Why am I receiving virus emails from old friends?

A customer emailed me, puzzled by why they’re suddenly receiving a bunch of virus emails from friends they haven’t spoken to in a number of years.

These types of mass-mail viruses can be very confusing, since they nearly always appear to come from someone you know.

Here’s why and how that happens…

Let’s say someone who you haven’t talked to in a few years (we’ll call him “Bruce”), who is part of the same “circle of friends”, caught a virus.  So the virus goes into their address book and starts mass mailing everyone in the address book, and spoofs who it is from.

Bruce’s address book:

  • John
  • Betty
  • Doug

Bruce gets a virus.  The virus sends an email to John pretending to be Betty, and an email to Doug pretending to be John.

Doug replies to John and says “You have a virus!” But John doesn’t have a virus; Bruce does.

It’s often difficult or impossible to track down the true culprit, and that’s why it’s imperative that everyone on Microsoft Windows have an up-to-date Virus Scanner such as ESET Smart Security 6.  It is also important on any platform (Windows, Mac, Linux, or even Smart Phone) that you be familiar with phishing scams, and be extra cautious what you open or click.

Should you avoid external hard drives that boast built-in encryption?

I got thinking about this question today. Why do hard drive manufacturers add useless hardware encryption to external drives?

“Why, that should be obvious, Robbie; it’s because we are security conscious and want to protect our data from prying eyes,” you say. “And you call yourself a bald nerd!”

First of all, I don’t like your tone.

But second of all, exactly who are we protecting here?

Somewhere inside the chassis of your external hard drive, there is an integrated encryption/decryption chip. It boasts “256-bit AES Encryption”. Wow, sounds safe! So you plug in the drive to your computer, and place your private stuff on there, and feel safe. “It’s encrypted.”

Who is it safe from?

Bret Austen, General Manager of Positive E Solutions Inc., in Barrie, Ontario calls this feature a “false sense of security.” He explained to me that while his company does carry these drives, the encryption features are not a true protection for the users’ data. “That said, we do offer an encryption key solution which encrypts data in such a way that even if the drive is stolen, the data cannot be accessed since they require a literal key.” This key is one that you would keep on your keyring, and take home with you at the end of your shift. If that sounds more like what you’re hoping for, I suggest you get in touch with Mr. Austen to discuss this impressive solution.

So, back to your external hard drive. You placed your private data on it, and then you plugged it back into your computer a week later. Can you read the data? Sure you can. The hard drive is still an internal component of the chassis, which carries the built-in decryption chip. So as long as that drive is inside that chassis, you can read and write the “encrypted” data just as if it were unencrypted.

So exactly when does the encryption protect your data from prying eyes? Why it should be obvious: when the internal hard drive is removed from the external chassis.

When a thief steals your drive, are they going to sit down at your desk, pull out a Phillips screwdriver, and gently remove the internal hard drive from the chassis? Or are they going to grab the whole thing and run off with it, decryption chip and all? Similarly, if you lose the drive, will it still be readable by the finder? Sure, it will.

So when does the encryption actually take effect? When the chassis fails.

If your hard drive gets zapped from a surge, or otherwise the circuit board of the external unit gets damaged, data recovery “may not be possible,” says Phil Priest, a professional data recovery technician from PES Data Recovery in an interview with me this afternoon. “You’d have to track down a decryption chip with exactly the same key in order to access the data from the drive. We can recover the hard drive’s data, but it would be entirely garbled and unusable without the proper key,”

Data recovery may be possible in such a case. Mr. Priest goes on to say, “We had a recovery like that come in a while back. It was a Western Digital drive, and for some reason they had manufactured all the drives of the same model with the same decryption key.” He explained that the customer was fortunate in this case: the data was able to be recovered since a decryption key was readily available. However, the cost to procure the correct decryption key resulted in a notably higher cost of recovery and made expedited service impossible. Mr. Priest also warned, “if the manufacturer uses a different decryption key for each drive manufactured, there is likely no way to recover the data.”

So who is the encryption on your external drive really protecting? It would appear to me that the only person getting locked out of your data… is you.

Mr. Priest ended the conversation saying, “if your external hard drive has built-in encryption, make sure you keep a good backup.”

To protect your company data from accidental data leak or intentional data theft, please take a look at Endpoint Protector. This is the “proper” way to protect your data. www.endpointprotector.ca

Watch The Video

Please share your thoughts with a comment.