IraqiGeek's Blog

Unboxing the Bang & Olufsen Beoplay H5

I don't usually do unboxings, but this one... this one is different.
 
  
 Those who know me know I'm a sucker for bluetooth earphones. I've been using BT earphones almost exclusively with my phones ever since I discovered Sony's BT20NX back in 2007. That one lasted me over 5 years before one of the drivers failed. While I'm no audiophile, I do appreciate a good pair of earphones that provide clear, distortion free sound even when taken to max volume. I've also grown to appreciate the increasing range I get with each new wireless phones I get.
 
I've always peeked and oogled at Bang & Olufsen products in electronics shops, appreciating their uniquely Danish simple, yet elegant, design. There's something about Scandinavian design that's just so pleasing.
 
 
BeoPlay H5
 
Today, I received an unexpected - yet greatly appreciated - gift from a friend -the same friend I helped get past WannaCry a few weeks ago -in the form of a pair of B&O H5 bluetooth earphones. I can't even begin to describe how pleasing and elegant those tiny things are. Even opening the packaging exudes a sense of occasion. A sense of elegance.
 
 
The earphones are coated in this soft-touch material that feels almost like velvet to the touch. The cord connecting the two earpieces is not only tangle-proof, but also feels like silk when holding it. And the small metal cap, adorned with the B&O logo, on each earpiece has a spun texture that drags the fingers to contour with its curve. Even fitting the earbuds is accompanied by a reassuring, if soft, sort of thump to let you know they sat firmly in place.
 
 
I've always had a huge respect for Sony. The materials, design, and quality of their audio-visual products is amazing. My current pair, until today that is, is a Sony SBH80, which I've had and used daily for two years, and they never ceased to surprise me with how comfortable they are whether I'm in a T-Shirt or a suit and over-coat. They're intuitive, clear, have a battery that lasts ages, and are splash-proof. But the level of attention to detail in these B&O earphones is on an entirely different level. It's staggering.
 
 
Each earphone has a hidden magnet on the opposite end of the driver. When the two get close to each other, they click together forming a sort of B&O necklace. That, on its own, would've been a nice design feature. But these are B&O earphones; obviously there's more! When the earphones detect they are attached to each other, they automatically enter into stand-by mode to save power! That is as good as ergonomic design has ever gotten.
 
 
 
While they don't charge through Micro-USB, they come with a very nice cube-shaped charger, which is also covered in the same velvety soft-touch material as the earphones themselves, and has a rubbery base that helps it stick to the surface it sits on. The cable seems to be made of silicone, and is extremely flexible with absolutely no memory effect.
 
 
Remember those two magnetic ends on the earphones from above? They also serve another purpose. When each earphone is brought next to the corresponding side on the charging cube, it soft-clicks beautifully and securely in place. Once the two are docked into the cube, a tiny red LED will flash to indicate the earphones are charging. That same LED will light solid green once they have fully charged.
 
 
But we don't buy audio equipment because it looks niceor is made of pleasant to touch materials. So, how do these earphones sound? I'm delighted to report the sound coming out of the two 6.4mm "electro-dynamic" drivers is just as good as the first contact with those earphones would suggest. Sound is distortion free even at maximum volume, rich in bass without overdoing it, and the level of clarity is nothing short of fantastic. They're also quite loud! And goodness gracious are they light (18 grams, to be precise) and comfortable to wear! They're so light that I almost forget I'm wearing them.
 
All in all, I'm really happy with my new earphones, and I'm really grateful to my friend for this awesome gift. I've also gained a new appreciation for B&O and an understanding to why their products command such a price. Such quality and attention to detail do not come cheap.

It's all distant and abstract, until it hits someone you know

Ever since Stuxnet, there has been no shortage of news, almost on a daily basis, about some high profile government or private entity or institution being hacked. Sometimes, the hackers' objective is to infiltrate the target organization, to listen on and monitor its activities. Other times, the objective is to exfiltrate sensitive information from the target. Still other times, the objective is to destroy the target and their infrastructure. Whatever the target, it all seems distant, abstract, and not something that would happen to the average Joe. After all, what would your average hacker gain from hacking our personal computers, and our data?

Then, it happens to someone you know, and it suddenly becomes all too real.

It all started when a friend, who works at a small local business, called me a few days back around the end of the day asking if I could help with some computer trouble they were having at the office.  When I asked what was the problem, she said someone had entered into their office network and encrypted all their data and files, and was now demanding a ransom in order to deliver the encryption key. Naturally, I went immediately to their office to get a sense of the gravity of the situation.

Sure enough, while their office computers were up and running, all data and files were encrypted. Not only that, the ransomware that encrypted all files and data, had left a readme file containing payment instructions in every single folder where it had encrypted files.

This readme not only identified the victim by a uniqe ID (kind of like a customer number), but gave them instructions on where to buy bitcoins, which address to sent the bitcoins to, how to get in touch with the hacker (through a Tor hidden chatroom), and how to provide evidence of payment to the hacker. The instructions were clearly translated to Portuguese using an automated translator like Google Translate, but still!

How did this happen?

Like many businesses, this one constantly sends and receives letters and parcels, and deals extensively with logistics and transport companies. So, when an email appeared claiming to be from one such company, the person attending to this email didn't think much of opening the link embedded within this email. The link sent them to a site claiming that they had a parcel awaiting, but as the site didn't look quite right, this person closed the page, and even run an antivirus scan for good measure!

But it was already too late. Despite the antivirus proclaiming that all was fine, the machine was already infected and the ransomware was already at work encrypting all files it come by.

Now, anyone's first instinct in such an incidence, is to restore the last backup, clean up the system, and give this hacker the proverbial finger. However, the backup in this instance was synchronizing all data and files to the cloud, using Google Drive. But since the ransomware encrypted files, Drive did its job and synchronized all those encrypted files, rendering the Drive "backup" all but useless. While it was technically possible to restore an earlier version of each file, there were close to 50k files to restore, rendering the task practically impossible.

Given the relatively low ransom value beind demanded, and the time and effort required to get the business minimally operational without getting the encrypted files back, my advise was to try and pay the ransom. While there were no guarantees whoever controlled the ransomware would deliver the decryption password, I thought it was worth trying.

Here is were we hit our biggest hurdle. The ransom was being demanded in the form of a bitcoin payment. Everyone and their cousin on the internet, bills bitcoin as an easy and anonymous form of digital currency payment. But if you're in a rush, and need to get your hands on some bitcoins quickly, those online exchanges which you are willing to share your credit card information with are anything but anonymous, or quick for that matter.

I tried registering with over half a dozen exchanges, including coinbase, coinmama, cex and coinpanda. All those exchanges required several forms of proof of identity, proof of address, and proof of credit card ownership in order to buy bitcoins with a credit card. Beyond that, they required those proofs in high quality digital scans, and a human reviewed each and every detail. While I'd say this is commendable under normal circumstances, it's not very helpful when you're in a hurry. In the end, we bought our 0.25 bitcoins locally using localbitcoins.com. The seller didn't respond for hours, and setting up the meeting posed its own safety and security challenges, as it was close to midnight by the time we heard from him. Luckily, he turned to be a friendly fellow, and didn't hesitate to help and was patient enough, despite the late hour, to wait with us until the transaction had enough confirmations on the network in order to provide us with the proof of payment demanded by the person controlling the ransomware.

From there, it took another 9 hours until we hard back from this person and received the encryption key. And would you look at that key!