Virus Attacks that Couldn’t Happen without your Cooperation
Attacking computer networks these days, or installing a virus in a fortress of security at a major corporation involves doing more than making clever coding and performing clever digital confidence tricks on company employees to beguile them into clicking on something. A recent survey of hundreds of government agencies and corporations in the US found that nearly three-quarters of all computers in them had infections of one kind or another. These are organizations that spend billions of dollars in computer security every year. What ways do the hackers have of getting past such impregnable defenses?
Usually, it could be something really low-tech, but very clever. One way that has been reported recently, has been this: a hacker designs for good virus, loads it on a pen drive, and silk screens the company logo on the face of the drive. He then leaves it somewhere conspicuous, on the company’s premises, as in the parking lot or an ATM. The hacker hopes that a company employee will discover it, plug it into his company laptop to find out who it belongs to, and by doing this, will activate a virus inside that will steal all the company passwords stored on the laptop. It will then phone home, with its cache of stolen passwords. Most firewalls and other defenses do not count on having a company employee personally bring something in like this.
The Google attacks in China were a twist on the traditional phishing tactic. They were called spear-phishing attacks. They send counterfeit e-mails to people, taking the trouble to design the e-mails with official-looking emblems and stationery, but they aim for a specific person in the organization, and they mention a well-known friend in the from-address section too. It is all about getting past an employee, and having him invite the virus inside by his own actions. They don’t just need anti virus software anymore. They need anti-gullibility behavioral training for their employees.
Cell phones are not such targets for now with hackers so far, because there are so many models and so many different operating systems. But with a very popular model like the iPhone, things could start happening, that would turn the smart phone into a surveillance device that records pictures and audio. They can even tap into an iPhone, to learn exactly where the owner is, with GPS.
In a high-tech world, low-tech is often the way infiltrations take place these days.Often, we are just looking at hoof prints and thinking exotic zebras, when we should be thinking donkeys. We need to think low-tech once again today.