The Daily Parker

Politics, Weather, Photography, and the Dog

Well-designed phishing attack

I had planned to note Bruce Schneier's latest essay, "The Misaligned Incentives for Cloud Security," along with a report that Microsoft has noticed an uptick in SolarWinds attacks against its own services. But twice in two weeks I've received bogus DMCA takedown notices that tried to trick me into downloading files from a Google site, and I'm impressed by the effort that went into these phishing attacks.

In both cases, the attacks came through the blog's Contact page, meaning someone had to copy and paste the text into the form. They both lay out most, but not all, of the elements of a DMCA takedown notice, with lots of threatening (but inaccurate) text about what could happen if I don't comply. But here's the kicker: instead of specifying which of the Daily Parker's nearly 8,000 posts contain infringing material, as required by the DMCA, they contain a link to a file on a Google site that I should download to see the material they claim to own.

It turns out, I know a thing or two about copyright law, and about computer security, so I didn't fall for the phish. I worry, though, that this attack could fool a lot of people. Reminder, folks: never download a file you didn't specifically ask for. (In my case, I did attempt to download one of the files, in a sandbox, with virus protection jacked all the way up. The virus protection took one look at the file and didn't even allow the download.)

Let me enumerate the really sophisticated features of this attack:

  • It contained mostly true information. People send out DMCA takedown notices all the time; experienced website administrators take them seriously when received. The author of this phish included the correct and relevant US Code sections, and a mostly-correct description of how the DMCA operates. They got the statutory damage amount totally wrong, but only because the number they used would scare people more.
  • It didn't contain any English language errors. Whoever wrote the copy for this attack speaks perfect English. This wasn't a laughable 409 scam.
  • It came through the Contact feature, not an email. The attacker took the time to go to the Daily Parker contact page, copy and paste the phishing text, and click "send." A human had to do that.
  • It stated a plausible claim. This is Daily Parker post #7,922 since the blog started on 13 May 1998. It is conceivable that at some point in the last 23 years I posted a photo for which I didn't obtain a proper license. This would be true of any large blog or website.
  • It used a real Google Sites link. The download link pointed to an asset actually stored on a google.com computer somewhere. That might convince someone of its legitimacy, unless you remember that anyone can put anything up on a Google Site or other cloud storage service. Again: never download a file you didn't specifically ask for.
  • It came from a network in the US. Reverse-IP lookups showed the origin IP addresses to be owned by a major ISP in Colorado, not a scary Eastern European location. Of course, it means that the attacker has access to a computer physically located in the US, which means I'll send my own legal notice to the ISP if I receive another one of these.

Now, here's where they missed the mark:

  • They asked me to download a file. No. No, no, no. GFY a thousand times with a chainsaw.
  • The phish did not contain all the required elements of a DMCA takedown notice. They didn't list specific assets, with URLs, that they allege infringed their copyrights; they didn't assert a claim of ownership in a legally-sufficient manner; they didn't provide full contact information; and they didn't sign it. But of course they didn't, because the closer they got to legal sufficiency, the more information I'd have that they have no real claim.
  • They sent two nearly-identical (but not identical enough) phishes 8 days apart. You think I didn't remember the first one? You think I didn't compare them? The second attempt simply confirmed that the first attempt wasn't merely an amateur-hour legal notice but, as I suspected, a phish.
  • One of the phishes came through a non-publicized FQDN. Because I host the Daily Parker on Microsoft Azure, it has an Azure-provided fully-qualified domain name (FQDN) in addition to www.thedailyparker.com. I have never publicized the Azure FQDN, and as far as I know the Azure FQDN has no inbound links. I suppose it could have gotten picked up by a search engine, but again, without inbound links, I can't see how. It's not secret; it's just really odd that someone would use it.
  • The claimant's names were...weird. I said earlier that the text of the phish used correct English throughout, but the names of the supposed claimants seem to have come from a name-generation tool. Seriously, the names were Ford Prefect-weird.
  • It turns out, I'm well-versed in both copyright law and cybersecurity. This type of mistake even has an entire TV Tropes entry. I guess a criminal wouldn't necessarily know that, however. They might find out, should they send a third phishing attempt my way. Will I haul them into Illinois court to answer a tortious trespassing case? Probably not. But I might tell their ISP. And the FBI. Because at some point, they will get someone to open whatever malicious file they linked to, which I expect will lead to actual crimes.

In recognition the effort that went into this phishing attack, I wanted to publicize it in case it happens to anyone else. If you get an alleged DMCA takedown notice, and it doesn't meet the legal requirements as outlined by the USPTO, ignore it. And once more, with feeling: never download a file you didn't specifically ask for.

And if you're the script kiddie who sent the phish, GFY with a tree. Sideways.

Statistics: 2020

What a bizarre year. Just looking at last year's numbers, it almost doesn't make sense to compare, but what the hell:

  • Last year I flew the fewest air-miles in 20 years; this year, I flew the fewest since the first time I got on a commercial airplane, which was during the Nixon Administration. In January I flew to Raleigh-Durham and back, and didn't even go to the airport for the rest of the year. That's 1,292 air miles, fewer than the very first flight I took (Chicago to Los Angeles, 1,745 air miles). I did, however, make an overnight trip to Wisconsin in November, easily breaking the record for my longest travel drought but making it shorter than never. 
  • This is my 609th post on the Daily Parker in 2020—an average of more than 50 per month. This new record blows away the one I set just last year by 10.5%. (Imagine how much I'd have written had anything newsworthy actually happened in 2020.)
  • The pandemic let me spend Parker's last eight months with him nearly every day. Despite his age and discomfort, we managed to go for almost 241 hours of walks (274 annualized), a whopping 29% (46% annualized) more than in 2019.
  • Including today, I got 4,848,171 steps, averaging 13,246 per day. This is 5.7% fewer than last year. I missed 10,000 steps on seven occasions—five this month. Without a daily commute or a dog, not to mention the cold weather, I have struggled since Thanksgiving to get motivated enough to get longer walks in. That said, I hit a new record of 312 consecutive days over 10,000 steps, a record I don't anticipate ever breaking. I also got 56,562 steps on September 4th—another record I don't expect to break soon.
  • I once again read more than the year before, with 39 books started and 37 completed. (I'm still working on The Power Broker, which I started 18 months ago...) On the other hand, I watched 59 movies and 79 TV series, compared with 56 and 38 respectively in 2019. Of course, almost all of that was streaming on my home computer while programming on my work computer, but it's a lot.

I can't even predict what will happen in 2021. I expect fewer steps, more books, and actually to start traveling again. Here's hoping for a speedy vaccination.

7,500

Just a housekeeping note: this is my 7,500th post since re-launching braverman.org as a pure blog in November 2005. On average, I've posted 41.2 times per month, though this year that has gone up somewhat:

For whatever reason, the average (so far) in 2020 is 50.5 times per month. I'll know the exact stats and have more to say about this on Friday.

Halfway there...

Welp, it's July now, so we've completed half of 2020. (You can insert your own adverb there; I'll go with "only.")

A couple of things magically changed or got recorded at midnight, though. Among them:

And finally, I am now officially the President of the Apollo Chorus of Chicago. My first task: ensure that our annual fundraiser, Apollo After Hours, brings in the dough. More on that later.

7,000

This is The Daily Parker's 7,000th post since 13 May 1998 (but only #6,804 since the "modern era" began in November 2005). When I started posting jokes on braverman.org back in 1998, none of the predictions I could make about the world on the verge of the 2020s would have been correct. The Cubs winning the World Series? A powerful computer in every pocket? Donald Trump being anywhere near the nuclear codes?

And here we are. A thousand posts since December 2017, two thousand since October 2015...that's a lot of writing.

And a lot of reading. Thanks for hanging in there.

Starting the April entries

It may appear that blogging will slow down a little bit going into the last week of March. That's because Blogging A-to-Z entries take a little more time to write. This year might be a little ambitious, also, because I plan to provide musical snippets to go along with the text (otherwise what's the point?).

My goal today: get through a chunk of the first week of April. And figure out when I can write the rest for that week.

I've also written an entry for an historical anniversary mid-April.

Stay tuned.

A to Z Theme Reveal for 2019

Blogging A to ZOnce again, the Daily Parker will participate in the Blogging A-to-Z challenge, this year on the theme: "Basic Music Theory." 

For the A-to-Z challenge, I'll post 26 entries on this topic, usually by 7am Chicago time (noon UTC) on every day except Sunday. I'll also continue my normal posting routine, though given the time and effort required to write A-to-Z posts, I many not write as much about other things.

This should be fun for you and for me. Music theory explains how and why music works. Knowing about it can help you listen to music better. And, of course, it'll help you write music better.

The first post will be on April 1st.

(You can see a list of last year's posts here.)