 |
| What would you do if you couldn't get access? |
A couple of weeks ago, my e-mail account was hacked and I was surprised at how unhappy and threatened I felt. It was hacked on a a Sunday afternoon from Japan. They really should have better things to do with their time. I quickly found out and took evasive action by changing my password and a log in image that was only visible to me. However there were some problems -- A program was posted in my yahoo account which sent strange malicious e-mails to my contacts. I had to inform them of course -- I did have some confidential information in my accounts which I have since altered - More fool me. So I was a victim -- but things could have been worse.
We perhaps over rely on the digital world and there are many unsavoury people who will exploit that fact, without any regard for us. What is to be done? The number of cyber attacks in the world, to try and obtain key commercial\political\military information and\or to reduce the capacity of nation states, companies and individuals to function, is increasing rapidly. In 2011 it was estimated that the UK suffered 44m such attacks, the US 240m , Russia 128m and China 46m. These attacks can be instigated by twisted computer geeks, nation states, extremist political\religious groups and professional international criminals. Not a shot needs to be fired nor a rocket launched. Societies can be brought to their knees by some malicious and very clever\hidden computer code. More than 30% of the world's population is linked to the inter web and this is growing -- so the target audience gets bigger. According to Symantec , the public sector (Including the military) receives 25% of all targeted e-mail attacks closely followed by manufacturing (15%) and finance (13%).
According to the Cabinet Office, Cyber crime costs the UK some £27bn a year, broken down as follows;
Scareware -- £30m
Data loss to third parties -- £1bn
Direct on-line theft - £1.3bn
On line fraud -- £1.4bn
Identity theft - £1.7bn
Extortion - £2.2bn
Tax fraud- £2.2bn
Industrial espionage - £7.6bn
IP Theft -- £9.2bn
Scareware comprises several classes of scam software of limited or no benefit, that are sold to consumers via certain unethical marketing practices. A tactic frequently employed by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake anti virus software to remove it. Heard that one before?
We are always aware of high level cyber crime -- stuxnet trying to delay the Iranian centrifuges for their nuclear programme but the lower level stuff is more boring but just as dangerous. A hacker can try and find a contact or contacts within your organisation from Facebook or Linked In. He then sends them an official looking e-mail with a message\file they might recognise. All it takes is for one of the targets to open the mesaage and click on the attached file and they are in -- your firewall has been avoided and the programme can do all sorts of things -- record your key strokes. watch you computer screens,relay back any conversations you might have,get hold of your sensitive identity information - A virus can replicate itself and spread through your computer and your network -- Some, like trojan horses, can lay dormant for a long while -- worms will not need a click on a file they will do their dirty work anyway. All these elements need to be watched. If you receive communications from third parties you do not know with funny files please delete the e-mail and do not open the files.
A common type of attack which often happens is a denial of service attack -- Target networks are flooded with artificially high levels of traffic and normal users just cannot access the systems - This happened in Estonia in 2007 - Russia was a prime susect for that particualr escapade. This is usually practiced when it is the intention to bring down a specific country or company as a result of someone's malevolence?
How seriously do we take things? Well accoriding to Microsoft, the most common systems passwords people use are:
Password,12346,12345678, qwerty, letmein, abc123,dragon and monkey.
These are hardly challenging to crack are they? Microsoft advise that you should not use dictionary words or repeated character sequences. Though why dragon and monkey are so popular I do not know.
None of this is any use if a hacker manages to get through to the central list of all user passwords.
The main message - a quote from Hill Steeet Blues, if anyone remembers that programme is " Be careful out there."
No comments:
Post a Comment