IT and Media – Hack Attacks
For the past couple of weeks the media has been dominated by stories about the hacking scandal. Of course, this story is all about the illegal hacking of voicemail on mobile phones rather than computers or websites, but that isn’t to say that hacking websites isn’t a major issue at the moment. In fact, as part of the phone hacking scandal, the Sun’s website was hacked and a false story about Rupert Murdoch being found dead was planted on the site.
Of far more significance is the hacking of the Sony PlayStation site a few months ago in which the account details of over 100 million users were taken. More alarmingly, thousands of credit card details were also allegedly stolen. At the same time, one of the CIA websites was hacked as was that of SOCA, the Serious Organised Crime Agency. The question is should Sutton Coldfield residents be worried?
On the face of it, there are serious grounds for concern. Millions of us use internet banking and, with the unstoppable growth of online shopping, there are countless online credit and debit card transactions every day. Surely, if it is so simple to hack into commercial websites, we are at constant risk of having our money stolen. In reality there is no reason to panic. The first thing to consider is the motivation of the people doing the hacking. Most of the large scale attacks reported in the news recently have been performed by a group called Anonymous, a loose alliance of hackers located all over the globe. In the past couple of years a faction of Anonymous called LulzSec has emerged; LulzSec claimed responsibility for the Sony attack, hacking the Sun website and several others besides. The hackers’ aims are political rather than criminal; invariably they are targeting the organisation that owns the website rather than its customers.
The next issue is the level of security on the websites that are targeted. Sony was hacked by means of an SQL attack, a fairly unsophisticated technique that has been around for years. To have credit card details stored on a site with such a low level of security is not going to inspire a lot of confidence but Sony argue that the primary purpose of the PlayStation site is to enable users to play games against each other, not to conduct ecommerce. Internet banking has an extremely high level of security. As well as username and password protection there is usually a one time code security device and, in addition, most banks also provide free anti fraud software to stop the baddies getting their hands on your hard earned loot. Ecommerce sites are similarly secure. As long as there is a padlock sign to the right of the URL bar you can be confident that the site is pretty much un-hackable. Once again, most banks and credit card companies offer additional security software; Capital One, the credit card provider, is currently working on security software that will be future proof for the next twenty years.
Of course, if someone can steal your card details without your knowledge, from the Sony PlayStation website for instance, they could potentially use your card to buy goods and services online. First they would have to get through the anti fraud security and, even then, the liability for any losses would lie with your bank or card provider. The greatest danger still lies in fisching, sending fraudulent emails to get Sutton Coldfield residents to provide their account details. Remember, no bank or card provider will ever send an email asking for your logon details. The only people who are really at risk from the hackers are the owners of the websites who may well not want their dirty laundry aired in public as Wikileaks is prone to do. It is little surprise that Anonymous and Wikileaks are closely aligned.