» Year of living dangerously – security breaches and scams of 2013
A universal state of cyber war exists only no one wants to call it such a thing. But across the world businesses and individuals are now in danger of succumbing to nation-grade cyber-attacks orchestrated by anyone from teens to crime gangs. What has 2013 taught us?
The crushing impact of a cyber-attack on individuals was brought to the public’s attention on a number of occasions this year. In fact every year, the dangers of cyber-attacks edge closer and closer to ordinary lives.
For the Irish this year the cyber-attack on Ennis-based LoyaltyBuild, which operates loyalty schemes on behalf of Supervalu, Axa and Stena Line, resulted in the credit and debit card details almost 100,000 customers being accessed.
The same spate of attacks affected hundreds of thousands of cardholders across the EU.
“These customers - who should by now have been notified directly by SuperValu and Axa - should examine their card transactions since mid-October to identify any such transactions that they did not authorise,” Ireland’s Data Protection Commissioner said at the time. “They should also follow the advice of their card provider on any further precautions that might be necessary to protect themselves.
“The balance of the approximately half-million other cards that may have been affected by this breach relates mainly to loyalty schemes operated by Loyaltybuild on behalf of companies based in other European countries,” the DPC said.
The gravity of the attack was emphasised in recent weeks in the US when US retailer Target revealed it has been the subject of a massive data breach in which some 40m credit and debit card details may have been compromised.
It is understood that the breach has affected every branch of Target across the US and involves the theft of data stored on the magnetic strip of cards used within its stores.
Such data, along with PIN data if accessed by the thieves, may allow data thieves to create counterfeit debit and credit cards.
This latest breach is believed to be the biggest retail data breach in the US, since TJX saw more than 45m credit and debit card details stolen by thieves using its wireless networks in 2007 and malware was used to steal 130m credit and debit card details from Heartland Payment Systems in 2009.
It isn’t just retailers who are desirable targets for hackers. Major blogging site WordPress was the victim of a major brute force cyber-attack. In May a large botnet with more than 90,000 servers attempted to log in by cycling through different usernames and passwords.
At the time Peter Armstrong of Irish hosting firm Spiral Hosting warned: “Normal security procedures include regular updates of the WordPress core files, plugins and theme files. In addition to this, we also recommend WordPress administrators change their login username from the default 'admin' username, use very secure passwords, and install the 'Login Limits Attempts' plugin or other WordPress security plugins.
“Another security risk that WordPress administrators sometime forget about are inactive themes, installed on their blog but no longer in use. The files for the WordPress themes are still located in the /wp-content/themes/ directory, and even if they're not being used, they're still vulnerable to being hacked/exploited if they're not kept up to date. Therefore, we recommend WordPress administrators delete all WordPress themes except the active theme currently in use on their website,” Armstrong said.
Online hoaxes and ransomware
In June Gardaí warned of an online hoax targeting Irish users, which tolf them their PC had been locked and charged them up to €100 to remove the infection.
The scam had been operating in several countries in recent months, including the US, Canada, Germany, Finland and the UK.
Once a user’s Windows machine has been infected with a Trojan Horse programme, a pop-up message appears on screen, purporting to be from An Garda Síochána and using the force’s logo and other images to make it appear genuine.
The message tells the user their PC has been locked because of being involved in illegal activity, and requests a fine to unlock the computer.
A spokesperson for An Garda Síochána warned people not to share their bank details or pay out any money.
Windfall for scammers
Around 22pc of the Irish population have lost money to cybercrime – netting cyber-criminals, including scammers and hackers, a whopping €300m windfall. A recent ESET Ireland survey revealed the extent to which people have fallen prey to scammers, been held up by ransomware, have had their computers infected, and/or their credit or debit card details accessed.
ESET Ireland commissioned a survey in October, carried out by Amárach Research, on 1,000 Irish adults, which asked whether they ever suffered financial loss and how much because of cyber threats, consisting of repairing an infected computer, having their credit/debit card abused, being victim of an online/phone/text scam or a target of hacking, and related incidents.
While 78pc of survey respondents said they suffered no loss (or didn’t use a computer), the 22pc who did, which is nearly one in four people, represent a significant percentage.
With 9pc having lost up to €50 and the Irish population currently being at about 3.5m adults, this translates into 315,000 people having lost up to more than €15m just for the first group.
And if we add up all the numbers and losses of all others, from the top 9pc to the bottom 1pc who lost more than €3,000, 10 out of 1,000 said they lost more than €3,000. In the whole of Ireland that could mean 35,000 people with more than €105m in costs.
The final statistical estimate of Irish direct and indirect cyber-crime damages could be beyond €300m, according to ESET.
Battle of the spammers
In March what started as a dispute between spam blockers and a hosting service resulted in the largest ever distributed denial-of-service (DDos) attack reported, which could have serious repercussions for internet traffic worldwide.
The attacks began on 19 March following the blacklisting of Dutch web hosting firm Cyberbunker by volunteer-based spam fighters Spamhaus.
Based in London and Geneva, Spamhaus is said to be responsible for filtering about 80pc of the world’s daily spam emails. It does so by keeping a database of servers known to be originators of spam, and servers maintained by Cyberbunker were recently added to its blocklists.
A number of organisations – Google included – volunteer themselves to mirror Spamhaus’s infrastructure in order to strengthen it against cyber-attacks, which are all too common when you’re dealing with disgruntled spammers.
Spamhaus recruited the help of web performance and security experts CloudFlare when its website cracked under the strain of the DDoS attacks on Monday. An attack sending 50Gb/s is enough to take down a major bank, while CloudFlare reported that attacks on Spamhaus were reaching 75Gb/s. This grew even further to a monstrous 300Gb/s.
The cause of the large-scale attack was DNS amplification. To flood the Spamhaus website with traffic, attackers are sending queries that give the appearance of coming from Spamhaus to the DNS, which are then amplified, resulting in a deluge of data from all over the world being sent back to Spamhaus.
CloudFare mitigated the attacks using a routing technique called Anycast that allowed them to analyse the requests pouring into Spamhaus and forward on only the legitimate queries. But the attacks have continued and the problem is that DNS servers can’t be shut down without causing major disruptions to the internet, which makes cutting off the attacks extremely difficult.
Hacking as a political pursuit
The motivations of hackers used to be just for kicks. Now it is split between criminals seeking profit or political ideologists or armies of hackers employed by nations declaring cyber war.
Hacker collective Anonymous showed it still has claws of steel when in May it declared its own war against North Korea by hacking in and seizing control of the country’s Twitter and Flickr accounts.
The hackers hacked into the Uriminozokkiri accounts and uploaded an image of a couple wearing Anonymous masks emblazoned with the words ‘Tango Down’.
Anonymous claims to have extracted 15,000 user names and passwords from the site.
The group said the purpose of the attack was to target oppressive and violent regimes and it wants to see uncensored internet access become a reality in the communist country.
It also called for an end to North Korea’s nuclear programme as well as the resignation of North Korea’s president Kim Jong-un.