. I might spend money soon to automate filtering this stuff. But for now, it’s all manual and I look at every comment. My favorites are the Spanish ones, all with an identical message. Google Translate says the English translation is, “Many thanks. How can I log in?”
Look at the IP Addresses for all these comments. They’re from all over the world. What are the odds that different people from every country on the planet independently decided to leave identical Spanish comments? The odds are zero. One entity is behind all those Spanish comments. And they’ve flooded my website for months.
The irony is hilarious. Some two-bit spammer uses a network of compromised home computers around the world to constantly ask me in Spanish how to log in to my website.
The Spanish ones aren’t the only recurring comments. I usually also find vague complements about my brilliant writing style. Sometimes I see comments about how long a portion of the website takes to load. There are always get rich quick schemes. Drug pitches in English, Russian, and Chinese are common. Sometimes, it’s just a word salad with random paragraphs from lots of sources. And I see the same, exact, identical comments from IP Addresses around the world.
Cybersecurity Anti-vaxxers, Listen Up.
Here is what’s going on.
SEO, or search engine optimization, is a set of tactics to make a website appear near the top of search results. One such tactic is, persuade other website operators to link to their site. That’s one reason why I pitch press interviews all the time. The more links to my website, the more likely my books and I will show up in search results.
I try to do it the right way. But there’s another way to do it.
Exploit Anti-vaxxers to Get Rich Quick
Let’s say crooked website operator Wayne wants to get rich quick by selling junk, and so he needs lots of links fast to make his SEO respectable.
Wayne might contract with Bahir, a botnet operator who controls several thousand home computers. Botnet operators turn legions of home computers into drones, ready to do their masters’ bidding. And then they sell access to all those systems to customers like Wayne. How do botnet operators like Bahir find their victims? The usual methods, mostly phishing scams. Maybe Bahir teams up with Frank, a Florida spam artist who uses a no-questions-asked Chinese email relay service to find victims. Victims are usually cybersecurity anti-vaxxers because they don’t think cybersecurity precautions apply to them.
One such victim is Vicki. Bahir owns Vicki’s computer, but Vicki is clueless because she thinks cybersecurity belongs to the government and big companies. Like other internet anti-vaxxers, Vicki believes cyber-wars happen in spy movies, not her living room.
And that’s why Vicki’s internet connection is always flaky. Vicki spends money every month for Bahir to hijack her internet service and sell it to Wayne, so Wayne can deposit spam comments on websites all over the planet – including mine.
Wayne doesn’t care about Vicki, or even know who she is. Wayne wants a few naïve cybersecurity anti-vaxxer website operators to let his spam comments accumulate because they link back to his website, which improves his SEO, which makes his website show up closer to the top with searches, which leads to more sales.
Layers and Players on Top of Anti-vaxxers
Wayne’s scheme is one of many. Most involve multiple layers and players, which make them seem complicated. Many exploit naïve cybersecurity anti-vaxxers. Beat complexity by giving the players names and personalities to visualize what’s going on.
Never underestimate attackers’ creativity. Always think from attackers’ point of view.
And keep your devices clean. Don’t do it for yourself. Do it for me. Help reduce my website comment spam.
Don’t be a cybersecurity anti-vaxxer.