2. Contents
1.1 Foreword
1.2 Background news
1.3 Research methodology
1.4 Key findings
- There are over 20,000 videos on YouTube alone devoted to ‘Hacking’
- From the beginning of the controlled hacking lesson to the point each
volunteer was able to intercept another member of the group’s passwords took
only 14 minutes
- Over seven million people have had their online password-protected
information accessed without their permission
- Nearly a quarter (24%) have had their personal e-mails accessed
- 65 per cent of people are concerned about their password protected
information being accessed
- People are aware that hacking tutorials exist on the Internet
- An overwhelming majority do not think this material should be online
- 63% of people want hacking tutorials removed from the internet
1.5 Conclusion
1.6 Appendix
1.7 Protecting your information from hackers
1.8 Further information
1.9 About CPP
Hacking - how accessible is it? May 2011
3. Introduction 2
1.1 Foreword
‘Hacker’ is the term given to those who break into a computer system or network.
In the digital age, this has become an all-too-easy way to steal millions of pounds
from unsuspecting organisations and individuals.
To highlight the issue: amidst nationwide cuts, the UK government raised the cyber
defence budget to more than £700m in February 2011.
The recent Sony security breach that saw a hacker gain access to the personal data of
an estimated 100 million online gamers worldwide has demonstrated the growing and
widespread risk that hackers pose to consumers and businesses. The issue is serious
because of the risk it poses to those customers, but also the consequential reputational
damage to businesses like Sony. It is interesting to note that one of the criticisms directed
at Sony in the mainstream media and on blogs and forums was the delay in informing
customers that their data had been compromised whilst they tried to quantify the exact
detail behind the security breach.
Sony’s immediate concession was to give its gamers a free period of subscription,
but as the consequences of the breach became more apparent this extended into
the provision of identity fraud protection services to those customers affected.
The data breach although significant is by no means isolated and it brings into sharp focus
the need for consumers and businesses to understand the risks so they can take
the necessary risks to protect their identities and confidential data.
Investigating the security of wi-fi networks across the UK, CPP carried out a live
‘wardriving’ experiment in November 2010 where we identified nearly 40,000 wireless
networks as high-risk, opening up the personal data of thousands of unsuspecting
individuals. In addition, our experiment showed that more than 200 people unsuspectingly
logged onto a fake wi-fi network hub over the course of an hour, putting users at risk from
hackers who could easily harvest their personal and financial information.
Most recently looking at the security of mobile phones, we found that over half of second
hand mobile phones purchased on eBay by CPP contained extensive personal data
including credit and debit card PIN numbers, bank account details, passwords, company
information and log in details to social networking sites like Facebook and LinkedIn.
Whilst technology is undoubtedly a great enabler opening up a global market in goods
and services, it also carries risk due to the proliferation of data and personal information.
It is probably a fair assumption to say that we cannot guarantee that our identities will not
be stolen as there are too many variables beyond our immediate control. This papers aims
to investigate the issue of hacking and how the internet plays a part in the dissemination
of tutorials designed to instruct in this practice.
Hacking information and, more importantly, hacking tools are freely-available to the public.
These can be found in locations as diverse as underground hacking websites, through
to YouTube. An online search yields thousands of videos, which deliver step-by-step
instructions on how to hack. This, in combination with the free tools, provides anyone with
an internet connection the opportunity to become a hacker. In addition to the following
online audit, a hacking tutorial took place. This demonstrated just how quickly this
information can be used to allow a novice to become a hacker.
Moreover, the paper explores the general public’s view of this issue and looks at some
of the consequences of unauthorised access to their password-protected online accounts
and what subsequent action they would like to mitigate risk.
Hacking - how accessible is it? May 2011
4. 3
1.2 Background News
- On 26 April the media reported that 70 million Sony PlayStation Network
gamers including three million Britons had their names, addresses, dates
of birth, passwords and security questions stolen. Sony also admitted that
hackers may have gained access to people’s credit card details.1
- A further 25 million gamers had their personal details stolen as a result
of security breaches at Sony. As well as the PlayStation Network, the company
has now taken its Sony Online entertainment (SEO) service offline .2
- Sony blamed the online vigilante group Anonymous for indirectly allowing
the security breach that allowed a hacker to gain access to the personal data
of more than 100 million online gamers. In a letter to the US Congress, Sony
said the breach came at the same time as it was fighting a denial-of-service
attack from Anonymous. The online vigilante group has denied being involved
in the attack.3
- Anonymous is the name of a grass-routes cyber army that in December 2010
launched attacks that temporarily shut down the sites of MasterCard Inc and
Visa Inc using simple software tool available for free over the internet. The
group attacked the two credit card companies with ‘denial of service’ attacks
that overwhelmed their servers for blocking payments to WikiLeaks.4
- In August 2009 US prosecutors charged a hacker with stealing data relating
to 130 million credit and debit cards. In the biggest case of identity theft in
American history, the conspirators hacked into payment systems of retailers
including the 7-Eleven chain.5
- According to new government figures, cyber crime is costing the UK economy
a whopping £27bn a year. The report was produced by Ocsia and BAE Systems
security subsidiary Detica. The report, which was unveiled by security minister
Baroness Neville-Jones, estimates that over 12 months cyber crime cost
government and citizens £2.1bn and £3.1bn respectively.6
1
Source: Daily Telegraph, ‘Millions of internet users hit by massive Sony PlayStation data theft’, 26 April 2011
2
Source: BBC News Technology, ‘Sony warns of almost 25 million extra user detail theft’, 3 May 2011
3
Source: BBC News Business, ‘Sony ‘distracted by vigilante attack’ while data stolen’, 4 May 2011
4
Source: CDR inf, ‘Sony Says ‘Anonymous’ Group is behind cyber attack’, 4 May 2011
5
Source: BBC News, ‘US man ‘stole 130m card numbers’, 18 August 2009
6
Source: ArticlesBase: ‘Cybercrime costs the UK £27bn a year, more help needed to combat losses,’ 12 April 2011
Hacking - how accessible is it? May 2011
5. 4
- Elsewhere, UK Police arrested three men in connection with using the
SpyEye malware programme that is designed to steal online banking details.
The investigation began in January 2011 and revolved around the group’s use
of a uniquely modified variation of the SpyEye malware, which harvests
personal banking details and sends the credentials to a remote server
controlled by hackers.7
- US crime fighters are closing in on a gang behind a huge botnet after taking
control of the criminals’ servers. Coreflood, the malware programme prompting
the FBI investigation, has been around for at least a decade and can record
keystrokes, allowing criminals to take over unsuspecting computers and steal
passwords, banking and credit card information.8
- Nearly a third of British consumers use between one and three personal
identification numbers for all of their debit and credit cards. According to
Equifax, customers are leaving themselves vulnerable to criminals by reusing
PINs and passwords for all their financial accounts.9
- The Unisys Security Index reported that bank card fraud is the number one
concern with 93% of UK respondents worried about the issue, closely followed
by identity theft which worried 93% of them.10
7
Source: PC World, ‘UK Police arrest three men over ‘SpyEye’ malware’, 11 April 2011
8
Source: BBC New Technology, ‘FBI closes in on zombie PC gang’, 14 April 2011
9
Source: Compare and save.com, ‘Brits using same PIN for different credit cards’, 10 May 2011
10
Source: Guardian, ‘Bank card fraud is Britons’ No 1 security concern, says survey’, 4 May 2011
Hacking - how accessible is it? May 2011
6. 5
1.3 Research Methoodology
ICM interviewed a random sample of 2005 adults aged 18+ online between 19 – 20 April
2011. Surveys were conducted across the country and the results have been weighted to
the profile of all adults. ICM is a member of the British Polling Council and abides by its
rules. Further information at www.icmresearch.co.uk
A live experiment was also carried out on April 18 2011. Firebrandtraining.co.uk was
commissioned by CPP to conduct a tutorial teaching five participants how to download
hacking software available in the public domain and capture users’ login details for various
online accounts, including PayPal, Hotmail and Amazon, with the objective of the session
being:
- Demonstrate how long it takes to teach a class of individuals with no prior
hacking experience and limited technological knowledge to learn how to hack
into another user’s online account
- Demonstrate how quickly these skills can be applied in order for the
participants to hack into another user’s online account
The five participants who took part in the class were a range of ages and occupations.
All participants signed a disclaimer to state that they would not apply use the software
and skills demonstrated by Firebrand Training for illegal or malicious attacks.
Hacking - how accessible is it? May 2011
7. 6
1.4 Key Findings
Online Audit - There are over 20,000 videos on YouTube alone devoted
to ‘Hacking’
A quick search on YouTube highlights the number of tutorials - for many different forms
of hacking - available online.
This was initially approached by completing a search for “how to hack” on YouTube.
These provided more than 20,000 videos, with the most popular having millions of views.
From the initial search, tutorials cover a broad remit. It may be easy to think that as long as
your anti-virus is up-to-date, that you are safe online. However, the below shows the
variety and number of online tutorials available:
- “Hack Facebook”: 6,000 videos
- “Hack PayPal”: 5,000 videos
- “Hack MySpace”: 5,000 videos
- “Hack iPhone”: 3,000 videos
- “Hack Twitter”: 500 videos
- “Hack Network”: 300 videos
- “Hack Apps”: 200 videos
- “Hack Blackberry”: 70 videos
- “Hack CCTV”: 20 videos
The average duration of these videos is three minutes. Creators of these videos know
a hacker’s time is precious, the most popular videos are short and to the point.
Although there are a variety of types of hacking tutorials available two distinct
techniques were identified:
- ‘Man in the middle’
- SQL injection
Hacking - how accessible is it? May 2011
8. 7
Man in the middle
In simple terms, it places the hacker between the unsuspecting victim, and what he or she
is viewing on the internet. This means that every piece of information that the victim sends
or receives, passes via the hacker.
This type of attack can be completed without either of the victims being aware of the
presence of the man in the middle, so more than likely individuals will carry on transmitting
information between each other, which could include credit card details and passwords,
leaving them open to attack.
A specific search for “man in the middle hacking” returns 1,000 videos, with the top video
being viewed more than 200,000 times.
http://www.youtube.com/watch?v=fc6_Vt3BLIk
The above video link details a step-by-step guide on how to deliver a man in the middle
attack. It has received more than 45,000 views in just over a year, and uses the password
recovery software ‘Cain and Abel’.
http://www.youtube.com/watch?v=GqleMWzSvUk
The above video link is a ‘Screencast’, these are being used more and more as they are
accessible and easy-to-follow because they demonstrate exactly what the user sees
on their own screen. The viewer needs only replicate what they see, and they have
become a hacker. It’s unnerving to see that the video above has been viewed more
than half a million times in three years.
Hacking - how accessible is it? May 2011
9. 8
SQL injection
The biggest credit card fraud in history was carried out using a SQL injection attack (see
http://news.bbc.co.uk/1/hi/world/americas/8206305.stm). This type of attack requires a
weakness in a website. The hacker delivers a specific line of code that causes the website
to inadvertently reveal information from its database.
http://www.youtube.com/watch?v=dDQ8oXWt58w
The above video link has been viewed almost a quarter-of-a-million times in more than
three years. Every viewer of this video now has a great understanding of how to attack
weaknesses in any website. This is a reminder to organisations that they must seek
to improve their IT security – before an outsider discovers any potential weaknesses
in its systems.
Tools
The tools used for such attacks are freely available from hacking websites. They include:
- Cain and Abel
- Ettercap
- Metasploit
- Nessus
- Nmap
Hacking - how accessible is it? May 2011
10. 9
Hacker Communities
Although YouTube can provide the novice with a fast introduction to hacking, it’s not
enough for the professional. There are online communities, with thousands of contributors,
where the science of hacking is constantly evolving. Forums mean that anyone can gain
access to a knowledge pool of thousands of hackers, from all over the world.
The beauty (and danger) of the internet means that these communities are easily found.
The two websites recommended by Firebrand’s Ethical Hacking instructor are:
- www.irongeek.com
- www.hackerthreads.org
Ethical hackers are professionally trained hackers, who work on behalf of organisations that
want to protect themselves from hackers. Ethical hackers aim to find weaknesses in their
organisations’ systems before an outsider can find and exploit them.
Hacker tutorial - each volunteer was able to intercept another member
of the group’s passwords in only 14 minutes
To highlight the ease of use of the tutorials identified above Firebrand completed a live
experiment to teach a group of volunteers with limited technological knowledge how
to become a hacker.
Five volunteers were used:
- Female, 36, self-employed baker
- Male, 67, Retired
- Female, 29, Student
- Female, 29, TV producer
- Male, 11
The volunteers undertook the experiment on 18th April at Firebrand Training’s offices
in central London. Each volunteer signed a disclaimer stating they would not use
the information for illegal or malicious attack.
The experiment replicated a classroom environment and saw the group of volunteers
be taken through a simple tutorial using a ‘man in the middle’ technique using Cain and
Abel software, this enabled the group to be shown how to hack into a computer network
and obtain another person’s login details.
The presentation that they were taken through is available on request.
The tutorial used a ‘screencast’ technique so as they were being taken through the
presentation they were also undertaking the hack themselves. From the beginning of
the lesson to the point of each volunteer able to intercept another member of the
group’s passwords took 14 minutes.
Hacking - how accessible is it? May 2011
11. 10
Over seven million people have had their online password-protected
information accessed without their permission
When we asked if people have had their online password-protected information accessed
without their permission the results were quite surprising. 16 per cent of the adult
population claimed their accounts had been accessed. This equates to over seven million
adults over the age of 18 in the UK.
Demographically, people aged 18-24 were the most likely to claim their online accounts
had been accessed without their permission (34%) verses only 5 per cent of people aged
65+. This variance is no doubt influenced by the number of online accounts that 18-24 year
olds have and the frequency they use them.
Regionally people in the Midlands (18%) were the most likely to see their accounts illegally
accessed, followed by Wales and South West England (16%) and Scotland (16%).
Elsewhere in our survey, 13 per cent of people admitted to have accessed someone else’s
password-protected information, without their permission. Demographically and very
concerning, a quarter of 18-24 year olds admit to accessing other people’s password-
protected information without their permission. This type of behaviour is not common
practice amongst the older generations i.e. six per cent of 35-44 year olds, four per cent
of 45-54 year olds and one per cent of 55-64 year olds admit to this practice.
When the motivations for accessing other people’s password-protected accounts were
explored in more detail, fun, (32%) was the primary driver, followed by ‘to check up on my
partner’ (29%), to access services that people don’t have (16%) and gossip (11%). Other
motivations, although much less prominent, included ‘to check up on work colleagues’
(8%), and ‘for financial gain’ (2%).
Somewhat concerning 20 per cent of people claimed they would be willing to access
someone else’s online account without their permission in the future with a quarter of men
and 28% of 24-34 year olds willing to do this.
Hacking - how accessible is it? May 2011
12. 11
60
40
100
18%
20
80
0
Q: Has anyone ever accessed your password-protected information on any of the following
Male
types of accounts without your permission?
60
100
Yes
80 40
60
18%
20
40
18%
20 16%
13%
0
Male
0
Male Female Total
All respondents (by gender)
100
Yes
Yes
80
60
40
34%
20% 19%
20
12% 11%
5%
0
18-24 25-34 35-44 45-54 55-64 65+
All respondants (By age)
Yes
Hacking - how accessible is it? May 2011
13. 12
Nearly a quarter (24%) have had their personal e-mails accessed
The breadth of online accounts accessed without permission was large. Nearly a quarter
(24%) of people said their personal e-mails had been accessed, but there were other
serious consequences.
19 per cent said their eBay accounts had been hacked, 16 per cent experienced some form
of card fraud i.e. unauthorised online spending and also had their social networking profile
hijacked. Of concern for businesses, seven per cent had their work e-mails accessed.
Demographically those aged 55-64 were the most likely to report their personal e-mails
accessed (35%), their eBay account hacked (35%) and some form of card fraud (21%).
Those people aged 18-24 were the most likely to report their social networking profile had
been hacked (36%).
Regionally people in the South East were the most likely to report their personal e-mails
had been hacked (26%). In the Midlands, the most common form of unauthorised access
was to their eBay account. The North of England and Scotland were most likely to report
card fraud as a consequence (19%).
In a separate and complementary piece of identity fraud research conducted by ICM across
2,030 adults 8 – 10 April 2011, in the last 12 months five per cent of people claim to have
had their personal information used for fraudulent purposes – this equates to approximately
2.4 million adults in the UK.
Q: As a result of having your password protected information accessed, did you experience
any of the following?
40 38%
35
30
26%
25%
25
22% 22%
20 19% 19%
15 14% 14%
12%
11%
9%
10 8%
6% 6%
5% 5% 5%
5 4%
3%
4% 4%
2% 2%
0
Male Female
All respondents who have had their password-protected information accessed without permisson
Your personal emails accessed Your identity stolen
Your eBay account hacked An illegal activity traced
Card fraud (e.g. Money being taken from back to you
your account, ATM withdrawals, online spending) Your network used to download
Your social networking profile hijacked inappropriate material
Money taken/a loan taken out in your name Other
Your work emails accessed None of the above
Don’t know
Hacking - how accessible is it? May 2011
14. 13
65 per cent of people are concerned about their password protected
information being accessed
It is no surprise given the well-publicised consequences of unauthorised data breaches that
65 per cent of people are concerned about their password protected information being
accessed without their permission.
Within this net figure, 33 per cent are very concerned and 33 per cent are fairly concerned.
Men are very marginally more concerned then women (66% verses 65%) and those aged
45-54 (71%) are the most concerned demographic.
Regionally people in Wales and the South West were the most concerned (69%) verses 63
per cent in the South East.
This survey was conducted on the 19 –20 April, six days before Sony admitted that a
massive data breach had occurred giving hackers access to over 100 million customer
details including names, addresses, dates of birth, passwords, security questions and in
35 33% 33%
some cases payment card details. We can only surmise that the level of concern would be
higher today given the widespread media coverage and the fact that three million Britons
30
were affected.
25
In the aforementioned ICM research (see page 12) ‘identity fraud’ was ranked as the sixth
(4%) issue that people feel ‘most’ at risk from. As an issue this puts it behind ‘financial
20
hardship’ (23%), ‘illness’ (15%), ‘unemployment’ (7%), and ‘driving accidents’ (4%), but
ahead of ‘burglary’ (3%). 16%
15
When ICM asked what would worry them if someone used their personal information 12%
without their permission, nearly half (47%) said that having to pay for communication and
legal costs would worry them, but not knowing what to do was selected by nearly a third
10
(29%) of people as the thing that would worry them the most.
5
Q:How concerned, if at all, are you about having your password protected information
accessed without your permission? 0
All responda
35 33% 33% Very concerned
Fairly concerned
30 Neither concerned nor unconcerned
Fairly unconcerned
Very unconcerned
25 Don’t know
20
17%
16%
15
12%
10
5%
5
1%
0
All respondants
Very concerned
Fairly concerned
Neither concerned nor unconcerned
Fairly unconcerned
Hacking - how accessible is it? Very unconcerned May 2011
Don’t know
15. 14
People are aware that hacking tutorial exist on the Internet
Although not generally publicised in the mainstream media, there is a general level of
awareness that these types of hacking tutorials exist online. Three per cent of adults have
seen hacking tutorials online and a further one per cent has admitted to using them.
13 per cent report they have never seen a tutorial, but are aware they exist.
Men are more likely than women to claim to have seen an online tutorial (4%), personally
used one (2%) and know they exist (17%).
Respondents aged 18-24 are the most likely to have seen this type of material (10%) and
aware that they exist online (24%). People in the south east are the most aware of the
existence of hacking tutorials online (17%).
Generally speaking, respondents in the April ICM research felt the most common ways
people could obtain personal information was online via someone hacking into their
computer (62%), through a fake or non-secure website (56%) and during a purchase or
other transaction (53%). Interestingly consumers seem very aware of the value of paper-
based material with over half of people believing personal information could be obtained
via a domestic burglary (51%), from household rubbish (50%) and from postal mail (43%).
Consistent with the growth in smartphones, 16 per cent think their personal information is
at risk from this type of device.
Q:Have you ever come across tutorials on the internet telling you how to access someone’s
password protected information?
100
86%
80 75%
60
40
20 17%
10%
4% 2%
2% 2% 1% 2%
0
Male Female
All respondants
Yes, I have seen a tutorial online
Yes, I have seen a tutorial online and used one
No, I have never seen a tutorial online but I am aware they exist
No, I have never seen a tutorial online
Don’t know
Hacking - how accessible is it? May 2011
16. 15
An overwhelming majority do not think this material should be100
online
Not surprisingly, 87 per cent of respondent do not want this information to be 83%
available online. 80
91 per cent of women and 96% of people aged 65+ are against this type of content.
Conversely 16 per cent of 18-24 year olds believe online hacking tutorials should be made
60
available verses one per cent of people aged 65+.
Respondents in Scotland are the most opposed to this type of online content, but the
40
overwhelming consensus is one of general opposition.
Q:Do you think that tutorials that teach people how to access someone’s password20
protected
information should be available online? 9% 8%
0
100
100 Male
91%
87% By gender
83%
Yes
80 80 78%
No 77%
Don’t Know
60
60
40
40
20
9% 20
8% 6% 7% 16%
6%
4% 10%
8%
0
Male Female Total
0
All Respondents 18-24 25-34
100
96%
Yes 95%
By Age
90%
No
Don’t Know Yes
81%
80 77% 78% No
Don’t know
60
40
20 16%
12%
10% 11%
8% 8%
6%
4% 3% 3% 3%
1%
0
18-24 25-34 35-44 45-54 55-64 65+
All respondants
Yes
No
Don’t know
Hacking - how accessible is it? May 2011
17. 16
63% of people want hacking tutorials removed from the internet
Consistent with the view that the great majority do not think this type of material should
be available online, there is an overwhelming opinion that thinks this type of content
should be removed (63%), that it increases the risk of identity fraud (59%) and that the
Government should take action to remove ‘hacking’ tutorials from the internet (56%).
Just as worrying, just over half (53%) think people who come across this type of content
might be tempted to experiment and just six per cent think that people would not pay
any attention to this type of content.
Only one per cent of people believe ‘hacking’ tutorials are light hearted fun and nothing
to worry about.
Generally speaking people are more opposed to this type of online content the older they
are, for example, 75 per cent of people aged 65+ want hacking tutorials removed verses
54 per cent of 18-24 year olds.
People in Scotland are the most critical of this online material and are most in favour
of Government action.
Q: Below are some of the views people have expressed about online tutorials that teach people how
to access someone’s password protected information. Which, if any, of these statements, reflect
your views on these tutorials?
80
70
63%
59%
60 57% 56%
53%
50
40
30
20
10 6%
4% 4%
1%
0
All respondents
I think ‘hacking’ tutorials should be removed from the internet
‘Hacking’ tutorials increase the risk of identity fraud
I am concerned that ‘hacking’ tutorials exist online
I think the Government should take action to remove ‘hacking’ tutorials from the internet
I think some people that come across ‘hacking’ tutorials might be tempted to experiment
I do not imagine that many people would pay attention to ‘hacking’ tutorials
‘Hacking’ tutorials are merely light hearted fun and nothing to worry about
None of these
Don’t know
Hacking - how accessible is it? May 2011
18. 17
1.5 Conclusion
This investigation was prompted by the increasing number of hacking tutorials that are
appearing on social networking sites like YouTube; a number we calculate to be in the
region of 20,000 videos, with the top videos each having millions of views.
It is also timely given the recent news of the massive data breach by Sony, which must
rank as one of the largest data breaches in corporate history dwarfing previous examples
that have hit the headlines including when HMRC told Parliament in November 2007 that
the personal details of 25 million Britons had been ‘lost in the post’.
Using an IT training consultancy, Firebrand Training, we were amazed that a panel of
people with no previous information security training could be taught to download and use
hacking software in the public domain in order to capture users’ login details for various
online accounts including PayPal, Hotmail and Amazon in less than 15 minutes.
The technique demonstrated in the live session, known as ‘man in the middle’ hacking,
works by hijacking computer and wi-fi networks. As a user logs in to their online account,
their username and password appears on the hacker’s own desktop, allowing them to
store this sensitive information and access someone’s account – either immediately or at a
later date. A specific search for ‘man in the middle’ on YouTube returned more than 1,000
videos, with the top video being viewed more than 200,000 times.
The 14 minute classroom-style tutorial freely available online is undoubtedly a real concern
and we must consider that everyone is a potential target. These resources are only going
to grow and become more advanced, meaning that organisations and individuals must
take steps to protect themselves.
When we broadened the investigation and asked the general public their views on the
issue, over seven million adults claimed to have had their password-protected accounts
accessed without their permission with personal e-mails accessed, eBay accounts hacked
and card fraud the subsequent consequences.
Asked about how concerned they were about unauthorised access to their online
accounts, the majority of respondents said they were concerned and an overwhelming
majority wanted to see this type of content removed from online sites. Very few people
considered hacking tutorials as ‘lighted-hearted fun’ and most wanted the Government to
take action. The inability to police the internet from materials like this is undoubtedly one
of the downsides of the World Wide Web.
For both businesses and consumer it is important to keep anti-virus and firewall software
up-to-date and change passwords regularly. Also to use common sense – if security
warning messages appear in your browser, don’t ignore them as this could be an indicator
that your network has been hacked.
Data breaches, lost information and hackers’ illegally accessing data all pose a risk and it is
our attitude to how we proactively manage our identities that is likely to influence the
impact of the loss and severity of any fraud.
Hacking - how accessible is it? May 2011
19. 18
1.6 Appendix
Irongeek.com lists the top 25 hacking resources, as voted by its readers.
This highlights just how many resources are available!
http://www.securityfocus.com
http://www.packetstormsecurity.nl
http://www.sans.org
http://www.cert.org
http://www.securiteam.com
http://www.linuxsecurity.com
http://www.phrack.org
http://www.neworder.box.sk
http://www.slashdot.org
http://www.google.com
http://www.securitynewsportal.com
http://www.infosyssec.com
http://www.snort.org
http://www.honeynet.org
http://www.dshield.org
http://www.astalavista.com
http://www.whitehats.com
http://www.incidents.org
http://www.microsoft.com
http://www.iss.net
http://www.cisecurity.org
http://www.networkintrusion.co.uk
http://www.isc.incidents.org
http://www.grc.com
http://www.foundstone.com
Hacking - how accessible is it? May 2011
20. 19
1.7 Protecting your information from hackers
Michael Lynch is an identity fraud expert at CPP and offers the following advice to
consumers to help protect them from identity fraud. Michael is responsible for the UK
Identity Protection portfolio at CPPGroup Plc (CPP).
Michael has been with CPP for 14 years. His experience in financial services extends to
customer service, new product and market development and affinity relationships.
During his time at CPP, Michael has helped bring to market one of the UK’s market leading
services, Identity Protection, which now protects over one million UK consumers from the
consequences of this rapidly growing crime. In addition, Michael had used his expertise to
create a commercial identity theft product aimed at protecting businesses of all sizes. He
has also developed a strong understanding of consumer perception and reaction to
identity theft and its consequences. In addition Michael has been responsible for breaking
some major identity theft stories in the media, including the availability of fraudulent
documents online, car cloning, junk mail and postal theft. Committed to forging industry
co-operation to reduce the opportunities for identity theft he is leading the call for
consumers to change their behaviour to counter what is becoming an increasingly
sophisticated and intrusive crime.
Michael is media trained across print and broadcast and is available for media interviews
on the issue of identity fraud.
Hacking can threaten us every day of our lives – but not only when we’re sat in front of a
PC. From accessing Wi-Fi in a coffee shop or checking emails on a phone, through to
playing on a games console at home - there’s someone out there who’s learning how to
get closer to your personal information.
Top tips:
1. Change your passwords regularly - the longer and more obscure, the better
2. Leave a website if you notice strange behaviour (unknown certificates, pop-ups etc.)
3. Avoid transmitting sensitive data over public (free or otherwise) Wi-Fi
4. When seeking Wi-Fi connections: know who you are connecting to, be wary of
free Wi-Fi access
5. If using a smartphone: disable Wi-Fi ‘auto-connect’
6. If you are concerned about identity fraud, purchase an identity fraud protection
product to help you protect, prevent and resolve any incidents of fraud.
Unless you know your connection is secure, CPP recommend not communicating any
information or data that you wouldn’t feel comfortable shouting across a crowded room.
Hacking - how accessible is it? May 2011
21. 20
1.7 For further information please contact:
Nick Jones - Head of Public Relations
CPPGroup Plc
Holgate Park
York
YO26 4GA
www.cppgroup.plc
Tel: 01904 544 387
E-Mail: nick.jones@cpp.co.uk
Hacking - how accessible is it? May 2011
22. 21
CPP is an award-
winning organisation:
- Finalist in the Plc
Awards, New Company
of the Year 2011
- Winner in the European
Contact Centre Awards,
Large Team of the Year
category, 2010
- Finalist in the European
Contact Centre Awards,
Best Centre for Customer
Service, Large Contact
Centre of the Year
categories, 2010
- Winner in the National
Sales Awards, Contact
Centre Sales Team of the
Year category, 2010 1.8 About CPP
- Finalist in the National Corporate Background Information
Insurance Fraud Awards,
Counter Fraud Initiative The CPPGroup Plc (CPP) is an international marketing services business offering bespoke
of the Year category, customer management solutions to multi-sector business partners designed to enhance
2009 their customer revenue, engagement and loyalty, whilst at the same time reducing cost to
deliver improved profitability.
- Finalist in the European
Contact Centre Awards, This is underpinned by the delivery of a portfolio of complementary Life Assistance
Large Team and Advisor products, designed to help our mutual customers cope with the anxieties associated with
of the Year categories, the challenges and opportunities of everyday life.
2009
Whether our customers have lost their wallets, been a victim of identity fraud or looking
- Named in the Sunday
for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to
Times 2008
PricewaterhouseCoopers enjoy life. Globally, our Life Assistance products and services are designed to simplify the
Profit Track 100 complexities of everyday living whether these affect personal finances, home, travel,
personal data or future plans. When it really matters, Life Assistance enables people to live
- Finalists in the National life and worry less.
Business Awards, 3i
Growth Strategy Established in 1980, CPP has 11 million customers and more than 200 business partners
category, 2008 across Europe, North America and Asia and employs 2,300 employees who handle
millions of sales and service conversations each year.
- Finalist in the National
Business Awards, In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the
Business of the Year previous year.
category, 2007, 2009
and Highly Commended In March 2010, CPP debuted on the London Stock Exchange (LSE).
in 2008
- Named in the Sunday
What We Do:
Times 2006, 2007, 2008 CPP provides a range of assistance products and services that allow our business partners
and 2009 HSBC Top to forge closer relationships with their customers.
Track 250 companies
We have a solution for many eventualities, including:
- Regional winner of the
National Training - Insuring our customers’ mobile phones against loss, theft and damage
Awards, 2007
- Providing assistance to cancel and reorder customer’s payment cards should
- Winner of the BITC these be lost or stolen
Health, Work and
Well-Being Award, 2007 - Providing assistance and protection if a customer’s keys are lost or stolen
- Highly Commended in - Providing prevention, detection and resolution assistance to protect customers
the UK National against the insidious crime of identity fraud
Customer Service
Awards, 2006 - Assisting customers with their travel needs be it an emergency
(for example lost passport), or basic translation service
- Winner of the Tamworth
Community Involvement - Monitoring the credit status of our customers
Award, 2006. Finalist in - Provision of packaged services to business partners’ customers
2008
- Highly Commended in
The Press Best Link For more information on CPP click on www.cppgroupplc.com
Between Business and
Education, 2005 and
2006. Winner in 2007
UK Regional Card Fraud May 2011