Fighting Cybercrime One Step At A Time

Fighting Cybercrime

In the wake of a recent Distributed Denial of Service (DDoS) attack on TalkTalk, a British mobile phone, internet and pay-TV service provider, government and business leaders are under pressure to quickly provide effective safeguards and solutions. The DDoS attack, remotely controlling hundreds of thousands of compromised machines, collapsed TalkTalk servers, allowing cyber criminals to implement an SQL-injection attack in the ensuing chaos. This second attack used deliberately malformed requests to crash database programs, thereby giving attackers access to database content. It’s been reported that thereafter the hacker/s demanded a ransom for the pilfered data. A 15-year-old Northern Ireland teenager and 16-year-old West London teenager were arrested and bailed in connection with the fiasco, and subsequently a 20-year-old man has been arrested. Though it now appears the attack was for financial reasons, initial speculation included possible terrorist involvement and an impending cybercrime onslaught from stolen personal data.

TalkTalk has now confirmed that although some bank account details have been accessed, not enough information was stolen for thieves to steal money from customer accounts. Dido Harding, TalkTalk chief Executive, has stated that the company’s website was hacked, but not its core systems, and says, “none of our customers’ credit card information has been exposed.” This is the third known cyberattack this year on TalkTalk, and the company has been criticised for keeping silent about this most recent attack for more than a day.

DDoS Prevention

“As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos…” Read Article by Steve Prentice on the rise of sophisticated cybercrime.

With the growing number of DDoS attacks taking down websites and network infrastructures, industry specialists have a host of solutions at the ready. Cloudflare’s layer 3 and 4 protection is designed to absorb attacks before they reach servers, and its layer 7 protection differentiates between harmful and beneficial traffic. F5 Networks’ Silverline provide massive traffic scrubbing capacity, offering protection onsite, in the cloud, or in combination, across levels 3 to 7. Black Lotus’ service focuses on the hosting industry and includes a patent pending Human Behaviour Analysis technology to improve its service, and Incapsula has received accolades for it’s DDoS protection with its global network of data centres providing more scrubbing centres than any other provider.

Data Privacy & Homomorphic Encryption

In a separate debacle, Apple, finding data theft linked with advertiser Youmi, has removed 250 apps from its app store. Developers of these apps were unaware of the breach, caused simply by using Youmi’s service to display ads. Going to significant lengths to hide their activity, Youmi’s attempts to circumvent Apple’s rules and attain unauthorised access to information were not picked up by Apple immediately. Homomorphic encryption is one technique that can protect against applications leaking secure data. It allows computations to be carried out on ciphertext without any decryption occurring. This technique essentially allows applications to ask questions of data without knowing any specifics of the data that forms the answer.

Though the technical tools are available to provide proper protection, people need to be aware of the simple, interpersonal scamming methods that are often the real cause of theft. TalkTalk has stated that no information was stolen that would allow hackers to access customer bank accounts, but many customers have reported theft from their accounts subsequent to the TalkTalk debacle, apparently after giving relevant details to callers supposedly from TalkTalk. Anyone who has any sensitive or personal data connected to any network, and I feel confident saying that’s at least 99.9% of us, needs to educate themselves on IT security. Understanding the risks is still the strongest defence.

By Jennifer Klostermann

Mark Barrenechea

Security is Job 1: Machines vs. Machines

Digital is redefining cybercrime and cyberwarfare Cyberattacks today are multi-stage, hard to discover and highly targeted. Some security threats are accidental, stemming from unauthorized employee access. As much as 38% of attacks come from internal ...
Sebastian Grady

Leveraging Hybrid IT Now to Power Digital Transformation 

Leveraging Hybrid IT Summary: Cloud is a dominant force in enterprise software today. Global market turbulence is forcing some companies to accelerate moving parts of IT to the cloud sooner than expected to adapt to ...
Mark Barrenechea

Information is at the Heart of Your Business

Information Business Even though digital information is evolving at a rapid pace, the world is still document-centric. Documents, whether created by a human or generated by a machine, underpin every operation, communication exchange and innovation ...
Cloud Based Accounting

How Cloud Has Changed The Modern Accounting

Modern Accounting The modern-day accounting has come a long way from the times when the financial information existed only on paper. Today, advancement in technology has transformed almost every aspect of the accounting industry. It ...
File Photo Of Facebook Ceo

Facebook, Twitter, Google CEOs to defend key law before U.S. Senate panel

WASHINGTON (Reuters) - The chief executives of Facebook, Twitter and Google will defend a law protecting internet companies before a Senate panel on Wednesday, a topic that has split U.S. lawmakers on ways to hold ...
Brian Day

Tips for Developing Apps In a Cloud Environment

DevOps and the Cloud Unless you’ve just started a brand-new organization, your IT environment is currently running a diverse collection of last-generation and older applications that were deployed with the one-application-per-server approach that unleashed the ...