SlideShare uma empresa Scribd logo

Hacking - how accessible is it?

CPPGroup Plc
CPPGroup Plc

A CPP white paper that looks at explores the general public’s view of the issue of hacking as well as looks at some of the consequences of hacking.

Tecnologia
1 de 22
Baixar para ler offline
Hacking - how accessible is it? A CPP white paper May 2011
Contents 1.1 Foreword 1.2 Background news 1.3 Research methodology 1.4 Key findings - There are over 20,000 videos on YouTube alone devoted to ‘Hacking’ - From the beginning of the controlled hacking lesson to the point each volunteer was able to intercept another member of the group’s passwords took only 14 minutes - Over seven million people have had their online password-protected information accessed without their permission - Nearly a quarter (24%) have had their personal e-mails accessed - 65 per cent of people are concerned about their password protected information being accessed - People are aware that hacking tutorials exist on the Internet - An overwhelming majority do not think this material should be online - 63% of people want hacking tutorials removed from the internet 1.5 Conclusion 1.6 Appendix 1.7 Protecting your information from hackers 1.8 Further information 1.9 About CPP Hacking - how accessible is it? May 2011
Introduction 2 1.1 Foreword ‘Hacker’ is the term given to those who break into a computer system or network. In the digital age, this has become an all-too-easy way to steal millions of pounds from unsuspecting organisations and individuals. To highlight the issue: amidst nationwide cuts, the UK government raised the cyber defence budget to more than £700m in February 2011. The recent Sony security breach that saw a hacker gain access to the personal data of an estimated 100 million online gamers worldwide has demonstrated the growing and widespread risk that hackers pose to consumers and businesses. The issue is serious because of the risk it poses to those customers, but also the consequential reputational damage to businesses like Sony. It is interesting to note that one of the criticisms directed at Sony in the mainstream media and on blogs and forums was the delay in informing customers that their data had been compromised whilst they tried to quantify the exact detail behind the security breach. Sony’s immediate concession was to give its gamers a free period of subscription, but as the consequences of the breach became more apparent this extended into the provision of identity fraud protection services to those customers affected. The data breach although significant is by no means isolated and it brings into sharp focus the need for consumers and businesses to understand the risks so they can take the necessary risks to protect their identities and confidential data. Investigating the security of wi-fi networks across the UK, CPP carried out a live ‘wardriving’ experiment in November 2010 where we identified nearly 40,000 wireless networks as high-risk, opening up the personal data of thousands of unsuspecting individuals. In addition, our experiment showed that more than 200 people unsuspectingly logged onto a fake wi-fi network hub over the course of an hour, putting users at risk from hackers who could easily harvest their personal and financial information. Most recently looking at the security of mobile phones, we found that over half of second hand mobile phones purchased on eBay by CPP contained extensive personal data including credit and debit card PIN numbers, bank account details, passwords, company information and log in details to social networking sites like Facebook and LinkedIn. Whilst technology is undoubtedly a great enabler opening up a global market in goods and services, it also carries risk due to the proliferation of data and personal information. It is probably a fair assumption to say that we cannot guarantee that our identities will not be stolen as there are too many variables beyond our immediate control. This papers aims to investigate the issue of hacking and how the internet plays a part in the dissemination of tutorials designed to instruct in this practice. Hacking information and, more importantly, hacking tools are freely-available to the public. These can be found in locations as diverse as underground hacking websites, through to YouTube. An online search yields thousands of videos, which deliver step-by-step instructions on how to hack. This, in combination with the free tools, provides anyone with an internet connection the opportunity to become a hacker. In addition to the following online audit, a hacking tutorial took place. This demonstrated just how quickly this information can be used to allow a novice to become a hacker. Moreover, the paper explores the general public’s view of this issue and looks at some of the consequences of unauthorised access to their password-protected online accounts and what subsequent action they would like to mitigate risk. Hacking - how accessible is it? May 2011
3 1.2 Background News - On 26 April the media reported that 70 million Sony PlayStation Network gamers including three million Britons had their names, addresses, dates of birth, passwords and security questions stolen. Sony also admitted that hackers may have gained access to people’s credit card details.1 - A further 25 million gamers had their personal details stolen as a result of security breaches at Sony. As well as the PlayStation Network, the company has now taken its Sony Online entertainment (SEO) service offline .2 - Sony blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100 million online gamers. In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous. The online vigilante group has denied being involved in the attack.3 - Anonymous is the name of a grass-routes cyber army that in December 2010 launched attacks that temporarily shut down the sites of MasterCard Inc and Visa Inc using simple software tool available for free over the internet. The group attacked the two credit card companies with ‘denial of service’ attacks that overwhelmed their servers for blocking payments to WikiLeaks.4 - In August 2009 US prosecutors charged a hacker with stealing data relating to 130 million credit and debit cards. In the biggest case of identity theft in American history, the conspirators hacked into payment systems of retailers including the 7-Eleven chain.5 - According to new government figures, cyber crime is costing the UK economy a whopping £27bn a year. The report was produced by Ocsia and BAE Systems security subsidiary Detica. The report, which was unveiled by security minister Baroness Neville-Jones, estimates that over 12 months cyber crime cost government and citizens £2.1bn and £3.1bn respectively.6 1 Source: Daily Telegraph, ‘Millions of internet users hit by massive Sony PlayStation data theft’, 26 April 2011 2 Source: BBC News Technology, ‘Sony warns of almost 25 million extra user detail theft’, 3 May 2011 3 Source: BBC News Business, ‘Sony ‘distracted by vigilante attack’ while data stolen’, 4 May 2011 4 Source: CDR inf, ‘Sony Says ‘Anonymous’ Group is behind cyber attack’, 4 May 2011 5 Source: BBC News, ‘US man ‘stole 130m card numbers’, 18 August 2009 6 Source: ArticlesBase: ‘Cybercrime costs the UK £27bn a year, more help needed to combat losses,’ 12 April 2011 Hacking - how accessible is it? May 2011
4 - Elsewhere, UK Police arrested three men in connection with using the SpyEye malware programme that is designed to steal online banking details. The investigation began in January 2011 and revolved around the group’s use of a uniquely modified variation of the SpyEye malware, which harvests personal banking details and sends the credentials to a remote server controlled by hackers.7 - US crime fighters are closing in on a gang behind a huge botnet after taking control of the criminals’ servers. Coreflood, the malware programme prompting the FBI investigation, has been around for at least a decade and can record keystrokes, allowing criminals to take over unsuspecting computers and steal passwords, banking and credit card information.8 - Nearly a third of British consumers use between one and three personal identification numbers for all of their debit and credit cards. According to Equifax, customers are leaving themselves vulnerable to criminals by reusing PINs and passwords for all their financial accounts.9 - The Unisys Security Index reported that bank card fraud is the number one concern with 93% of UK respondents worried about the issue, closely followed by identity theft which worried 93% of them.10 7 Source: PC World, ‘UK Police arrest three men over ‘SpyEye’ malware’, 11 April 2011 8 Source: BBC New Technology, ‘FBI closes in on zombie PC gang’, 14 April 2011 9 Source: Compare and save.com, ‘Brits using same PIN for different credit cards’, 10 May 2011 10 Source: Guardian, ‘Bank card fraud is Britons’ No 1 security concern, says survey’, 4 May 2011 Hacking - how accessible is it? May 2011
5 1.3 Research Methoodology ICM interviewed a random sample of 2005 adults aged 18+ online between 19 – 20 April 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk A live experiment was also carried out on April 18 2011. Firebrandtraining.co.uk was commissioned by CPP to conduct a tutorial teaching five participants how to download hacking software available in the public domain and capture users’ login details for various online accounts, including PayPal, Hotmail and Amazon, with the objective of the session being: - Demonstrate how long it takes to teach a class of individuals with no prior hacking experience and limited technological knowledge to learn how to hack into another user’s online account - Demonstrate how quickly these skills can be applied in order for the participants to hack into another user’s online account The five participants who took part in the class were a range of ages and occupations. All participants signed a disclaimer to state that they would not apply use the software and skills demonstrated by Firebrand Training for illegal or malicious attacks. Hacking - how accessible is it? May 2011
6 1.4 Key Findings Online Audit - There are over 20,000 videos on YouTube alone devoted to ‘Hacking’ A quick search on YouTube highlights the number of tutorials - for many different forms of hacking - available online. This was initially approached by completing a search for “how to hack” on YouTube. These provided more than 20,000 videos, with the most popular having millions of views. From the initial search, tutorials cover a broad remit. It may be easy to think that as long as your anti-virus is up-to-date, that you are safe online. However, the below shows the variety and number of online tutorials available: - “Hack Facebook”: 6,000 videos - “Hack PayPal”: 5,000 videos - “Hack MySpace”: 5,000 videos - “Hack iPhone”: 3,000 videos - “Hack Twitter”: 500 videos - “Hack Network”: 300 videos - “Hack Apps”: 200 videos - “Hack Blackberry”: 70 videos - “Hack CCTV”: 20 videos The average duration of these videos is three minutes. Creators of these videos know a hacker’s time is precious, the most popular videos are short and to the point. Although there are a variety of types of hacking tutorials available two distinct techniques were identified: - ‘Man in the middle’ - SQL injection Hacking - how accessible is it? May 2011
7 Man in the middle In simple terms, it places the hacker between the unsuspecting victim, and what he or she is viewing on the internet. This means that every piece of information that the victim sends or receives, passes via the hacker. This type of attack can be completed without either of the victims being aware of the presence of the man in the middle, so more than likely individuals will carry on transmitting information between each other, which could include credit card details and passwords, leaving them open to attack. A specific search for “man in the middle hacking” returns 1,000 videos, with the top video being viewed more than 200,000 times. http://www.youtube.com/watch?v=fc6_Vt3BLIk The above video link details a step-by-step guide on how to deliver a man in the middle attack. It has received more than 45,000 views in just over a year, and uses the password recovery software ‘Cain and Abel’. http://www.youtube.com/watch?v=GqleMWzSvUk The above video link is a ‘Screencast’, these are being used more and more as they are accessible and easy-to-follow because they demonstrate exactly what the user sees on their own screen. The viewer needs only replicate what they see, and they have become a hacker. It’s unnerving to see that the video above has been viewed more than half a million times in three years. Hacking - how accessible is it? May 2011
8 SQL injection The biggest credit card fraud in history was carried out using a SQL injection attack (see http://news.bbc.co.uk/1/hi/world/americas/8206305.stm). This type of attack requires a weakness in a website. The hacker delivers a specific line of code that causes the website to inadvertently reveal information from its database. http://www.youtube.com/watch?v=dDQ8oXWt58w The above video link has been viewed almost a quarter-of-a-million times in more than three years. Every viewer of this video now has a great understanding of how to attack weaknesses in any website. This is a reminder to organisations that they must seek to improve their IT security – before an outsider discovers any potential weaknesses in its systems. Tools The tools used for such attacks are freely available from hacking websites. They include: - Cain and Abel - Ettercap - Metasploit - Nessus - Nmap Hacking - how accessible is it? May 2011
9 Hacker Communities Although YouTube can provide the novice with a fast introduction to hacking, it’s not enough for the professional. There are online communities, with thousands of contributors, where the science of hacking is constantly evolving. Forums mean that anyone can gain access to a knowledge pool of thousands of hackers, from all over the world. The beauty (and danger) of the internet means that these communities are easily found. The two websites recommended by Firebrand’s Ethical Hacking instructor are: - www.irongeek.com - www.hackerthreads.org Ethical hackers are professionally trained hackers, who work on behalf of organisations that want to protect themselves from hackers. Ethical hackers aim to find weaknesses in their organisations’ systems before an outsider can find and exploit them. Hacker tutorial - each volunteer was able to intercept another member of the group’s passwords in only 14 minutes To highlight the ease of use of the tutorials identified above Firebrand completed a live experiment to teach a group of volunteers with limited technological knowledge how to become a hacker. Five volunteers were used: - Female, 36, self-employed baker - Male, 67, Retired - Female, 29, Student - Female, 29, TV producer - Male, 11 The volunteers undertook the experiment on 18th April at Firebrand Training’s offices in central London. Each volunteer signed a disclaimer stating they would not use the information for illegal or malicious attack. The experiment replicated a classroom environment and saw the group of volunteers be taken through a simple tutorial using a ‘man in the middle’ technique using Cain and Abel software, this enabled the group to be shown how to hack into a computer network and obtain another person’s login details. The presentation that they were taken through is available on request. The tutorial used a ‘screencast’ technique so as they were being taken through the presentation they were also undertaking the hack themselves. From the beginning of the lesson to the point of each volunteer able to intercept another member of the group’s passwords took 14 minutes. Hacking - how accessible is it? May 2011
10 Over seven million people have had their online password-protected information accessed without their permission When we asked if people have had their online password-protected information accessed without their permission the results were quite surprising. 16 per cent of the adult population claimed their accounts had been accessed. This equates to over seven million adults over the age of 18 in the UK. Demographically, people aged 18-24 were the most likely to claim their online accounts had been accessed without their permission (34%) verses only 5 per cent of people aged 65+. This variance is no doubt influenced by the number of online accounts that 18-24 year olds have and the frequency they use them. Regionally people in the Midlands (18%) were the most likely to see their accounts illegally accessed, followed by Wales and South West England (16%) and Scotland (16%). Elsewhere in our survey, 13 per cent of people admitted to have accessed someone else’s password-protected information, without their permission. Demographically and very concerning, a quarter of 18-24 year olds admit to accessing other people’s password- protected information without their permission. This type of behaviour is not common practice amongst the older generations i.e. six per cent of 35-44 year olds, four per cent of 45-54 year olds and one per cent of 55-64 year olds admit to this practice. When the motivations for accessing other people’s password-protected accounts were explored in more detail, fun, (32%) was the primary driver, followed by ‘to check up on my partner’ (29%), to access services that people don’t have (16%) and gossip (11%). Other motivations, although much less prominent, included ‘to check up on work colleagues’ (8%), and ‘for financial gain’ (2%). Somewhat concerning 20 per cent of people claimed they would be willing to access someone else’s online account without their permission in the future with a quarter of men and 28% of 24-34 year olds willing to do this. Hacking - how accessible is it? May 2011
11 60 40 100 18% 20 80 0 Q: Has anyone ever accessed your password-protected information on any of the following Male types of accounts without your permission? 60 100 Yes 80 40 60 18% 20 40 18% 20 16% 13% 0 Male 0 Male Female Total All respondents (by gender) 100 Yes Yes 80 60 40 34% 20% 19% 20 12% 11% 5% 0 18-24 25-34 35-44 45-54 55-64 65+ All respondants (By age) Yes Hacking - how accessible is it? May 2011
12 Nearly a quarter (24%) have had their personal e-mails accessed The breadth of online accounts accessed without permission was large. Nearly a quarter (24%) of people said their personal e-mails had been accessed, but there were other serious consequences. 19 per cent said their eBay accounts had been hacked, 16 per cent experienced some form of card fraud i.e. unauthorised online spending and also had their social networking profile hijacked. Of concern for businesses, seven per cent had their work e-mails accessed. Demographically those aged 55-64 were the most likely to report their personal e-mails accessed (35%), their eBay account hacked (35%) and some form of card fraud (21%). Those people aged 18-24 were the most likely to report their social networking profile had been hacked (36%). Regionally people in the South East were the most likely to report their personal e-mails had been hacked (26%). In the Midlands, the most common form of unauthorised access was to their eBay account. The North of England and Scotland were most likely to report card fraud as a consequence (19%). In a separate and complementary piece of identity fraud research conducted by ICM across 2,030 adults 8 – 10 April 2011, in the last 12 months five per cent of people claim to have had their personal information used for fraudulent purposes – this equates to approximately 2.4 million adults in the UK. Q: As a result of having your password protected information accessed, did you experience any of the following? 40 38% 35 30 26% 25% 25 22% 22% 20 19% 19% 15 14% 14% 12% 11% 9% 10 8% 6% 6% 5% 5% 5% 5 4% 3% 4% 4% 2% 2% 0 Male Female All respondents who have had their password-protected information accessed without permisson Your personal emails accessed Your identity stolen Your eBay account hacked An illegal activity traced Card fraud (e.g. Money being taken from back to you your account, ATM withdrawals, online spending) Your network used to download Your social networking profile hijacked inappropriate material Money taken/a loan taken out in your name Other Your work emails accessed None of the above Don’t know Hacking - how accessible is it? May 2011
13 65 per cent of people are concerned about their password protected information being accessed It is no surprise given the well-publicised consequences of unauthorised data breaches that 65 per cent of people are concerned about their password protected information being accessed without their permission. Within this net figure, 33 per cent are very concerned and 33 per cent are fairly concerned. Men are very marginally more concerned then women (66% verses 65%) and those aged 45-54 (71%) are the most concerned demographic. Regionally people in Wales and the South West were the most concerned (69%) verses 63 per cent in the South East. This survey was conducted on the 19 –20 April, six days before Sony admitted that a massive data breach had occurred giving hackers access to over 100 million customer details including names, addresses, dates of birth, passwords, security questions and in 35 33% 33% some cases payment card details. We can only surmise that the level of concern would be higher today given the widespread media coverage and the fact that three million Britons 30 were affected. 25 In the aforementioned ICM research (see page 12) ‘identity fraud’ was ranked as the sixth (4%) issue that people feel ‘most’ at risk from. As an issue this puts it behind ‘financial 20 hardship’ (23%), ‘illness’ (15%), ‘unemployment’ (7%), and ‘driving accidents’ (4%), but ahead of ‘burglary’ (3%). 16% 15 When ICM asked what would worry them if someone used their personal information 12% without their permission, nearly half (47%) said that having to pay for communication and legal costs would worry them, but not knowing what to do was selected by nearly a third 10 (29%) of people as the thing that would worry them the most. 5 Q:How concerned, if at all, are you about having your password protected information accessed without your permission? 0 All responda 35 33% 33% Very concerned Fairly concerned 30 Neither concerned nor unconcerned Fairly unconcerned Very unconcerned 25 Don’t know 20 17% 16% 15 12% 10 5% 5 1% 0 All respondants Very concerned Fairly concerned Neither concerned nor unconcerned Fairly unconcerned Hacking - how accessible is it? Very unconcerned May 2011 Don’t know
14 People are aware that hacking tutorial exist on the Internet Although not generally publicised in the mainstream media, there is a general level of awareness that these types of hacking tutorials exist online. Three per cent of adults have seen hacking tutorials online and a further one per cent has admitted to using them. 13 per cent report they have never seen a tutorial, but are aware they exist. Men are more likely than women to claim to have seen an online tutorial (4%), personally used one (2%) and know they exist (17%). Respondents aged 18-24 are the most likely to have seen this type of material (10%) and aware that they exist online (24%). People in the south east are the most aware of the existence of hacking tutorials online (17%). Generally speaking, respondents in the April ICM research felt the most common ways people could obtain personal information was online via someone hacking into their computer (62%), through a fake or non-secure website (56%) and during a purchase or other transaction (53%). Interestingly consumers seem very aware of the value of paper- based material with over half of people believing personal information could be obtained via a domestic burglary (51%), from household rubbish (50%) and from postal mail (43%). Consistent with the growth in smartphones, 16 per cent think their personal information is at risk from this type of device. Q:Have you ever come across tutorials on the internet telling you how to access someone’s password protected information? 100 86% 80 75% 60 40 20 17% 10% 4% 2% 2% 2% 1% 2% 0 Male Female All respondants Yes, I have seen a tutorial online Yes, I have seen a tutorial online and used one No, I have never seen a tutorial online but I am aware they exist No, I have never seen a tutorial online Don’t know Hacking - how accessible is it? May 2011
15 An overwhelming majority do not think this material should be100 online Not surprisingly, 87 per cent of respondent do not want this information to be 83% available online. 80 91 per cent of women and 96% of people aged 65+ are against this type of content. Conversely 16 per cent of 18-24 year olds believe online hacking tutorials should be made 60 available verses one per cent of people aged 65+. Respondents in Scotland are the most opposed to this type of online content, but the 40 overwhelming consensus is one of general opposition. Q:Do you think that tutorials that teach people how to access someone’s password20 protected information should be available online? 9% 8% 0 100 100 Male 91% 87% By gender 83% Yes 80 80 78% No 77% Don’t Know 60 60 40 40 20 9% 20 8% 6% 7% 16% 6% 4% 10% 8% 0 Male Female Total 0 All Respondents 18-24 25-34 100 96% Yes 95% By Age 90% No Don’t Know Yes 81% 80 77% 78% No Don’t know 60 40 20 16% 12% 10% 11% 8% 8% 6% 4% 3% 3% 3% 1% 0 18-24 25-34 35-44 45-54 55-64 65+ All respondants Yes No Don’t know Hacking - how accessible is it? May 2011
16 63% of people want hacking tutorials removed from the internet Consistent with the view that the great majority do not think this type of material should be available online, there is an overwhelming opinion that thinks this type of content should be removed (63%), that it increases the risk of identity fraud (59%) and that the Government should take action to remove ‘hacking’ tutorials from the internet (56%). Just as worrying, just over half (53%) think people who come across this type of content might be tempted to experiment and just six per cent think that people would not pay any attention to this type of content. Only one per cent of people believe ‘hacking’ tutorials are light hearted fun and nothing to worry about. Generally speaking people are more opposed to this type of online content the older they are, for example, 75 per cent of people aged 65+ want hacking tutorials removed verses 54 per cent of 18-24 year olds. People in Scotland are the most critical of this online material and are most in favour of Government action. Q: Below are some of the views people have expressed about online tutorials that teach people how to access someone’s password protected information. Which, if any, of these statements, reflect your views on these tutorials? 80 70 63% 59% 60 57% 56% 53% 50 40 30 20 10 6% 4% 4% 1% 0 All respondents I think ‘hacking’ tutorials should be removed from the internet ‘Hacking’ tutorials increase the risk of identity fraud I am concerned that ‘hacking’ tutorials exist online I think the Government should take action to remove ‘hacking’ tutorials from the internet I think some people that come across ‘hacking’ tutorials might be tempted to experiment I do not imagine that many people would pay attention to ‘hacking’ tutorials ‘Hacking’ tutorials are merely light hearted fun and nothing to worry about None of these Don’t know Hacking - how accessible is it? May 2011
17 1.5 Conclusion This investigation was prompted by the increasing number of hacking tutorials that are appearing on social networking sites like YouTube; a number we calculate to be in the region of 20,000 videos, with the top videos each having millions of views. It is also timely given the recent news of the massive data breach by Sony, which must rank as one of the largest data breaches in corporate history dwarfing previous examples that have hit the headlines including when HMRC told Parliament in November 2007 that the personal details of 25 million Britons had been ‘lost in the post’. Using an IT training consultancy, Firebrand Training, we were amazed that a panel of people with no previous information security training could be taught to download and use hacking software in the public domain in order to capture users’ login details for various online accounts including PayPal, Hotmail and Amazon in less than 15 minutes. The technique demonstrated in the live session, known as ‘man in the middle’ hacking, works by hijacking computer and wi-fi networks. As a user logs in to their online account, their username and password appears on the hacker’s own desktop, allowing them to store this sensitive information and access someone’s account – either immediately or at a later date. A specific search for ‘man in the middle’ on YouTube returned more than 1,000 videos, with the top video being viewed more than 200,000 times. The 14 minute classroom-style tutorial freely available online is undoubtedly a real concern and we must consider that everyone is a potential target. These resources are only going to grow and become more advanced, meaning that organisations and individuals must take steps to protect themselves. When we broadened the investigation and asked the general public their views on the issue, over seven million adults claimed to have had their password-protected accounts accessed without their permission with personal e-mails accessed, eBay accounts hacked and card fraud the subsequent consequences. Asked about how concerned they were about unauthorised access to their online accounts, the majority of respondents said they were concerned and an overwhelming majority wanted to see this type of content removed from online sites. Very few people considered hacking tutorials as ‘lighted-hearted fun’ and most wanted the Government to take action. The inability to police the internet from materials like this is undoubtedly one of the downsides of the World Wide Web. For both businesses and consumer it is important to keep anti-virus and firewall software up-to-date and change passwords regularly. Also to use common sense – if security warning messages appear in your browser, don’t ignore them as this could be an indicator that your network has been hacked. Data breaches, lost information and hackers’ illegally accessing data all pose a risk and it is our attitude to how we proactively manage our identities that is likely to influence the impact of the loss and severity of any fraud. Hacking - how accessible is it? May 2011
18 1.6 Appendix Irongeek.com lists the top 25 hacking resources, as voted by its readers. This highlights just how many resources are available! http://www.securityfocus.com http://www.packetstormsecurity.nl http://www.sans.org http://www.cert.org http://www.securiteam.com http://www.linuxsecurity.com http://www.phrack.org http://www.neworder.box.sk http://www.slashdot.org http://www.google.com http://www.securitynewsportal.com http://www.infosyssec.com http://www.snort.org http://www.honeynet.org http://www.dshield.org http://www.astalavista.com http://www.whitehats.com http://www.incidents.org http://www.microsoft.com http://www.iss.net http://www.cisecurity.org http://www.networkintrusion.co.uk http://www.isc.incidents.org http://www.grc.com http://www.foundstone.com Hacking - how accessible is it? May 2011
19 1.7 Protecting your information from hackers Michael Lynch is an identity fraud expert at CPP and offers the following advice to consumers to help protect them from identity fraud. Michael is responsible for the UK Identity Protection portfolio at CPPGroup Plc (CPP). Michael has been with CPP for 14 years. His experience in financial services extends to customer service, new product and market development and affinity relationships. During his time at CPP, Michael has helped bring to market one of the UK’s market leading services, Identity Protection, which now protects over one million UK consumers from the consequences of this rapidly growing crime. In addition, Michael had used his expertise to create a commercial identity theft product aimed at protecting businesses of all sizes. He has also developed a strong understanding of consumer perception and reaction to identity theft and its consequences. In addition Michael has been responsible for breaking some major identity theft stories in the media, including the availability of fraudulent documents online, car cloning, junk mail and postal theft. Committed to forging industry co-operation to reduce the opportunities for identity theft he is leading the call for consumers to change their behaviour to counter what is becoming an increasingly sophisticated and intrusive crime. Michael is media trained across print and broadcast and is available for media interviews on the issue of identity fraud. Hacking can threaten us every day of our lives – but not only when we’re sat in front of a PC. From accessing Wi-Fi in a coffee shop or checking emails on a phone, through to playing on a games console at home - there’s someone out there who’s learning how to get closer to your personal information. Top tips: 1. Change your passwords regularly - the longer and more obscure, the better 2. Leave a website if you notice strange behaviour (unknown certificates, pop-ups etc.) 3. Avoid transmitting sensitive data over public (free or otherwise) Wi-Fi 4. When seeking Wi-Fi connections: know who you are connecting to, be wary of free Wi-Fi access 5. If using a smartphone: disable Wi-Fi ‘auto-connect’ 6. If you are concerned about identity fraud, purchase an identity fraud protection product to help you protect, prevent and resolve any incidents of fraud. Unless you know your connection is secure, CPP recommend not communicating any information or data that you wouldn’t feel comfortable shouting across a crowded room. Hacking - how accessible is it? May 2011
20 1.7 For further information please contact: Nick Jones - Head of Public Relations CPPGroup Plc Holgate Park York YO26 4GA www.cppgroup.plc Tel: 01904 544 387 E-Mail: nick.jones@cpp.co.uk Hacking - how accessible is it? May 2011
21 CPP is an award- winning organisation: - Finalist in the Plc Awards, New Company of the Year 2011 - Winner in the European Contact Centre Awards, Large Team of the Year category, 2010 - Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010 - Winner in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010 1.8 About CPP - Finalist in the National Corporate Background Information Insurance Fraud Awards, Counter Fraud Initiative The CPPGroup Plc (CPP) is an international marketing services business offering bespoke of the Year category, customer management solutions to multi-sector business partners designed to enhance 2009 their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability. - Finalist in the European Contact Centre Awards, This is underpinned by the delivery of a portfolio of complementary Life Assistance Large Team and Advisor products, designed to help our mutual customers cope with the anxieties associated with of the Year categories, the challenges and opportunities of everyday life. 2009 Whether our customers have lost their wallets, been a victim of identity fraud or looking - Named in the Sunday for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to Times 2008 PricewaterhouseCoopers enjoy life. Globally, our Life Assistance products and services are designed to simplify the Profit Track 100 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Finalists in the National life and worry less. Business Awards, 3i Growth Strategy Established in 1980, CPP has 11 million customers and more than 200 business partners category, 2008 across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year. - Finalist in the National Business Awards, In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the Business of the Year previous year. category, 2007, 2009 and Highly Commended In March 2010, CPP debuted on the London Stock Exchange (LSE). in 2008 - Named in the Sunday What We Do: Times 2006, 2007, 2008 CPP provides a range of assistance products and services that allow our business partners and 2009 HSBC Top to forge closer relationships with their customers. Track 250 companies We have a solution for many eventualities, including: - Regional winner of the National Training - Insuring our customers’ mobile phones against loss, theft and damage Awards, 2007 - Providing assistance to cancel and reorder customer’s payment cards should - Winner of the BITC these be lost or stolen Health, Work and Well-Being Award, 2007 - Providing assistance and protection if a customer’s keys are lost or stolen - Highly Commended in - Providing prevention, detection and resolution assistance to protect customers the UK National against the insidious crime of identity fraud Customer Service Awards, 2006 - Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service - Winner of the Tamworth Community Involvement - Monitoring the credit status of our customers Award, 2006. Finalist in - Provision of packaged services to business partners’ customers 2008 - Highly Commended in The Press Best Link For more information on CPP click on www.cppgroupplc.com Between Business and Education, 2005 and 2006. Winner in 2007 UK Regional Card Fraud May 2011

Recomendados

Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security ThreatsUmakant Mishra
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011CPPGroup Plc
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
Emerging cyber threats_report2012
Emerging cyber threats_report2012Emerging cyber threats_report2012
Emerging cyber threats_report2012day4justice
 

Recomendados

Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security ThreatsUmakant Mishra
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011CPPGroup Plc
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
Emerging cyber threats_report2012
Emerging cyber threats_report2012Emerging cyber threats_report2012
Emerging cyber threats_report2012day4justice
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Noah Lang's Presentation
Noah Lang's PresentationNoah Lang's Presentation
Noah Lang's PresentationMediabistro
 
issue and trend in integrative media
issue and trend in integrative mediaissue and trend in integrative media
issue and trend in integrative mediaAnies Syahieda
 
Device Hacking
Device HackingDevice Hacking
Device HackingDamian T. Gordon
 
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTANitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTASaurav Gupta
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Youth of Turkey online
Youth of Turkey onlineYouth of Turkey online
Youth of Turkey onlineUNICEF Europe & Central Asia
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Youth of Turkey Online
Youth of Turkey OnlineYouth of Turkey Online
Youth of Turkey OnlineUNICEF Europe & Central Asia
 
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...pharmaindexing
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010Andris Soroka
 
Wi Fi
Wi FiWi Fi
Wi Fivenkatesh R
 
Cloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell GoodmanCloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell Goodmanjonneiditz
 
127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crimehomeworkping8
 
Software piracy
Software piracySoftware piracy
Software piracyTi-Sun
 
The impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian OrganisationsThe impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian Organisationssiswarren
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...INSPIRIT BRASIL
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueBaharul Islam
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
Vincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent Mwando
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 

Mais conteúdo relacionado

Mais procurados

Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Noah Lang's Presentation
Noah Lang's PresentationNoah Lang's Presentation
Noah Lang's PresentationMediabistro
 
issue and trend in integrative media
issue and trend in integrative mediaissue and trend in integrative media
issue and trend in integrative mediaAnies Syahieda
 
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTANitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTASaurav Gupta
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...pharmaindexing
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010Andris Soroka
 
Cloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell GoodmanCloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell Goodmanjonneiditz
 
127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crimehomeworkping8
 
Software piracy
Software piracySoftware piracy
Software piracyTi-Sun
 
The impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian OrganisationsThe impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian Organisationssiswarren
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...INSPIRIT BRASIL
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueBaharul Islam
 
Vincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent Mwando
 

Mais procurados (20)

Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
Noah Lang's Presentation
Noah Lang's PresentationNoah Lang's Presentation
Noah Lang's Presentation
 
issue and trend in integrative media
issue and trend in integrative mediaissue and trend in integrative media
issue and trend in integrative media
 
Device Hacking
Device HackingDevice Hacking
Device Hacking
 
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTANitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Youth of Turkey online
Youth of Turkey onlineYouth of Turkey online
Youth of Turkey online
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
Youth of Turkey Online
Youth of Turkey OnlineYouth of Turkey Online
Youth of Turkey Online
 
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
Cloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell GoodmanCloud Webinar Neiditz Weitz Mitchell Goodman
Cloud Webinar Neiditz Weitz Mitchell Goodman
 
127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime
 
Software piracy
Software piracySoftware piracy
Software piracy
 
The impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian OrganisationsThe impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian Organisations
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with unique
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Vincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent O. Mwando - Encryption
Vincent O. Mwando - Encryption
 

Semelhante a Hacking - how accessible is it?

Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010CPPGroup Plc
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docxRAJU852744
 
cyber security seminar session-3.pptx
cyber security seminar session-3.pptxcyber security seminar session-3.pptx
cyber security seminar session-3.pptxVijay Rathod
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 

Semelhante a Hacking - how accessible is it? (20)

Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010
 
MIS.pptx
MIS.pptxMIS.pptx
MIS.pptx
 
Hamza
HamzaHamza
Hamza
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)
 
cyber security seminar session-3.pptx
cyber security seminar session-3.pptxcyber security seminar session-3.pptx
cyber security seminar session-3.pptx
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' Debate
 
Network security
Network securityNetwork security
Network security
 
INT 1010 10-3.pdf
INT 1010 10-3.pdfINT 1010 10-3.pdf
INT 1010 10-3.pdf
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
188
188188
188
 

Mais de CPPGroup Plc

Facebook white paper2011
Facebook white paper2011Facebook white paper2011
Facebook white paper2011CPPGroup Plc
 
Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours surveyCPPGroup Plc
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010CPPGroup Plc
 
UK online fraud 2010
UK online fraud 2010UK online fraud 2010
UK online fraud 2010CPPGroup Plc
 
Corporate id fraud 2010
Corporate id fraud 2010Corporate id fraud 2010
Corporate id fraud 2010CPPGroup Plc
 
Uk regional card fraud 2010
Uk regional card fraud 2010Uk regional card fraud 2010
Uk regional card fraud 2010CPPGroup Plc
 
Lost stolen cards 2009
Lost stolen cards 2009Lost stolen cards 2009
Lost stolen cards 2009CPPGroup Plc
 
Uk regional card fraud 2009
Uk regional card fraud 2009Uk regional card fraud 2009
Uk regional card fraud 2009CPPGroup Plc
 

Mais de CPPGroup Plc (9)

Facebook white paper2011
Facebook white paper2011Facebook white paper2011
Facebook white paper2011
 
Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours survey
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010
 
UK online fraud 2010
UK online fraud 2010UK online fraud 2010
UK online fraud 2010
 
Corporate id fraud 2010
Corporate id fraud 2010Corporate id fraud 2010
Corporate id fraud 2010
 
Uk regional card fraud 2010
Uk regional card fraud 2010Uk regional card fraud 2010
Uk regional card fraud 2010
 
Lost stolen cards 2009
Lost stolen cards 2009Lost stolen cards 2009
Lost stolen cards 2009
 
Uk regional card fraud 2009
Uk regional card fraud 2009Uk regional card fraud 2009
Uk regional card fraud 2009
 

Último

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Último (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Hacking - how accessible is it?

  • 1. Hacking - how accessible is it? A CPP white paper May 2011
  • 2. Contents 1.1 Foreword 1.2 Background news 1.3 Research methodology 1.4 Key findings - There are over 20,000 videos on YouTube alone devoted to ‘Hacking’ - From the beginning of the controlled hacking lesson to the point each volunteer was able to intercept another member of the group’s passwords took only 14 minutes - Over seven million people have had their online password-protected information accessed without their permission - Nearly a quarter (24%) have had their personal e-mails accessed - 65 per cent of people are concerned about their password protected information being accessed - People are aware that hacking tutorials exist on the Internet - An overwhelming majority do not think this material should be online - 63% of people want hacking tutorials removed from the internet 1.5 Conclusion 1.6 Appendix 1.7 Protecting your information from hackers 1.8 Further information 1.9 About CPP Hacking - how accessible is it? May 2011
  • 3. Introduction 2 1.1 Foreword ‘Hacker’ is the term given to those who break into a computer system or network. In the digital age, this has become an all-too-easy way to steal millions of pounds from unsuspecting organisations and individuals. To highlight the issue: amidst nationwide cuts, the UK government raised the cyber defence budget to more than £700m in February 2011. The recent Sony security breach that saw a hacker gain access to the personal data of an estimated 100 million online gamers worldwide has demonstrated the growing and widespread risk that hackers pose to consumers and businesses. The issue is serious because of the risk it poses to those customers, but also the consequential reputational damage to businesses like Sony. It is interesting to note that one of the criticisms directed at Sony in the mainstream media and on blogs and forums was the delay in informing customers that their data had been compromised whilst they tried to quantify the exact detail behind the security breach. Sony’s immediate concession was to give its gamers a free period of subscription, but as the consequences of the breach became more apparent this extended into the provision of identity fraud protection services to those customers affected. The data breach although significant is by no means isolated and it brings into sharp focus the need for consumers and businesses to understand the risks so they can take the necessary risks to protect their identities and confidential data. Investigating the security of wi-fi networks across the UK, CPP carried out a live ‘wardriving’ experiment in November 2010 where we identified nearly 40,000 wireless networks as high-risk, opening up the personal data of thousands of unsuspecting individuals. In addition, our experiment showed that more than 200 people unsuspectingly logged onto a fake wi-fi network hub over the course of an hour, putting users at risk from hackers who could easily harvest their personal and financial information. Most recently looking at the security of mobile phones, we found that over half of second hand mobile phones purchased on eBay by CPP contained extensive personal data including credit and debit card PIN numbers, bank account details, passwords, company information and log in details to social networking sites like Facebook and LinkedIn. Whilst technology is undoubtedly a great enabler opening up a global market in goods and services, it also carries risk due to the proliferation of data and personal information. It is probably a fair assumption to say that we cannot guarantee that our identities will not be stolen as there are too many variables beyond our immediate control. This papers aims to investigate the issue of hacking and how the internet plays a part in the dissemination of tutorials designed to instruct in this practice. Hacking information and, more importantly, hacking tools are freely-available to the public. These can be found in locations as diverse as underground hacking websites, through to YouTube. An online search yields thousands of videos, which deliver step-by-step instructions on how to hack. This, in combination with the free tools, provides anyone with an internet connection the opportunity to become a hacker. In addition to the following online audit, a hacking tutorial took place. This demonstrated just how quickly this information can be used to allow a novice to become a hacker. Moreover, the paper explores the general public’s view of this issue and looks at some of the consequences of unauthorised access to their password-protected online accounts and what subsequent action they would like to mitigate risk. Hacking - how accessible is it? May 2011
  • 4. 3 1.2 Background News - On 26 April the media reported that 70 million Sony PlayStation Network gamers including three million Britons had their names, addresses, dates of birth, passwords and security questions stolen. Sony also admitted that hackers may have gained access to people’s credit card details.1 - A further 25 million gamers had their personal details stolen as a result of security breaches at Sony. As well as the PlayStation Network, the company has now taken its Sony Online entertainment (SEO) service offline .2 - Sony blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100 million online gamers. In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous. The online vigilante group has denied being involved in the attack.3 - Anonymous is the name of a grass-routes cyber army that in December 2010 launched attacks that temporarily shut down the sites of MasterCard Inc and Visa Inc using simple software tool available for free over the internet. The group attacked the two credit card companies with ‘denial of service’ attacks that overwhelmed their servers for blocking payments to WikiLeaks.4 - In August 2009 US prosecutors charged a hacker with stealing data relating to 130 million credit and debit cards. In the biggest case of identity theft in American history, the conspirators hacked into payment systems of retailers including the 7-Eleven chain.5 - According to new government figures, cyber crime is costing the UK economy a whopping £27bn a year. The report was produced by Ocsia and BAE Systems security subsidiary Detica. The report, which was unveiled by security minister Baroness Neville-Jones, estimates that over 12 months cyber crime cost government and citizens £2.1bn and £3.1bn respectively.6 1 Source: Daily Telegraph, ‘Millions of internet users hit by massive Sony PlayStation data theft’, 26 April 2011 2 Source: BBC News Technology, ‘Sony warns of almost 25 million extra user detail theft’, 3 May 2011 3 Source: BBC News Business, ‘Sony ‘distracted by vigilante attack’ while data stolen’, 4 May 2011 4 Source: CDR inf, ‘Sony Says ‘Anonymous’ Group is behind cyber attack’, 4 May 2011 5 Source: BBC News, ‘US man ‘stole 130m card numbers’, 18 August 2009 6 Source: ArticlesBase: ‘Cybercrime costs the UK £27bn a year, more help needed to combat losses,’ 12 April 2011 Hacking - how accessible is it? May 2011
  • 5. 4 - Elsewhere, UK Police arrested three men in connection with using the SpyEye malware programme that is designed to steal online banking details. The investigation began in January 2011 and revolved around the group’s use of a uniquely modified variation of the SpyEye malware, which harvests personal banking details and sends the credentials to a remote server controlled by hackers.7 - US crime fighters are closing in on a gang behind a huge botnet after taking control of the criminals’ servers. Coreflood, the malware programme prompting the FBI investigation, has been around for at least a decade and can record keystrokes, allowing criminals to take over unsuspecting computers and steal passwords, banking and credit card information.8 - Nearly a third of British consumers use between one and three personal identification numbers for all of their debit and credit cards. According to Equifax, customers are leaving themselves vulnerable to criminals by reusing PINs and passwords for all their financial accounts.9 - The Unisys Security Index reported that bank card fraud is the number one concern with 93% of UK respondents worried about the issue, closely followed by identity theft which worried 93% of them.10 7 Source: PC World, ‘UK Police arrest three men over ‘SpyEye’ malware’, 11 April 2011 8 Source: BBC New Technology, ‘FBI closes in on zombie PC gang’, 14 April 2011 9 Source: Compare and save.com, ‘Brits using same PIN for different credit cards’, 10 May 2011 10 Source: Guardian, ‘Bank card fraud is Britons’ No 1 security concern, says survey’, 4 May 2011 Hacking - how accessible is it? May 2011
  • 6. 5 1.3 Research Methoodology ICM interviewed a random sample of 2005 adults aged 18+ online between 19 – 20 April 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk A live experiment was also carried out on April 18 2011. Firebrandtraining.co.uk was commissioned by CPP to conduct a tutorial teaching five participants how to download hacking software available in the public domain and capture users’ login details for various online accounts, including PayPal, Hotmail and Amazon, with the objective of the session being: - Demonstrate how long it takes to teach a class of individuals with no prior hacking experience and limited technological knowledge to learn how to hack into another user’s online account - Demonstrate how quickly these skills can be applied in order for the participants to hack into another user’s online account The five participants who took part in the class were a range of ages and occupations. All participants signed a disclaimer to state that they would not apply use the software and skills demonstrated by Firebrand Training for illegal or malicious attacks. Hacking - how accessible is it? May 2011
  • 7. 6 1.4 Key Findings Online Audit - There are over 20,000 videos on YouTube alone devoted to ‘Hacking’ A quick search on YouTube highlights the number of tutorials - for many different forms of hacking - available online. This was initially approached by completing a search for “how to hack” on YouTube. These provided more than 20,000 videos, with the most popular having millions of views. From the initial search, tutorials cover a broad remit. It may be easy to think that as long as your anti-virus is up-to-date, that you are safe online. However, the below shows the variety and number of online tutorials available: - “Hack Facebook”: 6,000 videos - “Hack PayPal”: 5,000 videos - “Hack MySpace”: 5,000 videos - “Hack iPhone”: 3,000 videos - “Hack Twitter”: 500 videos - “Hack Network”: 300 videos - “Hack Apps”: 200 videos - “Hack Blackberry”: 70 videos - “Hack CCTV”: 20 videos The average duration of these videos is three minutes. Creators of these videos know a hacker’s time is precious, the most popular videos are short and to the point. Although there are a variety of types of hacking tutorials available two distinct techniques were identified: - ‘Man in the middle’ - SQL injection Hacking - how accessible is it? May 2011
  • 8. 7 Man in the middle In simple terms, it places the hacker between the unsuspecting victim, and what he or she is viewing on the internet. This means that every piece of information that the victim sends or receives, passes via the hacker. This type of attack can be completed without either of the victims being aware of the presence of the man in the middle, so more than likely individuals will carry on transmitting information between each other, which could include credit card details and passwords, leaving them open to attack. A specific search for “man in the middle hacking” returns 1,000 videos, with the top video being viewed more than 200,000 times. http://www.youtube.com/watch?v=fc6_Vt3BLIk The above video link details a step-by-step guide on how to deliver a man in the middle attack. It has received more than 45,000 views in just over a year, and uses the password recovery software ‘Cain and Abel’. http://www.youtube.com/watch?v=GqleMWzSvUk The above video link is a ‘Screencast’, these are being used more and more as they are accessible and easy-to-follow because they demonstrate exactly what the user sees on their own screen. The viewer needs only replicate what they see, and they have become a hacker. It’s unnerving to see that the video above has been viewed more than half a million times in three years. Hacking - how accessible is it? May 2011
  • 9. 8 SQL injection The biggest credit card fraud in history was carried out using a SQL injection attack (see http://news.bbc.co.uk/1/hi/world/americas/8206305.stm). This type of attack requires a weakness in a website. The hacker delivers a specific line of code that causes the website to inadvertently reveal information from its database. http://www.youtube.com/watch?v=dDQ8oXWt58w The above video link has been viewed almost a quarter-of-a-million times in more than three years. Every viewer of this video now has a great understanding of how to attack weaknesses in any website. This is a reminder to organisations that they must seek to improve their IT security – before an outsider discovers any potential weaknesses in its systems. Tools The tools used for such attacks are freely available from hacking websites. They include: - Cain and Abel - Ettercap - Metasploit - Nessus - Nmap Hacking - how accessible is it? May 2011
  • 10. 9 Hacker Communities Although YouTube can provide the novice with a fast introduction to hacking, it’s not enough for the professional. There are online communities, with thousands of contributors, where the science of hacking is constantly evolving. Forums mean that anyone can gain access to a knowledge pool of thousands of hackers, from all over the world. The beauty (and danger) of the internet means that these communities are easily found. The two websites recommended by Firebrand’s Ethical Hacking instructor are: - www.irongeek.com - www.hackerthreads.org Ethical hackers are professionally trained hackers, who work on behalf of organisations that want to protect themselves from hackers. Ethical hackers aim to find weaknesses in their organisations’ systems before an outsider can find and exploit them. Hacker tutorial - each volunteer was able to intercept another member of the group’s passwords in only 14 minutes To highlight the ease of use of the tutorials identified above Firebrand completed a live experiment to teach a group of volunteers with limited technological knowledge how to become a hacker. Five volunteers were used: - Female, 36, self-employed baker - Male, 67, Retired - Female, 29, Student - Female, 29, TV producer - Male, 11 The volunteers undertook the experiment on 18th April at Firebrand Training’s offices in central London. Each volunteer signed a disclaimer stating they would not use the information for illegal or malicious attack. The experiment replicated a classroom environment and saw the group of volunteers be taken through a simple tutorial using a ‘man in the middle’ technique using Cain and Abel software, this enabled the group to be shown how to hack into a computer network and obtain another person’s login details. The presentation that they were taken through is available on request. The tutorial used a ‘screencast’ technique so as they were being taken through the presentation they were also undertaking the hack themselves. From the beginning of the lesson to the point of each volunteer able to intercept another member of the group’s passwords took 14 minutes. Hacking - how accessible is it? May 2011
  • 11. 10 Over seven million people have had their online password-protected information accessed without their permission When we asked if people have had their online password-protected information accessed without their permission the results were quite surprising. 16 per cent of the adult population claimed their accounts had been accessed. This equates to over seven million adults over the age of 18 in the UK. Demographically, people aged 18-24 were the most likely to claim their online accounts had been accessed without their permission (34%) verses only 5 per cent of people aged 65+. This variance is no doubt influenced by the number of online accounts that 18-24 year olds have and the frequency they use them. Regionally people in the Midlands (18%) were the most likely to see their accounts illegally accessed, followed by Wales and South West England (16%) and Scotland (16%). Elsewhere in our survey, 13 per cent of people admitted to have accessed someone else’s password-protected information, without their permission. Demographically and very concerning, a quarter of 18-24 year olds admit to accessing other people’s password- protected information without their permission. This type of behaviour is not common practice amongst the older generations i.e. six per cent of 35-44 year olds, four per cent of 45-54 year olds and one per cent of 55-64 year olds admit to this practice. When the motivations for accessing other people’s password-protected accounts were explored in more detail, fun, (32%) was the primary driver, followed by ‘to check up on my partner’ (29%), to access services that people don’t have (16%) and gossip (11%). Other motivations, although much less prominent, included ‘to check up on work colleagues’ (8%), and ‘for financial gain’ (2%). Somewhat concerning 20 per cent of people claimed they would be willing to access someone else’s online account without their permission in the future with a quarter of men and 28% of 24-34 year olds willing to do this. Hacking - how accessible is it? May 2011
  • 12. 11 60 40 100 18% 20 80 0 Q: Has anyone ever accessed your password-protected information on any of the following Male types of accounts without your permission? 60 100 Yes 80 40 60 18% 20 40 18% 20 16% 13% 0 Male 0 Male Female Total All respondents (by gender) 100 Yes Yes 80 60 40 34% 20% 19% 20 12% 11% 5% 0 18-24 25-34 35-44 45-54 55-64 65+ All respondants (By age) Yes Hacking - how accessible is it? May 2011
  • 13. 12 Nearly a quarter (24%) have had their personal e-mails accessed The breadth of online accounts accessed without permission was large. Nearly a quarter (24%) of people said their personal e-mails had been accessed, but there were other serious consequences. 19 per cent said their eBay accounts had been hacked, 16 per cent experienced some form of card fraud i.e. unauthorised online spending and also had their social networking profile hijacked. Of concern for businesses, seven per cent had their work e-mails accessed. Demographically those aged 55-64 were the most likely to report their personal e-mails accessed (35%), their eBay account hacked (35%) and some form of card fraud (21%). Those people aged 18-24 were the most likely to report their social networking profile had been hacked (36%). Regionally people in the South East were the most likely to report their personal e-mails had been hacked (26%). In the Midlands, the most common form of unauthorised access was to their eBay account. The North of England and Scotland were most likely to report card fraud as a consequence (19%). In a separate and complementary piece of identity fraud research conducted by ICM across 2,030 adults 8 – 10 April 2011, in the last 12 months five per cent of people claim to have had their personal information used for fraudulent purposes – this equates to approximately 2.4 million adults in the UK. Q: As a result of having your password protected information accessed, did you experience any of the following? 40 38% 35 30 26% 25% 25 22% 22% 20 19% 19% 15 14% 14% 12% 11% 9% 10 8% 6% 6% 5% 5% 5% 5 4% 3% 4% 4% 2% 2% 0 Male Female All respondents who have had their password-protected information accessed without permisson Your personal emails accessed Your identity stolen Your eBay account hacked An illegal activity traced Card fraud (e.g. Money being taken from back to you your account, ATM withdrawals, online spending) Your network used to download Your social networking profile hijacked inappropriate material Money taken/a loan taken out in your name Other Your work emails accessed None of the above Don’t know Hacking - how accessible is it? May 2011
  • 14. 13 65 per cent of people are concerned about their password protected information being accessed It is no surprise given the well-publicised consequences of unauthorised data breaches that 65 per cent of people are concerned about their password protected information being accessed without their permission. Within this net figure, 33 per cent are very concerned and 33 per cent are fairly concerned. Men are very marginally more concerned then women (66% verses 65%) and those aged 45-54 (71%) are the most concerned demographic. Regionally people in Wales and the South West were the most concerned (69%) verses 63 per cent in the South East. This survey was conducted on the 19 –20 April, six days before Sony admitted that a massive data breach had occurred giving hackers access to over 100 million customer details including names, addresses, dates of birth, passwords, security questions and in 35 33% 33% some cases payment card details. We can only surmise that the level of concern would be higher today given the widespread media coverage and the fact that three million Britons 30 were affected. 25 In the aforementioned ICM research (see page 12) ‘identity fraud’ was ranked as the sixth (4%) issue that people feel ‘most’ at risk from. As an issue this puts it behind ‘financial 20 hardship’ (23%), ‘illness’ (15%), ‘unemployment’ (7%), and ‘driving accidents’ (4%), but ahead of ‘burglary’ (3%). 16% 15 When ICM asked what would worry them if someone used their personal information 12% without their permission, nearly half (47%) said that having to pay for communication and legal costs would worry them, but not knowing what to do was selected by nearly a third 10 (29%) of people as the thing that would worry them the most. 5 Q:How concerned, if at all, are you about having your password protected information accessed without your permission? 0 All responda 35 33% 33% Very concerned Fairly concerned 30 Neither concerned nor unconcerned Fairly unconcerned Very unconcerned 25 Don’t know 20 17% 16% 15 12% 10 5% 5 1% 0 All respondants Very concerned Fairly concerned Neither concerned nor unconcerned Fairly unconcerned Hacking - how accessible is it? Very unconcerned May 2011 Don’t know
  • 15. 14 People are aware that hacking tutorial exist on the Internet Although not generally publicised in the mainstream media, there is a general level of awareness that these types of hacking tutorials exist online. Three per cent of adults have seen hacking tutorials online and a further one per cent has admitted to using them. 13 per cent report they have never seen a tutorial, but are aware they exist. Men are more likely than women to claim to have seen an online tutorial (4%), personally used one (2%) and know they exist (17%). Respondents aged 18-24 are the most likely to have seen this type of material (10%) and aware that they exist online (24%). People in the south east are the most aware of the existence of hacking tutorials online (17%). Generally speaking, respondents in the April ICM research felt the most common ways people could obtain personal information was online via someone hacking into their computer (62%), through a fake or non-secure website (56%) and during a purchase or other transaction (53%). Interestingly consumers seem very aware of the value of paper- based material with over half of people believing personal information could be obtained via a domestic burglary (51%), from household rubbish (50%) and from postal mail (43%). Consistent with the growth in smartphones, 16 per cent think their personal information is at risk from this type of device. Q:Have you ever come across tutorials on the internet telling you how to access someone’s password protected information? 100 86% 80 75% 60 40 20 17% 10% 4% 2% 2% 2% 1% 2% 0 Male Female All respondants Yes, I have seen a tutorial online Yes, I have seen a tutorial online and used one No, I have never seen a tutorial online but I am aware they exist No, I have never seen a tutorial online Don’t know Hacking - how accessible is it? May 2011
  • 16. 15 An overwhelming majority do not think this material should be100 online Not surprisingly, 87 per cent of respondent do not want this information to be 83% available online. 80 91 per cent of women and 96% of people aged 65+ are against this type of content. Conversely 16 per cent of 18-24 year olds believe online hacking tutorials should be made 60 available verses one per cent of people aged 65+. Respondents in Scotland are the most opposed to this type of online content, but the 40 overwhelming consensus is one of general opposition. Q:Do you think that tutorials that teach people how to access someone’s password20 protected information should be available online? 9% 8% 0 100 100 Male 91% 87% By gender 83% Yes 80 80 78% No 77% Don’t Know 60 60 40 40 20 9% 20 8% 6% 7% 16% 6% 4% 10% 8% 0 Male Female Total 0 All Respondents 18-24 25-34 100 96% Yes 95% By Age 90% No Don’t Know Yes 81% 80 77% 78% No Don’t know 60 40 20 16% 12% 10% 11% 8% 8% 6% 4% 3% 3% 3% 1% 0 18-24 25-34 35-44 45-54 55-64 65+ All respondants Yes No Don’t know Hacking - how accessible is it? May 2011
  • 17. 16 63% of people want hacking tutorials removed from the internet Consistent with the view that the great majority do not think this type of material should be available online, there is an overwhelming opinion that thinks this type of content should be removed (63%), that it increases the risk of identity fraud (59%) and that the Government should take action to remove ‘hacking’ tutorials from the internet (56%). Just as worrying, just over half (53%) think people who come across this type of content might be tempted to experiment and just six per cent think that people would not pay any attention to this type of content. Only one per cent of people believe ‘hacking’ tutorials are light hearted fun and nothing to worry about. Generally speaking people are more opposed to this type of online content the older they are, for example, 75 per cent of people aged 65+ want hacking tutorials removed verses 54 per cent of 18-24 year olds. People in Scotland are the most critical of this online material and are most in favour of Government action. Q: Below are some of the views people have expressed about online tutorials that teach people how to access someone’s password protected information. Which, if any, of these statements, reflect your views on these tutorials? 80 70 63% 59% 60 57% 56% 53% 50 40 30 20 10 6% 4% 4% 1% 0 All respondents I think ‘hacking’ tutorials should be removed from the internet ‘Hacking’ tutorials increase the risk of identity fraud I am concerned that ‘hacking’ tutorials exist online I think the Government should take action to remove ‘hacking’ tutorials from the internet I think some people that come across ‘hacking’ tutorials might be tempted to experiment I do not imagine that many people would pay attention to ‘hacking’ tutorials ‘Hacking’ tutorials are merely light hearted fun and nothing to worry about None of these Don’t know Hacking - how accessible is it? May 2011
  • 18. 17 1.5 Conclusion This investigation was prompted by the increasing number of hacking tutorials that are appearing on social networking sites like YouTube; a number we calculate to be in the region of 20,000 videos, with the top videos each having millions of views. It is also timely given the recent news of the massive data breach by Sony, which must rank as one of the largest data breaches in corporate history dwarfing previous examples that have hit the headlines including when HMRC told Parliament in November 2007 that the personal details of 25 million Britons had been ‘lost in the post’. Using an IT training consultancy, Firebrand Training, we were amazed that a panel of people with no previous information security training could be taught to download and use hacking software in the public domain in order to capture users’ login details for various online accounts including PayPal, Hotmail and Amazon in less than 15 minutes. The technique demonstrated in the live session, known as ‘man in the middle’ hacking, works by hijacking computer and wi-fi networks. As a user logs in to their online account, their username and password appears on the hacker’s own desktop, allowing them to store this sensitive information and access someone’s account – either immediately or at a later date. A specific search for ‘man in the middle’ on YouTube returned more than 1,000 videos, with the top video being viewed more than 200,000 times. The 14 minute classroom-style tutorial freely available online is undoubtedly a real concern and we must consider that everyone is a potential target. These resources are only going to grow and become more advanced, meaning that organisations and individuals must take steps to protect themselves. When we broadened the investigation and asked the general public their views on the issue, over seven million adults claimed to have had their password-protected accounts accessed without their permission with personal e-mails accessed, eBay accounts hacked and card fraud the subsequent consequences. Asked about how concerned they were about unauthorised access to their online accounts, the majority of respondents said they were concerned and an overwhelming majority wanted to see this type of content removed from online sites. Very few people considered hacking tutorials as ‘lighted-hearted fun’ and most wanted the Government to take action. The inability to police the internet from materials like this is undoubtedly one of the downsides of the World Wide Web. For both businesses and consumer it is important to keep anti-virus and firewall software up-to-date and change passwords regularly. Also to use common sense – if security warning messages appear in your browser, don’t ignore them as this could be an indicator that your network has been hacked. Data breaches, lost information and hackers’ illegally accessing data all pose a risk and it is our attitude to how we proactively manage our identities that is likely to influence the impact of the loss and severity of any fraud. Hacking - how accessible is it? May 2011
  • 19. 18 1.6 Appendix Irongeek.com lists the top 25 hacking resources, as voted by its readers. This highlights just how many resources are available! http://www.securityfocus.com http://www.packetstormsecurity.nl http://www.sans.org http://www.cert.org http://www.securiteam.com http://www.linuxsecurity.com http://www.phrack.org http://www.neworder.box.sk http://www.slashdot.org http://www.google.com http://www.securitynewsportal.com http://www.infosyssec.com http://www.snort.org http://www.honeynet.org http://www.dshield.org http://www.astalavista.com http://www.whitehats.com http://www.incidents.org http://www.microsoft.com http://www.iss.net http://www.cisecurity.org http://www.networkintrusion.co.uk http://www.isc.incidents.org http://www.grc.com http://www.foundstone.com Hacking - how accessible is it? May 2011
  • 20. 19 1.7 Protecting your information from hackers Michael Lynch is an identity fraud expert at CPP and offers the following advice to consumers to help protect them from identity fraud. Michael is responsible for the UK Identity Protection portfolio at CPPGroup Plc (CPP). Michael has been with CPP for 14 years. His experience in financial services extends to customer service, new product and market development and affinity relationships. During his time at CPP, Michael has helped bring to market one of the UK’s market leading services, Identity Protection, which now protects over one million UK consumers from the consequences of this rapidly growing crime. In addition, Michael had used his expertise to create a commercial identity theft product aimed at protecting businesses of all sizes. He has also developed a strong understanding of consumer perception and reaction to identity theft and its consequences. In addition Michael has been responsible for breaking some major identity theft stories in the media, including the availability of fraudulent documents online, car cloning, junk mail and postal theft. Committed to forging industry co-operation to reduce the opportunities for identity theft he is leading the call for consumers to change their behaviour to counter what is becoming an increasingly sophisticated and intrusive crime. Michael is media trained across print and broadcast and is available for media interviews on the issue of identity fraud. Hacking can threaten us every day of our lives – but not only when we’re sat in front of a PC. From accessing Wi-Fi in a coffee shop or checking emails on a phone, through to playing on a games console at home - there’s someone out there who’s learning how to get closer to your personal information. Top tips: 1. Change your passwords regularly - the longer and more obscure, the better 2. Leave a website if you notice strange behaviour (unknown certificates, pop-ups etc.) 3. Avoid transmitting sensitive data over public (free or otherwise) Wi-Fi 4. When seeking Wi-Fi connections: know who you are connecting to, be wary of free Wi-Fi access 5. If using a smartphone: disable Wi-Fi ‘auto-connect’ 6. If you are concerned about identity fraud, purchase an identity fraud protection product to help you protect, prevent and resolve any incidents of fraud. Unless you know your connection is secure, CPP recommend not communicating any information or data that you wouldn’t feel comfortable shouting across a crowded room. Hacking - how accessible is it? May 2011
  • 21. 20 1.7 For further information please contact: Nick Jones - Head of Public Relations CPPGroup Plc Holgate Park York YO26 4GA www.cppgroup.plc Tel: 01904 544 387 E-Mail: nick.jones@cpp.co.uk Hacking - how accessible is it? May 2011
  • 22. 21 CPP is an award- winning organisation: - Finalist in the Plc Awards, New Company of the Year 2011 - Winner in the European Contact Centre Awards, Large Team of the Year category, 2010 - Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010 - Winner in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010 1.8 About CPP - Finalist in the National Corporate Background Information Insurance Fraud Awards, Counter Fraud Initiative The CPPGroup Plc (CPP) is an international marketing services business offering bespoke of the Year category, customer management solutions to multi-sector business partners designed to enhance 2009 their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability. - Finalist in the European Contact Centre Awards, This is underpinned by the delivery of a portfolio of complementary Life Assistance Large Team and Advisor products, designed to help our mutual customers cope with the anxieties associated with of the Year categories, the challenges and opportunities of everyday life. 2009 Whether our customers have lost their wallets, been a victim of identity fraud or looking - Named in the Sunday for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to Times 2008 PricewaterhouseCoopers enjoy life. Globally, our Life Assistance products and services are designed to simplify the Profit Track 100 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Finalists in the National life and worry less. Business Awards, 3i Growth Strategy Established in 1980, CPP has 11 million customers and more than 200 business partners category, 2008 across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year. - Finalist in the National Business Awards, In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the Business of the Year previous year. category, 2007, 2009 and Highly Commended In March 2010, CPP debuted on the London Stock Exchange (LSE). in 2008 - Named in the Sunday What We Do: Times 2006, 2007, 2008 CPP provides a range of assistance products and services that allow our business partners and 2009 HSBC Top to forge closer relationships with their customers. Track 250 companies We have a solution for many eventualities, including: - Regional winner of the National Training - Insuring our customers’ mobile phones against loss, theft and damage Awards, 2007 - Providing assistance to cancel and reorder customer’s payment cards should - Winner of the BITC these be lost or stolen Health, Work and Well-Being Award, 2007 - Providing assistance and protection if a customer’s keys are lost or stolen - Highly Commended in - Providing prevention, detection and resolution assistance to protect customers the UK National against the insidious crime of identity fraud Customer Service Awards, 2006 - Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service - Winner of the Tamworth Community Involvement - Monitoring the credit status of our customers Award, 2006. Finalist in - Provision of packaged services to business partners’ customers 2008 - Highly Commended in The Press Best Link For more information on CPP click on www.cppgroupplc.com Between Business and Education, 2005 and 2006. Winner in 2007 UK Regional Card Fraud May 2011