Essex recluse Ryan Cleary is facing charges after he hacked intosome of the world's biggest organisations. He's not the only one outthere, reports Carissa Casey
Paul Dwyer claims he can easily get a copy of my birthcertificate using any of one of a range of new websites offeringbirth certificate services. Once he has my birth cert, he says, hecan apply for a driving licence in my name and effectively steal myidentity.
Dwyer is a cyber security expert and president of theInternational Cyber Threat Task Force. According to him, it doesn'tmatter that I'm pretty much broke these days, my identity is stillof value to cyber criminals. "They can apply for a loan in yourname, or maybe they can use you to get to someone else, a relativeor even an employer. They might want to target one of your friends,"he says.
Hacking is back in the news. This week Ryan Cleary (right) wasarrested at his home in Essex and charged with disrupting thewebsite of the Serious Organised Crime Agency (Soca). Agencies inthe United States are also understood to be investigating whether hewas involved in similar attacks on the United States Senate, theCentral Intelligence Agency and Sony by an international hackingring called LulzSec (short for Laugh Out Loud Security).
Cleary is 19 and, according to his mother, a recluse, leaving hisbedroom only rarely. But for hackers, the world, the cyber world, istheir oyster. They can pay you a visit, harvest your most sensitiveinformation, and disappear without trace. Attacks on bigorganisations -- the latest being Travelodge -- make headlines, buteach day millions of attacks are made on individuals, mostly withouttheir knowledge.
"One of the most valuable types of personal information beingsold among cyber criminals at the moment is the names of sickchildren. What happens is that their parents then receive an e-mailclaiming to be from a clinic in the US which can cure their child,if they send Pounds 20,000," says Dwyer. "People fall for these typeof scams every week."
Hackers do not just break into supposedly secure databases toharvest information, they often use open sources to build a pictureof their target. Money may be the main motive but there is also thegratification gained through the manipulation of an unwittingvictim. "If I want to go after anyone there is a high probabilitythat I will get them," says Jason Hart, a UK-based one-time'ethical' hacker turned security expert.
"I will use the internet to profile them, starting with Googleand then the social networking sites. From them I would gleaninformation about the individual -- hobbies or interests -- to helpme portray myself as a friend. It's a kind of grooming."
Even the most technophobic of us have some footprint on theinternet. But it is the explosion in social networking that can givehackers an 'in', according to Chris Sumner co-founder of The OnlinePrivacy Foundation. "Even if you don't have a computer or go online,your information is still out there," he says.
"You are in the phonebook, on the electoral role, or on an oldschool or university website. If you're lucky, the person you aretargetting will have an open Facebook profile, one you can examinewithout permission. However usually you need to become 'Facebookfriends' with them.
"Generally, you would build up a fake profile, also called apersona or a sock-puppet. You give them a credible history, similarin background to your target, and build up a Facebook presence.Rather than going directly for your target, you are almost alwaysbetter off targeting friends. Once you are friends with friends, youcan typically gain enough trust to befriend the target."
Adam Laurie is an expert on web security who in 2009 hacked theprototype British identity card in 12 minutes, cloning its storeddata on to a forged card. "People publish an enormous amount ofinformation about themselves on websites like Facebook that may makethem vulnerable," he warns. "For example, you can use holiday snapsto track movements during a gap year. Then you contact the targetand say that you were at that beach party and don't you remembermeeting? You gain their confidence. Then one day you issue a pleafor help -- 'I'm on a trip and need money and can you help and I'llpay you back'."
According to Dwyer, cyber crime is becoming almost as lucrativeas drug-trafficking. "There are huge advantages for the criminal.You don't get shot and you're pretty unlikely to get caught. You cando an internet search for 'how to' manuals and you're up andrunning," he says.
Internet fraud rests on a pyramid of stolen information: at thebottom is the man trawling the internet for credit card numbers. Hethen sells those numbers in bulk, say a million a time, for a fewpence each. The next man in the chain tests the card numbers bymaking small purchases. If it works, it can be sold up the chainfor, say, Pounds 5.
The next recipient will then use it to make a much biggerpurchase.
Комментариев нет:
Отправить комментарий