There was a programme on ITV last night, entitled “Cyber Wars”, which is unfortunate, as it was primarily about people being scammed, wireless networks being compromised and identity theft.
STUXNET was mentioned and to the possibility of the Internet becoming a battlefield. It’s worth a watch, but it is a bit cringeworthy.
Interesting news about Gawker and passwords. For those that don’t know, Gawker is a news aggregation site and seems to have been subject to some sort of attack recently whereby its entire password database seems to have been compromised. The impact of this is that lots of Twitter accounts have been hacked.
Two things are of interest here:
1. The types of user on the site are quite technically savvy, and yet still have very poor passwords
2. People are still using the same password on different sites
If you take anything away from this, please seriously consider using different passwords on different sites as if one gets hacked another becomes vulnerable. Password vaults are potential solutions to this problem, like LastPass or 1Password (recommendations from Graham Cluley of Sophos).
There have been a number of stories in the news lately that highlight the growing problem of people gaining unauthorised access to iTunes accounts and siphoning off money from people’s bank accounts in clever ways. These highlight the evolution of crime in an increasingly service-orientated world and people’s individual responsibility to keep their accounts safe.
Consider this scenario: either a genuine-looking website or an application installed on a smartphone asks you for your email address and password in order to access some specific content, like some music you’re looking for online or an app that you want to install. You happily give your details to this site and you may or may not get what you were requesting. A couple of weeks later, you get your bank statement saying that you have spent £1000 in iTunes. You have no idea that this has taken place, you contact your bank, who say that they can’t do anything about it because the purchases were authorised: they were all for giftcards.
What has happened here is that someone has tricked you into giving your account credentials to them, they’ve logged in as you, bought a whole load of very re-saleable items (especially at less than face-value) using your bank details (that they don’t even need to know) and got off scot-free.
This is already happening. And it is resulting in arrests. However, the victims are finding it very hard to claim the money back, as the banks are taking no responsibility for it.
Things you can do:
- Be very wary of giving your username and password to anyone unless you are very sure that the site requesting them is genuine.
- Use a different password for different websites
- If possible, disable the ability to purchase high-value items to limit the impact of a successful hijacking
- Change your passwords regularly