Open in app

Sign in

Write

Sign in

Mike visits the Internet Doctor — A Security Awareness Story

Continuing Mike and Joe’s Security Awareness saga

Horatiu Petrescu, CISSP | GSEC
7 min readMar 6, 2022

Mike looks around the waiting room impatiently, wondering what Internet related issues the others are in for. A little red light above the Doctor’s room just turned on. It ominously reads ‘Deep Cleaning In Progress’. A robotic voice announced that all appointments will be delayed half an hour.

“Hmmm, that doesn’t sound good, they’ve been in there for a long time. I hope their laptop’s ok.” Mike looks at the magazines on the table, browsing the headlines to kill some time. ‘Are your digital habits making your life miserable? Top 10 tips how to make your house more secure and have a good night’s sleep’ one of them reads. Mike chuckles to himself “Yeah right, I’ve read all of them, there’s nothing a magazine can teach me.” He quickly straightens his face though, remembering why he’s in there for, along with everyone else.

The guy next to him is hugging his laptop tight to his chest, staring blankly at the floor while talking to himself. “I only clicked because they told me I can win $1000. Who does this to a person’s laptop? How dare they, who the hell do they think they are?”

Touching his shoulder, Mike tried to comfort him. “Hey buddy, don’t worry, it’s going to be ok.”

Shaken up a bit, the guy turned to Mike and said “How do you know man? Do you know what it’s like to not be able to get into your laptop for a week? The only thing I’m dreaming about every night is locked screens saying ‘Your computer has been locked, send your Bitcoin here or you’ll never access your files again’, over and over again. I wake up in a cold sweat every night…sh*t.“

Mike shuddered a bit at this scene, but tried to keep himself from gasping. The guy continued “Yeah I know, it sounds bad right? This is my third visit to the Doc since it started a week ago. At first I though I’d outsmart them and restore my files from a backup, but then it kept coming back somehow, asking for more and more money.” Covering his face with his palms he continues with a sobbing voice “I don’t know what the heck’s happening, I just want it to stop. ”

Mike thought to himself “You poor bastard, you probably have infected backups.” He fell silent, not knowing what to say to comfort the poor guy, but then continued “Whatever you do, don’t give in and pay the money. That’s not gonna stop — ”

The guy interrupted Mike before he could finish his sentence “Yeah yeah, the Doc told me the same thing during my first visit. I don’t have $5k to pay them anyway. I was saving up for a trip to Bali where I wanted to propose to my girlfriend. Might need to postpone that now. Makes me look like a schmuck too for thinking I can easily get $1000 bucks…damn smartass crooks.”

Mike casualy smiles while a glimpse from his past quickly popped into his mind. “Don’t worry, everyone’s been there. I’ve been there a few years back. Call it a tuition fee if that makes you feel better. It’s a costly lesson but hey, at least it’s not worse right?”

Releasing a sigh of acceptance, the guy answered Mike. “I guess…I’ll have to see the Doc’s bill first. I think she’ll be going to Bali in my place at the end of all this.” he said ironically.

“You want only the best when dealing with these things though right? All those expensive studies need to be payed off somehow. Did you see all the certifications on her office wall? Jeez...” Mike said with half admiration, half envy.

All of a sudden Mike got distracted by the couple across the room chatting about their dusty and age-yellowed desktop PC resting on the floor right next to their seats — ”It’s alright dear, we’ll get another one if the Doctor can’t save it. It was old and slow anyway, it was time.” To which the partner replied “But I had our old family album photos in there!”. Continuing with a disheartned sigh: “Now I need to talk to your geeky brother to get a copy of the photos and you know how judgy and pedantic he gets with me about these things. I’ll never hear the end of it, I can already hear him telling me with that smug grin how silly I was to still run Windows XP on my machine. One of these days I swear — ”.

The conversation’s interrupted as a loud shout comes out from the Doctor’s room — “Jesus Doc, what the hell is that?!” The waiting room turns silent for a few seconds, everyone turning their glances towards each other with a concerned look.

Mike’s mind started racing to worse case scenarios. Cringing a bit but trying to keep calm, he turned to the woman next to him hoping that starting a conversation with her would calm things down a bit. “Have you ever been to the Internet Doc before?” Mike asked a bit awkwardly.

“This is actually my second visit. My first one was just talking. The Doctor wanted to understand what my Internet habits were before prescribing anything. I was asked to bring my laptop in for my second visit, she wants to have a look at it herself. She’s concerned the infection might have spread to my devices through my home network” the woman said turning her eyes at her shiny Surface Pro.

“I see” Mike replied, trying to anticipate what the Internet Doctor’s questions would be about his Internet habits. “I know what I’m doing usually when I’m on the net — I use a password manager, I MFA, I don’t connect to weird WiFis. My cyber hygiene is much better since my card was stolen years ago, I’m not like these people around me…am I?“

The woman continued in a wary tone “I don’t know what I would do without it. I’ve only had it for a month, I do all my writing on it. I really like it too, I spent ages looking for a laptop and got this one on pre-order.”

Mike sympathized saying “I’m really sorry to hear that. What happened if you don’t mind me asking?”

The woman answered “Oh, I just found out one day that someone logged into my personal email, and then strange things started happening from there. That’s when I decided to come here and get an emergency check up. The good Doctor did some tests and found that my password was stolen and ended up on the Black web I think she said.”

“Oh you mean the Dark web?” Mike intruded.

“Oh yeah, dark, black, whatever. A few days ago some of my friends called me to ask if everything was ok. They started receiving weird emails from me trying to sell them stuff. One of them even said that she saw a post on Facebook from my account saying that I’m moving countries and giving away all my furniture. Why would someone do that? It’s not even funny.“ Suddenly stopping her story she turns to Mike. “Why are you in here for?”

“Me? Nothing much really. My computer’s been feeling a bit sluggish lately so I’m here for the annual checkup, just the usual tests you know? Vulnerability scan, a little pentest, registry cleanup, app patch update checkups, password strength check, just the regular stuff.”

Intrigued, the woman replied “I thought people come here only when they’re in serious trouble. Why would you spend a few hundred dollars just for check-ups? You seem to know what you’re doing.”

“I know it sounds a bit crazy…but the thing is that ever since I had a security incident a few years back with my bank account, I always feel like I’m not doing enough, or I’m never safe on the net.” Mike answers a bit embarrased by his situation. “I run an AV scan and clear my browser cookies at the end of every browsing session you know, just as a precaution.”

“Oooh ok. Well, if that makes you sleep better at night…” the woman answers, thinking to herself that Mike’s a bit excentric.

Suddenly the Doc comes out. She looks exhausted, her forehead is sweaty. She walks to the receptionist and says “It was worse than I thought, the infection has spread to the TPM chip unfortunately. I tried to do a transplant but the new chip was rejected by the host system.” Pausing for a second, she continued “I couldn’t save it… Luckily the patient had content insurance. They’re on the national part donor list, so I recommended the laptop be taken apart and sold for spare parts on the second hand market to offset the costs.”

Catching her breath, the Internet Doctor turns to the woman next to Mike, who was next in line for an appointment. “Ma’am, we’ll have to do a browser history analysis on your laptop. This means inserting a probe into your browser which will analyse all your past Internet browsing and downloads. We need your written consent for this, ok?”

“Oh my, that sounds a bit…uncomfortable. Is this completely necessary Doctor?” the woman asks in a concerned tone while glancing over the Privact Intrusion Consent form she was just handed.

“I’m afraid so, it’s the only sure way to tell what might be happening with your laptop before the infection started.” the Doctor replied starkly.

While the lady was filling the Privact Intrusion Consent form Mike grew more and more anxious. “Maybe the woman’s right, why am I hanging around here for? I don’t need to come here just to get a history analysis probe up my browser.” He immediately got up and started walking towards the door.

The receptionist called after him. “Sir, the Doctor should be with you shortly, please take a seat.”

Mumbling, Mike quickly answered “Sorry, I got an emergency call from my brother, I have to go unfortunately. Please pass on my apologies to the Doctor.” Mike shut the door behind him, releasing a sigh of relief. “Phew. Now that’s something I need to tell the boys about over a beer.”

Moral of the story? Security is hard, technology is hard. Both affect ordinary people’s lives.

Security Awareness
Cyber Security Awareness

--

--

Horatiu Petrescu, CISSP | GSEC

Written by Horatiu Petrescu, CISSP | GSEC

24 Followers

Cyber Security professional who enjoys writing, the mind, complicated life topics, and trying to mash all of them together.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams