North Korean Cyber Terrorism: You’re Unprepared

It was revealed yesterday, in an announcement from the FBI, that North Korea was responsible for the recent cyber attack on Sony Pictures Entertainment.

The attack resulted in the public release of thousands of confidential (and embarrassing) email messages and documents involving Sony, its executives, popular celebrities, and many of the entertainment company’s business partners—among other misappropriations of intellectual property. This included various Sony films now freely available on pirate sites. According to Patrick Mahaffey, CEO of software consulting firm Room 5, the Sony hack “may have ushered in a new era of state sponsored terrorism against civilian targets.”

the_interview for linkedinThese acts have also caused the controversial cancellation of the release of Sony’s movie The Interview, the comedy drama that was the motivation for North Korea’s actions. In the movie, the characters portrayed by Seth Rogen and James Franco are enlisted by the American government to assassinate North Korean dictator Kim Jong-un. (Spoiler alert: At the end of the film, the two American spies complete their mission; there’s a viral video excerpt trending on social media if you’re curious.)

North Korea’s actions weren’t financially motivated, but rather purely political in nature. However, they were financially impacting. Kim Jung-un’s third world, impoverished totalitarian regime just cost an American subsidiary of a Japanese company $200-300 million in lost revenue—not to mention a severely tarnished reputation. To put this in perspective, Sony Pictures Entertainment, based in Culver City, California, reported $8 billion in revenue for fiscal year 2014.

On December 15, CNNMoney reported that parent company Sony’s stock had fallen 10 percent due to the incident. Then, on December 17, the FBI announced that it considered the hacking incident a national security threat. On December 19, the event elicited public statements from President Barack Obama, who said that Sony Pictures “made a mistake” in cancelling the release of the film and that the United States would respond to the attack “in a place and manner and time that we choose.”

According to Reuters: “‘North Korea’s ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States,’ said Kim Heung-kwang, a defector from the North who was a computer science professor and says he maintains links with the community in his home country.”

The general tone among Americans has been that Sony (and, by extension, Hollywood) spinelessly caved to the influence of a rogue dictator. Echoing the President’s comments, social media has been abuzz with anti-Sony sentiment, and even calls for boycotts.

I would argue that North Korea’s actions amount to a terrorist act on the part of a communist totalitarian nation, in the form of a cyber attack that, akin to an act of war, brought Japanese Sony, American-based Sony Pictures Entertainment, and American partners like Snapchat to their knees. I would also argue that this event can be—in the long run—good for us. Here’s why.

It’s easy to become too internally focused when you’re in one of the most technologically, culturally, and economically advanced nations in the world—and a shining example of democracy and progress, despite all of our internal bickering and ideological and religious contention.

the_interview_3_for_linkedinFortunately, we have organizations like the FBI, CIA, and the military’s various internal counter cyber-terrorism groups. Before you laugh and begin schooling me on how none of these organizations can be trusted (and bring up torture and waterboarding), remember “same team” (and 9/11, if you have a short memory).

This isn’t the time to be pointing out how the family dog crapped on the rug a few times. Rather, we should be thankful that Rover keeps the house safe from intruders and kills pesky rodents before they begin living in the garage or digging into that 50-lb bag of bird seed. It’s our bird seed, dammit, and Rover—rug pooping and all—helps protect it from thieves.

North Korea’s recent acts of cyber terrorism are a wake-up call not only to large corporations like Sony, but also to middle class Americans. Although I’m certainly not an expert on this topic, I don’t think it was a wake-up call to our government’s security agencies or the military. I believe they’re in the loop on this one.

Kim Jong-un for linkedinWe middle class consumers, however, are sloppy with our data and online accounts. Our passwords suck, most of us never backup our data, and asking us about our firewall is like inquiring about the pH balance of our lawn; we simply don’t know. And, all too often, we don’t give a damn. Again, we’re too busy dealing with social media, work headaches, and our kids to bother with the likes of password strength and data backups. As Americans, we’re pinnacle procrastinators. Watching The Voice or True Detectives is more important to us than personal data security. We prove it every day.

The revelation of North Korea’s cyber attack on Sony Pictures proves that we’re much more vulnerable than we think. If a black hat hacker anywhere, foreign or domestic, wants to steal your identity, copy or corrupt your data, or blackmail or embarrass you, even a moderately talented cyber thief can do so with relative ease. The reason it hasn’t happened to you is because you haven’t been targeted. At least, not that you’re aware.

According to Daniel Solove, a research professor of law at George Washington University Law School, “All of our personal data is at significant risk. At home or at work, your personal data is at risk. Whether in the cloud, or on your computer, or in an email, your data is at risk. The internet wasn’t built for security; it is a very risky zone, like wandering a minefield.”

Computer and networking technology, along with the common skills of hackers, have evolved to the point that, regardless of motive, these cyber bad guys can swoop in, steal or corrupt your data, and leave almost no trace. You may have been hacked and have no idea. The IT departments of major retailers like Target, Home Depot, and Neiman Marcus have been hacked and suffered the theft of point-of-sale data for tens of millions of customers. And, in some cases, they barely learned that it happened. If $100 million IT departments are vulnerable, what do you think can happen to you and me?

the_interview_2_for_linkedinThe reason most of us haven’t had our data or personal home networks compromised is simply because we’re not big targets—not because our data or networks are secure. If a frustrated, psychotic co-worker, spurned lover, mean ex-husband, angry neighbor, or pissed-off friend really focused on messing with your data, they could do so with relative ease. It just might involve hiring a savvy teenage nerd to make it happen. Don’t assume, because a person doesn’t possess computer skills, that they can’t be responsible for a data attack on you and your family.

Statistics from a variety of sources indicate that the majority of Americans never (as in never) backup their data. Surveys and metrics also indicate that our passwords—even for things like bank and investment accounts—are pathetically weak. Do you have any “password1234” passwords in your collection? How about a derivation of your name (or your pet’s name)? Do you use the same password, or a slight variation, on all of your accounts? I know; it makes them easier to remember. It also makes you extremely vulnerable to hacking.

There’s plenty of books and resources available to help you improve your data security. I won’t push my book, because the point is simply to get you to improve your personal data security, not necessarily buy something from me. But do something.

james franco for blogCyber terrorism and hacking activities, from governments, large corporations, and individuals, are only going to increase. We’re all susceptible, from Sony Pictures to your next door neighbor. However, there are many things you can do to help prevent digital disaster that results in identity theft, public embarrassment, and financial loss.

Learn about what you can do. Make a plan. Execute it. Maintain your efforts. Be diligent.

Take it seriously.

Did you, or one of your friends, ever run a car out of gas? Wasn’t there a feeling of incredible stupidity and regret? Wasn’t there a realization that a brief stop at a local gas station could have been made oh-so-easily, preventing the embarrassment and expense of your negligence and oversight?

Well, get ready. Because the Sony Pictures hack by North Korea is only the beginning. Organizations and individuals that aren’t prepared will, sooner or later, suffer.

Try not to be one of them.

curtsig2 - trans
Curt Robbins


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtRobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Cold Storage & Personal Data: Tick, Tick, Tick


[Updated on September 29, 2015]

[This post is a hopeless plug for my new book Understanding Personal Data Security. It’s said that there are two high-level categories of emotional exploitation within most advertising: Greed and fear. In this post, I exploit fear.]


 

I write a lot about electric vehicles, home theater, and personal data security. My grandmother always told me to do what I know. There’s a reason I’m not teaching you how to replace the tranny in your Ford F-150 or giving you advice for that Sunday casserole.

In personal data security, I try to write about topics that center around the real world. Strong passwords, data backup, centralized data storage. That type of thing. The areas of data archival and backup are especially fun. So simple in theory, yet so neglected and difficult in practice. The majority of us (well over 50%) never—as in never—backup our data. It’s truly mind blowing.

nfc chips in hands

Yet here we are, a culture that totes sleek smartphones and tablets and captures almost exclusively digital photos and video. Instead of going to Walgreens to develop old school film, we upload JPEG images from our mobile devices directly to cloud-based social media like Facebook, Instagram, and Flickr. All while our kids indulge in Kik, Snapchat, Vine, and stuff we’ve never heard of.

Middle class Americans create a lot of data; more and more every day. As an increasing number of us acquire highly capable mobile devices, we automatically begin snapping high-resolution photos and capturing high-definition video—along with meta data like location and people tagging. Just more ones and zeroes. We throw our files up in the cloud, sync with a local computer, or simply ignore our increasingly large treasure trove of digital delights. What was once expensive and somewhat rare is now cheap and plentiful. In the old days, no middle class consumer could afford 100,000 print photos or dozens of hours of home movies.

Now I have those thousands of photos and hundreds of videos sitting on a $200 NAS device on my home network. Amazing. We’re all curators and archivists today, whether we realize it or not.

tornado damage for blog

Once, back in ’06 or so, I had a hard drive crash on a server computer in my home. Just so happens that server was storing all of my family photos. I shipped it to a special recovery service in Atlanta. But they delivered sad news: It was toast. Unrecoverable. 16 years of family photos down the crapper. Gone.

Forever.

Fortunately, I had a backup. The problem? It was five months old. So yes, I recovered nearly 16 years worth of precious heirloom family photos, videos, and personal data files. The term “relief” doesn’t begin to explain how I felt. But I was still kicking myself for having lost nearly half a year’s worth of digital data.

I’m a picture fiend. We used to be called shutter bugs (back when most cameras featured physical shutters). I love to take tons of casual, unplanned photos on nearly a daily basis. For some people, five months of photos isn’t much. For me, it was thousands of shots and a chunk of the lives of my daughters that I’ll never retrieve. As in never.

A valuable lesson, to say the least. Now you know why I preach about offsite backups and redundant data. Because what happened to me happens to most people. Except most people lose everything.

fire damage for blog

I recently joined the artsy no-ads social network Ello. I’m really enjoying the wealth of photography, art, sculptures, 3D-printed objects, poetry, and writing. But the reality is that the vast majority of this creative expression is stored digitally. Statistically, roughly half of this data will eventually be lost to digital devastation. A hard drive will crash. A laptop will be stolen. A fire or flood will occur. Nasty crap. But it happens every day.

And the data will go “poof.” Forever lost. Notice how I keep saying “forever” in terms of lost data and “never” in terms of how often people backup that precious data?

securityWith my head in this mode of OCD data protection, a recent article in Ars Technica naturally caught my attention. A Dutch entrepreneur, Martijn Wismeijer (@twiet), had an NFC (Near Field Communication) chip implanted in each hand. The purpose? To securely store data.

Ironically, this is called “cold storage.” Because of the NFC, this data isn’t static. Using any of dozens of common smartphones or tablets on the market that feature NFC capabilities, this man can update the data stored on the chips in his hands.

Pretty damn cool. Now, I realize a lot of you are getting squeamish at the prospect of having radio frequency-capable memory chips implanted in your body. Can’t say I blame you there (although I think I’d be willing to do this).

But squeamishness aside, why is cold storage so cool? Because it partially deals with the issue of “offsite” backup. Remember 9/11? Remember all the companies that went bankrupt after the physical devastation? Know why most of them went under? They lost all of their customer data. And they lost all of their customer data because their backups were stored onsite.

Cold storage solves this problem. To a certain extent. It’s an interesting model, one where the data resides wherever you happen to be. Home, office, coffee shop, a friend’s house, driving down the 404. Now, I do want to clarify that this man is storing Bitcoin data and the small (2 x 12 millimeters) capsules injected between his thumb and index finger contain very little information. It’s basically just a few bank account numbers. Then again, a photo is just a few (million) pixels with location markers and color assignments.

We all know how this story ends. Storage capacities in all forms of modern media have expanded at an exponential rate. Eventually, these small flesh-injected capsules will sport enough storage to backup all of your personal photos and videos. At which time you’ll have yet another backup option and opportunity to safely archive your precious personal data.

tornado damage for blog-2

Until we all get these flesh-based flash drives, however, we still have an ever-increasing volume of valuable personal data that is lost on a daily basis. To date, roughly one-third of computers have crashed and lost all of their data; as in, this has already happened! So, once again, I must reiterate my personal mantra of offsite backup. Weekly, monthly…whatever. You know your habits. I’m not going to tell you how frequently to backup your data. You’re an adult. You wear big girl and big boy pants.

However, what I will tell you: If you don’t make two backup copies of those special memories of your kids, pets, and special events and get them offsite, you’ll eventually lose them. It’s statistically inevitable. Look at the clock on your smartphone or watch and take note of the second hand.

It’s counting down to digital disaster. Tick, tick, tick. Goodbye data. Au revoir precious memories.

The digital demons are coming to get you.

For the time being, you can avoid getting a data capsule stored in your hand. But if you blow off multiple backup copies of your personal data—one of which goes offsite—you won’t avoid losing all of your photos and videos.

Just sayin’.

curtsig2 - trans
Curt Robbins


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtARobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Common Confusion in Home Theater: Part 4

3d1As part of my series of blog posts and slideshows regarding topics of common confusion in home theater, below I cover THX certification, DLNA network access, and distortion and THD. This series features excerpts from my new Kindle book Home Theater for the Internet Age.

  • Part 1: Volume in a zero dB world, updating firmware, and the disadvantages of Blu-ray
  • Part 2: Speaker resistance and analog vs. digital amps in AV receivers
  • Part 3: PCM vs. bitstream and Blu-ray player upscaling/upconversion
  • Part 5: HDMI (including cable length and controversial expensive cables)
  • Part 6: Closed-back vs. open-back around-ear headphones
  • Part 7: Understanding your room and room dynamics
  • Part 8: Room correction, speaker position, and more room dynamics
  • Part 9: Ethernet, component separates, and broadband internet routers

curtsig2 - trans
Curt Robbins


THX Certification

THX is a collection of audio and video certifications for both commercial cinema (movie theaters) and home theater environments. THX was born at Lucasfilm Studios in the early 1980s, when George Lucas was producing Return of the Jedi, and gained its name from Lucas’ first feature film, THX 1138. Lucas was concerned that the fidelity and overall experience he was creating in his studio wasn’t being translated into commercial cinemas. The first THX certifications were granted to movie theaters, not home theater components.

THX offers several different types of certifications, including those for amplifiers and display panels. To obtain THX certification, a particular component model must pass 200 tests. While THX certification doesn’t guarantee you’ll like the image produced by a display or the sound flowing out of an amplifier, it does ensure a solid performance level. Buying THX-certified equipment helps you get reliable mid to top-tier components with respect to quality and performance. It has little to do with price, however. Products at several different costs may feature the THX logo. It is, however, more common on higher-end, more expensive components.

THX has also released an app for Apple and Android devices that helps calibrate your home theater’s video and audio. For more information regarding home theater calibration, see the Room Calibration section below and the Room Dynamics & Positioning section of the Speakers chapter.

DLNA Local Network Access

DLNA, or the Digital Living Network Alliance, is a communications protocol that works over both wi-fi and Ethernet that allows a variety of media files, such as family photos, music files (including high-resolution varieties), and videos to be streamed from one device to another on a local area network (or LAN). In home theater, DLNA is typically implemented in audio/video receivers and Blu-ray players and accesses a storage device or computer elsewhere on your local network.

Not only must your receiver or Blu-ray player support DLNA, but the device on your network—on which the media files are stored and from which you want to access them—must also include this protocol. This “sending” device on your network could be a personal computer (running Windows 7/8 or Mac OS X), a network storage device (officially called a NAS, or Network Access Storage), or even a top-shelf router with an attached flash drive or USB hard drive. As long as the two devices have a valid connection, enough bandwidth, and DLNA, you can begin routing photos, music, and video from your home network to your receiver or Blu-ray player, using your big display panel and listening to audio and music through your living room speakers.

However, simply because you can use DLNA to get a particular media file from a PC or storage device on your network to your audio/video receiver or Blu-ray player doesn’t mean the receiving device can necessarily decode it. For example, if you have a bunch of high-resolution music files in AIFF format stored on your network, but your receiver (or Blu-ray player) isn’t capable of decoding the AIFF format, DLNA won’t help. DLNA includes no decoding logic or special software for this purpose. It is merely a way for two devices on a home network to recognize each other and stream media files from one to the other.

Distortion & THD

All home theater components produce a certain amount of distortion, something that damages the quality of the sound but, at low and even moderate levels, typically can’t be perceived. This distortion is measured as THD, or Total Harmonic Distortion. In the case of an amplifier, THD is a measurement of the comparison of the receiver’s input and output signals (revealing how much the unit’s amp distorted the audio signal).

Instead of burying you in percentages and decimals, simply realize that lower THD is better. Any reputable brand of AV receiver, Blu-ray player, or speaker, however, will typically exhibit so little THD that it isn’t noticed (except at maybe the loudest volumes). This is true of models at all costs. According to Gary Altunian at Stereos.about.com, “In reality, total harmonic distortion is hardly perceptible to the human ear. Every component adds some level of distortion, but most distortion is insignificant and small differences in specifications between components mean nothing.”

Note that THD becomes worse as volume increases. Most THD ratings for receivers are based on the unit’s full output, or greatest volume (0 db, as you’ll learn below). As a rule of thumb, simply ensure that a receiver’s THD rating is below 1% (typical THD ratings on good receivers are far lower, falling between 0.03% and 0.08%, but measuring techniques vary and are sometimes heavily influenced by a component manufacturer’s marketing department). THD is just one measure of the quality of an amplifier or speaker. If you’re shopping for reputable receiver models, THD shouldn’t typically be an issue that influences your purchasing decision.


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtARobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Personal Data Security: NAS

Today’s blog post is another in the theme of personal data security and an excerpt from my new book Understanding Personal Data Security. We all have lots of data. Statistically, however, nearly half of us never back it up. As in never. But part of the reason for this might be that our data is scattered among many different computers and devices, making the task of backup difficult.security

Part of the solution is to centralize your data. You don’t have to be a Buddhist like Steve Jobs to understand that simple is better than complex. In the case of your personal data and media files, storing and accessing them from a single location on your home network can make the task of backup that much easier. And the best way to centralized your data is with Network Attached Storage.

You might want to also read my previous blog posts Personal Data Security: Backups and 3-2-1 Backup Rule: Get Offsite before diving into this one.

curtsig2 - trans
Curt Robbins


Network Attached Storage

Typically the best way for home networks to centralize data is using a dedicated hard drive that attaches to your home network, usually via your internet/wi-fi router. Called Network Attached Storage, or NAS, this is a special hard drive (or enclosure that holds multiple drives) that has just enough hardware and software wrapped around it that all of the other computers on your network can recognize it and copy, modify, and delete files. A NAS drive, sometimes called a NAS server, is nothing more than a big storage space into which all of your computers dump their data. You can’t install or run applications using such a device. It’s not a full-fledged computer, but simply intelligent network-accessible storage.

NAS servers have been around long enough that prices have fallen to where consumers can easily afford such a device to centralize their data storage. Some NAS devices include backup software, most of which can perform automated incremental backups (you’ll learn more about these topics in the Backups chapter that follows). Personally, my family and I store all of our data on a NAS, giving us a single drive volume to backup.

There are two primary types of NAS devices, each with a different target audience and cost. Entry-level NAS units have one or two fixed hard drives, meaning the disk drive(s) can’t be swapped out and, thus, the capacity of the device can’t be expanded. If you purchase such a “fixed” NAS, you’ll have to purchase a new one when you either run out of space or one of the disks fails. The other, more robust type of NAS features between two and eight open bays, each of which holds a single, removable disk drive. Some multi-drive (also called multi-bay) NAS models are sold diskless (no pre-installed drives), allowing you to use existing drives or purchase your own. It should be noted that there are a few two-drive NAS models on the market that feature fixed disk drives, meaning both drives can’t be replaced when they die.

One of the best solutions, which strikes a nice middle ground, is a multi-bay NAS that is sold pre-populated with removable drives and even preconfigured for data mirroring. This approach allows you to avoid the hassle of purchasing, installing, and configuring hard disk drives for your NAS, but still allows you to upgrade all drives to achieve more storage capacity or replace a single defective drive unit.

Some manufacturers, like Western Digital, offer a NAS solution for nearly every need and budget. For example, the company’s My Cloud Mirror features two fixed drives and a single USB 3.0 port. The My Cloud EX2 (sporting two bays) and My Cloud EX4 (four bays) both offer removable storage and ship with Western Digital’s NAS-optimized Red drives pre-installed and configured for data mirroring (a real-time data replication scheme described below). The EX series also features two USB 3.0 ports, allowing you to create your offsite backups that much faster and reliably (in real-world performance, USB 3.0 is roughly four to ten times faster than USB 2.0). You’ll learn more about reputable NAS models later in this chapter.

RAID

While more expensive, multi-drive NAS devices offer greater flexibility in terms of how you store and backup your data. For example, most multi-drive NAS servers (including both fixed and removable drive models) offer the ability to run a RAID (Redundant Array of Independent Disks). There are a variety of types, or “levels,” of RAID. According to Wikipedia, “each scheme provides a different balance between the key goals: Reliability and availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable (sector) read errors, as well as whole disk failure.”

It should be noted that a multi-drive RAID setup can also be installed in a PC. The best route, however, is a dedicated NAS plugged into your internet router or Ethernet switch. This saves you the headaches associated with maintaining a full computer and the risks that come with operating it. The likelihood of failure for a PC is greater than for a dedicated NAS server that quietly sits attached to your home network. The NAS will also consume much less power.

Although there are seven levels of RAID multi-drive configuration, only one—RAID 1—is of concern to consumers with home networks. RAID levels 2 through 6 are more performance-oriented and appeal to enterprise organizations trying to do things like optimize database queries and speed real-time online transactions. While your nerdy niece may advocate one of the higher RAID levels, RAID 1 is really all you need.

RAID 1

RAID 1 incorporates mirroring, in which data is written to two or more drives simultaneously to create a “mirrored set.” Thus, if you had a NAS device that supported RAID 1 and featured, say, four drive bays, you could install three drives (leaving one drive bay empty), one of which would be your primary storage and the other two of which would function as your local (onsite) backups that were always current.

RAID 1 illustrates the power of using multiple hard drives in a single drive enclosure (or computer) to protect your data. Think of RAID 1 as a real-time backup system. The disadvantage? This popular RAID standard gives you great onsite data redundancy (and, thus, backup), but does nothing to get your data offsite.


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtRobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.