Cyber attacks and their implications
Nicolai Solling looks at the implications of ongoing security threats to the region’s internet users
The hackers have been at it again. The Flame virus was discovered on computers in the Middle East and then LinkedIn passwords were hacked. Nicolai Solling looks at the implications for the region’s internet users.
The Middle East, which has already seen a dramatic rise in malware attacks over the last year, recently fell victim to the much talked about Flame virus. Another major security breach that has drawn tremendous media attention has been the leakage of over 6.5 million user passwords from the business networking site LinkedIn. The intentions behind these two attacks as well as their implications and impact are, however, vastly different.
Let’s first gain an understanding of the much talked about Flame virus. Kaspersky Labs, which first discovered the threat, described it as the ‘most complex piece of malicious software yet .’ It has now been revealed that the virus gains entry to Windows PCs by exploiting a vulnerability of the Windows Update Service.
All Windows updates require a security certificate signed by Microsoft. By providing a certificate that appears to belong to Microsoft, the Flame virus bypasses this restriction. The PC then downloads what appears to be a genuine Windows update that is in fact the loader for the Flame virus. Once the loader has downloaded the virus, cyber criminals gain the ability to take screenshots, listen in to conversations though the system mic and even capture video though an attached webcam. As we have found out more about the virus, however, we have been relieved to learn that the extent of its distribution is limited. If you are running updated anti-virus and follow the normal practices, you will be safe. Going forward, we are likely to see more and more advanced versions of the virus. It may have a different name, but this isn’t the last ‘Flame’ we shall see.
Unlike Flame, which was targeted, the hacking of LinkedIn accounts has the potential to affect a larger group. Reports from the company, which had 161 million registered users as of March, suggest that over 6.5 million passwords have been leaked. As a security measure, LinkedIn, as well as most other internet companies, does not store passwords as clear-text but instead use a technique called Password Hashing. Hashing is a mathematical operation which converts the clear-text password into an irreversible hash-value of the password. This means that when you log in, it is the hash-value of the password that is actually being sent to the application, which is then compared to the hash-value stored in the database.
So in spite of these hash-values being leaked, users are still safe, right? To some extent, this is true, because decoding a hash is normally a tedious trial-and-error type process which requires trying all possible combinations of characters. So in theory yes, your clear-text password has not been leaked, but here is the problem: today there are databases available which allow hackers to compare a hash-value and then recreate the clear- text password. So what can users do to protect themselves?
The first and most obvious thing would be to change their LinkedIn password. Also, while on LinkedIn, users should check their profiles to make sure that no changes have been made. In particular, check the e-mail addresses that have been linked to the profile and ensure that only authorised addresses are in this list.
In the coming weeks, users will probably come across websites that allow them to check if their LinkedIn passwords were leaked. A word of advice would be to first change your LinkedIn password and then use this service to check if your old password was leaked. Be sure to never type in your new password as you do not know who is monitoring the site.
Finally, make sure you develop your own password policy. This would involve changing your password at least once in two months and using passwords that use a combination of lower case, upper case, special characters and numbers. Users tend to re-use passwords across sites. This is absolutely unacceptable as a single compromised account may lead to all other accounts being jeopardised.
As the number of internet threats grow in terms of volume and sophistication, users have to be increasingly aware of the consequences of their actions. As these threats hit closer to home, users can no longer afford to adopt the ‘it will never happen to me’ mentality. It is time to take charge of your online presence and remember – a hacker has only to be lucky once.