Stories from a Tech Writer's Studio: Network and Online Security
After a huge software release recently, I found myself chatting over the watercooler with one of the security devs responsible for network, media, and copy protection for a variety of online streaming and hardware-based components.
I made an off-hand remark about trying out PFSense and setting up FreeBSD on my small home network composed of Linux, Windows, and mobile devices. After the usual discussion on logging, cron, and the type of router my ISP provided, I told him that I had once been contacted by someone allegedly from a place the media calls the 'Dark Net'.
The gentleman paused and asked me what was on my machines anyway. I told him I mostly had a few years of scanned comic books, personal photos that don't have me on it, 6 years worth of screenshots from my articles for Unsolicited But Offered, my unpublished novel encoded in a legacy format (PageMaker), and a few ripped CDs of artists like Rick Astley, Lester Young, and Eric Marienthal. Most of my personal documents like my unused resume, personal projects from the 90s and 2000s, and scans of old documents were mirrored in two external hard drives that I left behind in my home country when I started working overseas. I neglected to inform him, of course, of the small neglected folder filled with (ahem) adult material (cough).
"Any naked pictures of you in there?" he asked, with a grin.
"Government secrets? Clinton emails?"
"You're kidding, right? I practically mop floors."
"Stuff people can use against you? Like evidence you have a single testicle or something like that?"
"Proof I'm not photogenic, but other than that, not really."
"Are your servers always up? I mean, you're here at the office 11 hours a day,"
"Do you have a data plan on your mobile?"
"You know I only have prepaid," I said defensively.
He paused. "I'll be straight with you. All that BSD firewalls, jails, and SELinux stuff you set up? And your VPN account? They're not going to do much against a guy who knows what he's doing. The truth is if someone really wanted to access your stuff, they can do it anytime unless your devices are completely offline 24/7. The rest, like stuff stored on external USB drives, they can hire Lupin or Catwoman."
He took a drink from his cup of coffee. "There are people online who get paid to break into a network, an ex-girlfried's Facebook or LinkedIn account. Even petty stuff like an XBOX account. Mostly they do it for fun. But no offense, guys like that aren't interested in people like you. I know you don't have a digital wallet or mobile payment account. You don't have anything on your hard drive worth looking at: you're poor and you don't shop online, all the articles and tutorials you wrote are already available on the Internet, and your day job's not important in the greater scheme of things. There's absolutely no point in attempting to get to your network. They go for machines with value, not hobbyists/dilettantes in the tech industry."
"Gee, thanks." I replied.
"Like I said, no offense."