by Dave Moore, CISSP
01/29/2023
Folks, we have been conned. Isn’t that what it’s called when you’ve been led to believe something that turns out to not be true: a “con” job?
Derived from the word “confidence,” the following “con artist” attributes from the Connecticut Department of Banking website seem àpropos.
“Often, con artists like to blend in with others in your group whether that group be political, community (such as the local senior center), religious or other. They quickly get to know a lot of people in the group so they can count on this common bond to spread the word about their questionable investments…”
“Con artists may dress like they are wealthy and work out of impressive looking offices… the office may bear a prestigious sounding address. Con artists also appeal to the dreamer in you. To them, investing in untested technologies and cutting edge products before anyone else does is a sure-fire way to make money… without giving you any meaningful written information on the product or the pitfalls involved.”
I believe we have been conned into believing the Internet can be trusted. I am often dismayed at how we as a society, and indeed the entire world, have been conned into basing our entire lives, economies and well-being on such horribly flawed technologies like computers and the Internet.
I was again reminded of this sorry state of affairs by the events of today, Wednesday, January 25, 2022.
There is a “cloud platform” owned by Microsoft called “Azure.” Azure is, in essence, a giant network of Internet-accessible computers storing files and making services available to its customers. It is the world’s second largest cloud service, second only to Amazon.
Today, Azure crashed.
With 15 million business customers, including almost all of the world’s largest companies, and over 500 million users, the crash was, to put it mildly, significant. It was also global, affecting the Americas, Europe, Asia Pacific, Middle East and Africa. Only China was spared.
Two of Azure’s most-used services, Teams and Outlook, part of Microsoft’s package of programs called “Microsoft 365,” were unusable for millions of users around the world. Businesses, medical facilities and schools could not hold scheduled meetings or classes; doctor’s appointments were cancelled. Email was out of the question. Even though Azure was only down for a few hours, untold mountains of money were lost.
In classic “talk a lot without giving an answer” fashion, which has become the unhelpful default response for businesses and governments everywhere, Microsoft blamed the problem on a “network connectivity issue.” Duh. Thanks a lot.
Folks should not be shocked when things like this happen, because they have been happening for years. All of the Internet mega-services have crashed before. Amazon has crashed more than once, as have Apple and Google services, often taking user files and emails down the tubes with them.
I’ve been doing this long enough to remember the Great Cox Email Crash of 2012. Cox email services crashed for four days in a row, right before Christmas, leaving millions of customers in at least 11 states without email service. This was especially hard on business customers during the holiday shopping season.
Cybersecurity guys like me work on backup, contingency and recovery plans for a living. You’ve got to have solid file backup systems that can survive a computer or Internet crash. If you depend on Microsoft Teams for online meetings, make sure you and your people can use something else like Zoom in an emergency.
Make sure you and your people have alternate email services ready in case your primary service goes down, because someday, it will. If your Internet service goes down, make sure you know how to turn your cell phone into an emergency Internet hotspot. Make sure you have printed copies of your phone book, with numbers and email addresses, in case cell phone services go down.
There’s your homework assignment.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org