Zombie computers, cyber security, phishing … what you need to know
Matt de Neef, The Conversation
Today, Australia’s Labor Government announced it had started working on a national cyber security strategy, to be released as a white paper in the first half of next year.
This comes amid growing concern about the state of global cyber security, not least in the wake of sophisticated attacks on hundreds of email accounts around the world.
We conducted the following interview with Professor Michael Fry, an online security expert from Sydney University.
What is cyber security and why has it been in the news so much lately?
The term “cyber security” refers to a whole range of online threats to people using computers online, to information stored online, to the impacts this might have in terms of criminal activity, fraud or attacks on infrastructure.
This problem has been growing steadily for the past 20 or 30 years as the internet has grown. There are bad people out there with a variety of motives.
It used to be a case of hackers proving how clever they were by defacing a website – it was seen as just a bit of a challenge or recreational activity.
That has changed quite significantly in recent years where, by far, the most prevalent threats are to do with cyber crime and, increasingly, things like cyber warfare and cyber terrorism.
What sort of threats do everyday internet users face?
The biggest would be the various forms of cyber crime – having their machines infected, being subjected to identity theft, and many forms of botnet activities.
Botnets are networks in which the computers have been compromised – they’ve been turned into “zombies”.
An estimated one in five home computers, and one in ten work computers, have been compromised. This means there’s quite a high probably the machine on your desk is infected and possibly used for criminal purposes.
The safest assumption to make – and it’s one I’ve made since I started researching this area – is that your machine is infected, and then you take appropriate precautions.
If your machine is infected it can be used for identity theft, pulling off any personal information you might have stored there. It can be used for logging your online activity – such as your keystrokes or websites you visit – stealing other forms of personal information such as passwords in the process.
Your machine could be used as part of a spam-mail campaign which is actually illegal, and it could be used to mount what’s called a Distributed Denial of Service attack (DDoS).
This last one is probably the most sinister use. It’s where tens or hundreds of thousands of machines send information to a victim machine and it just overwhelms that machine, forcing it to crash.
The problem for the average punter is that you could now unwittingly be an accomplice in all sorts of nefarious activites.
How susceptible to cyber crime are Australian internet users compared with users in other countries?
There are some statistics out there from security companies that give estimates of the infection rates but I don’t think it’s possible to say that Australia is any more or any less susceptible than any other developed economy.
We all use basically the same brand of infrastructure: we’ve got the same sort of machines on our desks, we’ve got the same sort of servers running, we’re connected by the same sorts of network equipment.
In part it’s because of the uniformity of systems on the internet – and there’s millions of systems – that a single attack can possibly succeed on a very large scale.
What are your initial impressions of the government’s proposed cyber security strategy?
It’s really just a pre-announcement of an intention. Various government agencies – such as defence, and ASIO, even normal government departments – would have their own cyber security strategy which they use for developing policy and mechanisms to protect their own neck of the woods.
But clearly it’s got to the point where the government feels the potential threats are so great they need to at least consider a national approach to this problem.
Therefore, I think it’s probably timely to look across the board at the threats and the significance of the threats, and that would include not just government agencies but organisations such as ISPs (internet service providers) and even enterprises.
There has been widespread speculation that recent attacks on Gmail accounts are the work of the Chinese government. What’s your view?
There are all sorts of suspicions about government agencies participating in such attacks, or at least organisations that are closely aligned with governments being involved in these sorts of activities.
I guess this is not new, it’s just the cyber version of spy versus spy that’s been going on for years – it’s just in a new medium.
Attacks on email accounts often use a method known as “phishing”. What is this and how does this work?
Phishing is a particular form of attack that plays on trust. The most obvious example is the phishing emails you get: “Do you want to buy this?”; “Do you want to see sexy that?”; “Click this link”. Clicking that sort of link could lead you into all sorts of trouble.
Examples like these, and things such as the Nigerian scam, are the most obvious examples that people are aware of but these attacks are getting more sophisticated.
These more sophisticated versions are often used by botnets. You click on what you think is your online banking page in your “favourites” folder, and the botnet will intercept that request and send you away to another server.
That new server will give you a page that looks absolutely identical in minute detail to the actual bank’s page; you start entering your details and there you go: someone has access to your bank accounts.
Other recent phishing attacks play on a different form of trust in which spoof communications apparently come from your friends. Facebook has been shown to be vulnerable to being used for this.
If you receive an email from someone that you don’t know and it asks you to click something, that’s one thing. If the email seems to come from someone you know, studies have shown you are more likely to fall for it and click the link.
What can individuals do to protect themselves in an increasingly online world?
The biggest single thing you can do is to be vigilant and take care that your machine, or any machines under your control, have the latest security patches on them.
The biggest vulnerability in the online world is unpatched machines and that’s either unpatched machines on your desk or, if you’re running a web server, unpatched web servers.
If you’re asked to install the latest updates to your system, do it. That’s the single best thing that you can do.
Michael Fry will be teaching a new cyber security course at Sydney University this month alongside security policy expert Lydia Khalil.
Have you ever been knowingly hacked? Will the information in this article affect your behaviour online? Do share – leave your comments below.
Matt de Neef, Editor, The Conversation