Things Matt Wrote

Writings from the intersection of law enforcement and the Internet

I could have alternatively titled this piece “In with two feet”, or “My hand was played”, or “Windows Sucks so now I'm 100% Linux”.

Microsoft Windows pushed an update to the machine Friday morning that rendered it useless. I'm assuming the service pack was supposed to make the computer run better, maybe more securely, but it just left it with a blank black screen. I spent about four hours doing everything the IT Help Desk experts of the Internet said I should but nothing worked. I could “Cntrl/Alt/Dlt” into the control panel but nothing from there. It wouldn't even boot into safe mode. Seriously dead.

I have a somewhat robust back-up strategy so I had all of my content (almost) saved somewhere else. I lost some text docs I had saved to the desktop and some PDF's I had recently downloaded but nothing irreplaceable. The true loss is the workflow. The software, the utilities, the folder structure, and the working environment you have spent the past three years perfecting. If anyone from Microsoft reads this – Time Machine, please. System restore points are awesome until you can't access them.


I intend to keep this blog non-political and on topic. Although this piece deals with a current political topic, my experience pre-dates it and my writing about it deals with a larger issue than silencing the speech of a politician.

Twitter is an absolute cesspool that should be filled with sand and covered with earth. And I felt that way before the current controversy involving the suspension of President Trump’s account.

I opened a Twitter account sometime in early 2014 to the best of my memory. It was eye-opening at first and introduced me to a new view of cybersecurity and the many personalities within the industry. It was informational, thought-provoking, and entertaining. Or at least for a while.

But after some time, you begin to see this darker side. The snide remarks, the put-downs, back-handed comments, the racism, the misogyny, intolerance, lies, and intentional misinformation.


We have reached the point where it is unsettling to lose connection to the Internet. It is like the teenage version of FOMO – Fear of Missing Out; But at a more primal level. FOBU – Fear of Being Unconnected. The loss of connectedness to others and the inability to instantly access information is an unfamiliar mental stumbling block that results in an uncomfortable feeling of worry.

We are experiencing a prolonged Internet outage at my workplace. I can do work without the Internet but losing connection to all cloud-based services and network communications is a huge blow to productivity. And working inside the farthest reaches of a concrete block building renders a cellular-connected device no more than a digital photo frame. The downtime has given me a moment to pause and consider our connection to the connection.

This is more of an indictment of modern police investigations. In the past, policing existed completely outside of modern technology, except maybe the automobile and hi-band frequency radio. A police detective would be notified of a crime and then physically go out into the community to learn more information. This involved actual face-to-face conversations with community members. Information databases were paper-based, or a stand-alone computer not connected to any other sources. Investigators were required to visit peoples at their homes, their businesses, their schools, or places of entertainment. Research was done by going to the library or courthouse. Court proceedings were done in a physical courtroom.


Domain registrar and web hosting company GoDaddy recently raised eyebrows and the collective ire of Reddit over an email phishing test they conducted on their employees. The company sent an email to employees promising a cash bonus, in the spirit of Christmas, and to ease the economic burdens they face due to the Covid-19 pandemic. The email included a link to a registration form that collected employee information under the guise of confirming employee status and “ensuring everyone gets the bonus”. Employees who completed of the form didn’t receive a cash bonus but a notice of required security refresher training.

News of the test sent the technology reporter pool into a tissy and brought the collective ire of self-righteous Internet forum warriors. Some of the criticism was pointed and legitimate. Poor topic? Yes. Poor timing? Yes. Entrapment? Maybe. GoDaddy should have recognized the sensitive content and poor timing of its delivery. The betrayal felt by employees is understandable.

Ok, but you still clicked the link. You could have compromised the entire network and therefore the integrity of the company! GoDaddy played dirty pool but so do the bad guys. Do you think a Russian crime group dedicated to compromising the computer network of your company ever has moments of self-reflection where they say “Wow, this is just going too far. We need to let this pass”. Do you think they have an open-door policy or a corporate ethics officer? Hell no they don’t. They are criminals. Betraying your emotions and stealing your candy is their job and they will stop and absolutely nothing to ensure success.

Those involved in the debate fall into two camps….security and non-security.


Bitcoin is surging with the price breaking the $28,000 price point this week. By all accounts, it will continue to rise through the new year. An Internet search yields dozens of explanations for this meteoric price increase but one of them, and probably the true reason, is rarely discussed. The current price of bitcoin is being driven not only by speculation but by crime.

Legitimate investors are purchasing Bitcoin for much the same reason you place your money in any investment instrument. You hope to sell your holdings at a price much higher than you paid for them thereby yielding a profit. Whether corporate stocks, artwork, real estate, or Pokeman cards, you hope to turn your money into more money as the price of the property you hold becomes more valuable over time. Digital currency is no different. People are purchasing bitcoin in the hopes of selling it at a later date for a much higher price than they paid for it.

The steep rise in Bitcoin price over the past few months has drawn the attention of the media. As people learn about the price increase they decide to enter the game and try to ride the rising tide to profitability. As more and more people buy the price continues to rise. As the price rises so does the media attention which brings more people into the game. It is a perfect example of the snowball effect.

But the real question should be, what spurred the initial increase in price from it's 2020 low price of $4900 in March?


In 2016, Dr. Zinaida Benenson of the Friedrich – Alexander University (Bavaria, Germany) conducted a study to measure the rate at which students would click links in messages received from unknown senders. Of course, they clicked links. There is little value in that finding. The true value of the study is the reason why they clicked the links.

Dr. Benenson’s study involved 1700 university students. They were interviewed to learn their self-assessed security awareness and understanding of phishing attacks. 78% of the students expressed an understanding of the dangers of clicking a link received from an unknown sender.

The students were later sent emails and messages through Facebook from sender names they would certainly not known since the accounts were fictitious. The messages referenced a New Year’s Eve party and the link allegedly went to an online photo album of photos taken during the party.


Why are business email compromise attacks so effective?

Because people are Helpful.

Because people are Trusting

Because people are Obedient.

Phishing and Business Email Compromise attacks are acts of social engineering. They are attacks on humans and they prey upon human emotions. The most effective phishing emails exploit the target's emotions of Obedience, Fear, Kindness, or Curiosity. The most effective BEC emails target the employee's sense of obedience.

Employees want to be good workers. They want to excel at their jobs and win the praise of their supervisors. Imagine you are an accounts payable clerk or junior accountant and the CEO walks into your office and says Jump. Are you going to question how high or why?

One of the biggest fears most employees have is failing at their jobs, or at least look like their failing. No one wants to question the boss and risk appearing incompetent or untrusting. Even when employees think the email directing the high dollar wire transfer is suspicious many times the urge to carry out the task with diligence and obedience overcomes the suspicion.

This week, the Milford Daily News detailed a Business Email Compromise attack executed on the city of Franklin, Tennessee. The cities treasurer transacted a wire transfer that resulted in a $522,000 loss to the municipality, The city manager described it as a “sophisticated cyber fraud”. It was not. It was just a standard spear-phishing attack taking advantage of an organization with untrained employees and insufficient security controls.


Today is Black Friday, traditionally named because it was the day where retail sales altered merchant’s balance books from red to black. The Internet and the current Covid-19 crisis have effectively made this annual shopping festival nothing but symbolic. The true event will occur in three days with Cyber Monday. Most retailers, however, have already altered their business models and black Friday has become Cyber Black Friday blurring the lines between the two events.

I have previously written about RDDOS or Dedicated Denial of Service for Ransom. This is a double punch attack on Internet services that combines a traditional DDOS offensive with demand for payment to make it stop. What better time to launch such an attack than the days preceding the largest Internet sales event of the year?


I published a newsletter on Substack. has a simple newsletter option but I found it just that, simple. Substack offered more creativity with formatting and backend functionality. The focus of the publication will be cyber-financial investigations and threat intelligence.

I will still be publishing at this location.

I'd be honored if you would take a few minutes to give it a look. And maybe subscribe.

Matt's Newsletter

There is no doubt that small and medium business owners are caught between the proverbial rock and a hard place when confronting a ransomware attack on their network. Unlike large businesses and expansive corporations, they are unlikely to have a dedicated security team. In fact, they are lucky to have a person there just to keep the Internet-connected and the printers online. A dedicated IT security person is an abstract luxury. And back-ups? John the Office Manager copied an excel spreadsheet of the client listing to a USB thumb drive a few months ago. It is on his desk. Or maybe his winter coat pocket.

It is completely understandable why any business leader chooses to pay the ransom payment. In most cases, they are out of options and desperate. Obviously, they wouldn’t pay thousands or hundreds of thousands of dollars if they had some alternative choice. But they don’t, so there they are.

In some cases, an insurance company is in the driver’s seat and they have analyzed the options down to an actuarial decimal point. The decision is calculated on a cost to benefit analysis based on dollars and cents not right or wrong, or what is best for the business or society.

Why is paying the ransom so bad? Why are law enforcement and security professionals so adamant that ransom demands never get satisfied if it’s a quick and easy fix that is in the best financial of the business?


Enter your email to subscribe to updates.