2.18 AM Friday, 29 March 2024
  • City Fajr Shuruq Duhr Asr Magrib Isha
  • Dubai 04:56 06:10 12:26 15:53 18:37 19:52
29 March 2024

Virtual crime: it's just as real

(GERMAN FERNANDEZ)

Published
By David Daly

The average person today processes more information in one day than their counterpart had to consider in a year during the 18th century. For this barrage of information, which often includes letters like the one below, we have the world wide web to thank.

The internet, invented by Sir Tim Berners-Lee for better communication between academics, is proving to be a double-edged sword, allowing unrestricted access to knowledge and simultaneously proving to be an efficient tool for fraudsters.

Villains have always had their place in history and, with the internet, they've proved how adaptive they can be. The platforms from which these fraudsters are performing their nefarious activities are mainly Phishing scams, Bot networks, infected email attachments, infected website banners and hijacking of social websites.

To give some perspective on the problem, United States President Barack Obama's Twitter account was compromised this May by a non-malicious hacker, just out to prove it could be done.

The same month, HSBC Middle East issued a phishing warning that UAE residents were being targeted by an email claiming to offer a prize of Dh10,000 in exchange for some personal details.

Phishing is a fraudulent attempt, usually through email, to steal your personal information. Once this information is acquired, financial requests can be made using your details; opening new bank accounts or credit cards, drawing from existing ones or even denying you access.

The research firm Gartner reported that the cost of phishing attacks in the US was $3.2 billion (Dh12bn) between 09/06 and 08/07, a 40 per cent increase on the previous year, representing 3.3 per cent of those who were targeted in what is the worst affected country.

Smishing and Destrobots

There has also been a recent upsurge in what is being called smishing. As many mobile phones are now web enabled, it has become a logical extension to target individuals through this medium.

The advice for phishing also applies in this case. Staying with mobiles, be wary of text messages aimed at getting the receiver to return a call. The number is usually a hugely expensive premium line for which there is no benefit for the caller. The UAE's subcontinental population has been particularly targeted of late, with a report in May citing Pakistan and Nepal as originating points.

Destrobots sound like characters from a recent high-action movie, but bots are the single most dangerous weapons being deployed by criminals. Their greatest strength is in making you the unwitting carriers and implementers of their schemes.

Recently, the USA and South Korea suffered DoS (denial of service) attacks, which prevented usage of various websites. The general populace seemed surprised that such an attack could not be traced to its originator.

How is it done? Bots hide in downloaded files and web banners. Anti-virus software pick up the vast bulk of these, but new ones are constantly being developed. Once successfully copied onto your computer they wait to carry out their instructions.

Criminals stroll into internet cafés, log on and upload their bots to popular web sites. Common users are then duped into carrying the programme on their computers. The bot will execute its orders at a given time, meaning millions of computers can suddenly attack a given domain. We would be unaware it is even happening and the attacked would find it near impossible to trace the culprit.

Bots can also send out vast amounts of spam and phishing emails, as well as simply harvesting and transmitting information from the infected machine. A recent bot utilised a weakness in operating software to infect computers. Once loaded it sealed the flaw in the software preventing any other virus using that doorway, disabled the elements of the computers' anti-virus software that could, with the correct upgrades, remove it and waited to carry out its final orders.

There is no reliable estimate for the cost of this attack; however a White House cyber specialist estimated business losses at $200bn a year. A CRS report for the US Congress showed targeted NYSE companies' share prices typically fell between one and five per cent after an attack, an average shareholder loss of $50-$200m.

Last year, the UAE Telecommunications Regulatory Authority (TRA) intervened when it discovered a fake recruitment agency linked to three ministries. An American teacher who was asked to pay a "visa fee" became suspicious and reported the site leading to its closure.

While caution will very often keep you safe it should not prevent users from experiencing the incredible possibilities the virtual world offers. As in the material world, trust is key, be it in a personal or business relationship. These sureties allow society to function with confidence.

Recent reports that etisalat has, without any announcement, installed spyware on all its users Blackberry devices will dent users' confidence in the service. While etisalat denied the patch was spyware, its relationship with its consumers has now been compromised.

The original troublemakers in the virtual world were the archetypical geeks seeking to make a name for themselves by hacking IT systems. These have been replaced by well-organised and financed criminal gangs – stateless actors, interested only in holding the world to monetary ransom.

Recognising the extent of the threat to individual and commercial interests, the UAE government has set up a special anti-cybercrime body, aeCERT (UAE Computer Emergency Response Team), regulated through the TRA. The nature and speed of the issues faced have meant that there is little general awareness of this body, but it is working with its international counterparts to defeat insidious criminal activities.

Microsoft, as the largest provider of software has been under sustained assault, headlines frequently highlighting exploitations of their products, particularly the company's browsing software, Internet Explorer.

But the company and its peers are working with global institutions to help defeat this menace to what is possibly the greatest positive leap forward for humanity in a over couple of hundred years. However, consumers must continue to remain vigilant.


Protect yourself at all times: here's how

- Messages typically have strong emotive elements, designed to create an impulsive reaction. Content can be both excitingly sensational or shocking, the recent death of Michael Jackson was successfully exploited. Verify the information through a trusted medium; friend or established website.

- Wide varieties of information are frequently sought. These include but are not limited to: username and password, date of birth and mother's maiden name etc.

- Emails will tend not to be personalised, although this is not a rule. Valid messages from institutions are nearly always personalised. When in doubt, seek alternative verification.

- Never click on a link within an email or instant message. Always open a new tab and type in the web address. You do not know what is hiding within the page you are downloading.

- Do not fill in forms contained in emails, especially if personal or financial information is sought. This information should only be imparted on a secure website or whilst in one-to-one contact with an organisation.

- Always use a secure website when submitting any sensitive information. Phishers are able to create both the initial https:// of a web address and legitimate looking addresses, which can appear as the link in scam messages.

- Yellow lock symbols, denoting secure sites, which appear at the bottom of your screen, can now also be forged. Double click on the lock to check the certification. If a warning message appears, immediately quit the web page.

- A solution is to install a web browser toolbar; MSN, Google, etc all have one available for free. These maintain a list of known phisher web sites, thus offering some protection. Newer versions of Explorer and Firefox have these tools pre-installed.

- And more generally, log on regularly to your various accounts.

- Check all statements from financial institutions as they arrive. If you have any doubts, query the transaction.

- Ensure that your computer software is up to date and that all updates have been applied.

- There are various bodies that track phishers. If you come across a fraudster, report them.

- Online transactions are beginning to become more common in the region. Always use a credit card as this method offers better protection by financial institutions.

 

Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.