Friday, June 23, 2017

Guest Post: Ray Daniel - Hacked

I'm not going to lie, this is one of the most useful guest posts we've ever had. Stolen passwords haunt our lives on the daily. Thankfully, Ray Daniel gives us some tips on how to protect ourselves from those pesky hackers, in correlation with his latest release, Hacked. The fourth book in the Tucker Mysteries, which is available now!


Hackers love passwords. They love to use them, sell them, and trade them with their friends. Once they have passwords they can steal identities, publish secrets, and create a wide variety of mischief and mayhem.  So, how do they get them?  Most importantly, how could they get yours.

It's perhaps comforting to know that they don't get your password because they know your birthday, your dog's name, or the names of your loved ones.  While not using any of that personal information to create a password is good advice, we don't live in a creepy world where hackers are omniscient.

Hackers have two primary ways of getting your password: they can guess it, or they can trick you into giving it to them.  Let's look at both of those approaches and then see what we can do to protect ourselves.


When it comes to guessing passwords, one imagines the hacker going to Amazon.com and trying passwords until one hits.  This, of course, does not work.  Amazon.com and other sites place limits on the number of guesses.

Instead hackers need to steal databases full of email addresses and their associated encrypted password.  Encryption takes your password and turns it into an unintelligible string of letters.  For example, the password 'password' becomes the following:

5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8

There's no way to figure out the word 'password' from that.  The very similar password 'Password' looks like this:

E7CF3EF4F17C3999A94F2C6F612E8A888E5B1026878E4E19398B23BD38EC221A

As you can see there's no discernable pattern between them even though they are similar passwords.  However, if I told you that my password was password but I didn't tell you whether the P was capitalized, you could figure out which password was mine by guessing.  You'd encrypt password and then encrypt Password and check to see which one matched the encrypted string.  That's exactly how hackers guess your password except on a huge scale.

Hackers regularly break into insecure servers and steal databases of email addresses and encrypted passwords.  When you heard that hackers broke into Yahoo and stole information for one billion (billion with a B!) accounts these username-password pairs were some of the information stolen.

Once they have the encrypted passwords, hackers use bastardized graphics engines to create hacking machines that can guess a billion passwords in a second.  They take your password and compare it to lists of previously guessed passwords, then they compare it to words in a dictionary, then they replace the 'e' with '3' and add numbers and letters to the end, they use advanced prediction mechanisms to create guesses from a first letter such as 's'.

Using techniques such as these hackers can guess between 60 and 80% of passwords in a typical stolen database.  If you'd like to know whether your password information is in the hands of hackers, follow this link to this New York Times article:

Or to be more precise type your email address into http://haveibeenpwned.com.

Both sites will tell you whether your information may be out there. (But, come on, we almost all have a Yahoo account.)

The other way hackers get your password is by asking for it with a phishing attack.  In this approach hackers send you an email that looks to be from a coworker or, even better, a boss or the IRS.  The message says something like, "You had better read this right now or you're screwed!" The goal is to get you to panic, click on a link, and log in to see the information.  Once you do that, the hackers have your password.  This is how John Podesta of the Hillary Clinton campaign lost his password to Russian hackers.  To be fair to Podesta, he shared the email with his IT department who told him it was legitimate when the person had meant to type illegitimate. (One cannot make this up.)

If you think you're immune to being phished I suggest listening to the Reply All podcast from Gimlet Media named What Kind of Idiot Gets Phished?. https://gimletmedia.com/episode/97-what-kind-of-idiot-gets-phished/

There are three things you can do to minimize password-related damage:
1. Use a different password on every site.  I'd worry if I had used my Yahoo password to protect my bank account.
2. Use a password manager to generate unguessable random strings to all sites and save them.  That way you only need to remember one password. (Here is a comparison of password managers: http://www.pcmag.com/article2/0,2817,2407168,00.asp)
3. Set up two-factor authentication on all sites that allow it.  John Podesta would have survived losing his password if he had turned this on.  Two-factor authentication requires the hackers to have both your password and your cell phone to get into your account. They probably don't have your cell phone. (Two-factor authentication saves Tucker in Hacked.)

The modern world of hacking and password can seem like a scary place, but it's not difficult to stay safe.  If you use a password manager to generate different random passwords for all your sites and turn on two-factor authentication you won't wind up like John Podesta. 
***

Aloysius Tucker vows vengeance when a hacker terrorizes his ten-year-old cousin online. But the situation goes sideways fast, threatening to take Tucker off-line for good. #TuckerGate

Promising his cousin that he’ll get an apology from an Internet bully, Tucker finds himself in a flame war that goes nuclear after a hacker is murdered. Now more hackers, the whole Twitterverse, and a relentless bounty hunter agree on one thing—Tucker is the killer and he must be stopped.
With death threats filling his inbox, Tucker battles Anonymous, Chinese spies, and his own self-destructive rage while chasing a murderer the online community has named the HackMaster. Can Tucker clear his name and build a case against the killer before the death threats come true?


Ray Daniel (Framingham, MA) writes first-person, wisecracking, Boston-based crime fiction. His story Driving Miss Rachel (published in Blood Moon by Level Best Books) was chosen as a 2013 distinguished short story by Otto Penzler, editor of The Best American Mystery Stories 2013. Daniel's work has been published in the Level Best Books anthologies Thin IceBlood Moon, and Stone ColdTerminated is Ray Daniel's first novel. For more information, visit him online at raydanielmystery.com/.

Friday, June 9, 2017

Guest Post: R. Jean Reid - Perdition

We welcome R. Jean Reid (Jean Redmann) to Midnight Ink's blog today! Jean delves into setting and why she wrote a series set in Mississippi. The second in her gripping Nell McGraw Investigation series, Perdition, was just released yesterday. 


I grew up in a small town on the Mississippi Gulf coast, Ocean Springs. It’s been decades since I lived there, but the past, our memories, the slant of the light, seeing a world new through a growing child’s eyes; keep it tightly in memory. This town and my growing up there had stories to tell. These stories became the Nell McGraw series.

There is no real Pelican Bay and I’ve stretched the Mississippi coast from 3 counties to 4 to add my fictional one. The city is loosely—very loosely—based on Ocean Springs, but mainly because it’s easier to pull something from memory (and a map) than to create it out of whole cloth. There is no town square, so please don’t ask where it is. (Ocean Springs is a lovely, sleepy town, miles of natural beaches and worth a trip if you’re in the area. But missing an expanse of green at its heart.)

The first story I wanted to tell, in Roots of Murder, was to dig back into the hidden—or forgotten—struggles of the civil rights era. When I was a child, those lovely beaches were segregated. As difficult as it is, I wanted to take a hard look at that past, at least as much as a mystery, a fictional world, could do. How do those long ago sins still resonate? The mystery genre, at its heart, is a search for justice. Too often in real life we can’t find it; truth hidden and smudged under everyone’s version of it. But the mystery novel can give it to us.

For this kind of story, the only possible setting seemed to be one based on my childhood home, a small town with secrets.

In my research for the book, I stumbled over a memoir titled Blood, Ballots and Beaches, by Dr. Gilbert Mason, Sr., an African-American doctor. It was the story of the desegregation of the beaches in Biloxi, Mississippi, a struggle overshadowed by the more bloody violence going on in other parts of the state.

My parents are long gone. I can’t ask them what it was like, even if I dared (would I find answers I didn’t want to find?) I only had small clues, some only later revealing themselves. In 8th grade, I was given an assignment to ask my parents to name someone they admired, a historical figure. My mother chose Eleanor Roosevelt. Only later, did I realize what a major statement that was for Mississippi in the late sixties. (The state was still fighting Brown v. Education, finally losing at the Supreme Court in 1969.) Eleanor Roosevelt, who resigned from the Daughters of the American Revolution, when it refused to let the African-American singer Marianne Anderson perform in its hall. Who climbed into a bi-plane with one of the Tuskegee Airmen to show her utter confidence that they could fly as well as any white pilot.

In Dr. Mason’s book, he only named those who helped support him in his struggle. I saw the name of my pediatrician, my mother’s cancer doctor, others that were part of my parent’s social circle.

A small kindness, to find that perhaps in that flawed time with its all too flawed men, my parents, had at least been part of those who were willing to hope for a better world. They weren’t fighters for civil rights, not on the front lines. Even in my sealed childhood world, I would have remembered that. I can’t claim any great heroism from my family—only that perhaps they weren’t as flawed—shading into evil—as many in that time and place.

And I had to write a story that helps, in a very, very small way, to atone for the sunny days at the beach that were denied to others. To remind us that, as Faulkner says, ‘The past is never gone; it’s isn’t even past.”

That was the genesis of Nell McGraw and Pelican Bay. (Please note, it’s a large small town and part of the well populated Gulf Coast area, keeping the murder rate well below that of Cabot Cove.)

In Perdition, the second Nell McGraw, I also wanted to draw on secrets, the assumptions we make about others, especially when we think we know them.

Mississippi, and my memories, still have stories to tell. 
***

What happens when a killer who can’t be caught threatens to kill your children next?

A town and a mother are forced to confront their worst fears in this hair-raising suspense novel from the author of Roots of Murder.

Newly widowed mother Nell McGraw struggles with her outsider status as she runs the newspaper founded by her husband’s grandfather. But a paper can’t turn away from the stories that others ignore, like the body of a child found in the Gulf. At first it seems tragic, a child lost because of carelessness.


Then another child goes missing.

Disgusted by the turf war between the sheriff and the police chief, Nell barely manages to keep her journalistic distance . . . until the killer contacts her, telling her that her children could be next. Now Nell must match wits with a psychopath who taunts her, daring her and the police to catch him before he can kill again.

R. Jean Reid lives and works in New Orleans. She grew up on the Mississippi Gulf coast. As J.M. Redmann, she is the author of multi-Lambda Award-winning Micky Knight Mystery series, including The Intersection of Law and Desire, Death of a Dying Man and Ill Will. Her day job is in public health as the director of prevention at NO/AIDS Task Force. You can visit her at www.RJeanReid.com.