vsatips Began as a Way to Help Others Learn From Our
Experiences Following My Family’s 2 Year Nightmare
In 2009 my family’s home computer network was invaded & taken over by a botnet…although initially we didn’t realize that a botnet was responsible. We just knew that our problem was persistent yet appeared simple…we had lost control of our home network & all of our computers and devices.
This post was begun as an addendum to my ‘about me’ page…which explains the focus on me…not necessarily on the subject of Botnets. But it’s the only one I’ve written about these events and as I’ve begun a series of posts on network security I’ve ended up linking to this rather than re-telling the whole Botnet story over again. So it’s ending up containing a mixture of the pertinent Botnet events as well as about me content. Hopefully I’ve managed to blend the two enough to not make it cumbersome for someone who just wants to know about our Botnet invasion.
The Beginning: When We 1st Realized We Had a Problem
My story began as my years of being a stay-at-home mom were winding down. I was (inexplicably it seemed at the time) thrown head first into the tech side of things when my family’s home network and our computers were invaded by a botnet, although at the time we had no actual knowledge of what specifically had invaded our home network yet. We did have knowledge of or at least sensed that our loss of control was impacting every single family member including a new live-in houseguest & even one family member who lived far away while he attended college. We were all growing increasingly frustrated and worried by a steady stream of bizarre computer occurrences. Each of us experienced random instances in which our computers displayed really aberrant behavior…acts which appeared to occur freakishly of their own accord.
Worse yet was our frequent inability to use our own network. This was a network I’d personally setup just a few years prior with the help of a good friend’s tech savvy husband.
My role as a stay-at-home Mom afforded me a unique opportunity. I was the only one who had both the available time to figure things out as well as (a semblance of) the wherewithal to do so. In the ’80’s I’d been pretty good with tech things when I first sold and then consulted* for clients about computer systems for the healthcare industry. My responsibilities focused on all aspects of outpatient administration and systems for patient registration, scheduling, billing and insurance processing.
*At the pinnacle of my short consulting career I was widely regarded as one of the nations’ experts in outpatient billing and insurance processing systems. There weren’t many consultants around at the time doing what I did, since healthcare consulting was a pretty new field.
I worked for one of the now extant ‘Big 8 Accounting Firms,’ My firm, known then as Coopers & Lybrand, is called PricewaterhouseCoopers today. Our industry was young and accounting firms were a late arrival following their lengthy battle to obtain the legal rights needed to gain entry into the field of consulting…a circumstance which likely explained my ‘expert’ status!
It Was Exactly 25 Years Later When, In the Fall of 2009, My Family’s Ordeal Began
Faced with our present situation at home, I (somewhat begrudgingly) embarked upon a crash course to get up to speed…1st with current computer technology and then with network technology and finally with security matters for both.
In All, Our ‘Invasion Ordeal’ Persisted For 2 Years From Start to Finish
The main reason it took us so long was that the learning curve was huge and botnets by their very nature are designed to keep their activities well hidden. Just diagnosing the problem took almost a year and a half (despite the fact that we were greatly assisted by several network consultants and hardware technicians.) Yet even they experienced significant learning curves regarding malware and botnets. In 2009 it seemed that very few individuals had encountered similar phenomenon…although in hindsight we discovered this wasn’t entirely true.**
What was true however and what set us apart from the pack was that through a series of circumstances we became aware of our invasion and thus were able to document a lot of compelling evidence that decisively confirmed our final diagnosis.
Diagnosis: A botnet had taken over our network and all the devices connected to it!
It bears repeating that botnets are designed to avoid detection at all costs. That aspect cannot be emphasized enough! Millions of unknowing victims’ computers continue even today in 2016 to perform the dirty work of hackers and criminals.
What made our situation different was that we did figure it out. There were 2 reasons that we were able to do so. First, our botnet’s activities got greedier overtime and usurped more and more of our computers’ resources…this made our network and device outage problems constant…which in turn highly motivated us to investigate. Second, a lot of botnet activity occurs during victims typical sleeping hours.
But ours was an atypical household in that regard. Our household was comprised of 2 teenaged boys who didn’t necessarily follow traditional sleep-wake patterns. I too had tendencies along those lines, although my penchant for late night computer sessions was also fed by the fact that the vast majority of our problems exhibited themselves during the early morning hours…the hours I should have been sleeping.
In truth my actions were somewhat of the chicken and egg variety. It’s not clear to me whether my late night tendencies resulted from all those hours that I spent trying to catch and document instances of aberrant computer behavior…or if the reverse held true and I happened upon the all the aberrant behavior because I was up and awake and trying to use computers that were supposed to be performing their zombie work during that time.
Once we we’re able to give a label to the reasons behind our inability to use our own network…a label which also explained all the truly bizarre events we’d experienced…ranging from things like the sounds of television shows emanating loudly from sleeping computers to the continual hacking of our credit cards and other personal data…we set out to remedy the situation.
It took us another 6 months to completely rid ourselves of the botnet.
**As we began learning more about botnets we realized that we weren’t all that unique in falling prey to one…but because botnets try very hard to remain undetected, most of them generally do go unnoticed. This of course is because once detection occurs the botnet risks losing those zombie-ized computers. If this were to occur on a large-scale the botnet would risk massive financial losses because their clients move their business elsewhere to more ‘successful’ botnets.
Most botnets are operated by hackers. In this instance oftentimes the hackers are ‘for hire’ freelancers who peddle their botnet’s resources to anyone wanting to use them. They may be used for a myriad of destructive attacks ranging from those against corporations and their computers and websites to the general public. One type of attack called a DDoS attack, can take down even very large websites. Other destructive activities include using victim’s computers as spam mills to grind out millions of virus-laden emails daily. Those emails tend to be of 2 main types. They may be vicious phishing attacks with identity theft or financial credentials as its endgame, or they may be trojans that work secretly to enslave other victims’ computers into that same botnet or another similar one. This was one activity our computers were being used for, which we figured out from network activity reports.
A Little More About My Role
I’m not oblivious to the fact that my story doesn’t really sound like a very big deal while reading about it after the fact. But for almost that entire 2 year timeframe my heart, body, soul and mind were completely engrossed in just this one thing! I was clearly operating within the bounds of a significant form of tunnel vision.
I couldn’t seem to break free from this role. I was obsessively driven to find and get rid of what seemed to me at that time was a huge threat to my family’s wellbeing…certainly the most significant threat we’d ever been faced with. The whole experience impacted each and every one of our family members too and left a significant impression upon the future course of all our lives. While it was truly a frightening and devastating experience for each of us, I was the one person who experienced this prolonged event so profoundly that it quite literally changed my life from that point on.
Someday I’ll hopefully write more about the intricacies of our invasion by this botnet (which I now believe to have been the Bredolab botnet discussed in this relatively recent Wired article) as well as botnets in general and how they’ve evolved into their present form in 2016…but not here and not right now.
More About How We Discovered the Botnet on Our Network
There was one unique aspect of our network that allowed us to see evidence of what was happening and to finally conclude that a Botnet was to blame. In those days we were using a Linksys router and our network was a broadband one provided by Time Warner. This was back in the days that Time Warner just basically brought the broadband connection to your house. Which is why I had asked the father of my son’s friend to teach me how to setup a network in our home.
He had created a similar network in their home and by doing so it allowed several computers to be online at the same time using just the one broadband connection. Setting up the network involved placing a network card in each computer and placing a router between the cable company’s modem and our computers. The router broadcast a wireless network that each computer could join for simultaneous internet use.
This was all great but as our boys grew into teens sharing the network began to strain the network’s resources. Plus that our kids were beginning to stream most of their media content…which demanded decent bandwidth…although we didn’t use the term bandwidth back then.
Our son ended up researching this issue and he came up with a brilliant solution…there was some open source firmware available for our router that would provide much better throughput. It was called DD-WRT. DD-WRT was (and still is) some pretty amazing firmware! Because it is Open Source anyone could download and use it for free. Not only did it speed up our network throughput enough to address our initial problems…but it provided the access to the evidence we needed to see exactly what was happening on our network.
Below is a screenshot showing DD-WRT’s Dashboard. The consultants who I showed this too were blown away by the amount and granularity of the information we had at our disposal. I spent hours pouring over management reports I accessed using the interface in this screenshot. I learned that at night there was a phenomenally high amount of network traffic…which was really odd given that almost everyone was generally asleep for much of that timeframe. Odder still was the high volume of network traffic when we weren’t even home! We generally took at least 2 family vacations back then…and it was shocking to us to see how much traffic occurred when literally no one was home.
The reports even drilled down further to tell us what kind of traffic it was. In our case the vast majority of the traffic was emails that were being sent. Without access to DD-WRT’s management reports I really doubt that we would ever have figured out that a Botnet was responsible for our problems. In the long run there were many, many more problems with our network and devices too…but the Botnet was the root cause for all of those too.
What We Did to Evict the Botnet
Had we known the correct approach earlier, once we diagnosed the problem we should have implemented it immediately! But we didn’t. What we tried for the better part of 6 months was to address the problem in a piecemeal fashion. We reinstalled operating systems, removed viruses and even replaced a few computers completely when the viruses proved to be too plentiful. But within a short amount of time newly restored machines were once again acting infected.
The only successful way to remove a botnet from a network is to restore every single device at the same time…and to make sure going forward that no device which hasn’t been cleaned and restored is allowed back onto the network. By device, it could be something as small as a USB flash drive which could re-infect the entire network if it wasn’t cleaned too. Once we figured this out it took the better part of a day to restore everything at once. Since both boys were in college at that point we also needed to wait until they were physically in our home with their devices so that theirs could be restored too at the same time.
Restoring each device was simply a matter of reinstalling each operating system, and then putting back each computer’s data after having scanned that data for any viruses or malware.
We did this after Christmas in 2011. We had a consultant and his small team orchestrate the effort while we each needed to be present to provide operating system and other application keys for activation. It was an exhausting day preceded by several days worth of data backups, but in the end we were rewarded by once again being in control of our network and our computers. An added side benefit was that every family member had a new appreciation for digital safety and because of that we’ve never encountered another situation like that. I think I can even go so far as to say that we’ve never even allowed a virus onto one of our machines again.
Of course, the other side benefits were that we learned about hardware firewalls, password managers, the importance of updating operating systems and antivirus software as well as using anti-malware and anti-exploit software too. Most of these have also been the subjects of posts I’ve written too. So we learned firsthand how true that old adage is that states: ‘What doesn’t kill you makes you stronger!’
Below: A combined logo I made for my websites using a free app
My Transition into Writing My Blog
I first began to write about technology specifically because of that experience. I hoped that I could help other people who’d had similar problems. My earliest writing revolved entirely around one theme…keeping computers and networks safe.
Thankfully, those early writings are no longer readily available! I say ‘thankfully’ because writing for an online audience is really much different than any other form of writing I’ve encountered. Once I’d finally grasped that concept I was bound and determined to tackle that learning curve too.
My first true solo effort is also my first blog (although I went into it thinking I’d create a website, not a blog, on WordPress.com. It’s called vsatips, because ‘vsa’ are my initials and I liked the way they sounded merged with ‘tips.’
vsatips is dedicated to helping others who use similar technologies accomplish little tasks that prove to be difficult at first glance. My main devices are primarily Apple mobile ones and Windows’ computers. Although I also dabble in Android a bit too as well as Mac computers…and we recently acquired a 3D printer which I’d love to begin writing about but just haven’t found the time for yet.
My 2nd Blog vsatrends
About a year after I began vsatips I realized that there were also a lot of non-tech subjects that I wanted to write about too! Which is why, after a lot of careful consideration, I decided to create a different site for those topics. I decided to call it vsatrends.
My original intent with vsatrends was to focus exclusively on topics I love that have a strong design element. Those topics included fashion, interior design, architecture, landscape design, jewelry design and beginning silversmithing concepts.
Of course, in practice I’m much to practical for that idealized approach. So for now at least, my posts have taken on much more of the same tone as those at vsatips. Essentially I’ve ended up writing a few ‘How to’ articles which have less to do with aesthetics and more to do with the mechanics of accomplishing tasks.
In watching how this all unfolds, I guess I feel that if my type of ‘how to’ approach brings value to readers, then I’m OK with that approach.
How do I decide which site to publish a given post on then? Well, vsatips has evolved into focusing on several broad categories of technology that I use a lot including, Evernote, Dashlane’s Password Manager, Apple mobile devices including hardware, ios, apps and accessories I love, digital data security, learning to blog, YouTube, general information about computers and tablets and my most recent obsession finding amazing deals on Amazon! If I encounter and then decide to write about something outside of these topics I usually post it on vsatrends instead. Or if the subject seems to have a wider general appeal than just those which fall within my smaller niche topics I’ll post it on vsatrends too. Last, if a topic is more focused upon the design part of the equation rather than the functionality part I usually decide that my vsatrends readers will be a better audience for that.
But there is definite overlap amongst core readers for both sites as well as the topics for each site too.
In the end, vsatrends was and continues to be more of an experiment for me. It’s one that I’m not sure will stand the test of time, since I’m already recognizing that the sheer workload of keeping up 2 active blog sites may be more than I bargained for. It will be interesting to see how my experiment evolves with time.
There are 2 things I’m certain of…vsatips has a well-defined audience now and there are more topics than I’ll ever find the time to write about. I can’t imagine a time when I won’t be writing my tips here. So, in the end, one good thing did come out of our botnet invasion…I rediscovered something I loved and it opened new doors for me too.
Feel free to leave me any comments here.