Major threats come not from the NSA and GCHQ but from cyber-criminals, business competitors, stalkers and malicious trolls. From the word go, we should all be alert to the dangers of the digital world. In the same way that children are made fearful of strangers and taught how to cross the road, we should all have cyber-safety drilled into us. The risks are everywhere and everybody is at risk.
These days the streets are safer because so many criminals are migrating to digital and launching attacks from the comfort of their own homes.
If they haven’t got the necessary skills, they can easily hire someone that has. On the Tor Network*, Rent-a-Hacker http://2ogmrlfzdthnwkez.onion/ offers the complete service – from gaining access to a Google account to stuffing a target’s computer with images of child sexual abuse and then anonymously tipping off the police.
Increasingly, as better counter-spy tools come on the market, the bad guys are targeting the weakest link in the chain: the Human. They do this by so-called “Social Engineering”, the art of making people do what they want them to do, from opening an infected attachment, to following a link on Twitter to a malicious website.
There are no limits to the forms this can take. Most professional con-artists now work online full time. They tug at the heart strings on dating sites, they offer amazing bargains, and they can pretend to be you in a crisis; imploring the friends in your contact book to send money urgently.
A weak but successful ploy is to telephone and claim to be from Microsoft, saying in a Mumbai accent that your PC is “affecting the Internet negatively”. They then steer the victim to a malicious site where the computer will be infected. Others have the victim install a remote viewing program to gain full control of the device.
Watch out for email purporting to be from PayPal. You follow the link, type in your log-in details and immediately open the account to thieves. Or you get an email from FedEx saying they have a parcel for you. You follow the link and take onboard a “Drive-By Download”, a malicious program delivered in the same way as a regular cookie. The more sophisticated “Watering Hole Attacks” plant the malicious download in an advertising banner on a legitimate site. As soon as the page loads, the visiting device is infected.
Query Google about any top celebrity and you may be steered to a predatory site. Currently, the most dangerous celebrity in Britain is Cheryl Cole. You can even transfer an infection from a Kindle to your desktop.
The fastest growth-area for cyber-criminals is mobile. The smartphone is the finest tracking device ever devised. It can show where you are now and where you have been. It contains all your appointments, past and present, all your friends and private conversations. They can see what interests you, what you watch, buy and download, and they can turn on the camera and watch you.
Malicious programs enter the device via attachments, downloads, phony updates and even by simply viewing an image that automatically launches malware. Additionally, someone with access to the device can download and install a spy program that runs secretly in the background. Avoid public charger points as likely sources of infection.
Even at the lowest level, the apps we download can be downright dangerous. Apps are dirt cheap or free because the developers make their money by letting in the advertising networks and criminals. It is true when they say “If you’re not paying, you’re the product”.
Malicious apps have been found on iTunes and the Google App Store, and they have been found in anti-spyware programs. There are apps that seek out financial transactions, others that suck up all the photos and look for points of blackmail. A criminal may take possession of your devices and plant a “Botnet” which then runs silently in the background to mine digital currencies like the Bitcoin for somebody else’s benefit. Others simply make calls to premium rate numbers and rack up your bill.
However, most infections can be prevented by installing a few free add-ons to your browser. See The Five-Minute Cyber-Security Guide.
All large corporations employ their own Intelligence agents. They want to know what their competitors are up to, they want to know what is being said about them, and they want to know if anyone is selling secrets. But it’s not just the big boys; today any size business can employ the tools and techniques of a master-spy agency.
Mobile communications can be intercepted. Key-strokes logged. Confidential reports copied. Staff monitored. Customers poached.
The business may employ a hot IT guy, but the criminal will always find a backdoor. A hacker employing social engineering skills may surreptitiously drop a USB thumb drive marked Private in the hope that an inquisitive employee will slot it into an office machine to take a look. Result: instant infection. A CEO may be targeted via his outside interests and a way found into his phone or laptop.
Conversely, many companies inadvertently post confidential information online that can easily be retrieved by those that know how. For example, type the following into Google to get confidential business information from South Africa: filetype:xls site:za confidential.
It’s no longer necessary to hide in the bushes when today’s stalker can sip a latte at Café Nero and follow multiple victims in real time via the free Wi-Fi.
Download for free the suitably-named Creepy surveillance tool and you can keep close tabs on any active Twitter or Instagram user, following them on a map, seeing who they meet and much else. Conversely, acquire the victim’s Google log-in and see their location history on Google Maps to follow their every move.
Or borrow someone’s phone for a few minutes and secretly install a subscription-based surveillance package allowing the stalker to follow the GPS signal, listen in on conversations, read text and emails, examine images, videos and Skype calls, check web habits, log passwords, block callers or outgoing numbers, and activate the microphone and camera. Packages start at under US$50 a month.
The term “Internet of Things” refers to all those other things connected to the Internet: refrigerators and domestic lighting, security cameras and door locks, for example. One simple way for an intruder to gain control is via the domestic router that channels the Wi-Fi and other digital connections. The default Username for many of these devices is often “admin” and the Password “1234” or “password”. Anybody within range with the right program on their laptop or tablet can gain total control and log all Internet activity at the same time. Although the passwords can easily be reset by following the manufacturer’s instructions, few people ever bother.
Don’t make any serious enemies in the digital world where reputation destruction is all too easy and suicide all too common.
At DoxBin on the Tor Network http://doxbinzqkeoso6sl.onion/ those with a grudge post every connection to their target from basic email address and social media profiles, to Social Security numbers and home addresses. Then they encourage other malicious folk to go destroy their lives.
There are people out there who will gladly tip off a SWAT team to come and batter down your door. Rent-A-Hacker will arrange for a bankruptcy for under US$700. Destroying a life costs a little more.
*To access the Tor Network, download the free Tor-Firefox browser and follow the simple instructions.
Conrad Jaeger is the author of “Deep Web Secrecy and Security” available direct from the publisher price US$9.99.