Computer Hacking & Virus / Malware
When a fortune-teller stares into her crystal ball she claims to see through to the misty future and offers guidance to those willing to hand over the required fee. However, she might be stumped when faced with questions about the state of tomorrow's computer viruses, or whether or not there will be a global outbreak of cyber warfare. She ought not to be because, although the internet threat landscape is continually evolving, there are some basic principles that help us predict what's coming next.
Perhaps surprisingly, these hold the human condition at their core. A 21st century Mystic Meg should have no problems foretelling the digital future and we'll explain how you too can look into the future at internet threats. Anti Virus Companies like Symantec, GRISOFT etc have researchers that investigate current threats and new technologies with a view to discovering what the next big security problems are going to be, and they don't use crystal balls.
ITS ALL ABOUT THE MONEY, In the old days the original computer viruses were born of pride or misplaced curiosity. Anonymous individuals wrote computer code to show how clever they were, viewing security software as a challenge. If they could beat anti-virus programs produced by big names such as Symantec, McAfee etc then they would have outsmarted the experts. In some cases their motivation was increased as anti-virus (AV) programs improved over time.
Today things have moved up a few gears and every reputable security company acknowledges that money is the motivation behind the vast majority of online threats. Viruses, compromised websites hosting malicious exploits, fraudulent emails and phishing websites have all been designed to steal or generate money.
As we ponder the future of malware and other threats, we need to look at the matter in the context of criminal endeavour, rather than seeing online threats as a result of vandalism and other types of low- level dysfunctional behaviour.
Over the years it has became clear that a new underground economy has evolved in which our personal details are traded for cash on the internet. This situation not only continues today, but the illegal information gathering and trading systems have grown even more sophisticated. Criminal organisations provide services to others much like legitimate business. They sell hacking tools in a web-based arms market and operate escrow systems to ensure that the thieves don't rip each other off. Much of the criminal activity is based around malware, which forms the front line in the criminals' activity.
Some people create malware, others sell it, while underground services offer to check the latest viruses to ensure that they aren't detected by the software produced by anti-virus companies. It's a sophisticated arrangement, both in terms of business and technology. AV companies, spend a lot of time monitoring and interacting with c riminals as they go about their online business. They have something like an underground version of VirusTotal ( a website that scans URL's for bugs ), to check that their malware can avoid detection, as well as services to monitor botnets. Botnets are potentially vast networks of compromised computers - PCs owned by regular internet users. They are part of the cybercriminal's IT infrastructure and are the equivalent of a traditional gangsters Muscle. Botnets provide masses of computing power as well as the ability to bring down the websites and internet connections of large companies. They can be used to send out billions of spam emails, infect websites on masse and even host transient infected websites that come and go, making them very hard to take down.
In the worst cases (for the individual visitor), it might try to load malware on to their computer. Once malware is loaded on a system, the computer can be used as a tool to spy on its user. This means that usernames, passwords, bank account details and other sensitive data can be siphoned off and sent to the attacker.
Although you might think that this is the end of the story, the criminals who install the malware may not have a direct use for your data. I have read Symantec's latest internet threat report. In it the company discloses that criminals compile lists of credit card numbers and bank details, which they sell off in huge lists. However, the availability of cards has dropped since last year, while demand remains high. This has increased the cost of buying the information. The report also notes a disturbing new development whereby criminals are trading dump tracks' - the whole information found in the magnetic stripe on a credit card. This data can not only be sold for a higher price than basic information, but it's also more usable as it can be used to create a physical replica of the card. Criminals are now advertising personal services and, in a perverse version of online business networking, researchers have found recommendations for people involved in money laundering and even for mules'. According to Symantec: "Mules are unsuspecting members of the public who have been duped into accepting funds into their accounts, or accepting stolen goods.
Like any other commodity, these people are traded on net forums by cybercriminals." At some stage a criminal will end up using these details to commit a fraudulent act, but it's likely that the data will pass through a number of hands first. lf and when your personal data is stolen online, it will often be passed from criminal to criminal before being used. Once in possession of a card, criminals may try to use it to buy goods. Alternatively, a criminal may leverage t he services of a cash-out' criminal. These people may charge nothing for their services that is the service of emptying your bank account- but take a commission on the transaction instead. The online criminals have a large number of potential targets to consider. Although their primary objective is to make money, there are a number of ways to do so, some of which are more subtle than others. criminals put a value on personal details for the purposes of ID theft, selling the data to ID thieves and even pilfering online games login details for financial gain.
WHO ARE THE TOMORROWS VICTIMS? Tomorrow's victims will be the same as today's. The only difference is that the criminals need to stay ahead of the game in order to compete with each other and remain profitable. Criminals will always go for the easiest targets first, looking for low-risk, high-return opportunities. This means creating a widespread threat that has the potential to affect millions of people. The hackers aren't going to single out an individual, but instead hope to catch as many random people as possible, collect their data and use or sell it for financial gain.
These regular people will likely have bank accounts and credit cards that can be stolen. Gamers often have online accounts that carry a high value there has been a thriving market in hijacking or emptying games accounts for years. Criminals might also try a targeted approach, where a specific (very rich) individual, company or group of people are faced with a highly convincing, customise d attack.
In the past, criminals have sent infected CDs and USB keys to workers at banks and other large organisations. Hardware keyloggers can then be used to record usernames and passwords. There have been fears that last year's attack on the recruitment website Monster furnished criminals with lots of personal information that allowed them to target people with powerful employment roles, such as CEOs of global companies. Targeted attacks can also use information gleaned from social-networking sites - a technology that has only become very popular in the last few years. Businesses themselves are another big target, although the scale of the problem is hard to assess. We only see the tip of the iceberg, There are probably documents containing zero-day exploits being sent around and so on, but companies won't go public when they're attacked.
Social engineering has repeatedly proven to be a useful technique for fooling people into taking unwise actions. The criminals trick victims into visiting fake or infected websites, downloading and installing harmful software and even responding to near-blatant attempts at fraud. This last con trick involves sending emails requesting your help in some matter, with the promise of delivering millions of dollars for no work at all.
Security companies claim that infected websites constitute the largest single threat at the moment, The general assumption is that these are legitimate websites that have been infected without their owners' knowledge. The sites are hacked and a small piece of infected code, or a special type of (iframe) link to another infected site, is inserted. When a computer loads the web page, it becomes infected.
There is also a view that sites being operated by less moral individuals may host malware on purpose. Porn websites are hosted by those with a flexible ethical framework, They are more likely than some to host malicious iframes in order to gain a few dollars per installation of malware.
Viruses and infected websites that attack consumer electronics as well as computers are likely to be a feature of future cyber attacks. Currently computers are the main target for online criminals. The PC and, to a much lesser degree, the Mac are both attacked because lo ts of people use them for online banking and other tasks that involve handling valuable information.
Tomorrow's targets will be the devices that people use for similar activities. This means that the PC is going to stay at the top of the hacker's hit list for a long time to come. If a certain type of mobile phone became a popular way to access online banking, then you can guarantee that criminals would start to produce malware designed to target and compromise them. From a criminal's point of view, hardware is a much less important consideration than software when building an attack mechanism. For example, a modern Mac is exactly the same as a PC under the hood. The very same processors, RAM, graphics chips and hard disks are used in both computers these days. The difference is the operating system. Macs run OS X while PCs run completely incompatible variations of Windows or Linux.
As most computers in the world run Windows, criminals concentrate on bre aking into Windows PCs. The more popular Macs become, the more attractive they are as targets. Mobile phones don't share the same relationship as Macs and PCs. Even different models from the same company use different combinations of hardware and software.
This means that there's such a wide selection in use at any one time that a hacker would have to write many different viruses, worms or other threats to catch a significant number of victims. In this situation, variety is a defence. Once people settle on a specific mobile phone, however, it becomes worth hacking. ( could the iphone be a target ? ) Many of the best-known antivirus companies produce an anti-virus product for one or more types of mobile phone, yet they generally admit that the threat in this area is either very low or even non-existent. Mobile phone malware is in its infancy There are millions of viruses and Trojans that target PCs. Mobile phone viruses number in the few hundreds or maybe early tho usands. There is still such a disparity of environments: iPhones, Windows Mobile, Symbian, BlackBerry, Android and others. There is too much variety for malware to function.
Software is much more important than hardware. Today's hackers concentrate on the underlying operating system (such as Windows XP) and common applications that they can access. At the moment, attractive applications include web browsers as well as software that web browsers use, such as Adobe Flash and Reader programs. In recent months security holes have been found in versions of these programs, as well as Microsoft's Internet Explorer web browser. When we try to predict the future of internet threats, we can be sure that these types of programs will be targeted.
The only variations will be the hardware used to run the web browsers and necessary plugins. Do you believe that your TV could be hacked? Or your games console? The latest versions of these domestic home entertainment syst ems often include the ability to access the internet, so that they can use BBC iPlayer, YouTube and other popular services. If your TV has a web browser, then it would be foolish to assume that it was invulnerable to an attack. Before you ban TV from your household, remember what we said earlier about attractive targets. Once you and half the popular start banking online with your TV or PlayStation, only then will the hackers move in. And they will. I reckon we'll see anti-virus software being installed on TV sets within the next five years. The traditional view of a hacker attack involves a computer system being manipulated by an unauthorised and external force. So how could your TV could be hacked if it lacks a hard disk or any internal storage at all? Where would the viruses be stored, for example? Similarly a games console doesn't seem to provide a very rich environment for a criminal to exploit. This means that while your PC, TV or console may not be hacked, the data th at flows between it and the computers on the internet that power the services you use could be stolen or corrupted. This is known as data cloud hacking.
IS THERE NO ESCAPE ? The usual way to make money with TV broadcasts is with advertising. The advertising system itself could be subverted and used either to make money directly or as part of a blackmail scam. The internet-enabled TV initially has no financial value, What money can criminals make? They could show you a commercial that may be clickable. This way, people's identity data can be stolen. If you don't click the ad you may be threatened with the prospect that pornography will pop up on screen when your children are watching.
The term cloud-computing is quite vague. These days it tends to mean running applications directly on a server. This isn't a new concept for businesses used to dealing with email and web servers. However, the idea of running an application such as a word processor in the cl oud is novel for most people as we're used to such programs being software that runs on the computer sitting in front of us.
When you use Google Docs to create and edit word-processing or spreadsheet documents, you're experiencing what most people consider to be cloud computing. You should already be able to see some of the security issues surrounding cloud computing. First of all, your data is stored on a remote computer under someone else's control. Every time you access that data you have to authenticate with a remote system, which means that your username and password probably traverses the internet. After you log in, parts of any file that you access also moves through the internet.
This potentially exposes your account and its contents to wrong-doers far more than if you stored your photos, documents and email on your hard disk. However, it's convenient to work this way as you can access your data from any computer that you like (which is also ano ther potential security flaw) and, in some cases, you can use lowpowered computers to run demanding applications because they use the processing power and memory of the service provider's systems rather than the resources of your own IT setup.
The big challenge to companies that provide internet services is to ensure that customers' data remains safe. Services need to identify where data comes from and where it should go. They need to protect against man-in-themiddle attacks, where attackers intercept data as it passes by. Cloud services are not currently developed in this way and can be fooled. Tomorrow's internet attackers will be sophisticated and realistic. They won't spend hours trying to hack your mobile or TV while there are easier options available.
As long as we continue to use PCs to access online banks, buy from ecommerce sites and play complex subscription-based games, so the bad guys will continue to attack via the home computer. Recent his tory shows that social engineering, where victims are fooled into making poor decisions, is a very successful route to separating us from our cash and personal details. Technical solutions' such as internet worms and Trojans embedded in pirated software still exist, but it's those fake emails, infected websites and even infected email attachments that will continue to pose a real threat for the foreseeable future.
We also know that security software is not a cure-all solution. And few security companies would be brave enough to claim that they were winning the war against malware. Nevertheless, an anti-virus program will help protect your system. FREE ANTIVIRUS SOFTWARE If you don't want to spend any money we recommend Microsoft's latest free anti-virus program, Security Essentials but for better protection you need to splash out, and currently any of the following are good choices: Norton Internet Security 2010, AVG Antivirus, AVG Internet Security.
It is also important to keep your system up to date with the latest security patches. This means updating Windows, your web browser and plug-ins such as Adobe Flash and Acrobat Reader. Fail to do this and you can't really blame your anti-virus software if your PC becomes infected. While the days of safe computing are probably a nostalgic fantasy (bugs have existed for as long as computers have), it's not scaremongering to say that today things are far worse than they ever have been, and the problem isn't going to disappear.
There is some good news. While the online criminals engage in a virtual arms war against security companies, sell our data for pennies and cost companies billions in lost or stolen revenue, the main security hole is our own gullibility. If you become more suspicious of email requests to change or confirm account details, popup warning messages on websites and too-good-to- be true offers, then you're way ahead of the herd. And hackers are only int erested in the herd.