web analytics

Posts tagged Hack

The Metro

Metro Connect: HACKcess All Areas?

In today’s Metro I investigate whether the CIA really can ‘hackcess all areas’. Plus, I ask if wearable tech has fallen from fashion. Hold on tight, it’s time to Connect…
Is Your TV Spying On You?

Last week’s WikiLeaks document dump professes to reveal how the CIA has – with help from agencies including MI5 – been collecting and developing an arsenal of hacking tools, exploits and cyber skeleton keys to pick its way into the devices we use every day.

We shouldn’t be surprised. Covert surveillance is a tool widely used by intelligence agencies to maintain national security and counter terrorism.

But if the good guys can find a backdoor into our connected kit, surely the bad guys can too? Read on in the Metro e-edition…

Wearables Watch

The Apple Watch launched less than two years ago. I know this because on the day of the launch I confidently declared that ‘wearable tech is the next big thing’ on stage at the Gadget Show Live, enthusing about the upcoming Pebble Time smartwatch and the latest Jawbone and Fitbit gear.

How times change.

Wear NextLess than two years on and the wearables phenomenon has failed to catch on, leading analysts to rein in their optimism.

Back to the Apple Watch.

Many – myself included – saw the launch of Apple’s highly-anticipated wearable as a watershed moment. Indeed it was, but rather than sparking a wearables revolution it had the opposite effect. ‘Oh, is that it?’, was the consensus.

However, as Bill Gates once quipped, we tend to over-estimate the impact of a technology in its first two years but underestimate its impact in ten. It might be in the depths of the trough of disillusionment but I can’t see anything other than wearable tech to playing a huge part in our future.

Last week I was at the Wearable Technology Show in London to see how the latest wearable devices are looking to make an impact sooner rather than later…

Hackageddon | The Metro

Hackageddon in The Metro

A lot of my work right now is around cyber crime and cyber safety. My Hackageddon feature this week’s Connect section in The Metro illustrates some ways in which our online data might be vulnerable.

While there are precautions we can all heed and best practices we can each adopt when online – good password hygiene among the most important – we are still at the mercy of the organisations we trust to safeguard our data. Sadly, too many of these have been found wanting, with poor security contributing to the estimated 500,000,000 personal records that were leaked or lost in 2015 alone (source: Symantec).

In the Metro feature I look at passwords and password managers, the rise of ransomware, and how to check if your data has already been leaked. We also see how Facebook boss Mark Zuckerberg may take care to keep his details safe now, but how his previous poor security choices recently came back to bite him.

Hackageddon | The Metro

Read the full feature in the Metro e-edition here.

As a side note, the feature coincides with season two of Golden Globe-winning cybercrime drama Mr Robot airing on Amazon Prime Video. I enjoyed the first series – it’s a good drama with plenty of technical authenticity – and can’t wait now to get stuck into the second.

BBC Watchdog Logo

Watchdog Wednesdays Hacks a Wi-Fi Hotspot

Watchdog Wednesdays continues on BBC Three and in this week’s film I investigate how easily a criminal can hack a public Wi-Fi hotspot and compromise its users’ personal information.

Coffee shops, high streets and hotels increasingly offer free public Wi-Fi so visitors can sync up while they eat, shop or stay. However, as I’ve reported on before, Wi-Fi hotspots are easy to spoof, are frequently unsecured, and even when there is a password there is still no guarantee of safety.

Hacking the Hotspot

So, in a controlled experiment at a central London coffee shop, I set out to see what the hackers see. What I saw when the Watchdog cameras began rolling surprised even me:

With very little investment in time or equipment I learnt how to intercept traffic sent between users’ devices laptops, smartphones, tablets and the internet.

I was shocked that supposedly secure websites such as John Lewisebay and Amazon were vulnerable to this basic attack

Just to be clear – I am not a hacker, I’m a journalist, but picking up the basics was worryingly easy.

The Man in the Middle

My attack (known as a ‘Man in the Middle‘ attack by ARP poisoning) targeted only a single device operated by a member of the BBC crew. It could equally have targeted a number of devices, perhaps all logged in to the Wi-Fi hotspot.

I found unencrypted traffic easily visible, plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker — and webpage images appeared on my hacktop just as they did on the victim’s machine. I was even able to work around some (but not all) websites’ attempts to enforce HTTPS security.

plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker

I was shocked that supposedly secure websites such as John Lewis, ebay and Amazon were vulnerable to this basic attack on an iPad, along with email accounts that didn’t have SSL security enabled. Facebook and Twitter didn’t fall for the hack.

Are we really aware of how easy it is for data we send over the airwaves to be intercepted by a silent criminal? I suspect not. This is a perfect crime where victims are unaware that their details have been compromised until the criminal executes his hack hours, days or weeks later when emails get intercepted, accounts get hijacked and funds go missing.

‘Hacktop’ Tech

There’s nothing here that’s difficult to get hold of:

  • Sony Vaio laptop
  • External USB antenna
  • Kali Linux operating system
  • Tools including Wireshark, sslstrip, ettercap, driftnet

I should add that none of the software used here was illegal; Kali Linux and its bundled utilities are open source, promoted as ‘penetration testing and ethical hacking’ software and is used by security professionals to ensure their corporate networks and public websites remain secure to hackers. Of course, the very same software may also be used by hackers for malicious means. And then, of course, there is YouTube – there’s any number of tutorials here to help you get to grips with the tools and utilities mentioned above.

Stay Safe on Public Wi-Fi Hotspots

So there’s the scare story. But what can you do stay safe when on public WiFi?

  • For light browsing I prefer to bring my own network and tether from my smartphone or Mi-Fi, but my data plan is generous (and yes, expensive) to allow for that; if cellular reception is poor it’s painfully slow or impossible.
  • A VPN, or Virtual Private Network, is my next security measure – this creates a secure ‘tunnel’ between my laptop, tablet or smartphone and a server elsewhere on the internet into which a fraudster cannot eavesdrop. These can be free, fairly cheap or you can even build your own.
  • If all else fails I make sure that websites I exchange data with support safe browsing, denoted by HTTPS and the green padlock (but beware that tools like ‘sslstrip’ can subvert this). I do not ignore errors from the web browser which talk about invalid certificates, even if I don’t understand exactly what they mean – I can visit those websites later when I’m on a secure connection.

How secure are apps? How do you know whether they’re secure if there’s no green padlock or HTTPS visible in an address bar? In my testing I found some apps that are blatantly not secure broadcasting personal details, but I’ll be exploring this in more detail very soon.

Keep watching BBC Three Watchdog Wednesdays for more films like these, and do get in touch on here or on Twitter if there are any other hacks or scams you’d like me to investigate.

Sex, Lies and Online Affairs

Sex, Lies and Online Affairs – Unmasking Ashley Madison

The leak of personal details from the Ashley Madison extramarital dating website is one of the significant breaches of sensitive information in the web’s history.

High-profile data leaks have outed private customer data from internet service providers, online retailers and high-tech toy manufacturers in the last few months alone. As a result, cyberattacks have been elevated from trade-press niche news to stop-the-press nine o’clock news.

Yet the Ashley Madison data-breach is different: it wasn’t just email addresses and credit card details that were liberated this time, it was data of the most personal nature. Changing your passwords after a cyberhack is a hassle; salvaging your family relationships after being publicly outed on an adulterous dating website is something infinitely more profound.

While the story was still developing in August 2015 the team from Mentorn Media got in touch to ask if I could add some context to the story for a quick-turnaround documentary they were making for Discovery Networks. Beyond the hack itself, the show sought to explore the wider impact that internet and connected technology is having on 21st century sex and relationships – it’s not often I get to talk about teledildonics and virtual reality sex on television…

The documentary aired in September 2015 in the UK and in January 2016 in Australia. Here’s a trailer:

Sex, Lies And Online Affairs | New SpecialGet an insight into how the internet is changing marriage and monogamy in the 21st century with the new special, Sex, Lies And Online Affairs, premiering on TLC this Monday at 9:30pm AEDT.

Posted by TLC Australia on Monday, 11 January 2016

banner_landing_guarantee_anim

Stay classy, Ashley: image grabbed from archive.org archive of AshleyMadison.com 2008

In whichever direction your moral compass points, Ashley Madison has for a long time been a hugely popular online destination. The Ashley Madison Agency Limited launched in 2001 and, until the events of July and August 2015, welcomed almost 125 million visitors every month from over 50 countries around the world.

ITV Good Morning Britain

TalkTalk Data Breach Advice for Customers

Of all the high-profile hacks and leaks of 2015 the TalkTalk Data Breach in October may prove to be one of the most significant yet, potentially impacting all four million of its UK customers.

While details of the breach are still emerging the leaked data appears to include unencrypted names, addresses, email addresses, bank account/credit card information, customer account numbers and more.

TalkTalk Data Breach David McClelland

The ‘significant and sustained’ cyberattack, likely using a DDOS (distributed denial of service) attack as a smokescreen for their chosen method of entry and extraction, shows the hallmarks of highly-organised cybercrime.

Sadly, this isn’t the first time that the UK telco’s customers have had their personal details sneaked out of the back door. Data leaks in November 2014 and August 2015 exposed information that has been used to successfully defraud customers of thousands of pounds with phishing and vishing attacks.

Appearing on ITV Good Morning Britain and BBC Rip Off Britain LIVE to explain the hack and its potential impact, my advice for TalkTalk customers is this:

  1. Treat incoming telephone calls purporting to be from a service provider – TalkTalk or otherwise – as potentially toxic. Regardless of any account number or information quoted, or the telephone number called from (Call Line IDs are easy to spoof), in my opinion phishing and vishing fraud is now so common that incoming calls are impossible to trust. A reputable/genuine caller will quite understand any concerns and give you an option to call back on a verified number found on your (for example) bank statement or the firm’s main website (not a link they send). However, make sure you call back from another number (maybe a mobile if you have one – but check call charges) or ensure your landline has been cleared first (wait 5 minutes or call a friend first).
  2. Check your bank statements, credit card bills and any online payment service accounts (eg Paypal). If there are any transactions you don’t recognise, no matter how small, query them. And then keep checking them – this is good practice anyway.
  3. Check and change your passwords, particularly if you use the same password as your TalkTalk account across any other accounts? Email, social network, PayPal, auction sites etc?

TalkTalk has a dedicated page to keep those concerned updated with the latest news and advice on the data breach: http://help2.talktalk.co.uk/oct22incident

Related Posts Plugin for WordPress, Blogger...
Go to Top