Ethical hacking: Protect yourself online

The threat of cyber attack is greater than ever, as many high-profile targets have discovered. Rob Sharp meets the "ethical hackers" who reveal the gaps in online security and finds out how you can protect your data

It's a quiet Saturday afternoon at a plush apartment block in West London. "Pizza," announces the delivery boy, standing in front of the building's ground-floor reception desk. He is at the luxurious entry point to the home of the chief executive of a large multinational, and security is – or should be – watertight. The large, heavily-set man working on the front desk checks down the list of deliveries set in front of him. The fast food order doesn't seem to be on there.

"Nah, I arranged it with Alice. That's his assistant," the pizza boy explains, and after the quickest of wrangles, he is ushered inside. And so, several secrets belonging to a FTSE 100 company are on their way to being compromised. That's because the delivery boy is an ethical hacker who has gone undercover to expose the everyday security flaws that can cost businesses millions. This residential adventure is all in a day's work for the security firm Vigilante Bespoke. Its mission is this: to stop the hacking activity that has moved away from offices and into the domestic desktop set-ups of celebrities and successful businessmen.

One example that shook the financial world took place in 2004, when the Japanese bank Sumitomo was the target of a cyber-heist where criminals "bugged" computers in the bank's London offices with keystroke recorders hoping to unearth high-level passwords to illegally transfer money. The plot was rumbled but it has been a wake-up call to businesses who thought their systems were safe.

Vigilante is just one of the raft of companies that have expanded or sprung up to offer the likes of password protection, file encryption, and "social engineering" (uncovering physical security weaknesses by, er, posing as pizza delivery boys). Us ordinary folk can learn something from them, too.

"The basic premise of our business is to replicate the kind of IT protection you get in the military or big corporations, and provide a service to the high-profile, high-network individuals who are more at target from attacks but don't have an IT department to protect them," explains Vigilante co-founder Oliver Crofton. "So, if I'm a celebrity, I'm an entity in my own right, I may be worth millions of pounds."

Because it's not just companies that run the risk of cyber crime. More than ever, our information is "compromised", whether it be through our Twitter feeds or our mobile phone voicemail accounts. It also seems like open season for the famous right now. Whether it's the mobile phones of Gwyneth Paltrow, George Michael and Alan Shearer or the Twitter accounts of Lily Allen, Alan Davies and Ashton Kutcher, almost no one is safe. Nicolas Sarkozy's bank account has been cracked, as have the email accounts of Miley Cyrus and Salma Hayek. And any of the methods employed to hack into their databases can be used on ordinary folk (who if anything, are likely to be more vulnerable).

Phone hacking has been making headlines recently. A would-be hacker simply calls the mobile phone number of the victim, and when the call goes through to voicemail the hacker inputs the provider's default code (if it has not been changed) and listens to that person's messages. The easy way to avoid it is to reprogramme your pin. But if the hackers were clever enough to get inside Gwyneth Paltrow's handset, then we should all protect ourselves. Then there's using the same password for all your accounts ("password"; "mother"; "1234"). Simply don't do it: Miley Cyrus did, and pictures of her in her scanties were splashed across the internet. "I think the hacker behind it was around 20," explains Crofton. "He used social engineering to gain access to Cyrus's MySpace administration, from which he obtained a list of passwords. Then it was easy for him to gain access to her email account, obtaining snaps and personal details."

To see how a normal, password-conscious consumer could be targeted, I invite Vigilante to The Independent's offices in London. Shortly after they arrive, I open my MacBook and attempt to log on to the Local Area Network (LAN). Crofton and a colleague show me a system where they can disable all the wireless networks within my area, causing my laptop to become disconnected. When I tried to reconnect, I dialled up a network created from their laptops which they can control. They now had a direct link to my machine and can see what websites I regularly visit and even upload programmes which record the keys I hit so that they can uncover my bank account details.

"There is obviously a market for that information," says Tom Beale, an ethical hacker and colleague of Crofton's. In the UK, online security companies recruit the majority of ethical hackers from university computer studies courses. That was the case with Beale, who was approached by security company MWR Info Security after he started ethical hacking while at university.

"A certain amount of credit card details can be sold on the black market, they would have a street value. So someone might have 20,000 people's credentials which he can flog off to someone that might want to use them." Vigilante aren't the only company trying to cope with burgeoning concerns. "We have had more approaches from people wanting protection," says Alistair Macrae, head of operations at London-based security firm Lynceus. "Big stories bring security to the front of people's minds; many weren't aware that such things were happening; they want to respond appropriately." Last month one of America's biggest mobile network providers, Verizon, expanded its encryption services to enable small businesses to encrypt their emails; in June, Dave DeWalt, chief executive of security software group McAfee, likened the fear of attack to "the Cold War at its height" in the 1960s and 1970s.

Over the last year there has been a huge increase in "drive-by download" attacks. These involve an attacker scanning the web looking for vulnerable websites – they upload a malicious code on to them which visitors to the site can then download. Vulnerable websites are websites that are more "dynamic and complicated", says Beale (ie the ones that employ lots of moving images or video). This is because they have more code to be infected. "There has also been a rise recently in the number of attacks where users are sent PDF documents that are essentially compromised," continues Beale. "These can allow your machine to be taken over or used to do malicious things to other people." Such indiscretions can be added to the key logging instances already mentioned, as well as vulnerabilities in the iPhone (simply by receiving a text message one could give control of one's device to a hacker, a problem cured by a patch released earlier this month) as well as the threat of botnets on Facebook, Twitter and Google (botnets can be used to infect millions of machines which then request to access a site at the same time then crash it; Twitter was crashed for two hours earlier this month because of a co-ordinated botnet attack).

So what you can do about it? "You can follow a few simple rules to minimise your chances of attack," says Crofton [see below], "but the only way you can totally be sure is by leaving your work at the office – if you have the opportunity – and being extremely vigilant. Change your default passwords and be careful what information you reveal on social networking sites. Also, don't send work to people's personal email addresses to finish when you get home. This is not a secure platform to work from. If you do want to work from home, speak with your IT department."

Cyber safety: How to protect yourself online

* Always use a firewall: you can easily download simple firewall packages, or use trusted and known anti-virus protection software. Always make sure that you regularly download updates for them.



* Do not carry out work-sensitive activity on your machine outside work; you never know who might be watching, and what technology they might have at their disposal.



* Make sure your iPhone isn't hooking up to any old network and asks you before it does; equally expect the same from your trusty laptop.

* Only download software from trusted sources on the internet; if it pops up and is covered in ladies in their scanties, someone is up to no good.



* Don't set your password as "password" (we've heard it before); try to just "pervert" memorable names with different symbols, for example Coca-cola becomes C0c4c@1a.



* Think of your technology in the same way you think of your physical stuff; you wouldn't leave your keys in the ignition of your car, so don't leave the door open to the secrets of your hard drive, either.

News
election 2015The 10 best quotes of the campaign
News
A caravan being used as a polling station in Ford near Salisbury, during the 2010 election
election 2015The Independent's guide to get you through polling day
News
people
Voices
David Blunkett joins the Labour candidate for Redcar Anna Turley on a campaigning visit last month
voicesWhat I learnt from my years in government, by the former Home Secretary David Blunkett
ebooks
ebookA delicious collection of 50 meaty main courses
Life and Style
ebookNow available in paperback
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Helpdesk Analyst - Devon - £20,000

    £18000 - £20000 per annum: Ashdown Group: Helpdesk Analyst - Devon - £20,000 ...

    Ashdown Group: Data Scientist - London - £50,000 + bonus

    £35000 - £50000 per annum + generous bonus: Ashdown Group: Business Analytics ...

    Ashdown Group: IT Project Coordinator (Software Development) - Kingston

    £45000 - £50000 per annum: Ashdown Group: IT Project Coordinator (Software Dev...

    SThree: Trainee Recruitment Consultant - Bristol

    £18000 - £23000 per annum + Uncapped OTE: SThree: SThree Trainee Recruitment C...

    Day In a Page

    General Election 2015: ‘We will not sit down with Nicola Sturgeon’, says Ed Balls

    'We will not sit down with Nicola Sturgeon'

    In an exclusive interview, Ed Balls says he won't negotiate his first Budget with SNP MPs - even if Labour need their votes to secure its passage
    VE Day 70th anniversary: How ordinary Britons celebrated the end of war in Europe

    How ordinary Britons celebrated VE Day

    Our perception of VE Day usually involves crowds of giddy Britons casting off the shackles of war with gay abandon. The truth was more nuanced
    They came in with William Caxton's printing press, but typefaces still matter in the digital age

    Typefaces still matter in the digital age

    A new typeface once took years to create, now thousands are available at the click of a drop-down menu. So why do most of us still rely on the old classics, asks Meg Carter?
    Discovery of 'missing link' between the two main life-forms on Earth could explain evolution of animals, say scientists

    'Missing link' between Earth's two life-forms found

    New microbial species tells us something about our dark past, say scientists
    The Pan Am Experience is a 'flight' back to the 1970s that never takes off - at least, not literally

    Pan Am Experience: A 'flight' back to the 70s

    Tim Walker checks in and checks out a four-hour journey with a difference
    Humans aren't alone in indulging in politics - it's everywhere in the animal world

    Humans aren't alone in indulging in politics

    Voting, mutual back-scratching, coups and charismatic leaders - it's everywhere in the animal world
    Crisp sales are in decline - but this tasty trivia might tempt back the turncoats

    Crisp sales are in decline

    As a nation we're filling up on popcorn and pitta chips and forsaking their potato-based predecessors
    Ronald McDonald the muse? Why Banksy, Ron English and Keith Coventry are lovin' Maccy D's

    Ronald McDonald the muse

    A new wave of artists is taking inspiration from the fast food chain
    13 best picnic blankets

    13 best picnic blankets

    Dine al fresco without the grass stains and damp bottoms with something from our pick of picnic rugs
    Barcelona 3 Bayern Munich 0 player ratings: Lionel Messi scores twice - but does he score highest in our ratings?

    Barcelona vs Bayern Munich player ratings

    Lionel Messi scores twice - but does he score highest in our ratings?
    Martin Guptill: Explosive New Zealand batsman who sets the range for Kiwis' big guns

    Explosive batsman who sets the range for Kiwis' big guns

    Martin Guptill has smashed early runs for Derbyshire and tells Richard Edwards to expect more from the 'freakish' Brendon McCullum and his buoyant team during their tour of England
    General Election 2015: Ed Miliband's unlikely journey from hapless geek to heart-throb

    Miliband's unlikely journey from hapless geek to heart-throb

    He was meant to be Labour's biggest handicap - but has become almost an asset
    General Election 2015: A guide to the smaller parties, from the the National Health Action Party to the Church of the Militant Elvis Party

    On the margins

    From Militant Elvis to Women's Equality: a guide to the underdogs standing in the election
    Amr Darrag: Ex-Muslim Brotherhood minister in exile still believes Egypt's military regime can be replaced with 'moderate' Islamic rule

    'This is the battle of young Egypt for the future of our country'

    Ex-Muslim Brotherhood minister Amr Darrag still believes the opposition can rid Egypt of its military regime and replace it with 'moderate' Islamic rule, he tells Robert Fisk
    Why patients must rely less on doctors: Improving our own health is the 'blockbuster drug of the century'

    Why patients must rely less on doctors

    Improving our own health is the 'blockbuster drug of the century'