SEARCH CLINIC

Search engine online marketers
Subscribe Twitter Facebook Linkedin

Archive for the ‘Hackers’

Paris attacks: Silicon Valley in crosshairs over encryption

February 18, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Apps, Computers, Customer Service, data security, Email, Hackers, internet, Personal Security, Search Clinic, Uncategorized

Grief over the Paris attacks will soon make way to demands for action.

Grief over the Paris attacks will soon make way to demands for action.

As well as increased military activity, and the controversial suggestions to close the door on refugees, the next battle in the “surely something can be done” arena will be aimed squarely, and angrily, at Silicon Valley.

Tech companies were already under pressure to make it easier for governments to access “private” communication apps and services. Those calls have intensified greatly since the attacks in Paris.

The “problem” is to do with encryption.

Without encryption, all of the things we do online would be insecure, be it emailing, or shopping, or banking. They all rely on the principle that if you encrypt data using complex mathematics it is nigh-on impossible to crack.

If you’re using communication apps such as WhatsApp, Apple’s iMessage, WeChat and so on, your messages are encrypted by default.

It means that even if those companies wanted to hand over your messages to law enforcement, they couldn’t.

“There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it,” said CIA director John Brennan at a security forum on Monday.

“And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve.”

An opinion column in the New York Times, authored by Manhattan’s district attorney, and the City of London Police commissioner, said “encryption blocks justice”.

In the piece, published back in August, they wrote about a murder near Chicago in which a father of six had been shot. At the scene, officers found two mobile phones. But they were passcode locked. Neither Google or Apple (the phones ran their software) could unlock the phones, and therefore the data was inaccessible.

“On behalf of crime victims the world over,” the opinion piece read, “we are asking whether this encryption is truly worth the cost.”

It’s an argument that can be made with more vigour than ever after the Paris attacks.

With access to communications, the anti-encryption advocates say, we could perhaps stop these tragic events from occurring. That’s a claim worth scrutinising.

It’s early days in the investigation, and no evidence has yet been offered to show that encrypted communications were used to organise the atrocity.

But technology industry is, on the whole, against the suggestion that law enforcement should have “backdoors” into popular services – the term given to a hidden way of circumventing the app’s security.

A backdoor, in the infosec world, is the term given to a method in which a supposedly secure system can be accessed. It could be a quirk in some code, or a vulnerability in how a system communicates. Whatever the weakness, typically, once backdoors are made public, they are fixed.

Hackers make serious money by discovering backdoors and selling them on – often to government security services.

Many in law enforcement and government feel there should be a backdoor made just for those in authority to investigate and stop criminals and terrorists.

But some of tech’s most influential figures say that the notion of a secure, secret backdoor is dangerously misguided.

If any backdoor exists, hackers will find it eventually. It would mean data security for all of us, not just criminals, would evaporate.

 

TalkTalk hack to cost up to £35m

January 10, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Cyber Security, Hackers, internet, Search Clinic, Uncategorized

The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.

The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.

Following the hack, which divulged some 255,000 users’ financial details, all customers of the telecoms group will be offered a free upgrade.

Chief executive Dido Harding said that despite the hack, TalkTalk was “well positioned to deliver strong and sustainable long-term growth”.

The firm expects still full year results to be in line with market expectations.

TalkTalk shares were still down more than 20% compared with their pre-hack value.

She added that in recognition of the uncertainty that this had caused customers, they would be offered an upgrade.

A spokesperson said the type of upgrade offered would depend on the kind of package customers already had. For example, customers with TV packages might be offered a sports channel that they did not already have.

Customers who were financially affected directly will be free to leave TalkTalk without financial penalty. They would have to be able to show they had lost money as a result of the hack.

Customers who wish to leave for a different reason – for example, if they feel their data is not secure – would still have to pay a contract termination fee.

Some of TalkTalk’s millions of customers might have been angry enough to try to terminate their contracts when the telecommunications company first revealed details of a major data security breach last month.

But, with contracts for mobile, fixed line, broadband and television services of up to two years (always worth looking at those few lines at the bottom of the paperwork) customers found they couldn’t leave TalkTalk without incurring hefty costs.

When Dido Harding, the chief executive, first announced two weeks ago that customers would only be able to leave if they could show a “direct impact” on their bank account – a pretty high bar – investors heaved a sigh of relief and TalkTalk’s share price bounced up.

It was up again this morning – by more than 12% – as the half-year results revealed that TalkTalk was still expected to make £300m profit before tax this year. And that revenues were up 6%.

On 21 October, hackers attacked TalkTalk’s website, stealing confidential customer data including passwords and bank accounts.

The firm was initially uncertain as to the extent of the hack, but after an investigation it said last week that 157,000 of its customers’ personal details had been accessed.

Ms Harding told the BBC that it was “too early to tell” what the longer-term impact of the breach would be on the business.

“We of course saw an immediate spike in customers cancelling their direct debit, but actually after a few days we saw many of those customers reinstating their direct debits again, so time will tell, but the early signs are that customers think we are doing the right thing,” she told BBC business editor Kamal Ahmed.

Swiss email firm pays web attack ransom

December 06, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Email, Hackers, internet, Search Clinic, Uncategorized

A secure email firm, based in Switzerland, has paid a ransom of more than £3,600 after web attacks crippled its website.

A secure email firm, based in Switzerland, has paid a ransom of more than £3,600 after web attacks crippled its website.

The anonymous network behind Bitcoins has made the virtual cash popular with cyber thieves.

The hi-tech criminals behind the web attacks said the payment would stop the deluge of data hitting the site. But despite paying up, the web attacks continued, leaving Protonmail struggling to operate.

It has now launched a fund-raising drive to raise cash to tackle any future attacks.

In a blogpost, Protonmail said it received an email on 3 December that contained a threat to attack its website unless it paid a ransom of 15 bitcoins (£3,640).

Protonmail did not respond to the message and, soon afterwards, was hit by what is known as a distributed denial of service (DDoS) attack. This tries to knock a server offline by bombarding it with more data than it can handle.

Protonmail is a free, web-based, encrypted email service that needs its site up and running to serve customers.

The first attack knocked out Protonmail for about 15 minutes and then stopped. A second attack the next day was much bigger and overwhelmed efforts by the email firm and its ISP to stop it.

“This co-ordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just Protonmail,” it said on the blog.

In a bid to halt the attack, Protonmail said it “grudgingly” paid the 15 bitcoin ransom.

However, it said, this did not stop the attacks which continued to cause problems for many other firms.

Eventually, Protonmail’s ISP took action to remove the company’s site from the net to stem the flow of data.

Post-attack analysis suggests Protonmail was targeted in two phases, the company said. The first aided the ransom demand but the second was “not afraid of causing massive collateral damage in order to get at us”.

Switzerland’s national Computer Emergency Response Team (Cert), which helped Protonmail cope, said the attack was carried out by a cybercrime group known as the Armada Collective. This group has also targeted many other Swiss web companies over the last few weeks, the team said.

It said anyone who received ransom email should not pay up. Instead, they should talk to their ISPs about the best way to defend themselves against attacks.

Protonmail said that despite its work to harden itself against attack, it was still vulnerable to DDoS data deluges. It said it planned to sign up with a commercial service that can defend against the attacks but this would be likely to cost it more than £66,000 a year. It has started a fund-raising drive to gather the cash to pay this fee.

Android’s biggest update ever to fix security flaws

August 24, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Android, Cyber Security, data security, Google, Hackers, mobile phones, Samsung, Uncategorized

Last month a major bug was discovered in the Android software that could let hijackers access data on up to a billion phones.

Last month a major bug was discovered in the Android software that could let hijackers access data on up to a billion phones.

Samsung, LG and Google have pledged to provide monthly security updates for smartphones running the Android operating system.
Manufacturers have been slow to roll out a fix because many variations of Android are widely used.
h3:::
One Android expert said it was “about time” phone makers issued security fixes more quickly as Android is the most widely-used mobile operating system

Android has been working to patch a vulnerability, known as Stagefright, which could let hackers access a phone’s data simply by sending somebody a video message.

“My guess is that this is the single largest software update the world has ever seen,” said Adrian Ludwig, Android’s lead engineer for security, at hacking conference Black Hat.

LG, Samsung and Google have all said a number of their handsets will get the fix, with further updates every month.

Android is an open source operating system, with the software freely available for phone manufacturers to modify and use on their handsets.

The Google-led project does provide security fixes for the software, but phone manufacturers are responsible for sending the updates to their devices.

Some phones running old versions of Android are no longer updated by the manufacturer. Many companies also deploy customised versions of Android which take time to rebuild with the security changes.

Apple and BlackBerry can patch security problems more quickly because they develop both the software and the hardware for their devices.

BlackBerry’s software is reviewed by mobile networks before being sent to handsets, while Apple can push updates to its phones whenever it wants.
Some phone-makers add their own software to Android

“The very nature of Android is that manufacturers add their own software on top, so there have been delays in software roll-outs,” said Jack Parsons, editor of Android Magazine.

“In the US it’s even worse because mobile carriers often add their own software too, adding another layer of bureaucracy holding up security fixes.

FBI warns on airline hacking threat

May 23, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Hackers, Search Clinic, Technology Companies

The USA’s Federal Bureau of Investigation (FBI) has issued a formal alert warning airlines to be on the lookout for hackers.

Federal Bureau of Investigation (FBI) has issued a formal alert warning airlines to be on the lookout for hackersIt follows an onboard tweet from security expert Chris Roberts, who joked about being able to hack into a United Airlines plane’s wi-fi network.

A terrorist could theoretically take over systems that fly a plane by compromising equipment at their seat as an increasing number of airlines are offering onboard wi-fi to customers.

The FBI and the US Transportation Security Administration (TSA) said they had no information to support claims a plane’s navigation system could be interfered via its onboard wi-fi kit, but added that they were evaluating the evidence.

In a private industry notification posted on its website and reported by Wired magazine, the FBI advised airlines to:

  • report any suspicious activity involving travellers connecting unknown cables or wires to the in-flight entertainment (IFE) system
  • report any evidence of suspicious behaviour following a flight, such as IFE systems that show evidence of tampering or the forced removal of covers to network connection ports
  • report any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks
  • review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, would be captured for further analysis

In his tweet, Mr Roberts suggested that he might be able to deploy the oxygen masks on the flight.

Chris Roberts’s tweet:

On arrival at Syracuse airport, Mr Roberts – who is co-founder of security company One World Labs – was taken in for questioning by the FBI, and his laptop and other devices were seized.

A few days later, he was prevented from boarding a flight to California.

He had previously given a number of interviews, explaining the possible weak points in airline systems, telling CNN that he could connect to a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems.

Security experts have warned for some years that airlines are a possible target for hackers.

Planes including the Boeing 787 Dreamliner and the Airbus 350 and A380 have a single network that is used by both pilots to fly the plane and by passengers for their wi-fi connections.

Although there were currently no publicly known vulnerabilities that a hacker could exploit, such an attack remained “theoretically possible” because all networks were inherently insecure.

Wi-fi is now common on many airlines, and most have relaxed the rules surrounding the use of gadgets during flights.

Cyber criminals raided by police

March 06, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Dr Search, Hackers, internet, Personal Security, Search Clinic, Technology Companies, Uncategorized

The UK’s National Crime Police Agency has arrested 56 suspected hackers in part of a “strike week” against cybercrime.

The UK's National Crime Agency has arrested 56 suspected hackers as part of a strike week against cybercrimeIn total, 25 separate operations were carried out this week across England, Scotland and Wales. Those arrested are suspected of being involved in a wide variety of cybercrimes including data theft, fraud and virus writing.

The week long series of operations was co-ordinated by the NCA’s National Cyber Crime Unit (NCCU) as well as specialist officers from regional organised crime squads and the Metropolitan Police.

West Midlands police arrested a 23 year old man in Sutton Coldfield who is believed to have been involved in breaking into the network of the US defence department in June 2014.

The biggest operation saw the arrest of 25 people in London and Essex suspected of using the net to steal money, launder cash and carry out other frauds.

The hackers behind that attack stole contact information for about 800 people and data on the network’s internal architecture was also pilfered.
line

The action also resulted in the arrest of people thought to be part of some well known hacking groups.

In Leeds, a suspected member of the Lizard Squad group was arrested, and in London a 21-year-old man was taken into custody on suspicion of being part of the D33Ds Company hacking collective.

The D33Ds group is believed to have been behind a 2012 attack on Yahoo that stole more than 400,000 email addresses and passwords subsequently published online.

Investigations about suspects in Sutton Coldfield, Leeds and Willesden were aided by forensic information provided by the FBI.

The other actions targeted alleged phishing gangs, intellectual property thieves, users of financial malware, companies that offer hosting services to crime groups, and many people who took part in so-called DDoS (distributed denial of service) attacks in an attempt to knock websites offline.

One 21-year-old man from County Durham allegedly knocked out the Police Scotland website mounting such a DDoS attack.

“Criminals need to realise that committing crime online will not render them anonymous to law enforcement,” said Andy Archibald, deputy director of the NCCU. “It’s imperative that we continue to work with partners to pursue and disrupt the major crime groups targeting the UK.”

In addition, this week the NCA coordinated visits to 70 firms to inform them about how vulnerable their servers were to attack and how they could be used by cyberthieves to send out spam or act as proxies for other attacks.

The strike week also involved four forces setting up pop-up shops to give advice to the public about staying safe online and to get their devices checked to make sure they are free of malware and other digital threats.

The problems of cyber security for small businesses

February 24, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Customer Service, Cyber Security, data security, Dr Search, Ecommerce, Hackers, Search Clinic, Technology Companies, Uncategorized

The growing problem of cyber security is becoming a big headache for small businesses.

The growing problem of cyber security is becoming a big headache for small businesses.Figures from Sophos suggest about 30,000 websites a day are being compromised by cyber hackers – most of those will be the public face of one SME or others.

Becoming a victim of a hack or breach costs smaller firms between £65,000 and £115,000, according to the PWC survey of the worst data breaches among small firms. Those worst hit will suffer up to six breaches a year, PWC suggested, so the total cost could be even higher.

For a smaller firm finding that much cash to clean up after a breach could mean the difference between keeping trading and going bust.

This lack of focus on cyber security is understandable, as most small and medium-sized enterprises (SMEs) spent most of their time on core commercial activity such as keeping customers happy, seeking out new clients and engaging in all the basic day-to-day admin needed to keep their enterprise afloat.

So worrying about computer security comes a long down their To Do lists.

However, ecommerce, websites, apps, smartphones, tablets, social media and cloud services were all now standard ways of doing business in the 21st century, he said.

Additionally, there were some SMEs that were based entirely around technology but that did not make them experts in how to keep their digital business secure.

Either way, everyone is a target and they all need to look externally to security firms for help.

Everyone is familiar with attempts to penetrate internal networks to steal payment information or customer data records but may be less knowledgeable about invoice fraud, ransomware, malvertising, or even attacks that “scrape” websites with automated tools to steal all the information about prices and products they contain.

Estimates vary on how much SMEs spend on IT security.

The most recent government figures published 18 months ago suggest SMEs with 100 or more employees spend about £10,000 per year. The smallest small firms, with less than 20 staff, spend about £200. Other estimates put the spend at about £30 per employee.

SMEs should start with the basics.

This includes anti-virus software, firewalls, spam filters on email gateways and keeping devices up to date. This, would defeat the majority of the low level threats that those busy cyber thieves are churning out.

Government advice on how SMEs can be safer revolves around a 10 steps programme that emphasises basic, good practice. It’s big on those simple steps such as keeping software up to date and applying the widely used software tools that can spot and stop the most prolific threats.

But it also stresses that smaller firms understand more about how they use data and how it flows around their organisation.

Having a good sense of where data goes and who uses it can help limit the damage if it goes astray.

Having control of that data, knowing its value and where it is going, can help a company guard against it leaking out accidentally and maliciously. For instance, having that control might help a firm spot that a server was accidentally exposed to the net and private information was viewable by anyone.

It can also help SMEs keep an eye on their suppliers and partners to ensure that data is handled appropriately.

And finally, said Mr Harrison from Exponential-e, firms need to put in place a plan for what happens when a breach or security incident does occur.

“It’s not a question of if something bad will happen,” he said. “It will, but it’s all about what they do about it.”

Police warn on cyber crime threats

April 18, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Hackers, Personal Security, Search Clinic, Telecommunications Companies, Uncategorized

Only three out of 43 police forces in England and Wales have a comprehensive plan to deal with a large scale cyber attack, new research has found.

Police warn on cyber crime threatsHer Majesty’s Inspectorate of Constabulary (HMIC) warned only Derbyshire, Lincolnshire and West Midlands had sufficient plans in place.

It also found only 2% of police staff across 37 forces had been trained on investigating cybercrime.

The report examined how prepared police are for a series of national threats.

Last year, the government identified five threats as priorities for police to prepare for. These are:

  • Terrorism
  • Civil emergencies
  • Organised crime
  • Public order threats
  • Large-scale cyber-attacks

As part of its Strategic Policing Requirement (SPR), the Home Office called for a nationally required policing response to counter each of the threats.

The report is the first in a series of inspections looking at how individual forces have responded to the guidelines.

HMIC inspectors said they were “struck by how incomplete the police service’s understanding of the national threats was” and that more needs to be done “collectively by all forces”.

The report called for “much greater attention” from police leaders.

“The capacity and capability of the police to respond to national threats is stronger in some areas than others – with the police response to the cyber-threat being the least well developed,” HMIC’s Stephen Otter said.

Police plans to deal with counter-terrorism, public order, civil emergencies and organised crime were in “stark contrast” with the capabilities for cyber-related threats.

Inspectors found the ability to deal with cyber-threats remains “largely absent” in some forces and that some senior officers across England and Wales are still “unsure of what constituted a large-scale cyber-incident”.

They found forces were “silent” when it came to preventing cybercrime and protecting people from the harm it causes, despite the fact it is “fast becoming a dominant method in the perpetration of crime.

“The police must be able to operate very soon just as well in cyberspace as they do on the street,” the report said.

According to the government’s definition, a large-scale cyber-incident could be “a criminal attack on a financial institution to gather data or money” or an “aggregated threat where many people or businesses across the UK are targeted”.

It also includes “the response to a failure of technology on which communities depend and which may also be considered a civil emergency”.

Basically- despite cybercrime costing the UK ecomony billions of Pounds, our plods are light years from being able to cope- let alone help us.

Moral of the story is make sure that you are as secure as you can be- because the state isn’t capable of nannying you.

Passwords- how to set and remember them

April 15, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Dr Search, Hackers, Personal Security, Search Clinic, Uncategorized

With the heightened risk of password hacking Search Clinic thought that it is a good time to refresh your memory on how to set- and remember your secure passwords.

Passwords- how to set and remember themDr Search of the Search Clinic visited the Cheltenham Science Festival a few years ago and attended a lecture by Toby of GCHQ on security in the computer age and posted a post at: top common passwords.

Your starter for ten is to make sure that you don’t use any of them. If you do- then you are already in trouble.

Changing passwords is something many people avoid at all costs- because they fear they will forget the new password.

However, you can make something memorable by simply using the power of association and location. In order to remember a string of online passwords, all you have to do is associate each individual letter and number with a known or fixed item, calling on your imagination throughout.

The more you stimulate and use your imagination, the more connections you will be able to make, and the more you will be able to memorise.

Memory expert Tony Buzan gives tips on how to remember new ones, which should be a long jumble of randomly generated letters and numbers.

No pet’s names- Hackers can find out a lot about you from social media

No dictionary words- Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Mix unusual characters- Try a word or phrase where characters are substituted -Whyd03s1talw&ysr*in?

Have multiple passwords- If hackers compromise one system, they won’t be able to access other accounts.

Keep them safely- Don’t write them down – use a secure password vault on your phone. If you must worte them down label the file someother OTHER than passwords.

Tom from GCHQ suggested using a combination of the above, by using multiple words and numbers- with a few symbols thrown in for good measure:

wh1te-rabbt)*m0nth

Good Luck- and safe browsing.

Heartbleed bug- what you need to know

April 11, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Dr Search, Hackers, Search Clinic, Uncategorized

A major security flaw at the heart of the internet may have been exposing users’ personal information and passwords to hackers for the past two years.

Heartbleed bug- what you need to knowThe Heartbleed bug exists in a piece of open source software called OpenSSL which is designed to encrypt communications between a user’s computer and a web server, a sort of secret handshake at the beginning of a secure conversation.

It was dubbed Heartbleed because it affects an extension to SSL (Secure Sockets Layer) which engineers dubbed Heartbeat.

It is one of the most widely used encryption tools on the internet, believed to be deployed by roughly two-thirds of all websites. If you see a little padlock symbol in your browser then it is likely that you are using SSL.

Half a million sites are thought to have been affected.

In his blog chief technology officer of Co3 Systems Bruce Schneier said: “The Heartbleed bug allows anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the name and passwords of the users and the actual content,” he said.

“This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” he added.

The bug is so serious it has its own website Heartbleed.com which outlines all aspects of the problem.

Some security experts are saying that it would be prudent to change your passwords- although there is a degree of confusion as to when and if this needs to be done.

Some point out that there will be plenty of smaller sites that haven’t yet dealt with the issue and with these a password reset could do more harm than good, revealing both old and new passwords to any would-be attacker.

But now the bug is widely known even smaller sites will issue patches soon so most people should probably start thinking about resetting their passwords.

The exploit was not related to weak passwords but now there are calls for a mass reset of existing ones, many are reiterating the need to make sure they are as secure as possible.

There are half a million websites believed to be vulnerable so too many to list but there is a glut of new sites offering users the chance to check whether the online haunts they use regularly are affected.

The bad news, according to a blog from security firm Kaspersky is that “exploiting Heartbleed leaves no traces so there is no definitive way to tell if the server was hacked and what kind of data was stolen”.

Security experts say that they are starting to see evidence that hacker groups are conducting automated scans of the internet in search of web servers using OpenSSL.

And Kaspersky said that it had uncovered evidence that groups believed to be involved in state-sponsored cyber-espionage were running such scans shortly after news of the bug broke.

Search Clinic will soon post a blog on how to set and remember passwords- so please subscribe to the Search Clinic newsfeed.