Author: Steve Gold
It seems that the US is not alone in being a hotbed of criminal actyivity when it comes to cloned debit cards, as reports are surfacing about eight people being rounded up in Canada in connection with a debit card cloning scam worth US$1 million.
Frightening statistics about viruses are often flung into the ether by antivirus companies hoping to get a little media exposure. But one recent report from web security experts makes some worrying reading even for skeptics.
According to ScanSafe, an Internet security provider, there has been a 400 percent rise in attacks on users' computers from trusted, legitimate sites. In the past, antivirus authorities warned people about the dangers of visiting Internet sites that they were suspicious of, but it seems new traps are being laid by ingenious virus makers.
It looks as though malicious software (malware) producers will not be deterred. Quickly sensing that users are wising up to the dangers of visiting dubious websites, virus makers are taking a new tack ― they are attempting to infest the bona fide sites that most people know and trust.
Another web security company, Websense, say that over half of all malware attacks now come from legitimate sites that have been infested with malicious code.
Hackers can ``colonize'' thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites, according to Mary Landesman, a senior security researcher at ScanSafe.
The issue of Internet Security is increasingly pressing, and one of the themes of the OCED Ministerial Meeting held last week was ``Building Confidence.'' A specially-organized ``Global Industrial Security Forum 2008'' at the meeting was set to examine Internet and industrial security.
Malware makers know that there is big, quick money available to them if they develop an effective virus, and count some very sophisticated software experts among their number.
Once we were worried about computer viruses, now we should also be wary of Denial of Service attacks, trojans, worms, rootkits, phishing, pharming and spyware. The list grows by the year.
A recent malware trend is the ``randomware'' attack, where hackers break into computer systems and encrypt files before demanding money to decode corrupted data. It seems that as hard as try to we protect ourselves from harm on the net, the virus makers remain one step ahead.
The OCED meeting was well-timed for Korea, it seems. This year alone, the South Korean government has three times accused its neighbors and political rivals, the Chinese and North Koreans, of launching ``cyber terrorist attacks.'' In January, a worm sent as an attachment to soldiers' email accounts was traced to Chinese IP addresses, which are also used by Pyongyang.
In May, Korea was rocked by two security breaches ― with first Auction, one of the country's best-loved sites having its security compromised, leaking personal information on some 11 million Korean citizens onto the net. Only a few days later, Cheong Wa Dae, the official residence of the President, admitted that it had also experienced a security breach earlier in the year and that classified documents had been accessed by hackers.
Blame was again laid at the feet of the North Koreans or China, as the attacks were said to have both been traced again to Chinese IP. Such incidences of purported ``cyber terrorism'' are becoming more widespread globally, with Estonia accusing Russia of an attack in 2007.
As far as counter-terrorism efforts go, advances are also being made, fortuantely. Forensics is a buzzword in 2008 as governments start to work to allow courts to consider a whole new variety of evidence in legal proceedings. This will allow judges more power to deal with malware distributors. As things stand, legislation on digital matters is often either hazy or even non-existant in many countries. Security experts are optimistic that the OECD discussions will help International governments work together on legal matters concerning the Internet.
As e-commerce and e-politics start to become the norm, hopes are the OCED recognizes just how important it is that the Internet stays safe from the clutches of talented hackers.
Phishing scams are becoming more and more diverse, as Internet fraudsters attempt to trick people into handing over bank details and confidential passwords.
``Phishers'' are now using networking and Internet telecommunication sites, like MSN Messenger and Skype, as ways to get in contact with potential victims.
Skype's CEO, Josh Silverman, in Korea for the OCED Ministerial Meeting, admitted on Monday that his company was almost powerless to prevent innocent users from handing sensitive information over to web tricksters, but that caution was advised. He said, "Nothing can protect users better than education. We all need to work together to help people get informed about security risks."
Song Eun-soo is an IT Manager and a Certified Information Systems Auditor at Oerlikon Korea, an engineering firm. Song agrees the OCED and governments can play a big role in shaping a secure Internet for the future.
``Governments need to take a more active role. They need to start up public awareness campaigns to keep ordinary people informed about things to look out for when they are on the net. Better legislation and more monitoring is needed to clamp down on people who are using the Internet to steal from or attack innocent users,'' he says.
Indeed, although malware users keep on getting craftier in their efforts to hack the computers of the unsuspecting, the fault for Internet security breaches can mostly be apportioned to users who lack knowledge about how to keep safe on the net. A Deloitte report estimates that third parties are at fault for less than 30 percent of Internet Security failiures, while human error was invovled in more than 75 percent of the cases.
Forgetting to back up files and update anitvirus and other software are common blunders that can let malware onto a system. Even after the security breaches at Cheong Wa Dae, speculation was rife that the worm that infiltrated the governemnt computers was allowed access because of an employee failing to follow security protocol.
Corporate respondees from the Deloite study said that a staggering 91 percent of Information compromises were caused by mistakes made by their staff.
Song says people are generally just badly informed when it comes to security, and when it comes to new scams and malware, the best tool for prevention is knowledge. ``I think the digital divide creates a security divide. Lack of information can cause the uninitiated to bring about a lot of Internet misfortune upon themselves and others,'' he explains.
Perhaps if we all only knew how better to keep up our guard against all of the baddies that want to steal our data and money, the hackers would lose thier power. But until we know how to keep informed on how to build up our defences, the virus makers look set to keep on attacking the naivity of the Internet's billions of users with a restless intensity.
The Canadian police say they are also looking for a ninth person, in connection with the scam which saw the crims switch PINpads at a number of retail outlets.
The PINpads worked normally for the retailer, but also transmitted the data stream wirelessly to allow the crims to create cloned cards quite easily.
A total of 15 stores, mainly in the Montreal area, appear to have been hit by the fraudsters and, say police, more than 1,000 cardholders have complained to their banks about unauthorised charges.
The case is interesting as, as I've said before, cases like this in the UK tend to get swept under the corporate carpet is a bid to maintain public confidence in the chip and sPIN system...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment