My family and I were blessed late last month with free tickets to go downtown Cleveland and see a Cleveland Lake Erie Monsters game. The Lake Erie Monsters play at Quicken Loans Arena and are the American Hockey League affiliate of the Colorado Avalanche. (Yes—they share the same complex that LeBron plays in!) While we aren’t huge hockey fanatics, we enjoy attending games, as the atmosphere is very family-friendly and affordable. My kids take advantage of getting their hair chalk-painted with the team colors, making team poster signs (Go Monsters!), and pursuing their dream of getting their picture up on the Jumbotron. But if we’re honest, our favorite part of these Friday evening games centers around one main thing: Dollar Dog & Dollar Soda Night! Sometimes life doesn’t have to be complicated.
However, if you’ve been to a sporting event recently, you can’t help but notice that the surroundings of these events are no longer simple, but have become extremely “techie”. In fact, it’s probably safe to say that sporting teams and arenas are investing millions of dollars and lots of energy into their marketing departments in order for them to research and stay current on how to maintain our attention at the event by engaging and interacting with us on our portable devices. At the game last month, spectators were encouraged to take selfies while at the game and post them on Facebook, Twitter and other social networking sites for a chance to win gift cards and other team merchandise. The in-game questions are posted on the massive scoreboards and fans are asked to participate by texting the right answers. The simple days of getting out of our seats to yell and cheer for your favorite condiment in the Mustard, Ketchup, and Onion race seem to be far behind us. And I don’t think they will “ketchup” anytime soon. (Sorry, but I couldn’t resist!) To be sure, I am a techie, so please understand that I am not faulting the marketing departments for this digital/technical approach, rather just “calling it as I see it” because over 80 percent of those in attendance are staring into their devices rather than watching the Live Event.
Anyhow, the reason for the longer than usual back story is that at last month’s game, one “device” moment clued me in to a technological social phenomenon to which I had not previously been introduced. While my wife and two of our children were walking around the arena and my oldest son and I had our attention blissfully focused on our seven dollar stadium super nacho (can life get better?), there was a huge commotion heard throughout the hockey arena. When I inquired what was going on, our seat section neighbors above us, below us and on both sides aggressively started hounding me asking, “So what color do you see?”
“Do you see blue and black or white and gold?”
As you have probably already realized, the hullabaloo was concerning an Internet posting of the blue and black (or is it white and gold) dress that supposedly went viral days earlier. My fellow fans looked at me like I was an alien from Mars when I told them I wasn’t aware of the picture. (Who can keep up?) At any rate, when I looked up, we noticed the image was plastered on the Jumbotron, which had sparked this whole debate. Millions spent on marketing to keep us engaged at sporting events, right? We were engaged all right. Have you had “the dress color” debate yet? People get into it!
On my way home the silliness of that dress got me thinking about the social engineering aspect of malware writing. Yes-It is strange how my mind works at times. Quoting Wikipedia, “social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. “ So while I understand that the science of the blue and black dress and the aforementioned social engineering technique aren’t directly related (if at all), it does have me wondering what people “see” when they click on malicious attachments or embedded links within email, etc.
Ever since the days of yore way back in 2000 when the “ILOVEYOU” computer worm affected over forty-five million computers worldwide when it wriggled into our (much-larger-back-then) machines, the antivirus industry has been preaching the security dangers and risks associated with emails from both trusted and unknown senders. (Is anyone listening?) And despite our best attempts at Internet Security Awareness, over the years we continue to experience many additional damaging famous (or infamous) email proliferating computers worms, such as: Anna Kournikova, Sircam, Klez, Nimda and the list goes on and on. Making matters worse (from an educational failure point of view), as I wrote last month, one of today’s (2015) top security threats is ransomware which is similarly spread using the same old-school social engineering tricks via social networking sites and email attachments.
I suppose my questions (in no particular order) boil down to (1) Why aren’t we scrutinizing over emails more carefully and thus avoiding opening email-based attachments and refraining from clicking on embedded links within emails? (2) Are we too rushed? (3)Were we really expecting a UPS or USPS “Package Delivery Confirmation” that day? (4)Was the opportunity to see a colleague’s “Payroll Report” or “Incoming Fax” too juicy to pass up? (5)Did curiosity get the better of us when we received a “Voice message from an unknown Caller” in our inbox? Maybe, all the security alerts and warnings regarding online fraud are counterintuitive, so that when we receive the email attachment “Wells Fargo Check Processing Services” (even though we don’t have a Wells Fargo bank account) we are drawn to investigate. Or maybe like the great dress discussion at the Cleveland Lake Erie Monster’s game, we are not all seeing the same thing (Harmless versus Harmful). Seeing “harmless” and thus proceeding to fall victim to social engineering techniques of cybercriminals, like the real-world examples above, would have resulted with your hard drive (and other connected drives) encrypted…courtesy of CryptoLocker.
While I fully understand that there has been a lot happening in the Security realm over the last few weeks with Lenovo, one of the world’s largest vendors of personal computers, shipping some of its consumer notebooks with a bundled HTTPS-hijacking “Superfish Adware” or the more recent security advisories for the “FREAK Flaw”, the new SSL/TLS vulnerability catching the world across the web by surprise, for this column, I wanted to touch on the basics again. (Use caution when opening attachments. Do not open emails or attachments from unknown senders. In short…THINK before you click!) The dress-debate reminded me of something else—discussion is good. Let’s share in some! I’d like to do something I haven’t done before and open up this debate to your feedback. When you open emails, what are seeing? Email me your thoughts and ideas on this and how you feel that we as the church/the marketplace/leaders and laypeople can best convey the important message of email dangers so that it can “sink in” better with users. I’ve been doing this for over 16 Years and believe me, the answer is not Black and White. Clarify it for me. You can email your feedback to [email protected].