21 Jun 2013

The Importance of Security in the Internet Age

Cyber security is currently big news. Reports are published on a weekly basis describing cyber criminals’ attempts to access the personal details of internet users held within the databases of high-profile internet organisations.

Similarly, there has been a huge increase in reports of hackers gaining access to company’s content management systems or social media accounts in order to publish disinformation and propaganda. There also appears to be an increase in hackers initiating DDOS (distributed denial of service) attacks to paralyse the web operations of corporations around the world.

Hacking of websites

Last month, the BBC reported that Yahoo! Japan was hit by a sophisticated hack attack in which up to 22 million login names may have been stolen. This equates to around a tenth of Yahoo! Japan’s 200 million members.

A couple of weeks previously, the Financial Times became the latest news outlet to be hacked. In a statement on their website they admitted that they were targeted by the Syrian Electronic Army, supporters of the Syrian president Bashar al-Assad, following a phishing attack on the company’s email accounts.

An individual who said he was with the group interviewed on email by the FT last month said they would target the media of “all the countries who support the terrorists groups in Syria.”

The list of websites that have been targeted in 2013 is huge and includes the Pentagon, Congressional Offices, some of the world’s major banks, large tech organisations such as eBay, Intel and Cisco, defence contractors and energy companies to name a few. The hackers are using a number of techniques to access or debilitate online systems.

DDOS attacks

There has been growth in the frequency and intensity of DDOS attacks. A DDOS attack is an attempt to make a machine or network resource unavailable to users.

One common method of attack involves bombarding the target server with external requests, so that it cannot respond to legitimate traffic, or is so slow to respond as to be rendered effectively unavailable. Such attacks usually lead to server overload and downtime.

In the mainstream press, two groups, Anonymous and Lulzsec, have been identified as being responsible for the majority of high-profile DDOS attacks.

Anonymous is a loosely associated network of hacktivists and first became associated with ‘hacktivism‘ in 2008 following a series of attacks on the Church of Scientology known as Project Chanology.

Since then the group has targeted the government agencies of the US, Israel, Tunisia, Uganda, and others; child pornography sites, copyright protection agencies and corporations such as PayPal, MasterCard, Visa, and Sony in a series of DDOS attacks.

Lulz Security, commonly abbreviated as LulzSec, is another well-known hacker group. Lulzsec has claimed responsibility for several high profile attacks in recent years, including the compromise of user accounts from Sony Pictures to Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI and the Arizona State Police. Again, most of these attacks involved DDOS.

In March 2013 the BBC reported the ‘biggest attack in history’, when a row between a spam-fighting group, Spamhaus, and Cyberbunker, a hosting firm, sparked retaliation attacks affecting the wider internet.

Spamhaus is an international nonprofit organisation whose mission is to track sources of spam on the internet’s spam in order to provide anti-spam protection for internet networks. They work with law enforcement agencies to identify and pursue spam gangs and lobby governments for effective anti-spam legislation.

Spamhaus alleged that Cyberbunker was in cooperation with “criminal gangs” from Eastern Europe and Russia who were responsible for web and email spam. A statement on the Cyberbunker website claimed that Spamhaus was not able to prove any of these allegations.

It’s not only the targeted sites that are affected by these assaults. It was claimed by some that the internet itself was brought to its knees as a result of the attacks.

Kamphuis’ attack on Spamhaus “almost broke the internet” according to infrastructure-as-a-service (IaaS) cloud provider CloudFlare.

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cyber-security expert at the University of Surrey.

“If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps,” he told the BBC. “With this attack, there’s so much traffic it’s clogging up the motorway itself.”

Dan Holden, Arbor Networks’ director of security research told the BBC that “the largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 Gbps. Obviously the jump from 100 to 300 is pretty massive,” and that “there’s certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like.”

Hacking of social media accounts

Hackers like the Syrian Electronic Army don’t appear to be issuing empty threats. The same group was apparently responsible for hacking other news provider’s accounts.

The official BBC Weather Twitter account, @BBCWeather, was also hacked by the group. The hacker used the attack to to spread propaganda in support of Syrian President Bashar al-Assad. @BBCWeather account, which has nearly 60,000 followers, began tweeting uncharacteristically political messages, “BBC pursued political lying and fabricating news for the Syrian affair…Now we will publish some of the truth about the “revolution” alleged Syrian”.

The BBC was not the only news provider to be compromised. The Twitter account of the Associated Press was also hacked last month. In this instance, the hacker tweeted out “breaking” news of a White House bombing that injured President Barack Obama.

In this hyper-connected world, a breaking news tweet such as this one has the ability to cause panic and destabalise markets. This particular tweet caused the Dow Jones Industrial Average to drop 1% to 14,567, from 14,697. While this only lasted a few minutes and markets quickly bounced back and stabalised, this highlights the real-world consequences of virtual events.

In March 2013, online information storage firm Evernote asked all users to reset their passwords, following a security breach by hackers. The California-based company, that allows people to store and organise personal data on their servers, is thought to have about 50 million users.

While Evernote admitted the security breach and confirmed that usernames, email addresses and encrypted passwords were accessed, it insisted there was “no evidence” that payment details or stored content was accessed, changed or lost.

The list of organisations that have been targeted by hacking attacks is growing daily – and includes firms that are at the forefront of technology. One would expect some of these companies to have sophisticated defences against these attacks –  the likes of which include Google, Microsoft, Facebook and Apple.

Attacks are also being waged on governmental departments. In January 2013, the U.S. federal sentencing website (ussc.gov) was infiltrated by the ‘hacktivist’ organisation Anonymous – who used the site’s homepage to make a brazen and boisterous declaration of “war” on the U.S. government.

A U.S. government computer vulnerability database and several other websites at the National Institute of Standards and Technology were taken down earlier this year when malware was found on two of the organisation’s web servers.

The irony of this hack was not lost on security professionals. Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information.

“Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!” he stated.

Often, the victims are completely unaware of the breaches. Yahoo!, for instance, stated it did not know for sure that the file had been taken but told AFP it could not “deny the possibility”.

Hacking of email accounts

Websites that are publicly accessible may be easy targets for hackers but attacks are not limited to public-facing sites or social media accounts.

Yahoo!, the world’s third largest email provider, was also hacked by spammers in January 2013. The group claimed it had fixed the problem, but embarrassingly was hacked again two months later.

The FBI moved to shut down the operation after a Channel 4 News investigation revealed accounts around the world had been broken into. The hacker was understood to live in the Russian Federation.

Google’s Gmail users also became victims of email hacking. “In 2010 … we saw a large increase in fraudulent mail sent from Google Accounts,” wrote Mike Hearn, a Google security engineer. “In turn, our security team has developed new ways to keep you safe, and dramatically reduced the amount of these messages.”

“Every day, cyber criminals break into websites to steal databases of usernames and passwords—the online ‘keys’ to accounts,” Hearn wrote. “They put the databases up for sale on the black market, or use them for their own nefarious purposes. Because many people re-use the same password across different accounts, stolen passwords from one site are often valid on others.”

“We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time,” he continued. “A different gang attempted sign-ins at a rate of more than 100 accounts per second.”

Hacking of mobile devices

Spammer, scammers, trolls and internet vandals, seemingly unsatisfied with simply defacing websites and delivering spam email to unwitting recipients, are now also targeting mobile devices.

At the end of 2012, TechRadar reported that the UK’s most popular mobile operating system, Android, was vulnerable to a remote wipe attack.

An Android developer/researcher discovered a flaw in the way Samsung phones like the Galaxy S2 and S3 interact with unstructured supplementary service data (USSD) code.

Ravi Borgaonkar, the researcher who identified the issue, said most phones require users to hit the “dial” button before completing the code, but Samsung’s unique TouchWiz interface means their devices do not.

This makes Samsung’s handsets vulnerable to a string of malicious code that can not only erase a SIM card in its entirety, but can also restore a phone to its factory default settings remotely”, he stated.

In both instances, the action happens without warning, and can wipe all the data stored on the device before a user even knows what has happened.

The iPhone is also not immune to attack.  In March 2013, web security firm SourceFire issued a report called “25 Years of Vulnerabilities” that charted the Critical Vulnerabilities and Exposures (CVE) of various software and mobile devices. A CVE is “the international standard for vulnerability numbering or identification” security companies use to chart exploits.

Hacking of Wi-Fi networks

Most people are aware that they need to secure their home and business Wi-Fi against hack attacks. The ease with which data can be stolen from unsecured Wi-Fi networks was highlighted in 2010 when Google was accused of accessing personal data from Wi-Fi networks without users’ consent using cars that were meant to be taking street-level photos for its online mapping service Google Maps.

The company blamed the intrusion on a rogue engineer who rigged a data-collection program into equipment that was supposed to only detect basic information about local Wi-Fi networks to help plot the locations of people using its mapping service and other products.

However, even secured Wi-Fi networks can be compromised by criminals with the determination and skill to do so.

In April 2013, research firm Independent Security Evaluators reported that the most popular home wireless routers can be easily hacked and there’s little you can do to stop it. In 2011, one firmware vulnerability affecting six hardware manufacturers combined with two malicious scripts and 40 malicious DNS servers to attack 4.5 million Brazilian DSL modems, with the goal of stealing bank and credit card information.

Craig Heffner, a vulnerability analyst at Maryland-based Tactical Network Solutions, said that he isn’t familiar with the Brazil story but isn’t surprised by it. “In a lot of countries, there’s only one or two ISPs, and you get whatever router they give you,” he said. “They often enable remote administration by default, so any vulnerability would be amplified.”

Darren Kitchen, founder of the Hak5 security and tinkering show and a maker of Wi-Fi penetration-testing devices, said he isn’t surprised by the results of the study. Routers are “low-powered devices, mostly made in China and Taiwan, and they’re rushed out the door. There’s not a consumer demand for security; it’s not a feature that will sell it”, he stated.

A real threat or empty hyperbole?

Apart from the hackers themselves, there are other organisations that stand to benefit from the increased reporting of hacking attacks and the resulting concern and action regarding internet security, notably suppliers of internet security software and hardware and government organisations who want to push their own agendas. But are these threats a huge concern or have we been deceived into ‘believing the hype’ regarding internet security and the ease with which hackers can gain control of our devices in order to obtain our personal details?

The Guardian’s Heather Brooke was critical of journalist’s lack of scepticism regarding the ‘biggest attack in history’ as reported by the BBC.

She said that “a lot of people have a lot to gain from peddling scare stories about cyber “warfare”. As with any type of politics it’s important to know precisely who is making the claims and what their interests are.

The “risk” of the entire internet breaking from such an attack is very small. That should have killed off the worst of the scaremongering headlines and alerted the sceptical reporter that something was afoot.”

Despite this criticism, the frequency and scale of recent attacks reported in the global media invalidates claims that the proliferation of hacking has been exaggerated. However, it should be noted that the theft of sensitive information and the abuse of corporate systems is not something new. All businesses expose themselves to risk when conducting operations offline and the internet is no different in this sense.

TranslateMedia is committed to providing a completely secure translation service to our clients. Our connections are encrypted using 128-bit SSL encryption. All your content, both pre- and post translation is strictly controlled and none of the content is sent by email or transferred externally without being encrypted to ensure that your documents are kept safe and secure.


Sign up to our newsletter

Get our blog articles straight to your inbox.