Saturday, September 6, 2014

Beware, your email id and possibly your password is with atleast one organized cyber-criminal gang

South Korea is a perfect example of a soon to be interconnected world where all its citizens have high speed broadband, regularly access online ecommerce and e-governance services and where online activities like games form a major part of social interactions. Large scale online services centralize the aggregation of user credentials such as email ids and passwords, making these online stores a juicy target for cybercriminals and offensive nation state actors.

Cyber criminals who obtain possession of these caches of personal data sell it to organized gangs which specialize in email frauds or who withdraw small sums from the online balance in gaming and other financial accounts. Nation state actors may use these credentials to disrupt vital economic operations by shutting down or altering the integrity of operation of financial system or utilities.

Not only are these credentials hacked through the exploitation of online vulnerabilities and poor system security design, but they are breached by trusted insiders with privileged access who steal and sell it for a fee.

Four major incidents, in South Korea, all in the last year where almost 50% of the credentials of the nation’s population were stolen, highlighted the impact and ease of exploitation of these online stores. According to press reports:

·             A group of hacker’s successfully compromised 220 million records of 27 million people from online gaming sites

·             Hackers broke into the popular Nate and Cyworld websites extricating names, email addresses, phone numbers and resident registration numbers of 35 million users.

·             Regulators fined three credit card companies after 20 million residents had their data stolen by an IT contractor.

·             12 million names, resident registration numbers and bank account details stolen from telecom company KT Corp were being investigated by the government.

These incidents will not remain isolated to South Korea but will happen across the world, as in-country online services proliferate.

Email addresses are no longer secret; they are freely given away by people on business cards, survey forms or even to solicit advertising mails. These emails have been aggregated and compiled into large databases which are sold globally for a small fee. There are also programs which trawl the net searching specifically for email addresses. Given the scale of data breaches or aggregation of email information, every cybercitizen should consider their email to be in the hand of atleast one organized cybercriminal ring.

Given, this assumption one should expect to be a target of an email scams or deliberate attacks to steal banking credentials or to install malware that will later be used to steal banking credentials and personal data. To minimize the impact of such adverse fallouts cybercitizens must ensure that they do not use the same password on multiple systems and use unique passwords for key banking and other services that can affect their wallet or reputation. Frequently changing passwords reduces the window of exposure and consequently losses. The other important consideration is to keep an eye on email scams. To know more do read “Online Email Scams a multibillion dollar business or not? You decide”.

To prevent malware, ensure that you do not log onto your computer with administrative rights when using the Internet. Create another profile without administrative rights for Internet use.


No comments:

Post a Comment