Ethical hacking: Protect yourself online

The threat of cyber attack is greater than ever, as many high-profile targets have discovered. Rob Sharp meets the "ethical hackers" who reveal the gaps in online security and finds out how you can protect your data

It's a quiet Saturday afternoon at a plush apartment block in West London. "Pizza," announces the delivery boy, standing in front of the building's ground-floor reception desk. He is at the luxurious entry point to the home of the chief executive of a large multinational, and security is – or should be – watertight. The large, heavily-set man working on the front desk checks down the list of deliveries set in front of him. The fast food order doesn't seem to be on there.

"Nah, I arranged it with Alice. That's his assistant," the pizza boy explains, and after the quickest of wrangles, he is ushered inside. And so, several secrets belonging to a FTSE 100 company are on their way to being compromised. That's because the delivery boy is an ethical hacker who has gone undercover to expose the everyday security flaws that can cost businesses millions. This residential adventure is all in a day's work for the security firm Vigilante Bespoke. Its mission is this: to stop the hacking activity that has moved away from offices and into the domestic desktop set-ups of celebrities and successful businessmen.

One example that shook the financial world took place in 2004, when the Japanese bank Sumitomo was the target of a cyber-heist where criminals "bugged" computers in the bank's London offices with keystroke recorders hoping to unearth high-level passwords to illegally transfer money. The plot was rumbled but it has been a wake-up call to businesses who thought their systems were safe.

Vigilante is just one of the raft of companies that have expanded or sprung up to offer the likes of password protection, file encryption, and "social engineering" (uncovering physical security weaknesses by, er, posing as pizza delivery boys). Us ordinary folk can learn something from them, too.

"The basic premise of our business is to replicate the kind of IT protection you get in the military or big corporations, and provide a service to the high-profile, high-network individuals who are more at target from attacks but don't have an IT department to protect them," explains Vigilante co-founder Oliver Crofton. "So, if I'm a celebrity, I'm an entity in my own right, I may be worth millions of pounds."

Because it's not just companies that run the risk of cyber crime. More than ever, our information is "compromised", whether it be through our Twitter feeds or our mobile phone voicemail accounts. It also seems like open season for the famous right now. Whether it's the mobile phones of Gwyneth Paltrow, George Michael and Alan Shearer or the Twitter accounts of Lily Allen, Alan Davies and Ashton Kutcher, almost no one is safe. Nicolas Sarkozy's bank account has been cracked, as have the email accounts of Miley Cyrus and Salma Hayek. And any of the methods employed to hack into their databases can be used on ordinary folk (who if anything, are likely to be more vulnerable).

Phone hacking has been making headlines recently. A would-be hacker simply calls the mobile phone number of the victim, and when the call goes through to voicemail the hacker inputs the provider's default code (if it has not been changed) and listens to that person's messages. The easy way to avoid it is to reprogramme your pin. But if the hackers were clever enough to get inside Gwyneth Paltrow's handset, then we should all protect ourselves. Then there's using the same password for all your accounts ("password"; "mother"; "1234"). Simply don't do it: Miley Cyrus did, and pictures of her in her scanties were splashed across the internet. "I think the hacker behind it was around 20," explains Crofton. "He used social engineering to gain access to Cyrus's MySpace administration, from which he obtained a list of passwords. Then it was easy for him to gain access to her email account, obtaining snaps and personal details."

To see how a normal, password-conscious consumer could be targeted, I invite Vigilante to The Independent's offices in London. Shortly after they arrive, I open my MacBook and attempt to log on to the Local Area Network (LAN). Crofton and a colleague show me a system where they can disable all the wireless networks within my area, causing my laptop to become disconnected. When I tried to reconnect, I dialled up a network created from their laptops which they can control. They now had a direct link to my machine and can see what websites I regularly visit and even upload programmes which record the keys I hit so that they can uncover my bank account details.

"There is obviously a market for that information," says Tom Beale, an ethical hacker and colleague of Crofton's. In the UK, online security companies recruit the majority of ethical hackers from university computer studies courses. That was the case with Beale, who was approached by security company MWR Info Security after he started ethical hacking while at university.

"A certain amount of credit card details can be sold on the black market, they would have a street value. So someone might have 20,000 people's credentials which he can flog off to someone that might want to use them." Vigilante aren't the only company trying to cope with burgeoning concerns. "We have had more approaches from people wanting protection," says Alistair Macrae, head of operations at London-based security firm Lynceus. "Big stories bring security to the front of people's minds; many weren't aware that such things were happening; they want to respond appropriately." Last month one of America's biggest mobile network providers, Verizon, expanded its encryption services to enable small businesses to encrypt their emails; in June, Dave DeWalt, chief executive of security software group McAfee, likened the fear of attack to "the Cold War at its height" in the 1960s and 1970s.

Over the last year there has been a huge increase in "drive-by download" attacks. These involve an attacker scanning the web looking for vulnerable websites – they upload a malicious code on to them which visitors to the site can then download. Vulnerable websites are websites that are more "dynamic and complicated", says Beale (ie the ones that employ lots of moving images or video). This is because they have more code to be infected. "There has also been a rise recently in the number of attacks where users are sent PDF documents that are essentially compromised," continues Beale. "These can allow your machine to be taken over or used to do malicious things to other people." Such indiscretions can be added to the key logging instances already mentioned, as well as vulnerabilities in the iPhone (simply by receiving a text message one could give control of one's device to a hacker, a problem cured by a patch released earlier this month) as well as the threat of botnets on Facebook, Twitter and Google (botnets can be used to infect millions of machines which then request to access a site at the same time then crash it; Twitter was crashed for two hours earlier this month because of a co-ordinated botnet attack).

So what you can do about it? "You can follow a few simple rules to minimise your chances of attack," says Crofton [see below], "but the only way you can totally be sure is by leaving your work at the office – if you have the opportunity – and being extremely vigilant. Change your default passwords and be careful what information you reveal on social networking sites. Also, don't send work to people's personal email addresses to finish when you get home. This is not a secure platform to work from. If you do want to work from home, speak with your IT department."

Cyber safety: How to protect yourself online

* Always use a firewall: you can easily download simple firewall packages, or use trusted and known anti-virus protection software. Always make sure that you regularly download updates for them.



* Do not carry out work-sensitive activity on your machine outside work; you never know who might be watching, and what technology they might have at their disposal.



* Make sure your iPhone isn't hooking up to any old network and asks you before it does; equally expect the same from your trusty laptop.

* Only download software from trusted sources on the internet; if it pops up and is covered in ladies in their scanties, someone is up to no good.



* Don't set your password as "password" (we've heard it before); try to just "pervert" memorable names with different symbols, for example Coca-cola becomes C0c4c@1a.



* Think of your technology in the same way you think of your physical stuff; you wouldn't leave your keys in the ignition of your car, so don't leave the door open to the secrets of your hard drive, either.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped Commission: SThree: As a Trainee Recruitm...

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped Commission: SThree: As a Trainee Recruitm...

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped Commission: SThree: As a Trainee Recruitm...

    Recruitment Genius: Office Administrator

    £14000 - £18000 per annum: Recruitment Genius: An Office Administrator is requ...

    Day In a Page

    Isis in Syria: Influential tribal leaders hold secret talks with Western powers and Gulf states over possibility of mobilising against militants

    Tribal gathering

    Influential clans in Syria have held secret talks with Western powers and Gulf states over the possibility of mobilising against Isis. But they are determined not to be pitted against each other
    Gaza, a year on from Operation Protective Edge: A growing population and a compromised and depleted aquifer leaves water in scarce supply for Palestinians

    Gaza, a year on from Operation Protective Edge

    A growing population and a compromised and depleted aquifer leaves water in scarce supply for Palestinians
    Dozens of politicians, bureaucrats and businessmen linked to Indian bribery scandal die mysteriously

    Illnesses, car crashes and suicides

    Dozens of politicians, bureaucrats and businessmen linked to Indian bribery scandal die mysteriously
    Srebrenica 20 years after the genocide: Why the survivors need closure

    Bosnia's genocide, 20 years on

    No-one is admitting where the bodies are buried - literally and metaphorically
    How Comic-Con can make or break a movie: From Batman vs Superman to Star Wars: Episode VII

    Power of the geek Gods

    Each year at Comic-Con in San Diego, Hollywood bosses nervously present blockbusters to the hallowed crowd. It can make or break a movie
    What do strawberries and cream have to do with tennis?

    Perfect match

    What do strawberries and cream have to do with tennis?
    10 best trays

    Get carried away with 10 best trays

    Serve with ceremony on a tray chic carrier
    Wimbledon 2015: Team Murray firing on all cylinders for SW19 title assault

    Team Murray firing on all cylinders for title assault

    Coaches Amélie Mauresmo and Jonas Bjorkman aiming to make Scot Wimbledon champion again
    Wimbledon 2015: Nick Bollettieri - Vasek Pospisil must ignore tiredness and tell himself: I'm in the quarter-final, baby!

    Nick Bollettieri's Wimbledon Files

    Vasek Pospisil must ignore tiredness and tell himself: I'm in the quarter-final, baby!
    Ashes 2015: Angus Fraser's top 10 moments from previous series'

    Angus Fraser's top 10 Ashes moments

    He played in five series against Australia and covered more as a newspaper correspondent. From Waugh to Warne and Hick to Headley, here are his highlights
    Greece debt crisis: EU 'family' needs to forgive rather than punish an impoverished state

    EU 'family' needs to forgive rather than punish an impoverished state

    An outbreak of malaria in Greece four years ago helps us understand the crisis, says Robert Fisk
    Gaza, a year on from Operation Protective Edge: The traumatised kibbutz on Israel's front line, still recovering from last summer's war with Hamas

    Gaza, a year on from Operation Protective Edge

    The traumatised kibbutz on Israel's front line, still recovering from last summer's war with Hamas
    How to survive electrical storms: What are the chances of being hit by lightning?

    Heavy weather

    What are the chances of being hit by lightning?
    World Bodypainting Festival 2015: Bizarre and brilliant photos celebrate 'the body as art'

    World Bodypainting Festival 2015

    Bizarre and brilliant photos celebrate 'the body as art'
    alt-j: A private jet, a Mercury Prize and Latitude headliners

    Don't call us nerds

    Craig Mclean meets alt-j - the math-folk act who are flying high