Michael McCarthy: Just one click... and the worm can eat your machine
Monday 30 March 2009
It may have been the world's biggest cyber-conspiracy, but it didn't need to involve genius (of the evil sort). Just plausibility.
Here's an email from your bank, for example, asking you to verify your password. Seems routine enough. Seems authentic. And you're busy. So yeah, do that. Click.
But click and you may be lost. For the basis of penetration of the vast computer networks of campaign groups, businesses, armed forces, even national governments, is often simply "social engineering" – sending out emails purporting to be from someone else. And once the recipient clicks on the attachment, hostile software – malware, in the jargon – inserts itself into their system.
We've grown more sophisticated and more aware of internet fraud. There can be few people who are now excited to receive an email offering 10 per cent of the sum of TWENTY FIVE MILLION DOLLARS! for use of a personal bank account to transfer the cash out of a dodgy place. These days, we look at that and laugh.
But cyber-pirates are growing more sophisticated themselves, and the killer email which worms its way into a system to do untold damage these days may look very authentic. In a report published yesterday, on electronic infiltration of the Free Tibet movement – part of the major Chinese-based cyber-conspiracy – computer experts Ross Anderson from the University of Cambridge and Shishir Nagaraja from the University of Illinois show that sometimes hostile hackers can get hold of a genuine email and add a hostile programme. The result is a hostile infiltration. In their report, "The Snooping Dragon: social-malware surveillance of the Tibetan movement", they write: "This combination of well-written malware with well-designed email lures which we call social malware, is devastatingly effective. Few organisations outside the defence and intelligence sector could withstand such an attack." Governments can mount such an assault, they say, but so could "a capable motivated individual".
Anderson and Magaraja point out that once hostile hackers have made an initial breach, once a single careless employee clicks on the wrong attachment – they can get inside it and use the knowledge they gain to disguise future attacks. "Prevention will be hard."
The lesson is twofold. One: always treat emails from people or organisations you don't know as suspicious, particularly if they have attachments. And two: fooling you is easier than you think.
Culinary experts in The Netherlands thought it was 'fresh' and 'tasty'
Of all the computers Apple has ever made there’s only one that Steve Jobs had to sell his car to finance
Life & Style blogs
Nokia no more: Microsoft drops once-ubiquitous mobile name – in favour of its Lumia brand
A cup of tea is every worker's right
Fake goats’ cheese found in supermarkets
Handy hacks that make life easier: New book reveals how to rid your inbox of spam, protect your passwords and amplify your iPhone
St Bees in Cumbria is named the best place to raise a family in the UK
Cameron is warned 'no possibility' of UK reducing immigration and that bid to bring in quota on migrant workers would be illegal
Of course, teenage girls need role models – but not like beauty vlogger Zoella
Support for EU membership 'at highest level since 1991' with most Brits wanting to stay 'in'
Residents should throw a street party and mix with immigrant neighbours, councils told
Russell Brand threatened with arrest after filming outside Fox News headquarters
London bus driver 'kicks gay couple off for kissing'
- 1 As an ex prostitute, I urge all the political parties to commit to the Sex Buyer Law
- 2 Nokia no more: Microsoft drops once-ubiquitous mobile name – in favour of its Lumia brand
- 3 Renee Zellweger on plastic surgery: 'I'm living a more fulfilling life and I'm thrilled that perhaps it shows'
- 4 Australian café owner sparks debate after saying 'No' to having unruly children on premises
- 5 Couple die within 28 hours of each other after being married for 73 years
iJobs Gadgets & Tech
£65000 - £80000 per annum: Ashdown Group: Business Intelligence Consultant - C...
£250 - £300 Per Day: Clearwater People Solutions Ltd: **URGENT CONTRACT** Our...
£30000 - £40000 per annum + benefits and bonus: Ashdown Group: SQL Developer -...
£30000 - £40000 per annum + benefits and bonus: Ashdown Group: SQL Developer ...