Cyberwars may sound incredibly scifi-based but governments are bracing themselves for the new computer frontier. Pavla Tolonen wonders if we’ll all survive.

As we get richer, lazier and more likely to surrender in a fight due to our sugar and carb-infested existence, we are also more prone to complain online and avoid real combat in any way possible. This behaviour, apparently, may also apply to actual warfare.

Governments across the globe have no doubt already solidified a selection of cybercrime policies, but now reports are trickling in suggesting that real war conflict may be settled online.

Now, we’re not talking about Mikhail Saakashvili taking on Dmitry Medvedev in World of Warcraft or Command & Conquer, but a fully-fledged attack on global databases, and they say it has already begun.

This month’s DDOS (denial-of-service) attacks on micro-blogging site Twitter showed how significantly a global network of millions of users can be disabled in a mere matter of seconds. Yet, still, experts are cavorting in the exuberance of cloud computing, in which users store data online.

Fair enough, it may be efficient and probably quite safe, but where are all the users who cry about user’s rights and the horrible tentacles of big brother. Surely keeping all your important documents on a foreign server far away from your own reach is simply you handing them over, nonchalantly hoping they will never be accessed and tampered with. Don’t be fooled, free email accounts really do have a price - they tax your prerogative.

To be fair, cloud computing is certainly an effective way to share software and interoffice documents, but as service providers increase their capacity to uphold more facilities online, we should not entirely follow by keeping all our activities on their server.

Service providers do not ultimately owe you anything as you are a free consumer, therefore you are entrusting them with your information with no real leverage. As you owe them for the service, they can take the right upon themselves to control the system, and all your information.

Of course email account providers like Yahoo, Hotmail and GoogleMail guarantee your personal details, but the bigger their data bases become, and the more they move towards comprehensive cloud computing, the higher the risk is that somebody attempts to attack them for it.

So with computing, just like anything else, remember to spread the risk over several sources. Buy an external hard-drive (or at least a USB stick), invest in more than one email address and keep any important printed files at home.

Image credit: tnarik

Pavla Tolonen reports on the DDOS attacks that have crippled Twitter, the micro-blogging service.

Micro-blogging site Twitter crashed today leaving 24 million visitors without access to the website. Twitter was hit by numerous denial-of-service attacks (DDOS) at 3 PM (GMT), and while the website reappeared active for a time, it failed to allow users to log-in.

Described by The Guardian as the technological equivalent of ringing a door bell and draining the person who answers of a huge chunk of energy, the attack seems almost too harmless to be true.

It seems evident that hitting Twitter with such a vast amount of DDOS attacks would prepare a hacker, or indeed a team of hackers, for another coup, on another website which has far more valuable information. The age-old blackmailing technique is another DDOS attack favourite, shutting down whole websites before key events or fundraisers, and demanding a considerable fee to cease attacks.

Twitter has never been hit before, but perhaps it was just a matter of time since the company has grown exceptionally in the past year. London, according to Ofcom, is the most Twitter-subscribed city in the world with 2.4 million users.

Image Credit:barnoid

Clueless or cunning -  it’s hard to tell with Gary McKinnon. Pavla Tolonen weighs out all the elements.

The ever-important task of changing your passwords regularly may seem tedious, but this delicate task could easily be the most important thing you do in terms of online security - especially if you are the US government.

After being arrested in Britain in 2002, indicted for eight computer-related crimes in the US, and losing several British and European High Court appeals, Glasgow-born Londoner Gary McKinnon may now face a 70-year prison sentence for hacking into US government intelligence.

The 43-year-old, who has Asperger’s syndrome, claimed he was looking for the truth about Unidentified Flying Objects (UFOs), and could not resist the temptation of breaking into US governmental files after discovering clear loopholes in their security system. Many officials, he said, had simply ignored the need to change their default passwords – a classic rookie mistake.

McKinnon told the BBC in 2005: “I found out that the US military use Windows and having realised this, I assumed it would probably be an easy hack if they hadn’t secured it properly.” More recently he said he was on a “moral crusade”, leaving messages behind insulting the US security system. Clearly he was not concerned about disguising himself as he used his personal email address.

The US government has cited $800,000 (£487,000) worth of damage occurred between 2001 and 2002 because of McKinnon’s hacking – a figure which he disputes. The American authorities are particularly sensitive about the time proximity of the breech to the 11 September 2001 New York bombings.

McKinnon’s Asperger’s syndrome, a rare form of autism comprising of an obsessive nature and naivety regarding logical thinking, like consequential thinking, has been keenly noted by the press. Celebrities such as Trudy Styler and Sting have protested for his release on the grounds of him not being able to cope with prison like a “normal” person.

Although McKinnon has lost his final appeal against extradition, campaigners speaking on his behalf say Home Secretary Alan Johnson could use his clout with the American officials to influence the outcome. Johnson has denied this possibility, saying that this would be against the US-UK extradition laws. He’s probably right, as long as he can guarantee McKinnon will not be tried as a terrorist.

A website demanding he be tried in Britain, instead of the US, where his family and friends believe he will be treated like a terrorist and possibly sentenced for 70 years in prison, has been set up as www.freegary.org.uk. The Home Secretary told The Daily Telegraph that McKinnon would clearly not serve any sentence in a “supermax” prison.

Image credit: www.freegary.org.uk

The temptation to snoop online might be strong for some but it comes with a price. John Hillman on the latest celebrity malware vector

The internet provides opportunities to indulge our curiosity like never before; unfortunately this includes our capacity for snooping around in other people’s private lives, a less than admirable human trait.

Cyber criminals, never slow to recognise an opportunity, are more than aware of this fact and happily use our inherent nosiness to exploit gullible people into downloading malware with the simple promise of a video containing a naked celebrity.

It beggars belief that such a crude system actually works but even in 2009 it seems that there are still thousands of you out there who just can’t resist a click, no matter how unlikely the promise sounds to a rational mind.

Over in the US this has been emphasised by the recent appearance of a video reportedly showing an ESPN reporter called Erin Andrews cavorting around in her hotel room with no clothes on. Erin Andrews is apparently quite attractive – a sort of Hollywood version of Gabby Logan.

As you can imagine this caused quite a stir with US “sports” fans, so much excitement in fact that some of them actually awoke from their beef-and-cola comas long enough to start trawling the internet looking for said video.

What happened next? Malware, lots and lots of malware, downloaded via a link that promises the content once you have installed a video player. Many people (well, men probably) have been fooled by the use of a web page that looks like it belongs to CNN, lulling them into a false sense of security.

The lesson here is a very simple one: promise of naked celebrity + free video download = broken computer. You have been warned.

—————————————–

Image Credit: Robert.Montalvo

With more and more hotels offering free Wi-Fi services you may be tempted to take your laptop with you on holiday, but beware when using open networks, says. John Hillman

Free Wi-Fi is great, lounging around in your hotel room or on the beach, you can upload photos onto Facebook, give all your friends a real-time commentary on how much fun you’re having while they’re stuck waiting for a bus in the rain, and keep updated with sports without having to pay 3 Euro for an abridged copy of a dodgy newspaper.

But there are dangers when you log onto an open network, especially as hacking is now such big business and large open networks such as the ones found in hotels are a fertile hunting ground for hackers looking for personal information.

For extra safety whilst on holiday McAfee’s Tracy Mooney recommends taking the following precautions:

PC users

1. Make sure you have a current subscription to an anti-virus program and that it has a Firewall which McAfee Total Protection does have.
2. Make sure banking/financial passwords are different from any other passwords. Don’t save passwords so it automatically logs in
3. Before you log on, look for/ask for the exact name of the Wi-Fi you want to connect to so you don’t connect to a hacker instead.
4. Turn off automatic connection to a network so your computer doesn’t connect without your knowledge. (It also saves battery life.)
5. Only log on to bank/financial sites when you are on a secure connection such as at home.

Mac Users

1. Make sure banking/financial passwords are different from any other passwords. Don’t save passwords so it automatically logs in!
2. Check your settings:
• Go to network Preferences > By Default > join “preferred networks”. Edit your preferred network SSID’s to include only trusted sources.
• Next click “Options,” and make sure “ask before joining an open network” is selected.
• Check the “Require Administrator Password to change networks” box, and deselect the option to automatically add new networks to the preferred list.

——————————————————————————

Image Credit: pink fish13

Billions of people around the world use computers but still don’t really know what a virus is or how to recognise one. John Hillman tries to help with the basics.

Viruses are a pain to understand, what are they? Who makes them? How do I know if I have one?

These are the kinds of questions people ask themselves only to go online in search of answers and be bombarded with geek speak; directed to tech blogs written by people who obviously don’t do face to face communication unless summoned by a judge.

So to try and help those of you wondering how these strange ethereal bug thingies work, here’s a few tips to look out for when running your PC.

1. Is your computer running slower than normal?

2. Are you seeing unusual error messages?

3. Are you seeing distorted dialogue boxes and menus?

4. Is your computer not responding or locking up?

5. Is your computer restarting on its own?

6. Is your computer crashing and restarting on its own?

7. Are your disk drives inaccessible?

If the answer to any of the above is yes then you may very well have an infected PC, so you will have to run some malware removal software and make sure that you install some good up-to-date antivirus software too.

Most viruses are actually quite harmless; there are those that do real damage and try to steal personal information, and those that just slow you down. Ultimately it’s down to you to stop your PC catching the equivalent of a cold, think of anti-virus software as giving it a good diet, vitamin supplements and plenty of exercise.
———————————————————

Image Credit: bodycoach2

Internet crooks have developed into mature business people, claims a new report. Peter Moore reports.

A report released by Cisco Systems, the giant US networking multinational, has warned of the growing sophistication of cyber criminals.

The report claims that online crooks are increasingly adopting proven business techniques that enable them to work more efficiently, make more money and fool more people.

‘Capitalism is a powerful force,’ said Patrick Peterson, a spokesman for the company in their mid-year security report. ‘These criminal types are collaborating with one another… sharing resources, renting out botnets and forming alliances.’

The report depicts a radically different criminal type. No longer do they operate from underground dens, but they work in offices and apartments, demonstrating the type of thinking that would more often be associated with MBA students, not the members of a criminal gang.

The report says that online criminal gangs are now dynamic and fast-thinking. They have the resources and experience to seize opportunities offered by breaking news stories – the most recent example of which is the story of Michael Jackson’s sudden death.

‘We use Michael Jackson as a quintessential example,’ said Mr. Peterson. ‘When the media was in the air and scrambling to cover his death, the bad guys were coming up with creative news copy that tried to persuade users to click on a photo, video or memorabilia to trick the user onto an infected site.’

And Cisco said it had detected a rise in the number of such malicious tricks over the past few months. In May 2009, 249 billion spam messages were sent across the Internet, the third highest volume in history.

Although the report depicted a gloomy picture, amid rising global threats from an increasingly organised criminal element, Mr. Peterson argued that the past year had seen many improvements antivirus, anti- spam and anti-phishing technology.

Cisco’s position was backed by Kenneth Silva, the Chief Security Officer of Verisign Inc. In response to the Cisco report he said:

‘I don’t know how much money has to be stolen or how many people have to be hurt emotionally and physically before someone figures out there is a real problem here.’

image credit: mkosut

A new report my McAfee’s research team in Bangalore provides some interesting information on the re-birth of removable storage malware. John Hillman has a look at the details.

This month’s report from our friends in Bangalore, on the latest surge in removable storage malware, made for some pretty interesting reading.

The team explain how, long before we all came to associate viruses exclusively with the internet, floppy disks were the vectors of choice for attackers - under 25s should try to imagine a floppy disk as a square retro-ish looking piece of plastic about the size of a Sunday newspaper and capable of storing about one tenth of the information found therein.

It was no surprise then that once the internet revolutionised the way we sent and received information hackers gave up trying to build Rome with matchsticks and began spreading malicious code via e-mail instead.

Today, however, our removable storage devices, from digital picture frames to MP3s, are capable of storing more than 10,000 times more data than your old floppy ever dreamed of. So, it’s not really surprising that virus authors are once again beginning to recognize the potential of our plug-ins as an excellent means of randomly ruining everybody’s day.

This vector is being aided and abetted by our old friend AutoRun, because it automatically launches the content on a plug-in device without any prompting from the unsuspecting victim. Furthermore, many of today’s devices also happen to be what’s known as “smart”, meaning that they can run portable software programmes and boot operating systems.

The last few years have apparently been good for malware authors who use AutoRun to deliver their malicious payloads, with some truly worrying successes. A lot of this has been thanks to slack quality-control practices by hardware manufacturers, which caused many devices such as USB sticks, Picture Frames and MP3s to be sold to consumers with AutoRun malware preinstalled.

Such has been their success that the U.S. military was forced to try and ban removable storage devices, a task made virtually impossible by the necessities of troops in the field. But the most shocking aspect of the report has to be news that an astronaut on the International Space Station allowed a worm to boldly go where no worm has been before by taking a laptop with an infected USB drive with him on a space mission. Apparently he didn’t have any malware protection on his laptop, which could have prevented the infection; I mean, come on, it’s hardly rocket science is it?

————————————–

Image Credit: Calil Souza

John Hillman reads through McAfee’s spam report and discovers that watches are the new viagra

McAfee Spam report for July 2009 shows a marked difference between spam subjects delivered to .com and .uk addresses.

The UK domain addresses continue to deliver pharmaceutical spam subjects almost exclusively, with all of the top 15 subjects relating to this subject, whereas the .com traffic showed a curious tendency towards replica Rolexes.

.org showed a large amount of spam that had been “bounced back” to a forged “From” address, with one subject “you have received an Greeting eCard” (note the usual poor spelling) pointing to a URL that downloads an executable file and infects the computer.

Based on business and country domains and taken over one complete day in June the lists are as follows:

.com

1. Hello
2. Hi
3. RE: DISCOUNT 80% OFF on Pfizer
4. Replica Watches
5. Undelivered Mail Returned to Sender
6. Delivery Status Notification (Failure)
7. Returned mail: see transcript for details
8. Exquisite Replica
9. Aloha
10. Failure notice
11. Hey
12. Cheers
13. Watches
14. Complete registration here
15. Subscribe on daily news?

.co.uk

1. RE: DISCOUNT 80% OFF on Pfizer
2. Salute, man!
3. All songs zipped
4. Photo gallery
5. Court decision
6. Photos of the place
7. Group these photos together
8. New .pdf variant
9. I’m locked in room
10. Can’t call you
11. Corporate meeting
12. Your house switched off
13. What’s with bar?
14. Add this to work
15. Wondering about slow speed?

.org

1. Delivery Status Notification (Delay)
2. Delivery Status Notification (Failure)
3. failure notice
4. Undelivered Mail Returned to Sender
5. Hello
6. Hi
7. Returned mail: see transcript for details
8. RE: DISCOUNT 80% OFF on Pfizer
9. Replica Watches
10. Exquisite Replica
11. Mail delivery failed; returning message to sender
12. Hey
13. Watches
14. Cheers
15. You have received a Greeting eCard

————————————————————

image credit: jurvetson

John Hillman looks at the effect that the digital revolution has had on our shopping habits

A study released by McAfee has found that online shopping habits are being influenced more by digital security fears than the economic downturn.

The study, conducted on behalf of McAfee by Harris Interactive®, found that 72% of people in the US have not changed their online shopping behaviour since the economic downturn.

But in news that’s bound to interest online retailers, the study also found that concern over online security is the biggest single factor preventing people from completing online transactions. More than half of all respondents said that they had abandoned online shopping carts because they became concerned about security levels whilst on a site.

“Online retailers need to understand that consumers with intent to purchase are terminating their orders because they don’t feel safe online,” said Tim Dowling, vice president of McAfee’s Web Security Group.

“Our research suggests that economic concerns and price have not affected the way people shop online, but instead security concerns are the driving force behind whether a transaction is completed or terminated.”

“All sites regardless of size need to take measures to prove to customers that their personal information will be safe and secure when doing business online.”

Dowling also went on to say that people are much more likely to buy when they see a trustmark, such as McAfee SECURE™, displayed on the webpage, with one in five people refusing to purchase when the site fails to show one.

Displaying a trustmark is shown therefore to be an excellent opportunity for small businesses to build trust levels and set them apart from competitors.

47% of consumers look for a trustmark when shopping online and a third said that they would rather buy from a smaller retailer that displayed the trustmark than a larger one who did not.

——————————————————-

image credit: d’n'c