Internet Might Be Scarier Than I Initially Thought
In 2009, I got my first personal computer. It was shipped with the Pentium III processor from Intel and 256 MB of RAM. At that time, what I did was play video games on Windows XP. The idea of having a computer connected to a network and interacting with each other is beyond my imagination. It was thanks to my curiosity that I finally knew the words "computer network" which sometime later led me to know more about the internet.
Having my first personal computer made me explore a lot of things. I opened every possible folder that ever existed in Windows XP including System32. I broke the operating system many times. I was scolded a lot by my dad because of this. Eventually, I found something interesting in the Windows setting. It is the network setting. However, I don't know what is the use of this setting because I didn't have an internet connection at that time.
I began to get hints of interconnected computers from a video game that I wanted to install. The installer keeps asking me to connect to the internet so it can verify whether I have bought the video game. I was confused because I couldn't install the game. I opened the network setting and tried to set it up. However, I've failed to set it up because, well, I don't have any internet connection available in my home. The only hint that the failure message gave to me was I needed a telephone cable.
Initially, I thought that we were somehow able to connect to the internet out of thin air without the need for a telephone cable or whatnot. Because an internet cafe already existed at this time. I went there to play some online video games, browse programming resources through Google, interact with people on Facebook, and watch videos on YouTube. It finally made sense because all of the internet cafes that I ever visited had some kind of tower to receive signals. Finally, I knew that I needed a "medium" to let me connect to the internet.
I begged my parents to install a home telephone so I could set up an internet connection. Since it is quite expensive, the idea of having a home telephone is just not possible. I went to an internet cafe and then did some research about this. After some time, I finally knew the device to let me connect to the internet, a modem. For me, the price of a USB modem is not cheap. It is kinda hard to convince my parents to let me buy a modem. I also need to buy it from somewhere far from home.
Luckily, my friend who owns a modem decided to sell his used modem to me. He sold it to me at a relatively cheap price. I bought it instantly after talking to my parents. They agreed that I could buy it and finally, I have a USB modem. There is no need to wait for anything. I plugged the modem and then did the setup. I bought internet data through my handphone and then used the SIM card to get connected to the internet through the modem. After a long wait, my old PC got connected to the internet for the first time. I was really happy.
Innocent Kids on the Internet
My personal computer finally got connected to the internet when I was in my second year of middle school. I used the internet to browse anything that I deemed interesting. I also joined some forums, groups, and communities online. I was pretty active back then. Answering some questions from people in the programming group. Also, Blogger was super popular so I made some blogs to write there. I love to share anything related to programming and video games. I need to be productive because my parents are pretty strict. Playing video games is restricted to about 2 hours per day only. The games are offline so I need to go somewhere else if I want to play. It was because my PC specs are pretty low.
Once in a while, I went to an internet cafe to play online video games. Back then, phishing was pretty easy to get victims because we were not aware of such things. Being a kid and wanting to have an easy life, I looked for a cheat online for the game that I played. It was like "register/login here and claim your free [insert game currency] here!" For some reason, they need to know our login details to make sure that the cheat gonna work. What happened after that? Well, duh. I got my account stolen of course.
I was exposed to this kind of crime when I was in middle school. I began to learn more about this kind of thing. After some time, when I was in my third year in middle school, I got to know more about hacking-related stuff such as defacing, carding, phishing, etc. Apparently, cybercrime exists. Although I know that it does exist, I became a victim several times. It is difficult to be safe in the digital space.
I said that I had broken my personal computer many times. One of the reasons was that I kept installing some cracked software (and video games) from the internet. I had no idea that the software I installed was shipped with malicious codes. I got many warnings from my anti-virus program. It was fighting with some trojan viruses and malware. What was on my mind at that time was "what is the problem? where did these viruses come from?" It took me some time to finally understand that installing cracked software or video games is basically suicide. Well, installing anything that may contain malicious codes is indeed bad.
Other than dealing with this virus shenanigans, I get to know more about some interesting technology, a blockchain. A cryptocurrency namely Bitcoin is gaining some attention. The price at that time was ranging from about $10-ish to about $100-ish I forgot how much exactly. I did some research about it but I can't seem to understand why a digital currency is worth that much. I mean, what are the underlying assets to give it such value? Though, my curiosity won't let me just move on from this technology. The price is cheap according to today's standards. Today (when I'm writing this post), the price of Bitcoin is more than 70K USD. Back then, even if the price was cheap, I couldn't buy it because (1) I didn't have a debit/credit card since I was just a middle schooler and (2) I may not be able to afford much of it because I'm living in a third-world country and that amount of many is plenty here. Thus, I was looking for an alternative by mining a Bitcoin.
I did look for a way to mine Bitcoin. However, I won't be able to mine it because my PC specs are super low. After some time looking for another way, there are some websites that offer free Bitcoin mining with only clicking a single green button. It doesn't make any sense but I tried it anyway. What was the result? I got nothing. It was a scam. Actually, I don't know whether they are scamming people or just trolling. Because they are only asking for our Bitcoin address. There was no sensitive information asked.
The Uncultured Ones on the Internet
I forgot when exactly but after the rise of the Android smartphone, the price of a smartphone is becoming more and more cheap. That means smartphones are much more accessible than ever. Many people from any kind of background are coming to the digital space. Some of them are exposed to an internet literacy course at school or university. However, many (if not most) of them are not. The interaction in social media is now becoming more uncultured and more uncivilized than ever. They don't know how to behave on the internet and don't know how to secure their account from bad actors. Sadly, it will stay like this for some unforeseeable future.
In recent years, there have been many cases of people getting their jobs terminated because of their unhinged opinions on their social media. What's worse is that once it is available on the internet, it will stay there forever. Because people will find a way to preserve any content that we generate online. For example, people can just take a screenshot. Or even better, using something like the Wayback Machine. So, we really need to be careful when voicing our opinions online. It does come with a consequence.
Any kind of content that we generate online will be available to everyone. All of these people who look at our content have any kind of background. Some may be cool with it and some may somehow get triggered with it. It then sparks some online debate. Usually, the result of this debate is not significant at all. Because often their ego won't let them lose to any arguments. This is why an online debate may last like forever without any conclusion. The problem with this kind of activity is that most people who don't want to lose will throw irrelevant comments. Instead of focusing on the argument, they will start to attack us personally by let's say commenting on how we looked like. This is how a shit show is started.
After getting attacked personally, the situation usually turned bad really fast. It is not about the argument anymore. It is about who has a better life standing such as who has more wealth, who has an uglier physique, etc. Even worse, they will start to dox each other. It is fairly easy to dox people because we tend to overshare our lives or even our private information online. I also did this in the past and try to be better right now. A certain degree of maturity is needed. Thus, I believe, everyone needs to take an internet literacy course before they can join the digital space. It will teach people the DOs and the DON'Ts in the internet or digital space especially how to interact with a stranger online.
There is actually an easier way to avoid this kind of interaction online. It is simply to not engage with anyone ever. We can just become a silent reader, someone who is there to read but decides to not interact or comment. I have been doing this for a while now. I have a pretty peaceful online life so far. Even though sometimes I really want to comment on some unhinged opinions on Twitter, I refrain from doing so. Moreover, after Twitter decided to incentivize verified accounts' engagement, many weird and unhinged opinions were thrown just for the sake of getting attention. They are deliberately creating a controversy. They make a bank by triggering people online. What a life to live in.
To Not Getting Doxed Online
Becoming a silent reader doesn't mean that we are safe from being doxed online. Because sometimes we are just unlucky. We can be a victim of a false accusation and somehow people are sharing our private information to cancel us. This happened many times here in my country because, well, most of the netizens are coming to the internet without learning anything about internet literacy. Or maybe, they simply love to witch-hunt people. I guess it feels like being an agent of justice. I don't really know.
To prevent being doxed online, we can limit the availability of any kind of personal information online. Do not share personal or even private information in a public space. Even better, do not share it at all even if we are in a limited/closed space. There is no guarantee that it will not leak because data breaches are happening anywhere. Thus, provide only the necessary amount of information to let the website/app keep functioning.
If we are talking about social media, I think the ideal way to avoid being doxed is by having two accounts. By doing this, we will have a public-facing account and we will have a private account. A private account must be super limited to only allow friends or certain people to be part of it. As for a public account, an alter account if you would, must use a different identity or persona to interact with strangers online. The profile picture used for both accounts can be anything but our own face. Well, we can use it but please be aware that people may steal your profile picture and misuse it.
After all the effort we made above, let's say that we somehow offend somebody online. That dude is actually a bad actor and will try to locate you online. One of the methods that he probably uses is to send some message or email containing links or attachments. Remember, do not click any links or attachments that are sent from a stranger. Because it can potentially steal some information such as our geographic location through our computer network. Even worse, it can even install some kind of trojan, malware, spyware, or any malicious program.
Let's say that the bad actor was able to steal our private information such as our identity number or maybe our mobile phone number (next, I will just write it as "phone number"). In my country, if the bad actor has either one of them, s/he would be able to find an IMEI that is linked to it. If the bad actor is somehow able to get our IMEI and has the access to telco's tracking tools, they will be able to locate our device. This is bad on many levels. We are practically naked! Finally, they may leak our identity number and our geographic location. They will know who we are, where we work or where we study, where we live, and so on.
Some people may not care about this. However, as for me, I find it creepy that random people specifically bad actors are able to know my current location. So, is there a way to prevent this? Honestly, I'm not really sure. After all, I'm not a cybersecurity expert. Though, I do know one or two things about potential threats online and how to prevent them. In my opinion, something that may help is by using a proxy phone number. Imagine that our social media account got compromised and the bad actor acquired our registered phone number. Or maybe, our phone number got leaked on the data breach forum. S/he may be able to look up our registered IMEI based on that information. Thus, using a proxy phone number from another country may help.
There are many online services that let us buy a foreign phone number that lets us receive OTP codes. This should increase our security points by one. However, some services such as digital banking won't let us use foreign phone numbers because they need to comply with KYC compliance. This is of course another problem that needs to be addressed. I don't know how to address this issue at the moment so we will just let it be for now.
Potential Account Takeover Threat with SIM Card Swapping Attack
I have been mentioning "phone number" quite a lot. Well, that's because securing our phone number is critical. Have you ever heard about a SIM swap attack? Basically, our phone number got transferred to somebody else. It can be done by a bad actor pretending to be us and asking the telco provider to transfer anything (SMS, phone call, etc) to her/him instead. This is why our private information must not be available publicly. Because bad actors may use it and pretend to be us. Other than that, a SIM swap attack may also happen if the government asks the provider to transfer anything to them. What does it mean to get our phone number stolen?
Getting our phone number stolen is a headache. Because many if not most online services let us recover our account by using our phone number. This works by sending OTP codes to our phone number and then we submit the OTP codes when trying to reset the password of our account. That means the bad actor could steal our accounts as well! Then, how do we prevent this? There are several steps. First, we can disable the account recovery feature for phone numbers. It does help to prevent account takeover but we are still a victim of SIM swap attacks. Second, we can set up a PIN number for our SIM card. This will ask the bad actor to input the correct PIN number before s/he can take over our phone number. Finally, use an authenticator app with TOTP or a hardware authentication device such as YubiKey as our two-factor authentication (2FA) method. Never ever use SMS as our 2FA method!
If another method other than SMS 2FA is unavailable, we can only rely on the proxy phone number approach. Actually, we don't really need to do this if we have enabled the PIN system for our SIM card. The SIM card swap attack has already been mitigated. However, I can't bring myself to trust the government in my country. That's why I keep looking for a way to get a cheap proxy phone number.
Honestly, this SIM card and phone number shenanigans made me tired. Is there a better alternative? I'm not sure. I know that eSIM technology does exist. However, I need to know whether the same issues apply to the conventional SIM card too. For now, I will just let it be until I find a better way.
Breach After Breach
In the country that I currently live in, both data privacy and data protection are kinda like a joke. I'm not sure what exactly is the problem. We somehow just don't care. We have many data breach cases. There are some data breach cases from some tech companies. Any follow-up from the government regarding this issue? Nothing. Even worse, there are many data breach cases from the government institutions themselves. Any follow-up? Nothing. Any preventive measures? Nothing.
It baffles me that I'm living in this kind of country. Our private information is on sale on a data breach forum. Resulting in many targeted scams running rampant. That's what can be seen. Who knows what happens other than that? My worry and concern are now at its peak. I have no trust in them. That's why I began to do some research as to how to protect myself because the ones who can protect us are all unreliable. God, please save us.
Even More Dangerous Attacks
Cybercrimes on the internet are happening all the time. There are some that we can control. Something like anything that I have written above. However, there are also many things that are not in our control. This is the scary part. For example, at the end of March 2024, a software engineer from Microsoft found a backdoor installed in a really popular library used by many operating systems. The affected library name is XZ Utils. The affected versions are (if I remember correctly) v5.6.0 and v5.6.1. We are quite lucky because these compromised versions are identified before they get shipped widely to many Linux distros. This set us on fire because this is a critical security issue. The exploit basically lets the bad actor do remote code execution to the infected operating systems.
This XZ Utils case is only one of many examples. However, what's made this case special is that the bad actors (plural because we don't know whether it is an individual or an organization) have been meticulously planning all of these for at least two years. They sent many contributions to get the trust of the core maintainer. They are doing this until they get the release manager's permission. From this point, they started to push questionable commits. Turns out that they are cooking something.
Imagine that this backdoor successfully shipped to major operating systems, especially the popular Linux distro for web servers. The XZ Utils exploits impacting SSH, a program to control remote computers/servers. This endangers many servers online. Let's say that the bad actors starting to execute the backdoor exploit. They can run arbitrary commands on our server. They can do anything there. What would happen? A disaster.
This kind of attack is indeed outside of our control. What's worse is that it can affect our online safety. What we can do about this? Pray to our mighty God to always protect us. Anything else? Maybe learn about cyber security and then try to be more careful? I don't know. There might exist another library that has a backdoor as well but we just don't know about it. So, yeah, it is what it is.
The Existence of Darknet
Thanks to a search engine such as Google, we can easily get any information that we want to find. How does this work? Basically, a search engine has something like a crawler. This crawler thing is an automated program that collects information from many web pages available online. Later, it stores the information in such a way that when we type some keywords, they can give us the relevant results. Now, what happened to any web pages that are not touched by this crawler? This page can't be found by any search engine. This is what we call a deep web. A place in which search engines are unable to reach. But, what is a darknet/darkweb?
There is a hidden place in the internet that may be accessed with a special network protocol. The name is the Tor network protocol. There is also a Tor web browser available that may let us connect to the Tor network. It even has its own search engine. I have tried to surf in the darknet before. The contents available are pretty dangerous. We can find gambling, drug selling, hacking forums including data breach forums, arms selling, and many more. We need to be careful when surfing in this space because one wrong move may compromise our computer. To be safe, please stay out of it.
They did sell many services such as hacking services. How do they receive the payment though? It is by using cryptocurrencies such as Bitcoin. That is one of the reasons why cryptocurrencies are pretty popular even back then in the hacking community.
Crypto Shenanigans
The popularity of cryptocurrencies and their next-generation innovation such as NFT has grown exponentially over the years. Many people became wealthy fast and many people became poor just as fast. Apparently, this increases people's greed to be rich instantly. Thus, the fear of missing out made many people join in cryptocurrency investment and trading. The blockchain-baked technology such as cryptocurrency is now super popular. Many new cryptocurrencies and tokens are released every single day.
Knowing that you can be rich by owning some cryptocurrencies, cybercrime on this matter is increasing exponentially. There are many scams running rampant. There are even phishing-like attacks to steal crypto wallets. We truly are living in a wonderful era. When will this crypto bubble burst? When will it burst though? Considering that human greed knows no bounds. I guess it will stay like this for a while now. At the very least, I hope that we will have some cool app that is truly decentralized and is used by a significant amount of people in a certain community. I hope I can stay hidden in the digital space, being anonymous. That's a simple request of mine.
What's Next?
This blog post turned out to be quite long. I conveyed my worries and concerns. I also talked a little bit about how to protect ourselves online. It is still far from enough. The next blog post will be talking about my approach to secure myself online. I still have many things to do before I can reach my ideal. At least, I put some effort into protecting myself. Whether I will become a victim of cybercrime in the future doesn't really matter. There is no such thing as 100% safe on the internet. Gotta deal with it.