|
|
As the chip-and-pin technology is heralded as a success in reducing the credit/debit crimes the thieves are turning to IT, internet and the hackers to beat the system and continue with their activities.
Hackers are increasingly focusing on
desktop and web applications, rather than attacking operating systems and web
servers.
Every day, people browse the
internet's wild frontiers with virtually no locks on their computers. Even
the experts are vulnerable to security attacks.
The bank-job hackers tried to break
into the system using key-logging software to relay passwords from employees'
computers to the perpetrators, who could then access accounts to transfer money
overseas. Police foiled this online heist, but they won't be there to protect
your
home computer.
It takes, on average, only 17 minutes for a computer connected to the Internet to become infected with viruses or spy-ware - in effect, wide open to a total stranger. So you have to act as your own security guard against the growing army of digital villains who want to grab your cash, because they wield an ever-growing arsenal of weapons.
Virus writers used to be kids out to
gain a bit of notoriety, almost like graffiti artists. Nowadays, we're seeing
many more professional gangs who are after money. They're working with spammers
and criminals who steal credit cards and are involved in other forms of
identity theft.
The whole business is changing.
More than 100,000 viruses, worms and Trojan horses
genetically known as malware – are currently circulating on the internet,
industry experts estimate and numbers are growing by about 1,000 per month. .
The good news is that the past two years have
seen more than 20 arrests of suspected malware developers, based all over the
globe, from Belgium to Taiwan.
What all the experts agree on, however, is that
the consumer must become his own spy-catcher, helping to win the fight by
adopting prudent online tactics.
There are three main steps you can take to
protect your computer:
1-Install an internet firewall.
2-Keep your computer’s operating system
updated.
3- Install an up-to-date anti-virus software
and keep it updated.
The worst attacks have less to do with
technology and more with tricking the public into doing something they
shouldn’t, which is why we should try to educate people on how to cope.
Here is a short guide to keeping your computer
secure and safe from these malevolent 21st-century crooks.
Viruses, worms and Trojan horses are
all malicious programs designed to infect and affect your computer, but they
differ in significant ways. A virus travels from computer to computer through
human action, such as clicking on an e-mail attachment. A worm can travel
without assistance (eg, by sending itself
automatically to the people in your
e-mail address book). A Trojan horse cannot replicate or travel, but is often
installed surreptitiously in order to take over a computer and make it do the
bidding of a remote operator.
SYMPTOMS
Computers may behave erratically,
rebooting, running slowly or displaying strange messages or pop-ups.
Trojans tend to leave little or no
trace, and the only clue is increased activity on your net connection for no
good reason.
FIX
It's vital to keep your operating
system, firewall and anti-virus software switched on and updated. Out -of-date
anti-virus programs are useless, but the better ones, such as the free AVG
(www.grisoft.com), have excel1ent auto-update features. Perform an online scan
if you suspect mischief - try Panda’s version at
tinyurl.com/455j. And install a good
anti-Trojan package, such as Trojan Hunter (www.misec.net/trojanhunter).
THE ROGUE DIALLER
A virus that secretly connects your
computer to the net to rack up huge phone bills by calling premium-rate or
international numbers over a dial-up modem. It is often transmitted in
e-mails. People may also be fooled into downloading one while browsing,
malicious gambling or adult websites. The telecoms ombudsman, Otelo, says that the onus is on consumers
to protect themselves from rogue
dialers, as they must pay any resulting bill. BT recently launched www.bt.com/premiumrates to provide
advice.
SYMPTOMS
The first most people know of these
nasties is a phone bill for hundreds or even thousands of pounds. You may
notice that your computer dials the internet unexpectedly, or frequently
disconnects and reconnects, or that the dialing sounds last longer than usual
(reflecting longer international numbers).
FIX
Disconnect the modem from the phone
line when not in use (this includes broadband subscribers who have a stand-by
dial-up account) and install a software guard, such as the free Modem
Protection program from BT (www.btmodemprotection.com)
or Reconnect Warning (£6 from www.reconnectwarning.com).
Block premium-rate and
international calls on your phone by contacting your phone company. From
September 15, a new
regulation provides 30 days from the date a rogue call is made for consumers to
alert the regulator ICSTIS (0800 500212) and your phone company. Also ask for
monthly bills.
THE PHISHER
Fraudsters send out
millions of e-mails purporting to come from banks and other financial
institutions. Typically, they ask you to click on a website link, go to the
site and update your account details, in
some cases cheekily
claiming that it is "to protect against fraud". Once you're on the
fake site, the crooks will ask you to input account details and passwords, at which point
your account becomes toast. The latest figures from the security firm
Symantec suggest that one in every 250 e-mails is a phishing attack. What's
consoling is that, while the Association of Payment and Clearing Services
reports that UK banks lost £12m through such online fraud in 2004, that total
is small when compared with the £504m lost last year to credit-card fraud.
SYMPTOMS
A lavishly designed
e-mail message with bank letterhead and logo. One of the immediate giveaways
may be bad English, poor grammar or misspelling, but the more sophisticated
mails are perfect in every detail.
FIX
No bank, building
society or online service such as Pay Pal or eBay will ever send an e-mail asking
you to supply account details, so even if it looks impressively official,
neither click on it nor reply to it. If you believe that you have become
a victim, contact the financial institution immediately.
There are three main
vulnerabilities in general - e-mail, web browsers and computer ports. Nobody is immune.
Pharming is a
sophisticated form of attack that uses the net's complex addressing system
called DNS, to redirect people from legitimate sites to bogus addresses. So,
for instance, you enter www.ebay.com in your
address bar and are unaware that you have landed at a look-alike site. As yet,
these attacks are rare, but they the potential for serious mischief if
perfected. Symantec claims that along with phishing, pharming attacks have
trebled in the past six months.
SYMPTOMS
Examine your browser's
address bar, where you may notice that the plausible website name is not
exactly
what you typed
(www.eebay.com, for example) or has an sign in the middle.
Install and run a
specialised browser such as Deepnet Explorer (www.deepnetexplorer.com) or
an antidote tool. such as Spoof Stick (www.corestreet.com/spoofstick). This
software displays the real web address you are visiting outside the address box
itself, so you know exactly where you are.
Hacking - or, more properly, cracking - is a
generic term that means breaking into a computer, either remotely or on site. Cracks may include defacing
websites or installing software to reveal passwords and sensitive personal
details, or logging each key-press made on the keyboard. Last year saw a 36%
increase in attacks on web servers - with nearly 400,000 attacks logged around the
world by the security firm Zone-h.
SYMPTOMS
Unfortunately,
well-written cracks are almost invisible until it's too late, so always be
conscious of security. Modern computer attackers have moved into stealth mode.
They want to keep your computer running as if nothing is wrong, so they can use
it to launch zombie attacks on selected targets."
FIX
Never give out passwords and sensitive account details, or allow strangers to remain in your computer room for long periods without supervision. If you think you have been hacked, run antivirus programs or specialist tools such as Advanced Anti Keylogger Lite (www.spydex.com/advanced-anti-keylogger . html) or the free Ewido suite (www. ewido.net/en/lfeatures) and see if they detect intruders.
Software designed to surreptitiously collect
and report information about your surfing habits is called spyware. The
security firm Computer Associates recently claimed that most computers have
about 80 or 90 pieces of potentially malicious code on them, with an average of
four pieces of serious spyware. These programs are installed on computers when
people download certain software or visit dubious websites.
SYMPTOMS
Most spyware, by
definition, operates silently in the background, so is difficult to spot.
However, be suspicious if you notice your browser running slowly or Internet Explorer crashing
unusually
frequently.
FIX
Most ad-supported
freeware and free toolbars or search bars are funded by trackers, so stay away
from this type of software unless it comes from reputable companies such as
Opera, Yahoo! or Google. To locate and remove, download Ad-Aware from
www.lavasoftusa.com (note the correct web address, as there are similarly named
fakes). Microsoft has released similar anti-spyware protection, described at
tinyurl.com/47cus. Remember to set your virtual policeman to perform a scan automatically
and regularly. The price of security is eternal vigilance.