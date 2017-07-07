Patrick Marshall answers your personal technology questions each week.

Q: What’s with the cloud? I was hoping to use it for backup. The estimate was that it would take three days or so to back up my notebook computer — about 100 megabytes. The last time I checked, I couldn’t back up a directory. I had to back up each file. This is not useful to me.

My data connection is cellular, mostly 4G. Is “the cloud” safe from hacking and/or spying?

— Klaus Golombek

A: I’m afraid that nothing connected to any network, including the internet, is safe from hacking. That said, you can minimize risks significantly by running anti-virus and anti-malware software.

As for backing up to the cloud, how long it takes depends on the speed of your connection. If it’s a slow connection and you have a lot of data, yes, it can take quite a while. Compared to most cable internet connections, cellular hot spots are both slow and expensive in terms of data charges. Even if you have an unlimited data plan, most cell services deliver less bandwidth once you transfer a certain amount of data, in some cases reducing performance by a factor of 10 or more.

That said, it doesn’t sound right that it should take three days to move 100 megabytes of data over a 4G connection unless you’ve got very poor signal strength.

As for having to specify each file for backing up to the cloud, I don’t know of a service that requires that. Most cloud services allow you to designate directories for syncing to the cloud and once you’ve designated the directories the service will monitor for any new files or changes to existing files.

This is a better way to back up your data than using an attached external drive, since you end up with an off-site copy of your data. If you only use an attached external drive and you have, say, a fire, all your data could be lost. Bear in mind, though, that unless you subscribe to a cloud service that includes versioning — saving earlier versions of files as well as the latest version — you won’t be safe from ransomware attacks. Ransomware can encrypt all data accessible from the infected computer, including that in the cloud.

Q: How is it that our very best computer and internet sleuths and other cyber experts have not been able to identify the perpetrators of the ransomware attack of a few weeks ago that infected thousands of computers in hospitals and other institutions throughout the world, yet those same experts are assuring us 100 percent that they have identified the Russians as the source of interference with our elections by hacking into political websites and databases?

What is involved in the technology of identifying the source of cyberattacks and hacking?

— Jerry Cronk

A: First, I don’t think anyone has claimed 100 percent certainty about the source of the election hacks. What U.S. intelligence services have claimed is “a high degree of confidence” that the Russians were responsible. That confidence comes from a variety of evidence, some of which we may never be privy to.

In general, if the hacking involves malware uploaded to a computer, that code itself may offer clues as to who wrote it. Hackers tend to reuse code rather than write new code for each attack, so if a computer sleuth has previously determined the source of a piece of malware, that’s a very important clue. In some cases, computer experts may even be able to determine the native language in which code was written or the operating system in which it was compiled. Again, though, it’s possible that the code may have been shared with other parties, so a good sleuth needs to look for other evidence as well.

Whether a hacker deposits code on a computer or simply breaks in to steal files, data are recorded in logs about what IP addresses accessed the computer and when. Yes, sophisticated hackers will mask their trail by moving through many servers in other locations, but sophisticated sleuths will still get information that may narrow the field of suspects. And the time of day when the hacking activity takes place can be a further clue. If the hacking activity regularly takes place when it’s 3 a.m. in Moscow, it’s less likely that the culprit is there. Again, it’s just a clue.

Some very sophisticated hackers even use tools to access and clean up those network logs to remove their footprints. While those tools remove clues, once it is known that a system was hacked the knowledge that such a tool was used narrows down the field of suspects.

Also, security agencies may determine the source of a hack by discovering where the hacked data end up. They may also determine the source by picking up through surveillance discussions of the hack or data gleaned from the hack.

Finally, we have to suspect that security agencies have forensic tools that are closely guarded secrets.