Safe surfing on the Information Superhighway - mixed metaphors much?

Last updated 2025.03.20

In yet another form of cybercrime, we now have malicious generative LLM entities. I'm not going to try to keep track, the perpetrators move too fast for me. But, I'll just share this item. ChatGPT impersonators reveal security vulnerability
In short, malign human intelligence is harnessing compute power and generative LLM tech to harm you. Be careful out there. As the Internet is now how we reach out for government and corporate services, we really don't have the choice of avoiding it anymore. The government of Canada (CRA specifically) will no longer send me physical mail, but REQUIRES me to use their cumbersome online portal to find out information about my tax and credits status.

You should also be aware of what LLM-based tools can do and can't do, and how they developed their 'knowledge base'. Some of this is based on some experimentation I did with a couple of such tools back in 2023 on a couple of topic areas where I have some expertise. The LLM tools digest a whole lot of what they could find in digital form on the Internet, including a lot of copyrighted material (and encapsulating that into their models is probably copyright infringement, but the laws can't keep up, and we can't 'read' how the LLMs have encoded that information for their internal use). However, one key weakness of this approach is that it becomes a 'voting' system based on historical information to determine what is 'right' or 'factual'. That means that in fields where big corporate players have a big presence on the web and in scientific documents dating back decades, highly repeated old information will dominate new knowledge not yet in the mainstream of 'established' knowledge or fact. In summary, if you're in a dynamic field, LLM tools will likely give you old information, and not the current areas of discussion. If you need history (at least since digital social media proliferated), LLM is likely fine for you. If you need to know what's changing and at the forefront of new frontiers, that's probably still for human intelligence with the relevant background, awareness of the state of the art, and capable of thinking. It's unclear how the LLM tools update their 'knowledge base' as new information is discovered in the real world, and if they even have the ability to throw away 'knowledge' which is subsequently disproved.

Sadly, the tools don't have sufficient guardrails to ensure they actually provide correct information. It seems the LLM tools are meant to spin a narrative (or in old-day language, tell a story), and at times they don't let the facts get in the way of a good story. That can have real consequences if you put out an LLM story-line under your name, and then the recipient realizes the content is wrong or misleading. But hey, it's just your livelihood that is at risk and reputation, so go for it if you want (maybe anonymously or under a pseudonym, which seems to be popular in the disinformation channels).
B.C. lawyer who used fake, AI-generated cases faces law society probe, possible costs
I find this one particularly irksome, as legal cases and decisions are really well documented in online repositories like LexisNexis, so getting the basic information wrong (like 'inventing' cases) should be easily avoided by these content aggregation tools. If the tools are messing that up, how much trust should you put into their interpretation of things that are actually murky or not completely resolved?

A key issue for the LLM generative tools is that we don't know how they work internally. Having written a lot of software, I understand how statements in source code work, and how compilers and interpreters take that logic and instructions to make machine code which is executed by the computer. If a result seems suspect, I know how to go back into the source code, diagnose and correct the issue. As a user of LLM generative tools, I don't know how the result was generated, or how to fix it if there's a problem in the produced content.

If harm is done as a result of using an LLM generative tool, who is liable? To be blunt, if you used the tool, and distributed the result, is it you? And if you fell for what was produced by a malicious LLM tool, how big could the consquences be? Not just to your reputation, but financially?

In this example, a Canadian Member of Parliament distributed incorrect and prejudical information on hot-button issue based on information allegedly provided by an AI LLM tool.
Conservative MP shares inaccurate, ChatGPT-generated stats on capital gains tax rate
We used to have fact checkers and rational thought (human intelligence). Now we have proprietary, defective information tools and a human population which has no rational framework to discern fact from weaponized fiction. This is bolstered by tribal partisanship which justifies all means to obtain power. A week after being called out on this error, the MP has not issued a correction or apology. The question for voters is, do you want to be governed by liars lacking a moral and ethical base? If so, bring on the AI; the machines have already won. This MP can be cast as Baltar.

If you need a tool to generate acceptable text on a topic because writing isn't one of your strengths, and you don't need to be hyper-correct, then perhaps these can fill in the number of words required to fill whatever metric you're trying to meet. If it needs to be moderately correct, use an intelligent human instead and some basic spelling and grammar checking tools (already integrated in some word processing and other software tools). Don't underestimate the real value of having another literate human read your text to spot possible errors before you send out your content.

I understand that there is a growing use of generative LLM tools to write résumés for job applications in order to cluster-bomb the digital postings and cyber-hirewalls used by many employers - inhouse or contracted - to screen out the less qualified candidates. Does anyone else see a degree of irony in a transaction that is nominally about humans hiring other humans now being largely subsumed by escalation of the use of machines to try to beat the machines the other side is employing? It's like the escalation of military drone technology in the Russian invasion of Ukraine.

If you think GenAI is going to build you a better résumé, consider this take from leyla mamedova: "GenAI doesn’t actually “think” or “process” in the way that people believe it does. This is a pretty vast oversimplification, but it is basically just beefed-up predictive text. You are generating the statistical average of text, based on an extremely large dataset. If everything becomes the average, how is your generated resume supposed to stand out among all the other generated resumes?"
GenAI based on LLM is essentially a voting machine based on industrial scale plariarism. If you want to be part of the crowd, right or wrong, GenAI is your jam. If your objective is to be correct or stand out from the crowd, not so much.

Turns out, the LLM tools are massive power pigs.
ChatGPT uses 17,000 times the amount of electricity than the average US household does daily: report (Business Insider)
In a time where we need to reduce our use of fossil-fuel generated electricity to reduce GHG emissions, using all these computer cycles to generate text of questionable quality and veracity seems like a poor decision. But then, I feel the same way about crypto-currency - the ultimate example of using a valuable resource (electricity) to generate a 'product' with absolutely zero intrinsic value. Bitcoin Miners Are Devouring Energy at a Record Pace During the Crypto Runup (news24 Business)

Energy-hungry AI models could strain water and power grids. Can the sector handle the demand?
Short answer: No. LLM isn't thinking, it's putting together what others have documented and accessible on the Internet, and it's probably biased to favour old (human) thinking that did not foresee this issue. So 'AI' (LLM generative text) won't devise a new solution.

One solution to the power-suck issue is to require the new electricity vampires to build their own power generation facilities so that critical infrastructure is not put at risk (e.g., municipal water supplies, residential heating and air cooling). Given the need for more clean energy, we could go further and require that this additional electricity demand be provided by zero-emissions sources (e.g., solar, wind, geothermal - preferably with integrated battery storage). Given the renewables generation is now cheaper on a life-cycle kWhs throughput basis than fossil fuels or nuclear, and can be installed more quickly than any of those, the adoption of renewables for this additional power supply should be an economic no-brainer - even for an AI engine. On the contingency planning side, if the AI bubble bursts, the electric generation built will still have solid economic value.

Couple of articles on the current state of AI (April 2024)
From boom to burst, the AI bubble is only heading in one direction
Currently at stage 4 (of 5): Profit-taking. Read the article find out about the stages, and what comes next.

More 'AI' reality - don't look behind the curtain.
Amazon Abandons Grocery Stores Where You Just Walk Out With Stuff
After It Turns Out Its "AI" Was Powered by 1,000 Human Contractors
It was all smoke and mirrors. (The Byte)

The only real 'AI' in this scam is the deepfake videos and tools to infect your computer with malware and take your money
Don’t Fall for the Viral Quantum AI Scam – What You Need To Know

Based on who is really pumping AI so far, this story had to surface eventually. I mean, somebody is paying the extra servers and bandwidth and electricity for the 'free' AI tools you can access. If it's not you, who is it, and why are they doing it? Google provides free web searches so they can sell your purchasing power to vendors. So, what are the free AI providers selling? Again, you. Based on what you are asking about, they can figure out what to try to sell to you. So, how can AI hook you and reel you in? (YOU are the product.)
Research shows AI is learning to deceive humans, issues warning

Human rights lawyer Susie Alegre: ‘If AI is so complex it can’t be explained, there are areas where it shouldn’t be used’
If a product design relied on AI, and someone is harmed by the use of that product due to a fault in the design, who is liable? The builder of the AI engine? The company that relied on the AI-enable design? A human that signed off the design without understanding the 'thinking' of the AI engine? The creator of the AI knowledge base?

Just sharing this item because I think it's important.
The Death of Critical Thinking Will Kill Us Long Before AI. Joan Westenbberg

The genie is out of the pretend-AI (LLM generative text) bottle; this is the kind of thing it will really be used for.
Experts seeing ‘more and more’ hate content created by artificial intelligence Globe and Mail

Real AI could solve a lot of society's problems (LLM generative text cannot). What if AI decides humans ARE the problem?
Big tech has distracted world from existential risk of AI, says top scientist (The Guardian)

But at what risk? This is a conversation that doesn't seem to have surfaced yet, but it needs to be discussed. Humans ARE going to weaponize AI and use it to maximize wealth and control mainstream thought. So long as human society generally values wealth and power over the value of humans, this is inevitable.
Will AI end humanity? The p(doom) scales of an OpenAI insider and AI researcher are alarmingly high, peaking at a 99.9% probability (Windows Central)

OpenAI breach is a reminder that AI companies are treasure troves for hackers
Perhaps the folks (or bots) at OpenAI should have asked another AI tool about how to defend their service from being hacked to protect their users. Sigh. YOU are the product, apparently for hackers as well as LLM bot promoters.

AI is effectively ‘useless’—and it’s created a ‘fake it till you make it’ bubble that could end in disaster, veteran market watcher warns (Fortune 2024.07.08)
More truth leaking out of the 'AI' bubble.

Building on the 'fake-it-til-you-make-it' meme, it was triggered again recently for me by a LinkedIn post by Paul Martin tangential to the hydrogen-as-fuel-disinformation-farce. For those of you who don't do that social media platform, the issue was getting an AI image generator to draw a car with square wheels. For a human, this is a simple enough idea. For today's AI, it is inconceivable. My thanks to Paul for calling this tool out (and AI broadly) as 'basically high tech plagiarism'. Because AI LLM has not seen an image of a car with square wheels to copy from, it cannot 'imagine' the concept, and therefore cannot generate the desired image. That is the essence of human 'genius'; imagining something novel that has not existed before in the consciousness of that person.

Given the state of our species, civiliation, societies and the technology it has created, embraced and spawned across the planet and the consequences of those actions - the world today needs more geniuses to develop the novel solutions we need now, and not more forgers, counterfeiters and plagiarists retreading variants of the things that have caused the problems we face now. Not specifically an AI issue, but we will rue the results of having spent decades dumbing down the population and using mass consumerism to allow the majority to avoid daily problems to be solved, as that is the training ground for proficient problem-solvers. Parents, don't give your children more tech toys; give them science fairs.

AI systems could be on the verge of collapsing into nonsense, scientists warn (The Independent 2024.07.25)
So, AI hoovered up the Internet because it was 'free', used non-verified 'facts' as its knowledge base, then got used (generative AI) to start populating media articles published on the Internet. So, now, the LLM AI generative models are feeding on themselves to create their own echo chamber. Because they can generate quantiy content (quality doesn't matter) faster than humans, the bots will eventually drive out all the human-produced content. Problem is, generative AI has a serious problem with divining truth from trash, so the veracity of even 'credible' sources will eventually succumb to the onslaught of garbage in making more garbage out.

I have not had time to read Harari's newest book Nexus: A Brief History of Information Networks from the Stone Age to AI, but it's generating buzz and I would be remiss if I didn't at least flag it here. This is a related article from the Conversation: Has AI hacked the operating system of human civilisation? Yuval Noah Harari sounds a warning (The Conversation Sept. 9, 2024)
At this point, humans are still creating the "AI" tools. So, the extent to which they are good or bad for humans is still in our hands. However, if we let profit for the few be the key driver for how "AI" tools are build and deployed, I doubt it will end well for our species.

The demand for additional resources (servers, network devices, security, bandwidth, energy) isn't just being sucked out of the AI providers. It's also victimizing the owners of copyrighted information put on the web by intellectual property owners as the AI tools thrash those servers in the course of their vampire 'learning' approach.
iFixit CEO takes shots at Anthropic for 'hitting our servers a million times in 24 hours' and even the AI company's own chatbot disapproves (PC Gamer)

Nearly Half of Businesses Weaken Sustainability Goals Due to Generative AI Demands, Capgemini Report Reveals (TechRepublic 2025.01.14)
"AI" isn't just about replacing human workers and destroying their income, with increased use of fossil fuels

Goldman Sachs Calls BS on the AI Bubble (Trading Floor Whispers 2024.07.16)

Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica 2024.09.24)
But people are relying on these 'tools' to do important research and make decisions. Remember, if it's free, YOU are the product.

Large language models hallucinating non-existent developer packages could fuel supply chain attacks (InfoWorld 2024.09.30)

OpenAI Confirms Hackers Using ChatGPT to Create Sophisticated Malware (Cyber Security News 2024.10.13)
Clearly, one of the great contributions of AI is the creation of more effective malware. /s

X changed its terms of service to let its AI train on everyone’s posts. (CNN Business 2024.10.21)
It's well past time to eXit X. While pretending to be a platform for free speech, it effectively censors voices its owner doesn't like. This has led to an exodus of academic contributors since the transition.
The article indicates the academics reduced their usage. They should not have ruled out 'shadow-banning' of those academics or specifie viewpoints on topics. There is no doubt that the algorithms used by X-Twitter could perform that selection.
Now, it has unilaterally changed the terms of service to harvest user-generated content, presumably for sale via an 'AI' tool, without compensation. Further, apparently X still isn't paying it's bills. X was the perfect rename for Twitter under the new ownership. X denotes toxic (chemicals, environment) in labelling; do not enter in road signs and restricted areas; deleted, as in X'ed out or Ctrl-X; danger and death (crossbones); end; restricted content (X-rated); and rejection, negative or wrong (grading on papers).

Scammers are stealing homes from under their owners' noses. AI is making it scarily easy. (Business Insider 2024.10.22)
Great, another fraudulent use for AI to cheat people.

Does AI increase productivity? Or reduce it? (Tortoise Media 2024.12.05)
From the article: Workers using AI services are less productive than those who don’t, according to a study by Intel. The AI chipmaker followed 6,000 employees in Germany, France, and the UK and found that AI PC-owners were “spending longer on digital chores than those using a traditional PC”.

I use it all the time, but I don’t trust it [AI}. My job now includes fact-checking. Each AI needs to be designed specifically for each job, and even then it will make mistakes.

2024.09.17 - fun thought. Somebody figures I'm trying to scam you with this page. If you can figure out how that would work, please let me know.
The information I offer here is free to anyone that chooses to read it. I offer some advice on how to protect your data, identity and money.
I'm not selling anything here (not backup solutions; not computer set-up and support; not anti-virus, anti-malware or system security tools; not alternative investments)
and I'm not asking for donations to support the site or compensate my time.
But, I'm especially asking you not to trust me.
Stay skeptical, do your own research, make your own decisions on how to protect your computing devices, data, identity and money from criminals.

To be clear, 'crypto-currency' is not currency (money). Money is a nominally stable store of value which can be used to acquire goods and services, and conversely obtain by selling goods and services. It facilitates real-world economic activity. I cannot buy groceries with crypto-currency; that requires exchanging the crypto-currency for real money so I can use the real money for the real-world purchase transaction. So, crypto is not currency. It is also not a stable store of value. In fact, the majority of 'crypto-coins' minted so far have disappeared or have zero value now.
Charting the Number of Failed Crypto Coins, by Year (2013-2022) (Visual Capitalist)
So, based on the data, it appears that crypto-currency is primarily a means of separating regular people from their real money.
In short, crypto is a casino, not currency.

In another story of crypto-currency being use to separate people from their real money, consider this article related to the 2024 Bitcoin 'halving'.
Economist says Bitcoin pump is to ‘sucker ETF investors’ to buy before dump

There's one other primary value of crypto-currency: to enable and monetize criminal activity. Scammers love crypto-currency, and especially bitcoin, as there are ATMs for it, and they know once they have your money, you're not going to get it back.
A bitcoin story. This is happening everyday to people who aren't computer security experts.
Ottawa man intercepts bitcoin scam targeting elderly woman (CTV News)

Ransomware really wouldn't work without a means of moving funds which are very difficult to trace by legal authorities. So, just be aware that when you purchase crypto-currency, you are tacitly legitimizing illegal activities by hiding those transactions in with a volume of transactions like yours. And it's big business - illegal but big - that you are financing with legitimizing crypto-currency.
Another bitcoin story (2024.03.20): How Chinese takeaway worker led police to Bitcoin worth £3bn in Britain's biggest ever cryptocurrency seizure
Again, when you buy or use cryto-currency - and especially Bitcoin - you are enabling crime or providing cover for it. In this case, a nice haul for the UK Treasury: 61,000 BTC.
Ransomware Payments Hit a Record $1.1 Billion in 2023 (Wired)
When victims do pay the ransoms, that success for the criminals leads to them launching more attacks.
Paying ransom for data stolen in cyberattack bankrolls further crime, experts caution (CBC)
Cybereason: Paying ransoms leads to more ransomware attacks (TechTarget)

Another story from a reputable technology publication on how crypto currency facilitates crime on a massive, internatonal scale. If you're a human, you might find this repugnant. Wall Street has no such qualms about people, which is why they are all in on profiteering from misery enabled by crypto currency.
The $11 Billion Marketplace Enabling the Crypto Scam Economy

Many people are surprised to learn that in reality, the block-chain does not make a financial transaction untraceable. It just requires more effort (which is funded by your tax dollars back in the real world).
How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin's Anonymity (Wired)
If a single person with skills and persistance can defeat the anonymity of the blockchain, be assured that governments and law enforcement agencies can as well, and the less reputable characters already benefitting from the difficult-to-trace transactions (so far).
Still, crypto-currencies do provide one obvious advantage for law-enforcement; those that use it are basically self-identifying as being involved in illegal activities, be it as perpetrators or victims.

All it takes is a little thinking, research and analysis, and others are also figuring out the downside.
“It’s bad for everything”: Citizens group from Arkansas County ready to fight back against crypto mines
Lots of other issues with crypto-currency, but the electricity suck could be addressed by requiring these operations to produce their own clean electricity, and not overwhelm the capacity of the existing grid and generation.

The alleged perpetrator used crypto-currency as the base for a fraud stealing from a cryptocurrency exchange.
Crypto trader searched web for 'fraud' before $110 million haul

More crypto-scams and vulnerabilities.
Retirement ruined: 63-year-old man loses it all after one web click
[dead link: https://bc.ctvnews.ca/sim-swap-that-enabled-theft-of-63k-in-bitcoin-at-centre-of-b-c-court-case-1.6871763] 'SIM swap' that enabled theft of $63K in bitcoin at centre of B.C. court case
Clearly, I'm not going to keep up, and a lot of people aren't going to go public with their losses.

Another cautionary crypto-currency tale.
Ontario's 'Crypto King' arrested, charged with fraud
Skimming 98% and investing 2% of 'investor' (I think that's spelled 'mark') funds. What could go wrong?

Crypto trader turns nearly $1M into $18,000 in 4 hours
Where only the market manipulators are winners.

In case you thought that crypto was a way to 'stick it to the man'. It's not. It's another way Wall Street big players stick it to retail investors.
Bitcoin plunged 28%. Institutional investors bought the dip

TL;DR: Crypto-currencies: not money; not secure; not stable; most crypto-coins go to zero value; enables, legitimizes and funds criminal activity; blockchain is not really anonymous; makes your electrical bill higher; makes the Internet a more expensive and dangerous place for regular users.

Funny thought. Some crypto-fans think crypto-currency is a way to hide their assets and dealings from the 'government'. And the fraudsters LOVE that you're trying to hide your financial activity from the 'government', because that means you are less likely to call the cops when the bad guys burn you. But it turns out there's another currency that can also evade a digital trail: cash. You know - actual legal tender you can use to pay for things. No transaction fees. No need to convert from crypto to real money via a questionable on-line 'exchange' to actually spend it. Doesn't disappear from bank accounts due to fraud or vary in value due to speculation compared to actual money, because it is actual money.

Sounds about right for a crypto-currency fan. Steal the electricity, and you can make money at crypto-mining.
Sounds like the crypto market business model in microcosm.
Cryptominers made $100,000 from mining at an Airbnb for three weeks — the guests ran up a $1,500 electricity bill (Tom's Hardware 2024.08.15)
I doubt they made that much, or they could afford their own electricity bill.

Crypto firm diverted $13M in assets, securities commission finds (CBC 2024.08.12)

Crypto mixer founder argues 30-year prison sentence is ‘unwarranted’ (CoinTelegraph 2024.08.16)
But the point of the operation was money laundering via 'fogging' Bitcoin and altcoins, and money laundering is a crime.

Another threat to the value of crypto-currency: quantum computing
So the intrinsic value of crypto-currency is zero, possibly actually negative (transaction fees, exchange computers, computers holding copies of the blockchains).
It's fully based on the cost of burning electricity to generate nothing but blockchain ledger entries. You can't turn a crypto-currency unit back into electricity, or anything else with intrinsic value (e.g. food, metals, heating fuel ...) Only exchange it for real currency (typically sovereign fiat currency), in order to extract any real value from it.
So, in simple terms, owning crypto-currency is the equivalent of getting a certificate for burning a real asset, and continues to hold value because people continue gambling computer hardware and electricity to create more such units (which is kind of a Ponzi scheme at heart). But so long as it takes real resources, time and some effort to make additional units, existing units have some claim to equivalent unit value.

But, what happens if somebody can start generating new units essentially instantly and at near-zero cost?
That's the actual promise of quantum computing in terms of solving the creation of crypto units. Yes, the entry cost of getting to this threshold is high (so far), but it seems inevitable someone (country, corporation or criminal organization) will get there before long. Within minutes, they will have a virtual monopoly on whichever crypto-currencies they target. Eventually, that will be all of them. At that point, they alone will determine the value of crypto-currencies and your investment in them. When the second player with that capacity arrives on the scene, they will compete for selling future crypto units, and unless they collaborate, the competition will inevitably mean the the value of new crypto units will dive to near zero.
TL;DR: quantum computing means crypto currencies will all go to zero value, wiping out investors' cryto-gamblers holdings.

Chinese researchers break RSA encryption with a quantum computer
RSA is encryption. Crypto-currency is encryption. These researchers broke RSA encryption. What comes next? Breaking crypto-currency encryption.

US achieves superconductor breakthrough, can benefit quantum computing (Interesting Engineering 2024.08.25)

Is this the end of Bitcoin? Google unveils quantum chip ‘Willow’ — Is Bitcoin’s security at risk? (AMB Crypto 2024.12.10)

The bitcoin ATM has emerged as one of cryptocurrency’s biggest threats (CNBC 2024.09.08)
Imagine that, the criminals have found another way to rip off people gullible enough to hold crypto-currency.
"In the U.S, losses from scams via crypto ATMs exceeded $120 million in 2023."

The FBI secretly created a coin to investigate crypto pump-and-dump schemes (The Verge 2024.10.10)
“What the FBI uncovered in this case is essentially a new twist to old-school financial crime,” Jodi Cohen, the special agent in charge of the FBI’s Boston division, said in a statement. “What we uncovered has resulted in charges against the leadership of four cryptocurrency companies, and four crypto ‘market makers’ and their employees who are accused of spearheading a sophisticated trading scheme that allegedly bilked honest investors out of millions of dollars.”
Crypto: designed to shelter criminal financial transactions; now used to bilk honest investors. Win-win for the bad guys.

Deepfakes Can Fool Facial Recognition on Crypto Exchanges (Tech Republic 2024.10.11)
Here we have an AI-crypto crime cross-over. Perhaps you should not put up really good images of yourself on Facecrook, and definitely not tag them with your name. However, you can't control what your 'friends' do.

Bitcoin Is Going to Be the Nail in Our Climate Coffin As I have written elsewhere, crypto-currency units are just receipts for wasted electricity. Basically, it has about the same intrinsic value as the receipt for the non-tax-deductible meal you bought for your family. A scrap of possibly recyclable paper. Unsurprisingly, wasting electricity isn't good for the environment, or the long-term survival of our species on this planet.
One possible mitigaton measure: require all declared crypto-miners to demonstrate they have installed enough green energy capacity to at least power their crypto-mining operations, be it wind-power, micro-hydro, solar or whatever, or shut them down.
Upsides, the miners can keep operating when there is a grid outage. Crypto-miners won't be a burden on existing grid users and power generators, which are often subsidized by taxpayers. Crypto-miner purchases of renewable energy equipment will help lower costs via economies of scale for future buyers, and presumably their future expansions. We'll know that crypto-miners aren't stealing power from others. And when there ventures fail, that additional non-polluting generation capacity can be picked up at the auctions to improve overall sustainability of electricity generation.

The $51 Billion Crypto Crime Industry Is Adopting Stablecoins (Forbes 2025.01.19)
Crypto-currency crime is so big now it has gone corporate and had to expand into stablecoins - not enough crime channels left.

Trump finds a new way for foreign governments to pay him off: Crypto (Washington Post 2025.01.21)
More crime enabled by cryptocurrency. Also $BARRON was a scam to fleece the gullible.

Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever’ (The Guardian 2025.02.23)
Of course your money is safe in an unregulated, for-profit crypto-currency 'exchange' that skimps on security. Except not. Thank you for making crypto-crime lucrative and enriching Kim Jong Un, and yes, you will pay for it somehow even if ByBit survives.

North Korean hackers ‘took just two minutes’ to pull off record $1.5bn heist (The Telegraph 2025.02.28)
Not the first time ByBit has been a bad news headline, but people still leave their 'money' there. Sigh.
SEC files criminal complaint against three offenders related to the Website: Bybit.com for operating digital asset exchange business without license

Bitcoin Reserve Bills Are Failing in Quick Succession in States (Bloomberg 2025.02.28)
If U.S. states don't trust crypto-currency as a reserve asset, why would you?

Why is Crypto Going Down And When Will Crypto Go Back up? (99Bitcoins 2025.02.28)
What crypt-oh "needs is trust". Question: why would anyone "trust" a pseudo-asset that represents wasted electricity, has no intrinsic value, was designed to enable crime, and is largely managed by criminals? Why assume it's going back up?

Sudden $1 Trillion Crypto Market Shock Sees Bitcoin Plunge Under $80,000 Price (Forbes 2025.02.28)
Is this a good time to recall Poilievre's plan to run Canada using Bitcoin to replace the Canadian dollar, so government payments like pensions would depend on crypto-currency prices?

Bitcoin isn't a worthy reserve asset, Swiss National Bank president says: Report (TradingView 2025.03.01)
Bing, Bing, Bing - we have a winner! More correct: Bitcoin isn't an asset at all; it's a tool for criminals.

Call-centre crypto scammers unmasked as data leak exposes their schemes (CBC 2025.03.05)
Files reveal every step of the ruse, from phony articles on X to counterfeit IDs and fake saviours (and while you're thinking about it, get off X(odus)

Cryptocurrency’s transparency is a mirage: New research shows a small group of insiders influence its value (The Conversation 2025.03.1)
Designed to be valued based on hype (bubbles), and not on any intrinsic asset value.
"Not only are memecoins risky, but they come with a significant risk of insider trading." If you aren't an insider, you can't win.

Crypto Password-Cracking Firm Unciphered in Turmoil Over Co-Founder’s Controversial Past (CBC 2025.03.14)
It's as if crypto-currency just attracts criminals. Oh, wait, it was designed for criminals.

Malware in Cracked TradingView App Has Been Draining Crypto Wallets (decrypt 2025.03.20)
"Blockchain analytics firm Chainalysis estimates there was $51 billion in illicit transaction volume in the past year."

If you are going to put your banking information on your devices or in an 'app', make sure you keep it secure. The digital ecosystem is not designed to do that for you, it's designed to make your devices more vulnerable.
Data-stealing malware infections increased sevenfold since 2020, Kaspersky experts say
New 'Brokewell' Android malware can steal user data and access banking apps
And we have mounting evidence that when your device is compromised, the banks will not help you, but will instead blame you for allowing your device to be infected and give the bad guys the access to take your money. Banks' cyber-security staff are employed to keep the bank's money safe, not your money.

A HREF="https://www.techrepublic.com/article/cybercriminals-stealing-nfc-data/"> Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (CoinTelegraph 2024.08.16)
For mortals, that's 'tap' technology.

Speaking of tap technology, turns out RFID cards also have security issues, at the hardware level.
RFID cards could turn into a global security mess after discovery of hardware backdoor (TechSpot 2024.08.26)/P>

A HREF="https://www.tomsguide.com/computing/malware-adware/this-android-banking-trojan-just-got-a-serious-upgrade-to-take-over-your-phone-and-it-now-hides-in-legitimate-apps"> Octo2 banking trojan is taking over Android phones and stealing cash — how to stay safe (Tom's Guide 2024.09.24)
Short form, don't put your banking or other confidential credentials on your Android device.

A HREF="https://www.the-sun.com/tech/13642394/iphone-android-spying-clues-bank-microphone-warning/"> Four clues your phone is SPYING on you and even listening through microphone – don't let hackers drain your bank (The U.S. Sun 2025.02.27)
TL;DR: Don't bank on your phone. It's designed to be insecure.

Even your bank card could be vulnerable to cracking to empty your accounts
Android malware steals payment card data using previously unseen technique (Ars Technica 2024.08.23)

As I have said before, banks and their cybersecurity people and systems are there to protect the bank, not customers.
RBC customers outraged over partial refund after unauthorized withdrawals (Global News 2024.09.09)
If you aren't happy with a bank, move to another institution. Credit unions have a reputation for caring about members (customers).

1.7 million people hit in massive credit card data breach — what to do now Tom's Guide 2024.09.09
Names, addresses, card numbers and other sensitive data exposed

Android malware "FakeCall" now reroutes bank calls to attackers Bleeping Computer 2024.10.30
Don't call your bank from your Android phone. Vendors of personal electronic devices have to start taking personal information and general operating security seriously. So far, they don't, so you're on your own. The bad guys are well funded.

For security, stop picking up the phone TechCrunch (2024.09.07)

By the way, the Canada Revenue Agency, a bank or a credit card company will NEVER (repeat NEVER) ask you to pay for anything using gift cards or BitCoin. In case I wasn't clear: NEVER!!

Forget phishing, now "mishing" is the new security threat to worry about

YAAM - Yet Another Android Malware
Android banking Trojan evolves to evade detection and strike globally
The convenience of using your smartphone to manage your finances and pretend to be a tap credit or debit card seems to have a lot of appeal. Just remember what you are putting at risk if you do that. You don't know what permissions an app will really take when you load it, and updates for previously safe apps can bring malware to your device. I miss BlackBerry Shield for Android, which actually analyzed apps before you installed them and told you what permissions they were taking.
Banks have big teams of cybersecurity experts looking for such issues. Two things about that.
a) they're playing defence, and they don't have a perfect record on detecting and defending, and,
b) their job is to protect the bank, not you.

New Android Warning As Hackers Install Backdoor On 1.3 Million TV Boxes (Forbes 2024.09.13)
Android is free software from the very-much-for-profit Google enterprise. It is not intended to provide you with a secure operating system. It is intended to harvest your personal online behaviour information and sell it to advertisers and others interested in 'data analytics' based on your personal information.
Skill-testing question for today? When is the last time you updated the operating system on your TV set-top box? (Do you even know how that is done?)

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them (Forbes 2025.03.01)
If you surf onto a site and it asks you to complete a Captcha 'challenge', even just clicking on the "I'm not a robot" checkmark, DO NOT complete it. Just back out of the site.

Hackers hijack over 16,000 TP-Link network devices, creating a big ol' botnet that's absolutely slamming Microsoft Azure accounts
When was the last time you turned it off and on again? In this case, it's probably enough to shut down the attack vector.
However, in general, the 'set-and-forget' devices on the IoT are designed to be cheap, moderately reliable, but security is low on the design requirements list. At a minimum, please reset the password from the factory default to something else to at least slow down the badbots.

Ransomware and Buying Your Data / System Access Back

Of course you can trust the criminals that trespassed onto your computer and data in order to steal from you. Clearly these are trustworthy, honourable people who would not lie to you or cheat you. Only, NOT! That's why you're in this mess in the first place.
So you paid a ransom demand … and now the decryptor doesn't work The Register (2024.09.11)

But suppose you pay the ransom and the lock-out decryption does work.
Happy day for the criminals because: a) they know you'll pay to get your access back; and b) they already know how to compromise your system, so they can just do it again UNLESS the first thing you do is figure out how they attacked you the first time and fix that problem permanently. You probably need external help with that, because if you let the vulnerability happen in the first place, you probably aren't the one to figure it out, and the bad guys could have inserted new back-door access points as part of cracking your system.

Turns out businesses aren't very good at protecting your personal data against breaches

Canadian companies struggle to defend against data breaches as incidents mount
Which means you need to be even better at protecting your personal information than they are.
(P.S. Econogics does not store any customer information in an on-line database. We're paranoid on your behalf.)

What is this strange feeling? Is it vindication? After a couple of decades of ranting about 'Agile' and another rote system of building software applications (which we used to call 'waterfall'), it seems that real system designers have finally realized that the Agile emperor has no clothes.
Agile has failed. Officially.

But not to worry, it's just in time for the snake-oil sales folks to claim AI will do all the systems design and development we will need. Just don't worry about that fact that you don't know what your application is actually doing, or how to fix it when it goes wrong. Eventually, this will lead to something like a 'right-to-repair' movement for software.

Or we could try something really novel; using real human intelligence to understand the problems, figure out how to fix them in a consistent, rational (not capitalized) structure, build with tools that can be fixed when issues arise, and hang onto skilled practitioners because they are valued and needed because things change, and systems have to adapt. Worked for me.

In days where we bemoan lost productivity and desperately seek 'competitive advantage', it is ironic that our C-suites have gone all-in on using me-too ERP systems which are frightening inflexible and increasingly developed outside our borders in countries that are not considered overly friendly. E.g., if the government of India can sanction the murder of Canadian citizens in Canada, why would they hesitate to cripple software used by Canadian companies?

The Slow-Burn Nightmare of the National Public Data Breach (Wired 2024.08.16)

The rest of this page is provided for historical reference.

Last updated 2009.11.23

The World Wide Web, cyberspace and personal computing in general are wonderful things, but they are also big and nebulous and carry some risks. It pays to take some precautions to protect your time and your information investments. We have worked intensively with computers for over twenty years, from microcomputers to mainframes. We have learned a few things along the way, which can be of benefit to you.

Startup Media | Backups | Housekeeping | Viruses | Hoaxes | Netiquette | Broken Links | Web Ads

Startup/Recovery Media

Go find your startup diskette (or CD-ROM or Zip disk or whatever media it is on). Now!

Got it? Good. Make a point of starting your system from this media in the next while. Make sure it behaves as expected. If not, make or get a new one, and test the new one. Once you have a known good startup media, put it away again in a safe, easily accessible place. Test it occasionally.

Couldn't find it or don't have one? Go, make one as soon as you possibly can and test it to ensure it works correctly. In the event of a system failure or a severe virus attack, this may be your lifeline to recovering your computer and your data.

Backups

Thou shalt make copies of valued data.

If you are one of the few that actually make regular backups of your computer system, and test them, no need to spend your time reading the rest of this section. Unfortunately, those that need to read this the most will probably not do so.

Hardware fails. Viruses attack. Power fluctuates or fails. Files are deleted unintentionally, and occasionally, deliberately. Upgrades have unintended consequences. Those files you knew you would never need again, well, surprise, now you need them again. Spilled coffee does not enhance system performance. Whatever the cause, it is not a matter of "IF", it is a matter of "WHEN". Eventually, you will need to retrieve a file that is no longer on your system. And after many years of experience, the only reliable means I have found to accomplish a resurrection from the electronic hereafter is a backup. Simply put, it is a copy of the files on your system as of a specific point in time.

Computers have an annoying tendency to fail when you can least afford it. However, they will fail. Most learn this the hard way, just after they really needed to know. Occasionally you will get lucky. Perhaps there is a fix for the virus that attacked your system that will repair most or even all of the damage, and you will know enough to be find it and administer it in time. Perhaps someone you know has a copy of the file you need and can provide it to you in a timely manner. Perhaps you have an IT support group at your disposal with enough resources to respond to your crisis right when you need them, even at 2:00 a.m. on Saturday morning as you are working the weekend to meet a Monday morning submission deadline. Perhaps you have friends that just love to drop the rest of their life to come and rescue you from your "File not found" error. (If you have just found yourself in one of these situations, I am not your friend.) If you are the beneficiary of such good fortune, good for you. However, in my experience, depending on good luck is a poor long-term strategy.

There are those that believe in mirrored and RAID disk drive systems to protect their data. I have used both and think highly of them. But they are not backups. They simply provide some redundancy to protect you from a minor hardware failure. They cannot help you to retrieve a file that was intentionally deleted a couple of weeks ago, or damaged by a virus or lost in fire or flood. I have worked for many years as a computer systems professional, and I can assure you that every large system I ever worked on, including those with mirrored drives and RAID arrays, had a regular schedule of independent backups to a separate media, and those media were taken off-site for safe storage. It isn't just a matter of habit, it's simply good business. In any system I have ever worked with, the data stored on the system is far more valuable than the hardware, software or facilities housing them. If the computer room burns up, that is a major headache, and it will typically take days to get an equivalent facility back into operation. However, if you lose the company's data (customer contacts, customer history, inventory records, employee records, accounts receivable, accounts payable, taxes collected and remitted), well, then you're out of business. Count on it. You may think you can recover, but the first irate customer or lawyer that finds out your data is toast will finish you off. Guaranteed. And that applies to a one-person operation using a single small computer (even as small as a Blackberry or a Palm Pilot or other PDA or a laptop) just as surely as a Fortune 500 company with multiple mainframes. Don't just take my word for it.
[Link has bitrotted: http://www.soho.org/Technology_Articles/data_disaster.htm] SOHO on Data Disaster!! Consequences And Avoidance
[Link has bitrotted: http://www.bizjournals.com/extraedge/consultants/savvy_business_shopper/2002/09/09/column304.html] BizJournals.com on Backups
and there are lots of companies selling various products to help you protect your data with their own messages. (Which should tell you that there are not any one-size-fits-all solutions.)

The need for backups applies to personal computers as well as business machines. Perhaps your livelihood is not at stake, but consider how much effort it would take to recover the information on your computer if it were unexpectedly wiped clean. Are you prepared to pay a couple of hundred dollars to avoid that effort? If so, then you should be doing backups on your system. By way of illustration, we are familiar with the case of a gentleman that was doing research for a book using a personal computer. He had collected a couple of years worth of research notes, including interviews and transcriptions from rare documents while travelling. He had written about half the book as well. Then his hard drive failed. No backups - never saw the need. A disaster recovery firm attempted to recover some data from the hard drive, but with little success for significant expense. He recovered some material from handwritten notes, memory and renewed correspondence, but most of the material was gone forever. It's your computer and your information, so it's your decision. Take the risk, or take precautions?

Backups are not an expense. They are insurance. They need to be done regularly and consistently, just like paying premiums. You cannot recover what you have not backed up.

If you are a business in the Ottawa area, and you're currently playing computer roulette with your electronic data (not doing regular backups), please see a computer dealer or service centre about how to backup your system(s), or contact us so we can help you to protect your business. We'd rather see you as a client than as another bankruptcy statistic. If you have a personal or home-based system in the Ottawa area with more data to be backed up than fits comfortably onto a few diskettes, we are prepared to assist you as well. E-mail us with your contact information, and we will discuss how to protect your data. In general, we will recommend a backup strategy and installation of hardware and media that your or your staff will use that are appropriate to your needs. If appropriate, we can also provide a mobile backup service at your site on a scheduled basis, but this is usually not as cost-effective.

Once you have established a reliable means of backing up your files, test the backup on occasion. A backup you can't read is worse than useless. A quick and simple test involves renaming a file that resides on your hard drive, then restoring the file from the backup. Then compare the two versions of the file, either manually or using a utility program for this purpose (if your system has one). If the restore succeeds, you can delete the renamed version. If the restore fails, you can always rename the test file back to its original name. Then, find out why, and correct the problem, then do your backup again, and test it again (until it works).

There are several kinds of backup devices and procedures. Do yourself a favour, and get a backup facility that allows you to recover individual files, groups of files by directory name or wildcard, or the entire system. We also recommend the use of full backups where time and backup media make this practical, and keeping at least three generations of backups on various media. Finally, if it is convenient, keep your most recent backup in a place remote from your computer (preferably a different building) but accessible if you need to get it in a hurry. For a small business, this may be at the owner's or an employee's home. For a major business, another location in the same city may be appropriate, or there are companies that provide this service with periodic pick-up and drop-off services. For home users, perhaps the home of a relative or friend would work. Consider the potential of doing this on a reciprocal basis - you keep one of their backups on your premises, and they keep one of yours on theirs. Of course, don't do this with anyone who you don't want having access to your information.

Backups. Don't compute without them!

Housekeeping

Computers work based on logic. They work better if you use them logically. That applies to how you organize your files. Most operating systems support folders or directories. This is simply a way to divide up your files into logical (to you) groups. For most people, it makes sense to keep their personal letters (e-mails) separately from their financial records. It also makes sense to keep program files (that will probably not change much over time) from data files (that may appear, disappear and be modified frequently). If you have files that pertain to chronological periods, it may make sense to organize them into folders by time periods, say a main folder for each year and sub-folders for each month (and sub-sub-folders for weeks or days if appropriate).

Give your files names that are meaningful to you. It is frustrating and time consuming to spend time looking for a file you know is on your computer, but you can't find because it was named "xz7ty4wv" and is lost amongst other files named in alphabet-soup mode.

Disk space is relatively cheap today compared to the past, so there is a tendency to keep files forever. However, the cost associated with this practice is not the additional disks, it is the time spent doing backups of that data and the time spent wading through endless lists of files when your want to open an existing file. Also, while you are required to keep up to seven years of financial records for tax purposes in many jurisdictions, if you keep more, they can also be used by tax auditors. Even if you have absolutely nothing to hide, why invite them to stay longer by giving them more to look at?

Viruses

I am using the term "virus" here to cover a whole range of nasties which may be more properly called worms, trojans, viruses, etc.

If you have ever been up all night with a sick computer, you know the novelty wears off fast. You're tired, you're desperate, you're frustrated and angry, and clutching at straws, and that last time you just hit Enter or clicked on the mouse just did even more damage. Save yourself from this fate. Go and buy a known anti-virus package from a reputable computer dealer, in a sealed package. Then install it, and keep it up to date. Then, use your computer as if you did not have an anti-virus package on it. Remain vigilant. There are viruses that target anti-virus software first, so that the defence is rendered blind to the invader. Periodically, surf to the website for the vendor for your anti-virus product. If you cannot reach it, that could be a symptom of a virus attack.

We do not sell anti-virus software, or hold stock in companies that sell anti-virus software, or recommend one package over another. So, please believe that this plea is for your protection from software viruses, and not for our benefit. (Actually, we might be financially better off if people needed to hire us to try to salvage their computers after virus damage, but we'd prefer you not have to make that call.)

However, even having current anti-virus protection and practicing safe computing may not provide you with 100% protection, so you should still do your backups. The sad fact is that there are malicious people out there continuing to develop new types of destructive "bugs" and variants on existing ones to wreak havoc with your computer, your data and your life. And they are always searching for new ways to infiltrate your computer. They can arrive via e-mail attachments, in pirated software, in word-processing documents, and very occasionally, even in shrink-wrapped commercial software. Occasionally, the viruses proliferate faster than the anti-virus forces can develop and propagate protection against the bad stuff.

By all means, learn more about these horrible chunks of misbegotten code. The more you know, the better you will be able to protect yourself and slow their spread to others. Here are some sites worth checking (even before you think you have a virus on your system).

The Virus Bulletin Website

For the more technically oriented.

[dead link: http://www.wildlist.org/">The Wildlist.Org Virus Site]

Hoaxes

The real damage done by viruses has engendered another annoyance, the virus hoax. The hoax will not damage your system. Instead, it creates a level of anxiety in computer users that serves no purpose, and it clutters up the Internet with useless e-mail messages. So, the next time you get a well-meaning message about another virus that has not made the news yet but is destroying every computer on the planet, instead of forwarding it to everyone you know, please check to see if it is a hoax. If it is, just send an e-mail reply to the person that notified you, calmly explaining that the message is a hoax, and they too can check on such things in the future before forwarding such messages. How can you check? By searching the Interweeb and surfing to one or more of the websites that keep track of such hoaxes.

Netiquette

In the wilds of cyberspace, where many surf behind the supposed veil of anonymity provided by aliases, avatars, remailers, nicknames and handles, civility is often an early victim. It is a sad commentary on us as a species, and provides ample justification for criminal punishment systems in our societies. The catch is, over time, most of our veils are ripped away if someone wants to work hard enough to uncover who is flaming or spamming them. ("Flaming" is the use of abusive or inflammatory language, primarily via e-mail and on discussion lists and forums. "Spamming" is the practice of using Internet tools for inappropriate commercial purposes.) Why take the risk?

Emoticons

Also known as "smilies", these are the cute little symbols built from standard characters to denote feelings or emotions like these:
:-) happy / joke / grin / smile
:-( unhappy
;-) wink
:-o surprised
:-/ . perplexed (there are many more)
There are times when humour and sarcasm are not obvious to all reading an e-mail. While they are intended to be fun, they can backfire if read the wrong way. If you won't avoid them, some times emoticons can help convey the meaning that might otherwise be lost. A simple "<grin>" can often prevent a lot of damage. And note that not all emoticons come across well in all fonts.

E-mail

A marvelous innovation, e-mail has allowed business to move faster. Even more than on-line shopping websites, e-mail has been the tool that has allowed business to speed up its operations, both in-house and business-to-business. E-mail is the real underpinning for electronic workflow processing and distance collaboration and has freed business correspondence from the shackles of paper-handling, manual sorting and physical transport to lightspeed.

On the downside, e-mail has also shed the culture, formality and checks and balances of paper mail. As a result, things are said in e-mails that would never have been committed to paper. Part of that is the informality, part of it the psychological sense that e-mail is somehow not as "real" as paper correspondence, and part of that is the speed of e-mail that removes the opportunity for reflection that occurs in the paper world as a letter awaits transport to the mailbox.

In reality, e-mail is just as "real" as paper mail, and worse, the ease of "carbon-copying" an e-mail means that it will reach a wider distribution than its paper equivalent. Every time you write an e-mail, pause and consider the potential consequences of sending it. Assume that it will surface at the worst possible time in the hands of the worst possible person. If you are libeling someone, assume your e-mail will end up in their hands.

When replying to an e-mail, it is often helpful to intersperse your responses into the original text. When you do this, make sure there is a way to distinguish between the original text and your additions. In some packages, this can be done with different fonts or colours. However, the lowest common denominator (and safest) method, is to mark pre-existing text with a prefix character on each line. The ">" (right chevron) character is commonly used for this purpose. Multiple chevrons can be used to denote multiple generations of comments.

If you are replying to a long e-mail, but your response pertains to only a tiny portion of the original, it is good practice to "snip out" those portions of the original e-mail that are not relevant. This saves those reading your e-mail a lot of time.

Another hazard of e-mail is that it is the delivery mechanism of choice for many computer viruses. Several of the more common e-mail client products (that's the part that resides on your personal computer, and probably is "e-mail" to you), have known deficiencies related to security against viruses. Spend a few minutes surfing the web. If you have the choice of which e-mail client to use, look for a lesser known product that will be less attractive to virus-makers, and probably has a better security record. If you cannot choose your e-mail client (corporate decision), then find out what the security weaknesses of your e-mail client product are. Then, find any patches available for it to correct those issues, or learn to work around those security holes.

Finally, remember your last line of defence will usually be a known, good backup. Keep several versions of your backups. Some viruses take their time making their presence known. So if you only have one recent backup available when you find out about a virus on your computer, there is a reasonable chance that virus has also been stored on your backup.

But for the majority of Internet users, the greatest contribution of e-mail has to be that a good joke can now circle the globe in a matter of minutes.

Broken Links

You are happily surfing along the information superhighway, bouncing around from link to link discovering new information and delights, when you hit one of the potholes - a link that does not work. Such an annoyance. However, the reality is that websites disappear, move and get re-organized. If you discover a broken link, and there is a convenient way to contact the Webmaster for the site that has posted the link to the webpage that is now missing, please take a moment and send the e-mail. It is hard to keep up with all the moving webpages. Typically, the information needed by the Webmaster is the address of the page where the problem occurred, and the address of the link that is no longer working. On the other side of the coin, Webmasters, please make it easy for surfers to reach you with this kind of information (ours is at the bottom of the page). Working together, surfers and Webmasters can patch up the potholes, and make surfing better for all of us.

Water Savers | Econogics Blog | Products and Services | Electric Vehicles | Reducing Your Expenses | Personal Energy Plan | The Emperor's New Hydrogen Economy

This website is powered by renewable energy.
Return to Econogics Home Page
All material on this Web site is copyrighted by Econogics, Inc. (unless otherwise noted).
This Web site created, maintained and sponsored by Econogics, Inc.
Comments to: Webmaster are welcomed.