Michael McCarthy: Just one click... and the worm can eat your machine
Monday 30 March 2009
It may have been the world's biggest cyber-conspiracy, but it didn't need to involve genius (of the evil sort). Just plausibility.
Here's an email from your bank, for example, asking you to verify your password. Seems routine enough. Seems authentic. And you're busy. So yeah, do that. Click.
But click and you may be lost. For the basis of penetration of the vast computer networks of campaign groups, businesses, armed forces, even national governments, is often simply "social engineering" – sending out emails purporting to be from someone else. And once the recipient clicks on the attachment, hostile software – malware, in the jargon – inserts itself into their system.
We've grown more sophisticated and more aware of internet fraud. There can be few people who are now excited to receive an email offering 10 per cent of the sum of TWENTY FIVE MILLION DOLLARS! for use of a personal bank account to transfer the cash out of a dodgy place. These days, we look at that and laugh.
But cyber-pirates are growing more sophisticated themselves, and the killer email which worms its way into a system to do untold damage these days may look very authentic. In a report published yesterday, on electronic infiltration of the Free Tibet movement – part of the major Chinese-based cyber-conspiracy – computer experts Ross Anderson from the University of Cambridge and Shishir Nagaraja from the University of Illinois show that sometimes hostile hackers can get hold of a genuine email and add a hostile programme. The result is a hostile infiltration. In their report, "The Snooping Dragon: social-malware surveillance of the Tibetan movement", they write: "This combination of well-written malware with well-designed email lures which we call social malware, is devastatingly effective. Few organisations outside the defence and intelligence sector could withstand such an attack." Governments can mount such an assault, they say, but so could "a capable motivated individual".
Anderson and Magaraja point out that once hostile hackers have made an initial breach, once a single careless employee clicks on the wrong attachment – they can get inside it and use the knowledge they gain to disguise future attacks. "Prevention will be hard."
The lesson is twofold. One: always treat emails from people or organisations you don't know as suspicious, particularly if they have attachments. And two: fooling you is easier than you think.
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
Is it the end of the road for three-point turn in driving test?
Girl, 7, gets Tesco to remove 'stupid' sign suggesting superheroes are 'for boys'
Black Friday: best UK tech deals on iPads, Macs, PS4 and more
A bottle of wine a day is not bad for you and abstaining is worse than drinking, scientist claims
Obama: The only people with the right to object to immigration are Native Americans
Ukip says babies born to immigrants in the UK should be classed as migrants – which would include Nigel Farage’s own children
The young are the new poor: Sharp increase in number of under-25s living in poverty, while over-65s are better off than ever
David Cameron sets out immigration reforms: We should distrust Ukip and their 'snake-oil of simple solutions'
Ukip mocked after mistaking Westminster Cathedral – for a mosque
Tamir Rice: 12-year-old boy playing with fake gun dies after being shot by Ohio police
- 1 Hollywood actor Mickey Rourke beats opponent 33 years his junior in exhibition boxing match
- 2 Exodus Gods and Kings casting controversy: Ridley Scott would never cast 'Mohammad so-and-so from such-and-such' in lead role
- 3 Jennifer Lawrence scores first UK top 40 single with Hunger Games track 'The Hanging Tree'
- 4 Today was a bad day for renters, landlords, and democracy
- 5 'You should come to my house and eat cheeses with me': 4-year-old sends adorable love letter to girl at school
iJobs Gadgets & Tech
£50k - 60k per year + Benefits: Opilio Recruitment: We have an exciting Seni...
£50k - 70k per year + Benefits: Opilio Recruitment: We have an exciting Seni...
£32000 - £34000 per annum + Uncapped OTE £65,000 : h2 Recruit Ltd: Looking for...
£28000 - £31000 per annum + Bonus + Progression: h2 Recruit Ltd: Are you looki...