They may be annoying but passwords are necessary to protect
your data and that is why criminal gangs are hell bent on getting hold of them.
David Crookes looks at the murky world of password hacking and considers how
you can protect yourself
Password Hacks
The Hangover 2 is not an especially funny film. It tends to
go over the same ground as the far fresher feeling debut. However, there is one
line that made us chortle: a throwaway comment that tickled us, because it's so
true.
International criminal Mr Chow, who is being pursued by the
FBI, Bangkok PD, Interpol and MSNBC, has to input a password in order to
transfer a large pot of cash as part of a plot-crucial dodgy deal. He begins to
tap at the keyboard.
“Your password is ‘baloney’?" asks one of the other
characters, surprised. “Well," says Mr Chow, pulling his face, “it used to
be just 'baloney', but now they make you add number."
Passwords are the mainstay of the online world. An often
tiresome rituals in which your username is paired up with another word or
random selection of digits in order to gain access to all manner of different
services, be shopping, banking or something more offbeat.
We don't like to give our passwords away. To do so would
open our accounts to activity that we would not wish to take place. The worst
that could happen is that your money or identity is stolen. The least is that
someone writes a silly comment via your own account on your Facebook wall.
The PlayStation Network was hacked last year, with millions of passwords
involved
Sometimes, though, those passwords are divulged, very often
by our own stupidity Other times, they get into the wrong hands due to the
mischievous nature of hackers who gain access to individual accounts or manage
to infiltrate online systems and find a bunch of passwords they can make use
of.
Remember last summer when PlayStation 3 users suddenly found
a major problem? When the PlayStation Network ended up being taken down
because, as Sony later admitted, the personal details of more than 70 million
users could have been stolen by a hacker? As one of the largest hack cases in
history, it was big, big news.
Sometimes, though,
those passwords are divulged, very often by our own stupidity Other times, they
get into the wrong hands due to the mischievous nature of hackers
Yet despite the PlayStation Network problems being a distant
memory (last December, Michael Denny, the senior vice president of Sony
Computer Entertainment Worldwide Studio, said gamers had not been deterred from
downloading games via the PS3 and that the number of users was back to where it
was before the well-publicized crisis, which had caused the month-long Network
closure), it wasn't the only company affected by such hacking,
password-stealing activity.
At around the same time, another couple of high-profile
companies had issues: Amazon and Play.com. The latter admitted that customer
names and email addresses were leaked as a result of a security breach after
users complained of receiving spam emails to addresses they use only to monitor
their accounts on the site.
Michael Denny, the
senior vice president of Sony Computer Entertainment Worldwide Studio
Now, however, it is time for other firms to feel the pain.
More recently, eHarmony, LinkedIn and Last.fm fell prey to password hackers and
it's clear it's a problem that refuses to go away, leading to worry among users
and lots of inconvenience, not to mention a flurry of phishing emails, which
attempt to capitalize on the problem.
During Sony's crisis, hackers had accessed names, addresses,
countries, email addresses, birth dates, PSN and Priority usernames, passwords
and online handles. That led to the company adding automated software
monitoring, enhanced data protection and encryption, new firewalls and a better
ability to detect software intrusions to help prevent future issues. The FBI
was involved in investigating the source of the breach.
This time it's purely passwords that have been obtained from
eHarmony, LinkedIn and Last.fm. It was estimated that 1.5 million of eHarmony's
members' password hashes were published online for hackers to try to crack, but
Becky Teraoka, eHarmony's corporate communications manager, said the passwords
of affected users had been reset. “Please be assured that eHarmony uses robust
security measures, including password hashing and data encryption, to protect
our members' personal information," she wrote.
Stop Thieves Taking Data And Protect Yourself
According to security software company G-Data, you need to
install high performance, resource-efficient security software using HTTP
filters. A firewall and monitoring functions should be installed and enabled to
protect again spyware and other threats.
An up-to-date spam filter will help to filter out unwanted
and suspicious email before it reaches your inbox.
Stop Thieves
Taking Data And Protect Yourself
Secure mobile devices - if you're browsing the internet via
tablets or smartphones, or accessing social networking sites, emails and online
banking, you must ensure you're doing so safely The same rules apply Security
solutions such as G-Data Mobile-Security (for Android devices) are now
available to protect your mobile devices and online identity
Strong passwords are paramount. Ideally use at least eight
characters consisting of numbers, upper and lower-case letters and special characters
LinkedIn - with
161 million worldwide users - wouldn't say how many users may have been
affected, but figures of up to 6.5 million passwords posted on a Russian web
forum were being mentioned.
Separate passwords should be created for each account, and
should not be stored on the computer.
Spot phishing attacks by looking closely at the address line
in the browser. This will reveal whether or not you are entering data into a
bogus website. As with online banking, call up the site manually or via the
Favorites list to log on to it. Never follow a suspicious link in an email or
on a website.
LinkedIn - with 161 million worldwide users - wouldn't say
how many users may have been affected, but figures of up to 6.5 million
passwords posted on a Russian web forum were being mentioned.
One of the site's directors, Vicente Silvery, said, “We
sincerely apologize for the inconvenience this has caused our members. We take
the security of our members very seriously."
The frequency at which these attacks took place would
suggest that associated parties are involved or at least that a common
vulnerability is being exploited in order to retrieve these large numbers of
user data, according to Bull-guard security
