Elec­tronic crime on the in­crease

Here are some pre­cau­tions users should take to safe­guard their per­sonal in­for­ma­tion from pos­si­ble hi­jack­ers

Business Day - Business Law and Tax Review - - BUSINESS LAW & TAX REVIEW - DAVID RIX

YOUR com­puter should have an­tivirus soft­ware that you up­date fre­quently, keep­ing you safe on the in­ter­net. But which pre­cau­tions do you take with your smart­phone or tablet? Those gad­gets are not im­mune. Let’s con­sider the ex­tent of your on­line ex­po­sure.

Elec­tronic crime is an ev­ery­day re­al­ity, usu­ally tak­ing the form of ex­ploita­tion of se­cu­rity vul­ner­a­bil­i­ties for the theft of ac­cess codes or per­sonal iden­tity in­for­ma­tion, which is then used to per­pe­trate other crimes.

Jennifer Wa­ters re­ported in the Wall Street Jour­nal on De­cem­ber 29 last year about the big­gest hack­ing and mal­ware (ma­li­cious soft­ware) threats for the com­ing year. At the top of the list were smart­phones and tablets, es­pe­cially An­droid de­vices. Kasper­sky An­tivirus said they iden­ti­fied more than 35,000 ma­li­cious An­droid pro­grammes in 2012, six times more than they un­cov­ered in 2011.

Even Ap­ple de­vices, al­though de­signed to limit the abil­ity of ap­pli­ca­tions to pro­lif­er­ate or do dam­age, are not im­mune.

Ac­cord­ing to comS­core, in Amer­ica in Jan­uary this year Google An­droid ranked as the top smart­phone plat­form with 52.3% mar­ket share, Ap­ple’s bite was 37.8%. Black­Berry ranked third (5.9%), fol­lowed by Mi­crosoft (3.1%) and Sym­bian (0.5% ).

The FBI’s in­ter­net-crime com­plaint cen­tre (IC3) posted th­ese safety tips to help to pro­tect your mo­bile de­vice:

Know your de­vice’s fea­tures, in­clud­ing the de­fault set­tings. Turn off un­needed fea­tures to min­imise the at­tack sur­face;

If the de­vice’s op­er­at­ing sys­tem has en­cryp­tion avail­able, use it to pro­tect per­sonal data;

Be­fore buy­ing an app read the re­views on the de­vel­oper who pub­lished it;

Re­view and un­der­stand the per­mis­sions you are giv­ing to apps;

Pass­code-pro­tect your mo­bile de­vice and en­able the screen lock fea­ture af­ter a few min­utes of in­ac­tiv­ity;

Ob­tain mal­ware pro­tec­tion — look for an­tivirus or file in­tegrity ap­pli­ca­tions to help to pro­tect your de­vice;

Be aware of ap­pli­ca­tions that en­able geo-lo­ca­tion. They will track the user’s lo­ca­tion any­where and can be used for mar­ket­ing, but also by crim­i­nals;

Jail­break­ing or root­ing is used to re­move cer­tain re­stric­tions on the de­vice. This al­lows the user al­most un­reg­u­lated con­trol over what pro­grams can be in­stalled and how the de­vice can be used. How­ever, this pro­ce­dure of­ten in­volves ex­ploit­ing sig­nif­i­cant se­cu­rity vul­ner­a­bil­i­ties and in­creases the at­tack sur­face of the de­vice, pos­si­bly al­low­ing any com­pro­mise to take full con­trol;

Never con­nect to un­known wire­less net­works. They could be rogue ac­cess points that cap­ture in­for­ma­tion pass­ing through them;

Wipe your de­vice (re­set it to fac­tory de­fault) be­fore sell­ing or trad­ing it in to avoid leav­ing per­sonal data on it;

Smart­phones re­quire reg­u­lar up­dates — ne­glect­ing up­dates in­creases your risk; and

Avoid click­ing on, or down­load­ing, soft­ware or links from un­known sources.

Be aware of SIM swap fraud, whereby crim­i­nals ob­tain a clone or re­place­ment of your SIM card, en­abling them to re­ceive your one-time pass­words for on­line bank­ing. They could add their own ben­e­fi­cia­ries and empty your ac­count.

Ac­cord­ing to ITWeb, up to 50 cases a month were re­ported to SA’s largest mo­bile ser­vice provider.

Last year the “euro­grab­ber” bank­ing Tro­jan duped about 30,000 Euro­pean on­line bank­ing cus­tomers out of about €36m by in­fect­ing the links be­tween the users’ com­put­ers and mo­bile de­vices (which re­ceived one­time pass­words), Ellen Mess­mer re­ported on De­cem­ber 5 2012 on the Net­work World web­site. Be­ware, this scam could go global.

Your iden­tity in­for­ma­tion is re­tained on var­i­ous data­bases, from

An es­ti­mated $68.3bn was lost due to cy­ber­crime in the US dur­ing 2010

Face­book to your bank, tele­phone com­pany, med­i­cal scheme, etc. The se­cu­rity of that in­for­ma­tion is in both their hands and yours, but in mod­er­a­tion of their ex­po­sure to li­a­bil­ity they tend to take de­ter­mined ef­forts to pro­tect that data. Your iden­tity is ar­guably at great­est risk from your­self.

Other prime ex­am­ples oc­cur when fraud­sters post false web pages “over” le­git­i­mate ones, pos­ing as le­git­i­mate pages on which you would en­ter ac­count data, known as “pharm­ing”. Or when they send e-mails pos­ing as a trusted ser­vice provider and re­quest­ing you con­firm per­sonal de­tails via a hy­per­link — known as “phish­ing” or “spoofing” — and the link sends your de­tails to their data­base. Al­ways ver­ify that the do­main name in your browser’s ad­dress bar is where you should be be­fore val­i­dat­ing your de­tails.

Check hy­per­links, delete un­so­licited e-mails and never click on un­known at­tach­ments no mat­ter how cute they seem to be. Re­mem­ber, banks will never re­quest you to con­nect to them via an e-mail mes­sage. Ma­li­cious code in at­tach­ments could ex­pose you to the night­mare of stolen iden­tity, false claims and an emp­tied bank ac­count.

Sev­eral an­tivirus soft­ware providers agree that the fol­low­ing will likely be the main fo­cus of hack­ers in the com­ing months:

Med­i­cal iden­tity theft from med­i­calscheme data­bases — stolen iden­ti­ties would be used to sub­mit false claims.

Tar­geted at­tacks — ran­dom in­di­vid­u­als will al­ways be tar­gets of cyber crim­i­nals, and this year is ex­pected to see a rise in cyber es­pi­onage, with at­tacks aimed di­rectly at a par­tic­u­lar or­gan­i­sa­tion or ex­ec­u­tive.

Ran­som mal­ware — crim­i­nals hi­jack your data, en­crypt it and de­mand pay­ment for the pass­word. Sophos An­tivirus re­ported this is car­ried out by Tro­jan viruses de­liv­ered via e-mail.

In­ter­cept­ing text mes­sages, like the euro­grab­ber Tro­jan.

Hack­tivism — the group Anony­mous and other po­lit­i­cal ac­tivists use dig­i­tal tools to make po­lit­i­cal or so­cial points.

Cloud at­tacks — if a hacker gains ac­cess to a cloud-based com­puter server that holds data man­aged by a third party, he/she may have ac­cess to enor­mous amounts of pri­vate in­for­ma­tion. This is known as hy­per­jack­ing.

The cost of cy­ber­crime is stag­ger­ing. In his ar­ti­cle of July 2012 posted on the ACFE web­site, Peter Gold­mann cal­cu­lated that an es­ti­mated $68.3bn was lost due to cy­ber­crime in the US dur­ing 2010 and it was es­ti­mated that more than $10bn was spent world­wide on cy­ber­crime preven­tion mea­sures that year.

The Bri­tish National Fraud Au­thor­ity’s an­nual fraud in­di­ca­tor re­port of 2012 put the to­tal loss to the UK econ­omy due to fraud at £73bn, £6.1bn suf­fered by in­di­vid­u­als, £1.2bn due to iden­tity fraud and £3.5bn from on­line mass-mar­ket­ing fraud.

Al­though lo­cal statis­tics on cy­ber­crime are cur­rently not read­ily avail­able, South Africans are cer­tainly the tar­get of con­stant and var­ied cyber at­tacks.

Think be­fore you click. Cy­ber­crime is a real threat that can hurt you and your busi­ness. In the 1960s the hippy mantra was, “Turn on, tune in, drop out!”, but times have changed and the mantra for the 2010s should be, “Turn on(line), log in, watch out!”

Be wise and use pre­cau­tions on your mo­bile de­vice. Pro­tect your tablet and hope­fully you will avoid get­ting a dose of the bit­ter­est pill.



Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.