A reader sent an email to Snallabolaget a while ago, and told about his concerns for his own safety after a few incidents that had come up after he had published some unpopular opinions on his blog. The blog in question is a small, private blog that barely sees four figure visitors on a monthly basis, centering on the publisher’s own political views in some sensitive areas like immigration and immigrants, and a few other issues. There’s nothing particularly spectacular, and based on the visitor figures, the actual visitors are probably people mainly from the publisher’s own circle of friends, family and local community. Community issues get community attention, and not much more than that.
This publisher wrote about, amongst some other incidents, an instance of what he described as being “hacked” – i.e. his personal computer had been disabled by a virus planted there by someone who had “hacked” their way into his machine. From the account of the incident, it seemed to be more a case of the man himself opening a malicious email attachment, visiting questionable websites and contracting a little infection from one of those, or downloading a malicious “fake” of some sort. The idea that someone had taken the time and effort to “hack” this particular computer seemed far-fetched and a little silly. The publisher was also sure that the reason behind the attacks was his publishing of his personal opinions regarding illegal immigrants in the area where he lived, and that the hackers had also taken over his private wireless network, and disabled his router.
On questioning the publisher further via email and Skype, it seems that there is little to support his conclusions that a few blog posts have triggered an attak of this kind. The wireless network was encrypted (according to the publisher), which means that if his attacker(s) came that way, so to speak, it’s going to be his neighbor or someone who has spent a lot of time outside his window. The router could have screwed itself up, for that matter.
The website in question hasn’t been hit with any kind of attack, and aside from a few angry comments, the activity is still low. The publisher was reassured that he could still say the things he wanted to without being the traget of major attacks, but there’s a lesson to be learned here, and we did give him some advice.
Blogger Security 101
If you’re going to move around on the internet, and especially if you’re going to publish your own works or your own opinions, there’s a few rules of the road you should consider. Well, not so much rules as guidelines, really, but here they are.
– If you have a personal blog, consider making your domain registration private. Sure, you want people to know who you are, and you don’t want to appear as if you’re hiding anything. Well, make an “About page” instead, and furnish people only with the info you want them to have. Your average visitor needs your email address at most, not your home address and telephone number.
– Be careful what you say – or rather, how you say it.That’s not to say that you shouldn’t say anything and everything you feel like, but mentioning highly personal info is never a very good idea. Telling the world that your place is going to be empty for a week, since you’ll be gone on vacation? Don’t do that. In your account of the upcoming holiday, mention that someone will be house sitting, for example, or that the neighborhood watch lady always has her binoculars trained on your house anyway, and nothing will get by her.
– Make sure your PC or Mac is protected. The easiest way to steal your info or do damage to your stuff is to break into your computer. In most cases, your computer won’t be the sole target – you have to be pretty special for that to happen. Instead, your machine might well be taken over by automated programs, written to look for specific files or register keystrokes in order to find your log-in data or even credit card numbers and bank information.
– Monitor your own online activity. Check your “Sent” emails folder regularly – maybe once a week. Are there emails that you can’t remember sending? Emails going out that are obviously spam? That means your account has been compromised, either by someone just taking over your account, or a bot has found its way into your computer.
– Change your passwords more often than is comfortable. We usually get stuck in routines, we ask our browser to remember passwords and log on info, and we forget to change the passwords, because it’s so convenient, and we just learned them all! Well, get over it. Change your passwords every 90 days, at least. Use letters and numbers in combination, substitute letters for numbers that look like them or use passphrases instead of passwords. There’s really no excuse not to do this. Also, take a look at HowSecureIsMyPassword(.net). Input your password ad it tells you how long it would take a desktop computer to crack your password. (Yes, it’s safe to input your password there.)