Yesterday morning I got up at 4:30 AM, fired up the beasts of burden that are my computers, and got set to do the first roundup in nearly a week. I was excited to see how it would go together. I had spent the last few days before then updating and fussing over settings and getting things the way I like it and catching up on comments. If you remember I had to go back to the old router that was infected but a few days after I took it offline it cleared itself. I set it back up and I had total control again. Yea!!
I use two browsers on my computers I use routinely for my daily browsing and stuff. I normally use Chrome for everything. However I use Firefox for the roundup. Why do that? Because of the way I can get the cartoons and put them in the post I am creating. See Chrome won’t let me right click on a lot of the sites, and so I cannot copy and paste the cartoons. On some cartoon site neither browser will let me copy the cartoon and have it display correctly so for that I use the “take Screenshot” in Firefox. That allows me to save the cartoon to a folder and then add it to the post with WordPress software. One reason the roundup takes time is it is not a simple thing to get hundreds of cartoons / memes / tweets from the source to one page in WordPress.
Now one other step I set up in the morning when I start the roundup is to open one Chrome window with no tabs along with any leftover Chrome windows that were full of open tabs. This gives me a clean set of windows / tabs to look up information when I am doing the misinformation right wing media section. With Chrome all set up, I opened Firefox to my blog and went to sign into it. That did not work like normal. Instead of signing in it simply took me to the page I started from. Thinking I had just goofed something I tried again. Same result, instead of signing in I returned to the regular blog page. It was like I was not even trying to sign in. That set off alarm bells in my head. I turned to the other computer screen and tried to sign into my blog though Firefox. Same result. I click log in, put in my information, returns me to the same screen not signed in. Now I really knew I had an issue. But what was it.
I checked the WordPress status to see if there was a problem. Nope. So I went to down detector. That site refused to let me in claiming I had unusual traffic on my network. Now I get that sometimes on Google and other sites due to my VPN. I run Nordvpn and I like it, but sometimes the VPN can make it seem like unusual traffic. Normally simply disconnecting the VPN from the internet and putting it back on the internet again normally fixes that. This time it did not.
I wondered if the router was infected after a few clear days. Yes it was. I couldn’t change the same settings as before and couldn’t do the firmware updates. Damn. James got up and I told him that it was infected again. He said he had been having trouble with it on his phone and computer when he was playing YouTube or other videos. The videos would stop while they buffered. So I turned on the traffic monitors and other investigation tools and James and I spent several hours trying hard to figure out what was really going on. First thing we noticed was that my computer was not showing having any traffic even though I was playing a YouTube video. Every other device was showing traffic. So we worked on that, and suddenly my computer was showing traffic again. But James noticed something I missed. A device would have a steady in / receive traffic and a steady normally much lower out / transmit traffic, but for a few seconds that device would show a surge in outgoing traffic. Then a different device attached to the network would do the same thing and return to normal. Then another device on the network would suddenly spike its outgoing traffic for a few seconds. I knew how they were doing it now and why my security was not catching it. They were mimicking the devices attached to my network, pretending to be legitimate members of the network. All our phones, pads, computers, even the printer, all the IOT (internet of things which is the internet connected appliances, TV, stereos what ever) so the router thought it was that device sending out these packets of data. I read up on it and it is a common way bot networks worked now. That is why James and Ron were getting buffering when they watched YouTube, and why my computers were not affected. I have a lot more ram and page swap file hard drive space than their phones.
So what to do about it. I couldn’t clear the old router, and I was not sure if my computers were infected as the anchors. What was bothering me is that at first my main blogging computer did not show any traffic when it clearly was passing traffic. But that could have been a glitch of the router. So I looked at what was the solution and that was binding the mac addresses of the device with their network address / IP. It is not fool proof but better than what I had. The problem is that the old router did not have that or a few newer protocols that are designed to stop these malicious software bots. The new router I disliked did have them and did have the binding capability, but it did not have some features I liked on the old router. While the new router has some good points it still had until April 6th until that adult nanny parental controls for adults working that I couldn’t shut off. That is where under the guise of security they run all your traffic through their servers checking the IP address of the pages you go to against a list of known sites with malware or were dangerous to go to. Plus they also monitor content to check if data is malicious. Both of those things I hate. All that information about you is sold to marketers and other groups that build databases on individuals. But I either use that new router and put up with the parental controls for adults until April 6th or I go out and buy a new much more expensive router. I don’t have much choice do I.
I am sure some want to know how I keep getting infected with what is clearly a bot malware. It could be from Russia, North Korea, or any other country. It could be companies trying to break into large corporation’s computers to steal their intellectual property secrets. Thing is if you look at the threat maps more computers are infected than not. Even large businesses that have big security budgets cannot keep their networks from passing through traffic. The larger a network the more attractive it is for these nation state hackers. But how do they infect your computer I hear someone asking again. By going to your favorite website. Yup that is all you need to do. I bet most of my viewers are infected with the same bot network malware and don’t know it. By the way the old idea was that porn sites were full of malware. But reputable porn sites are scrubbed clean and very secure of malware. After all porn is big business, maybe the biggest money maker on the webs. So they keep their sites clean of bad software. Even the sketchy porn sites are more likely to have the old ransomware or password stealers. Not the real powerful well designed nation level malicious software. But don’t you need to download something I heard yelled from the back? Nope. When you go to the website it is sending your computer the page, how to display it, what is on it, what links are there, and more. The data is flowing into your computer. Now virus software like the old trojan information stealers, that kind will trip your anti-virus software and firewalls. These nation state level hacks are designed to get in without setting off the alarms, they mimic legitimate data, programs, or devices. So what these hackers look for are popular site that might not have as great a security or do security sweeps on a schedule. Like news sites, or cartoon sites. I am sure right wing media web sites are full of these malware programs trying to get into your system.
So late yesterday afternoon I dumped and wiped the two computers (just to be sure) and set up the yucky new router. Then I set about installing all my programs and updating Windows. Hours and hours of work. I was only started when it was suddenly late and I was tired, so about 8 PM I went to bed. Remember that I had gotten up at 4:30 that morning.
I woke at midnight and couldn’t sleep so at 2 AM I got up again to work the computers. I got the updating done and now I am just reloading files. I tried to take a nap but I couldn’t sleep, my mind full of desire to want the computers up and running. I will start the roundup again tomorrow morning. If I can stay uninfected. Maybe next time I will just leave them to it because until the Firefox the hack did not bother me or interfere with what I was doing. Best wishes.