Arkansas is NOT immune to cybercrime!

Brian Krebs, the former Washington Post reporter now writing at KrebsonSecurity.org, has confirmed that cyber-criminals struck an Arkansas regional water utility and a New Jersey town recently moving money from the government accounts by online transfers.

...On March 4, organized crooks stole roughly $130,000 from North Garland County Regional Water District, a public, nonprofit utility in Hot Springs, Ark. Again, thieves somehow broke into the utility’s online bank account and set up unauthorized transfers to more than a dozen individuals around the country that were not affiliated with the district.

The investigation continues and the public utility and bank have recovered about half of the losses. You can read the complete article at: http://www.krebsonsecurity.com/2010/03/organized-crooks-hit-nj-town-arizona-utility/#more-1918

Update: 3/30/10  I can't say it any better. "Online Thieves Take $205,000 Bite Out of Missouri Dental Practice." Brian drills down into the details (pun intended) at: http://www.krebsonsecurity.com/2010/03/online-thieves-take-205000-bite-out-of-missouri-dental-practice/

A public library in Florida, a school district in New York, a manufacturing firm in Texas, a water utility in Arkansas, and those are just a few recent cases. Keep in mind that commercial accounts are handled differently than consumer accounts. Brian reminds us, "Let me be clear: The advice was aimed not at consumers, but at small to mid-sized companies that may not have a full-time IT/security staff, and who rely on one or two people to handle their bank accounts and payroll online."

This type of online computer theft uses infected computers to make electronic transfers from uninsured commercial bank accounts. If a cyber-thief gains access to your login and password, the commercial account holder is on the hook - not the bank. The bank was following "your instructions." These crimes are happening from coast to coast, but you're not reading about the details in many daily newspapers or on national TV news programs. You can find more examples in Brian's earlier articles in the Washington Post at: http://voices.washingtonpost.com/securityfix/small_business_victims/

I haven't found any better articles regarding how small businesses, government agencies and non-profits can try to protect themselves than Brian's earlier articles on the topic. My suggestion is review all three of the articles and do what you think works best for your organization.
"Avoid Windows Malware: Bank on a Live CD," WashingtonPost.com, Oct. 12, 2009
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
"E-Banking on a Locked Down (Non-Microsoft) PC," WashingtonPost.com, Oct. 12, 2009
http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html
"E-Banking on a Locked Down PC, Part II," WashingtonPost.com, Oct 20, 2009
http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_pc.html

Free software for new Windows computers

Question: B.R., I just purchased a new computer. What can I do to help prevent virus infections and other security problems?

First of all, most new computers you purchase in a store or online come with Windows and several other applications preinstalled. The list may include a trial version of a security suite. That's OK, if you want to pay to use the program after the trial period runs out. Usually, I'll remove the programs I don't want to keep and free up the space for the software I want to use. I don't want anything on the new computer that doesn't provide frequent software updates and if possible I want applications to maintain themselves or at least notify me when new updates are available.

I use mostly free or open source software everyday on the Windows computers I maintain. You can already find links to the two starter kits mentioned below on my webworkshop home page. This blog post is intended to go beyond just listing the links. Now to get down to work...

While I tend to avoid the larger (bulky and frequently hard to remove) security suites like Norton and McAfee, people can "roll their own" system with a number of free security applications, using the top performers in each category. The two so-called "starter kits" discussed in this article are actually CNET reviews of various free security and windows applications. I'll run through the list in a minute. But before the Ethernet cable or wireless connects, keep in mind that my computer is already hiding behind a small 4-port router/wireless access point. And as I've run through the initial router set up, I've changed the name and password on the router from the factory default. I've also written down the new settings in a special network notebook I keep in my home office so that get back into the router and check the settings if I need to further tweak the network. The latest Windows Secrets security baseline was just released this week (3/28/10) and is a good place to start. See: http://WindowsSecrets.com/comp/100318

If your new computer system is for a business and the hardware and software costs can be deducted as a business expense, save time and effort by going for the security suite such as the top three mentioned in the Windows Secrets article. Home users and students on a limited budget can still save money selecting from a shelf-load of free security software intended for personal use. Unless your corporate IT department recommends otherwise, I always recommend that the average home and school user set Windows' Automatic Update feature to retrieve and install all Windows patches and updates automatically. Expert users who use corporate software may well need to be more cautious.

Next we'll use CNET Security Starter Kit which contains links to most of the software mentioned below after the jump. (Click the "Read More" below to continue.)

PC Questions and Answers: Learning from each other

The first trial "PC Questions and Answers," workshop, quickly nicknamed "The Doctor is IN," provided a free walk-in computer Q&A clinic Wednesday afternoon, March 3rd. I was joined by the very knowledgeable P.J. Williams, a librarian who deals with technology at the Fort Smith Public Library. All the questions were throughly aired. The spontaneous and unrehearsed session was considered a success with seven participants attending. Some of the major discussion topics included:

I don't have a computer. Should I purchase a laptop or desktop?
That question has filled entire chapters in several books! Google lists 22,000,000 articles, blogs and entries for the search term "laptop or desktop."One of the most comprehensive easy-to-read guides can be reached at Consumer Reports online "Computer Guide". A subscription is required to get to specific ratings (well worth the annual subscription fee) or you can visit your local Fort Smith Public Library and use their subscription. Bottom line: it depends on what you want to do with your computer. Let Consumer Reports help you work through that decision.

What brand of computer is more reliable?
Reliability ratings based on input from thousands of consumers just like you are included in the Consumer Reports ratings mentioned in the above question. Almost every computer magazine writes hardware and software reviews. In addition to Consumer Reports, I use CNET, PC Magazine, PC World Online among many others. Keep in mind that quality and reliability can vary between different models of the same brand and even individual machines. Make sure your machine comes with a strong warranty backed by a reliable company. I'll save the question you're just about to ask concerning extended warranties for another Q&A session. 

How do I make sure personal data files are removed from the hard drive prior to recycling the old computer?
I thought a former governor's staff used the best solution when they allegedly smashed the hard drives taken from their computers in the Arkansas Governor's office and buried them in a land fill. That certainly tends to derail any future Freedom of Information Act requests.

Computer technicians usually have software that can erase and write over hard drives a number of times making it very difficult for crooks to recover information about your bank accounts and investments. You'd be surprised at what computer techs have tripped over (and some have shared with others) while they were working on someone's personal computer. It's OK to be a little paranoid about where your financial, medical and other personal data files end up.

Jason Fitzpatrick, weekend editor for Lifehacker, posted a comprehensive article, "Properly Erase Your Physical Media," in February 2009 which goes into more detail than you may want to know about erasing a hard drive and includes links to software programs that offer ways to properly erase your hard drive, and yet leave it so that it can be reformatted and reused. If you're aware that your data can be stolen from a computer or hard drive you recycle or give to a charity, you're smarter than 40 percent of the people who sell hard drives on eBay.

All in all, the small size of the group meant that the discussions were lively, informal and people could ask several follow-up questions. There is still one question about a glitch in Internet Explorer that we're still working on. I think I've found a possible answer to test on the errant machine. I'll post an update later if it works. Not a perfect score, but nobody knows everything. I'm sure there will be more we can learn from your questions.

The next PC Questions and Answers is scheduled for April 7, 2010 at 1:30 P.M. in the Fort Smith Library Computer Lab.

A version of this entry is also posted on the Fort Smith Seniors Blog

Free audio books online

Going on a long trip? Don't have time to visit your favorite public library? Thanks to a blog post about free audio books on Lifehacker.com, you can still load up your iPod or favorite MP3 player with audio books before your trip. The free, public domain books at BooksShouldBeFree.com are organized by genres or visitors may search by author or title. Several titles I checked are available with links to etext and other resources. Registration required.

UPDATE: 3/8/10 - The electrons hardly have time settle down in the above paragraph when the Fort Smith Times Record Sunday edition reports that "People Flock to Library For More Than Just Books." The front page story by Ben Bouldon explained that library computer use is up 22.9 percent in 2009. People are coming to the library "for Internet access, services, and programs and to borrow books, DVDs and other items."

According to Jennifer Goodson, Director of the Fort Smith Public Library, the library began offering Library2Go, in down-loadable audio and e-book formats in 2009. The library offers over 40 online book, magazine and research resources to anyone with a Fort Smith Library card. Additional details are available at www.fortsmithlibrary.org

If you live in another location, check with your local public library to see what online resources are available in your particular area. You will likely be pleasantly surprised.