Ethical hacking: Protect yourself online

The threat of cyber attack is greater than ever, as many high-profile targets have discovered. Rob Sharp meets the "ethical hackers" who reveal the gaps in online security and finds out how you can protect your data

It's a quiet Saturday afternoon at a plush apartment block in West London. "Pizza," announces the delivery boy, standing in front of the building's ground-floor reception desk. He is at the luxurious entry point to the home of the chief executive of a large multinational, and security is – or should be – watertight. The large, heavily-set man working on the front desk checks down the list of deliveries set in front of him. The fast food order doesn't seem to be on there.

"Nah, I arranged it with Alice. That's his assistant," the pizza boy explains, and after the quickest of wrangles, he is ushered inside. And so, several secrets belonging to a FTSE 100 company are on their way to being compromised. That's because the delivery boy is an ethical hacker who has gone undercover to expose the everyday security flaws that can cost businesses millions. This residential adventure is all in a day's work for the security firm Vigilante Bespoke. Its mission is this: to stop the hacking activity that has moved away from offices and into the domestic desktop set-ups of celebrities and successful businessmen.

One example that shook the financial world took place in 2004, when the Japanese bank Sumitomo was the target of a cyber-heist where criminals "bugged" computers in the bank's London offices with keystroke recorders hoping to unearth high-level passwords to illegally transfer money. The plot was rumbled but it has been a wake-up call to businesses who thought their systems were safe.

Vigilante is just one of the raft of companies that have expanded or sprung up to offer the likes of password protection, file encryption, and "social engineering" (uncovering physical security weaknesses by, er, posing as pizza delivery boys). Us ordinary folk can learn something from them, too.

"The basic premise of our business is to replicate the kind of IT protection you get in the military or big corporations, and provide a service to the high-profile, high-network individuals who are more at target from attacks but don't have an IT department to protect them," explains Vigilante co-founder Oliver Crofton. "So, if I'm a celebrity, I'm an entity in my own right, I may be worth millions of pounds."

Because it's not just companies that run the risk of cyber crime. More than ever, our information is "compromised", whether it be through our Twitter feeds or our mobile phone voicemail accounts. It also seems like open season for the famous right now. Whether it's the mobile phones of Gwyneth Paltrow, George Michael and Alan Shearer or the Twitter accounts of Lily Allen, Alan Davies and Ashton Kutcher, almost no one is safe. Nicolas Sarkozy's bank account has been cracked, as have the email accounts of Miley Cyrus and Salma Hayek. And any of the methods employed to hack into their databases can be used on ordinary folk (who if anything, are likely to be more vulnerable).

Phone hacking has been making headlines recently. A would-be hacker simply calls the mobile phone number of the victim, and when the call goes through to voicemail the hacker inputs the provider's default code (if it has not been changed) and listens to that person's messages. The easy way to avoid it is to reprogramme your pin. But if the hackers were clever enough to get inside Gwyneth Paltrow's handset, then we should all protect ourselves. Then there's using the same password for all your accounts ("password"; "mother"; "1234"). Simply don't do it: Miley Cyrus did, and pictures of her in her scanties were splashed across the internet. "I think the hacker behind it was around 20," explains Crofton. "He used social engineering to gain access to Cyrus's MySpace administration, from which he obtained a list of passwords. Then it was easy for him to gain access to her email account, obtaining snaps and personal details."

To see how a normal, password-conscious consumer could be targeted, I invite Vigilante to The Independent's offices in London. Shortly after they arrive, I open my MacBook and attempt to log on to the Local Area Network (LAN). Crofton and a colleague show me a system where they can disable all the wireless networks within my area, causing my laptop to become disconnected. When I tried to reconnect, I dialled up a network created from their laptops which they can control. They now had a direct link to my machine and can see what websites I regularly visit and even upload programmes which record the keys I hit so that they can uncover my bank account details.

"There is obviously a market for that information," says Tom Beale, an ethical hacker and colleague of Crofton's. In the UK, online security companies recruit the majority of ethical hackers from university computer studies courses. That was the case with Beale, who was approached by security company MWR Info Security after he started ethical hacking while at university.

"A certain amount of credit card details can be sold on the black market, they would have a street value. So someone might have 20,000 people's credentials which he can flog off to someone that might want to use them." Vigilante aren't the only company trying to cope with burgeoning concerns. "We have had more approaches from people wanting protection," says Alistair Macrae, head of operations at London-based security firm Lynceus. "Big stories bring security to the front of people's minds; many weren't aware that such things were happening; they want to respond appropriately." Last month one of America's biggest mobile network providers, Verizon, expanded its encryption services to enable small businesses to encrypt their emails; in June, Dave DeWalt, chief executive of security software group McAfee, likened the fear of attack to "the Cold War at its height" in the 1960s and 1970s.

Over the last year there has been a huge increase in "drive-by download" attacks. These involve an attacker scanning the web looking for vulnerable websites – they upload a malicious code on to them which visitors to the site can then download. Vulnerable websites are websites that are more "dynamic and complicated", says Beale (ie the ones that employ lots of moving images or video). This is because they have more code to be infected. "There has also been a rise recently in the number of attacks where users are sent PDF documents that are essentially compromised," continues Beale. "These can allow your machine to be taken over or used to do malicious things to other people." Such indiscretions can be added to the key logging instances already mentioned, as well as vulnerabilities in the iPhone (simply by receiving a text message one could give control of one's device to a hacker, a problem cured by a patch released earlier this month) as well as the threat of botnets on Facebook, Twitter and Google (botnets can be used to infect millions of machines which then request to access a site at the same time then crash it; Twitter was crashed for two hours earlier this month because of a co-ordinated botnet attack).

So what you can do about it? "You can follow a few simple rules to minimise your chances of attack," says Crofton [see below], "but the only way you can totally be sure is by leaving your work at the office – if you have the opportunity – and being extremely vigilant. Change your default passwords and be careful what information you reveal on social networking sites. Also, don't send work to people's personal email addresses to finish when you get home. This is not a secure platform to work from. If you do want to work from home, speak with your IT department."

Cyber safety: How to protect yourself online

* Always use a firewall: you can easily download simple firewall packages, or use trusted and known anti-virus protection software. Always make sure that you regularly download updates for them.



* Do not carry out work-sensitive activity on your machine outside work; you never know who might be watching, and what technology they might have at their disposal.



* Make sure your iPhone isn't hooking up to any old network and asks you before it does; equally expect the same from your trusty laptop.

* Only download software from trusted sources on the internet; if it pops up and is covered in ladies in their scanties, someone is up to no good.



* Don't set your password as "password" (we've heard it before); try to just "pervert" memorable names with different symbols, for example Coca-cola becomes C0c4c@1a.



* Think of your technology in the same way you think of your physical stuff; you wouldn't leave your keys in the ignition of your car, so don't leave the door open to the secrets of your hard drive, either.

New Articles
tvDownton Abbey Christmas special
Arts and Entertainment
Wolf (Nathan McMullen), Ian (Dan Starky), The Doctor (Peter Capaldi), Clara (Jenna Coleman), Santa Claus (Nick Frost) in the Doctor Who Christmas Special (BBC/Photographer: David Venni)
tvOur review of the Doctor Who Christmas Special
News
peopleIt seems you can't silence Katie Hopkins, even on Christmas Day...
Arts and Entertainment
Left to right: Stanley Tucci, Sophie Grabol and Christopher Eccleston in ‘Fortitude’
tvSo Sky Atlantic arrived in Iceland to film their new and supposedly snow-bound series 'Fortitude'...
PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
Kellie Bright as Linda Carter and Danny Dyer as Mick Carter

EastEnders Christmas specials are known for their shouty, over-the-top soap drama but tonight the show has done itself proud thanks to Danny Dyer.

Arts and Entertainment
Jenna Coleman as Clara Oswald in the Doctor Who Christmas special
tvForget the rumours that Clara Oswald would be quitting the Tardis
Arts and Entertainment
Japanese artist Megumi Igarashi showing a small mascot shaped like a vagina
art
News
The Queen delivers her Christmas message
newsTwitter reacts to Her Majesty's Christmas Message
Arts and Entertainment
tv
Life and Style
fashion
Sport
sport
Arts and Entertainment
Call The Midwife: Miranda Hart as Chummy
tvCall the Midwife Christmas Special
Sport
Laura Trott and Jason Kenny are preparing for the Commonwealth Games in Glasgow
sport
Arts and Entertainment
Sir Bruce Forsyth with Tess Daly in the BBC's Strictly Come Dancing Christmas Special
tvLouis Smith wins with 'Jingle Bells' quickstep on Strictly Come Dancing's Christmas Special
News
news
Arts and Entertainment
tv
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle)

    £35000 - £45000 per annum: Ashdown Group: Moodle Developer (PHP ,Linux, Apache...

    Recruitment Genius: Web Developer

    £17000 - £30000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: Junior .NET Web Developer - Winform / MVC

    £21000 - £26000 per annum: Recruitment Genius: This Award-winning pharma softw...

    Recruitment Genius: Senior Java Developer

    £30000 - £45000 per annum: Recruitment Genius: A Senior Java Developer is requ...

    Day In a Page

    Isis in Iraq: Yazidi girls killing themselves to escape rape and imprisonment by militants

    'Jilan killed herself in the bathroom. She cut her wrists and hanged herself'

    Yazidi girls killing themselves to escape rape and imprisonment
    Ed Balls interview: 'If I think about the deficit when I'm playing the piano, it all goes wrong'

    Ed Balls interview

    'If I think about the deficit when I'm playing the piano, it all goes wrong'
    He's behind you, dude!

    US stars in UK panto

    From David Hasselhoff to Jerry Hall
    Grace Dent's Christmas Quiz: What are you – a festive curmudgeon or top of the tree?

    Grace Dent's Christmas Quiz

    What are you – a festive curmudgeon or top of the tree?
    Nasa planning to build cloud cities in airships above Venus

    Nasa planning to build cloud cities in airships above Venus

    Planet’s surface is inhospitable to humans but 30 miles above it is almost perfect
    Surrounded by high-rise flats is a little house filled with Lebanon’s history - clocks, rifles, frogmen’s uniforms and colonial helmets

    Clocks, rifles, swords, frogmen’s uniforms

    Surrounded by high-rise flats is a little house filled with Lebanon’s history
    Return to Gaza: Four months on, the wounds left by Israel's bombardment have not yet healed

    Four months after the bombardment, Gaza’s wounds are yet to heal

    Kim Sengupta is reunited with a man whose plight mirrors the suffering of the Palestinian people
    Gastric surgery: Is it really the answer to the UK's obesity epidemic?

    Is gastric surgery really the answer to the UK's obesity epidemic?

    Critics argue that it’s crazy to operate on healthy people just to stop them eating
    Homeless Veterans appeal: Christmas charity auction Part 2 - now LIVE

    Homeless Veterans appeal: Christmas charity auction

    Bid on original art, or trips of a lifetime to Africa or the 'Corrie' set, and help Homeless Veterans
    Pantomime rings the changes to welcome autistic theatre-goers

    Autism-friendly theatre

    Pantomime leads the pack in quest to welcome all
    The week Hollywood got scared and had to grow up a bit

    The week Hollywood got scared and had to grow up a bit

    Sony suffered a chorus of disapproval after it withdrew 'The Interview', but it's not too late for it to take a stand, says Joan Smith
    From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?

    Panto dames: before and after

    From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?
    Thirties murder mystery novel is surprise runaway Christmas hit

    Thirties murder mystery novel is surprise runaway Christmas hit

    Booksellers say readers are turning away from dark modern thrillers and back to the golden age of crime writing
    Anne-Marie Huby: 'Charities deserve the best,' says founder of JustGiving

    Anne-Marie Huby: 'Charities deserve the best'

    Ten million of us have used the JustGiving website to donate to good causes. Its co-founder says that being dynamic is as important as being kind
    The botanist who hunts for giant trees at Kew Gardens

    The man who hunts giants

    A Kew Gardens botanist has found 25 new large tree species - and he's sure there are more out there