If you have been reading the news lately and picking up on all the commotion around hack attacks on some of the big guns like Google, Yahoo and Adobe you may be experiencing a twinge of anxiety over the security for your own business. You may have believed your network was invincible so this news could leave you feeling shaky. You have good reason to feel this way – according to an article in the Sydney Morning Herald the number of hackers tampering with private financial information belonging to Australian business is on the rise. Obviously using the internet and intranet for business has become a viable solution to accomplishing company objectives, but on the downside the criminal faction sees just as much opportunity.
Australia is a Frequent Target for Cyber Crime
Symantec, a data security firm reported that Australian and New Zealand businesses suffer 75% more security breaches than the global average with 89% of the companies polled in the last 12 months admitting at least one intrusion. Hackers are not necessarily going after the major companies where they can make off with large sums of money. Like any other thief, they go where the risk is low and they can get in and out of a system quickly and without detection. The fact is you don't have to be at any particular level of business profitability to be targeted. Smaller companies tend to use less comprehensive IT security making them more susceptible. In general, hackers are interested in easy money.
Google and Other Large Corporations are Not Exempt
The threat does not always revolve around banking information or sensitive intellectual property. As Google discovered in December 2009, issues such as human rights are at stake in cyber attacks. The advertising and search giant was appalled that a highly organized effort dubbed “Aurora” was being made to hack into the Gmail accounts of Chinese human right activists. They managed to infiltrate only two accounts and were not able to see the account holders' actual correspondence. The action put Google in the position where it felt it necessary to warn the Chinese human rights community of the attack and to prepare to withdraw business ties with China. Officials at Google did not directly accuse the Chinese government of being the perpetrators but they decided to review doing business with the country based its attempts to limit free speech on the internet. Google stated concern for the safety of the Chinese citizens and the potential for them to be interrogated and imprisoned.
There were at least 20 other large internet, media, finance and technology companies included in the attack: Yahoo, Adobe, Symantec, Dow Chemical and Northrop Grumman to name a few. It was accomplished through a technique called “spear phishing.” This resembles an attack against 100 IT companies in July 2009 where company employees were targeted with infected email attachments.
Small and Midsize Businesses have Minimal Defense
Most businesses are totally defenseless against these sophisticated attacks. They use instant messages and emails that seem innocent at first because the senders appear to be friends and trusted colleagues. The messages are fine-tuned to evade the anti-virus programs designed for these applications. Evidently the best practices for IT security that have successfully held attackers at bay for many years are no longer sufficient. There is an innovative caliber of attacks circulating around the globe using custom malware written specifically for individual companies. The hackers don't seem to mind if it takes longer to get around the antivirus software in use by the large corporations. They continue painstakingly to tweak their malware until it is effective. Smaller companies that don't have the budget for a large scale security have not stood a chance. The hackers have the ability to commandeer only one employee's laptop and make it a gateway for total administrative access to the company's entire network.
The security firm, iSec Partners that investigated the attack on Google and ensuing corporations recommend we make fundamental changes to the way we protect our networks. They say we have simply not been prepared for the level of sophistication demonstrated by the new cyber criminals.
Hacker Stories in the Australian News
Internet news sites report the direct effects of cyber hacking on Australia. Today Online posted a news article about a hacker called “Ghostbuster” that has been targeting Melbourne businesses as a response to violence against Indians. The person behind the attacks has been sending threatening emails stating Australian servers will be hacked until racism against Indian nationals is ended. The action came in the wake of the murder of a 21-year-old Punjabi student in January 2010. Several Melbourne businesses were victimized when their entire networks were thrown into chaos.
In the technology section of The Age is a report describing the effects on government websites by hackers associated with the group “Anonymous”, known for its attacks on Scientology. This is the same group that temporarily blasted pornography across Prime Minister Kevin Rudd's website. On the morning of February 10, 2010 a number of government sites were down. The attack was in opposition to the government's plans for internet censorship. Communications Minister Stephen Conroy was not happy with the fact that Australian citizens could not obtain needed services online and felt it was irresponsible on the part of the hackers.
In the Sydney Morning Herald one journalist mentions the statistics that there are now more mobile devices in the country than Australians. It is not unusual for an individual to own two or three. The rising use of wireless broadband provides accessibility and convenience for subscribers but it also expands the territory for cyber criminals. Currently there are more barriers to cyber hacking wireless devices than terrestrial networks, such as the cost of making a phone call. However with the advances in mobile device technology to the point where it can replace the need for owning a laptop computer the potential for being targeted by hackers exists. The actual devices may be secure but the Wi-Fi network, often free and faster for users in public places is a temptation for cyber criminals. You may believe you have connected to a site operated by an airport, hotel or coffee shop, but there is no way of knowing for sure who controls the IP address that now has access to everything in your computer or mobile device. It is not that difficult for hackers to present a fake website you feel you can trust that they can use to steal from your network at any time in the future.
Millions of dollars are stolen everyday from individuals and businesses that use the internet. We are warned frequently about viruses, worms and phishing scam but somehow we get caught anyway. The situation is getting worse as hackers become better adept at breaking down the unique systems designed to keep them out. If you are still experiencing discomfort about the vulnerability of your network it will pay off to attend to your gut feeling.