Despite cybersecurity being big news almost every day, the truth remains that a vast amount of people still make little (or no) effort to protect their home computers, smartphones, or tablets from attacks. Sadly, what many people do not seem to realise is that criminals only hack homes (or corporations) because they intend to make money from the information they steal.
A perfect example of the enormous financial gains that criminals can make hacking came yesterday from respected digital security company Kaspersky, a Moscow-based firm that makes antivirus software. According to the firm, cyber criminals working inside Russia have been responsible for the theft of $790 million in just the last three years. Incredibly, according to the firm that money was stolen by as little as 20 operatives – the crème de la crème of Russia’s cyber criminal ranks – whom it is feared may have recruited around 1000 new hackers into their fold during the same period.
With only 160 cybercriminals arrested in Russia during those three years (according to official police figures), it is easy to understand why the company might foresee problems ahead. It is also easy to see why if you are one of the people who do not take Internet security seriously (or know somebody that doesn’t) 2016 is definitely the year to make it their new year’s resolution to change – and change radically.
Only a fortnight ago, Symantec revealed that 609,239 British people’s personal details were being sold on the Dark Web for as little as $30 each – disturbing figures that were backed up by the UK government. Malwarebytes uncovered two big malvertising scams in the last month alone – one that was aimed at a possible audience of 2 billion home users. Cyber criminals were this year found to be intercepting home-sellers emails in order to defraud them of hundreds of thousands of dollars.
It goes on. A month ago the National Crime Agency in the UK was urging people to better protect their computers after it was revealed that a virus was giving hackers access to bank accounts from which they had syphoned £20 million. Then there was the case of hackers infiltrating Apple’s iOS mobile operating system this year – achieved with malware in fake versions of popular apps such as Facebook and WhatsApp – with which the hackers stole vast amounts of user data before they were noticed. 2015 also saw the rise in popularity of ransomware, with hackers locking up systems more than ever before – until a price has been paid – a price that must be paid according to the FBI… If you want your system back.
The news goes on and on and keeps on coming as relentlessly as the Niagara Falls. Yet people still do nothing to protect themselves. Ask any of these people why? And the reason that they will most often give you is that they believe themselves to be ‘just one person amongst billions’ and that surely they ‘would have to be so unlucky to be targeted’ because they ‘haven’t got anything worth taking anyway’.
Unfortunately, it is this kind of mentality that is walking people straight into #theDigitalTrap – a trap largely of their own making – and which cyber experts are warning could ruin Christmas. According to those experts, this year Santa’s sack is going to be filled with more Internet-connected gifts than ever before. Gifts that they predict are going to give hackers a better holiday than anybody else. The reason for this, they argue, is the way that connected products often give hackers a method for getting into our home networks – opening us up to vulnerability from attack. Colby Moore, a security researcher at the cybersecurity firm Synack, says that amongst 16 connected products the company tested this year, there was only one that could not easily be broken into,
‘Really, the state of security on these things right now is pretty atrocious.’
Joe Loomis, the CEO and founder of CyberSponse agrees with this point of view, explaining that as well as opening people up to cross-device attacks, connected devices also allow cyber criminals to plan other crimes,
‘It’s almost like casing a bank. When somebody knows your behaviors and where you are going to be it’s easier to take advantage of their vulnerabilities. The other problem is on the privacy side. If somebody wants to take your video or your pictures and exploit it in some way or another, that’s another bad issue.’
One recurring problem is that often people do not think to alter the password that their connected device comes built in with. The reason for this is that products that make up the so-called ‘internet of things’ are regularly mistaken as being unhackable by their owners.
Last year, for example, a site was discovered showing the locations (and live video feeds) of 73,000 security cameras (11,000 in the US). Some places had as many as eight cameras all streaming footage from in and around the unsuspecting person’s home. The reason for the site (according to the site’s developer) was to ‘show the importance of security settings’. A subtlety that the security cameras’ owners apparently had not grasped – deciding as they had – to leave their security cameras with the default password they came with (most often something very simple like 1234).
Insanely, even when people do choose their passwords, they often choose ones that are extremely easy to hack. This year (as with every other year that it has been run) a consumer watchdog revealed what the most popular ‘weak’ passwords are – and as usual the findings were hilariously (and heartbreakingly) easy to hack.
The moral of the story? With the holiday period just around the corner, and so many connected products about to be delivered into eager hands everywhere – be sure to take a moment after unwrapping your gift to update it with a strong password. When purchasing gifts for your family, remember that there are no real industry standards for safety in connected products yet, as such you may want to choose products that are recommended.
“The best thing you can do is buy devices that are well established in the marketplace and buy devices that are backed by a real company who takes security seriously,” Synacks Colby Moore said.
Having chosen a product that you trust, remember to be aware of its connectivity and to treat it like other internet connected devices. This means getting the latest updates for it on a regular basis, to make sure that any security flaws discovered by the manufacturer – or vulnerabilities known to have been penetrated by cybercriminals – can be shored up.
Come Christmas day, remember to think about this article while you are unwrapping those toys. Remind all your family and friends that a connected device is for life and not just for Christmas, and let’s do our best to keep those hackers from turning your shiny new thermostat, drone, or kettle into a reason for tears before New Years Eve even arrives.