Ethical hacking: Protect yourself online

The threat of cyber attack is greater than ever, as many high-profile targets have discovered. Rob Sharp meets the "ethical hackers" who reveal the gaps in online security and finds out how you can protect your data

It's a quiet Saturday afternoon at a plush apartment block in West London. "Pizza," announces the delivery boy, standing in front of the building's ground-floor reception desk. He is at the luxurious entry point to the home of the chief executive of a large multinational, and security is – or should be – watertight. The large, heavily-set man working on the front desk checks down the list of deliveries set in front of him. The fast food order doesn't seem to be on there.

"Nah, I arranged it with Alice. That's his assistant," the pizza boy explains, and after the quickest of wrangles, he is ushered inside. And so, several secrets belonging to a FTSE 100 company are on their way to being compromised. That's because the delivery boy is an ethical hacker who has gone undercover to expose the everyday security flaws that can cost businesses millions. This residential adventure is all in a day's work for the security firm Vigilante Bespoke. Its mission is this: to stop the hacking activity that has moved away from offices and into the domestic desktop set-ups of celebrities and successful businessmen.

One example that shook the financial world took place in 2004, when the Japanese bank Sumitomo was the target of a cyber-heist where criminals "bugged" computers in the bank's London offices with keystroke recorders hoping to unearth high-level passwords to illegally transfer money. The plot was rumbled but it has been a wake-up call to businesses who thought their systems were safe.

Vigilante is just one of the raft of companies that have expanded or sprung up to offer the likes of password protection, file encryption, and "social engineering" (uncovering physical security weaknesses by, er, posing as pizza delivery boys). Us ordinary folk can learn something from them, too.

"The basic premise of our business is to replicate the kind of IT protection you get in the military or big corporations, and provide a service to the high-profile, high-network individuals who are more at target from attacks but don't have an IT department to protect them," explains Vigilante co-founder Oliver Crofton. "So, if I'm a celebrity, I'm an entity in my own right, I may be worth millions of pounds."

Because it's not just companies that run the risk of cyber crime. More than ever, our information is "compromised", whether it be through our Twitter feeds or our mobile phone voicemail accounts. It also seems like open season for the famous right now. Whether it's the mobile phones of Gwyneth Paltrow, George Michael and Alan Shearer or the Twitter accounts of Lily Allen, Alan Davies and Ashton Kutcher, almost no one is safe. Nicolas Sarkozy's bank account has been cracked, as have the email accounts of Miley Cyrus and Salma Hayek. And any of the methods employed to hack into their databases can be used on ordinary folk (who if anything, are likely to be more vulnerable).

Phone hacking has been making headlines recently. A would-be hacker simply calls the mobile phone number of the victim, and when the call goes through to voicemail the hacker inputs the provider's default code (if it has not been changed) and listens to that person's messages. The easy way to avoid it is to reprogramme your pin. But if the hackers were clever enough to get inside Gwyneth Paltrow's handset, then we should all protect ourselves. Then there's using the same password for all your accounts ("password"; "mother"; "1234"). Simply don't do it: Miley Cyrus did, and pictures of her in her scanties were splashed across the internet. "I think the hacker behind it was around 20," explains Crofton. "He used social engineering to gain access to Cyrus's MySpace administration, from which he obtained a list of passwords. Then it was easy for him to gain access to her email account, obtaining snaps and personal details."

To see how a normal, password-conscious consumer could be targeted, I invite Vigilante to The Independent's offices in London. Shortly after they arrive, I open my MacBook and attempt to log on to the Local Area Network (LAN). Crofton and a colleague show me a system where they can disable all the wireless networks within my area, causing my laptop to become disconnected. When I tried to reconnect, I dialled up a network created from their laptops which they can control. They now had a direct link to my machine and can see what websites I regularly visit and even upload programmes which record the keys I hit so that they can uncover my bank account details.

"There is obviously a market for that information," says Tom Beale, an ethical hacker and colleague of Crofton's. In the UK, online security companies recruit the majority of ethical hackers from university computer studies courses. That was the case with Beale, who was approached by security company MWR Info Security after he started ethical hacking while at university.

"A certain amount of credit card details can be sold on the black market, they would have a street value. So someone might have 20,000 people's credentials which he can flog off to someone that might want to use them." Vigilante aren't the only company trying to cope with burgeoning concerns. "We have had more approaches from people wanting protection," says Alistair Macrae, head of operations at London-based security firm Lynceus. "Big stories bring security to the front of people's minds; many weren't aware that such things were happening; they want to respond appropriately." Last month one of America's biggest mobile network providers, Verizon, expanded its encryption services to enable small businesses to encrypt their emails; in June, Dave DeWalt, chief executive of security software group McAfee, likened the fear of attack to "the Cold War at its height" in the 1960s and 1970s.

Over the last year there has been a huge increase in "drive-by download" attacks. These involve an attacker scanning the web looking for vulnerable websites – they upload a malicious code on to them which visitors to the site can then download. Vulnerable websites are websites that are more "dynamic and complicated", says Beale (ie the ones that employ lots of moving images or video). This is because they have more code to be infected. "There has also been a rise recently in the number of attacks where users are sent PDF documents that are essentially compromised," continues Beale. "These can allow your machine to be taken over or used to do malicious things to other people." Such indiscretions can be added to the key logging instances already mentioned, as well as vulnerabilities in the iPhone (simply by receiving a text message one could give control of one's device to a hacker, a problem cured by a patch released earlier this month) as well as the threat of botnets on Facebook, Twitter and Google (botnets can be used to infect millions of machines which then request to access a site at the same time then crash it; Twitter was crashed for two hours earlier this month because of a co-ordinated botnet attack).

So what you can do about it? "You can follow a few simple rules to minimise your chances of attack," says Crofton [see below], "but the only way you can totally be sure is by leaving your work at the office – if you have the opportunity – and being extremely vigilant. Change your default passwords and be careful what information you reveal on social networking sites. Also, don't send work to people's personal email addresses to finish when you get home. This is not a secure platform to work from. If you do want to work from home, speak with your IT department."

Cyber safety: How to protect yourself online

* Always use a firewall: you can easily download simple firewall packages, or use trusted and known anti-virus protection software. Always make sure that you regularly download updates for them.



* Do not carry out work-sensitive activity on your machine outside work; you never know who might be watching, and what technology they might have at their disposal.



* Make sure your iPhone isn't hooking up to any old network and asks you before it does; equally expect the same from your trusty laptop.

* Only download software from trusted sources on the internet; if it pops up and is covered in ladies in their scanties, someone is up to no good.



* Don't set your password as "password" (we've heard it before); try to just "pervert" memorable names with different symbols, for example Coca-cola becomes C0c4c@1a.



* Think of your technology in the same way you think of your physical stuff; you wouldn't leave your keys in the ignition of your car, so don't leave the door open to the secrets of your hard drive, either.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Voices
Ukip leader Nigel Farage arrives at the Rochester by-election count
voicesIs it any wonder that Thornberry, Miliband, and Cameron have no idea about ordinary everyday life?
Sport
sportComment: Win or lose Hamilton represents the best of Britain
Life and Style
tech
Extras
indybest
Sport
Arsene Wenger reacts during Arsenal's 2-1 defeat to Swansea
footballMan United and Arsenal meet on Saturday with both clubs this time languishing outside the top four
News
i100BBC political editor Nick Robinson had a lot of explaining to do
News
A girl plays on a Sony 'PS Vita' portable games console
news
Life and Style
Nappies could have advice on them to encourage mothers and fathers to talk to their babies more often
newsTalking to babies can improve their language and vocabulary skills
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Customer Service Executive

    £20000 per annum: Recruitment Genius: A Customer Service Executive is required...

    Ashdown Group: Junior SQL DBA - London - £39,000

    £37000 - £39000 per annum + benefits: Ashdown Group: SQL Database Administrato...

    Recruitment Genius: PHP Developer

    £26000 - £32000 per annum: Recruitment Genius: Expanding creative studio requi...

    Argyll Scott International: Senior Perl Developer

    £40000 - £45000 per annum + Benefits : Argyll Scott International: Senior Perl...

    Day In a Page

    US immigration: President Obama ready to press ahead with long-promised plan to overhaul 'broken system' - but will it get past a Republican-controlled Congress?

    Immigration: Obama's final frontier

    The President is ready to press ahead with the long-promised plan to overhaul America's 'broken system' - but will it get past a Republican-controlled Congress?
    Bill Cosby rape allegations explained: Why are these allegations coming out now? Why didn’t these women come forward earlier? And why has nobody taken legal action?

    Bill Cosby rape allegations explained

    Why are these allegations coming out now? Why has nobody taken legal action? And what happens next for the man once thought of as 'America's Dad'
    Four years of excruciating seizures caused by the 1cm tapeworm found burrowing through a man's brain

    You know that headache you’ve got?

    Four years of excruciating seizures caused by the 1cm tapeworm found burrowing through a man's brain
    Travelling to work by scooter is faster than walking and less sweaty than cycling, so why aren’t we all doing it?

    Scoot commute

    Travelling to work by scooter is faster than walking and less sweaty than cycling, so why aren’t we all doing it?
    Paul Robeson: The story of how an American icon was driven to death to be told in film

    The Paul Robeson story

    How an American icon was driven to death to be told in film
    10 best satellite navigation systems

    Never get lost again: 10 best satellite navigation systems

    Keep your vehicle going in the right direction with a clever device
    Paul Scholes column: England must learn to keep possession and dictate games before they are exposed by the likes of Germany and Brazil

    Paul Scholes column

    England must learn to keep possession and dictate games before they are exposed by the likes of Germany and Brazil
    Michael Dawson: I’ll thank Spurs after we win says defender as he prepares to return with Hull

    Michael Dawson: I’ll thank Spurs after we win

    Hull defender faces his struggling former club on Sunday ready to show what they are missing. But he says he will always be grateful to Tottenham
    Frank Warren column: Dr Wu has big plans for the professionals yet he should stick to the amateur game

    Frank Warren column

    Dr Wu has big plans for the professionals yet he should stick to the amateur game
    Synagogue attack: Fear unites both sides of Jerusalem as minister warns restoring quiet could take 'months'

    Terror unites Jerusalem after synagogue attack

    Rising violence and increased police patrols have left residents of all faiths looking over their shoulders
    Medecins sans Frontieres: The Ebola crisis has them in the headlines, but their work goes far beyond West Africa

    'How do you carry on? You have to...'

    The Ebola crisis has Medecins sans Frontieres in the headlines, but their work goes far beyond West Africa
    Isis extends its deadly reach with suicide bombing in Kurdish capital

    Isis extends its deadly reach with suicide bombing in Kurdish capital

    Residents in what was Iraq’s safest city fear an increase in jihadist attacks, reports Patrick Cockburn
    Underwater photography competition winners 2014 - in pictures

    'Mysterious and inviting' shot of diver wins photography competition

    Stunning image of cenote in Mexico takes top prize
    Sir John Major: Negative West End portrayals of politicians put people off voting

    Sir John Major hits out at theatres

    Negative West End portrayals of politicians put people off voting
    Kicking Barbie's butt: How the growth of 3D printing enabled me to make an army of custom-made figurines

    Kicking Barbie's butt

    How the growth of 3D printing enabled toy-designer to make an army of custom-made figurines