Our vulnerabilities to hackers
A snapshot of how easily identity theft can be committed, and how other hacking, espionage and cyberthefts are perpetuated, was presented to delegates at the World Alternative Investment Summit Bermuda.
Security consultant Vitali Martiniouk, of KilSol, detailed many areas of vulnerability in the interconnected digital world and highlighted some famous scandals.
One example was the infamous “Busboy scam”, when a young restaurant worker in Brooklyn, New York, used a Forbes magazine list of the 200 richest people in the US as his starting point to collect personal and later confidential information about their lives, banking details, social security numbers and other pertinent details.
Using elaborate online social engineering that was initially based on public data, he then assumed the virtual identities of many billionaires to trick financial institutions into approving bogus requests for funds. When the authorities finally caught up with him in 2001, they were staggered by what he had achieved through his cybertechniques.
Speaking at the Wais conference at the Fairmont Southampton last week, Mr Martiniouk also mentioned how GPS spoofing had allowed University of Texas students to remotely take control of a $80 million yacht using a spoofing device the size of a suitcase.
In a similar way, fake transmitting towers for mobile phone networks can be positioned to intercept mobile phone communications.
And every mobile phone in the world is potentially vulnerable to hackers who accesses the SS7 system through any number of networks around the world.
SS7, or Signalling System No 7, is a universal system that connects one mobile network to another. It was developed in the 1970s and is the protocol system used worldwide. However, it was developed and accepted as the universal protocol long before the advent of cyberattacks and hacking. As such it has backed-in flaws and vulnerabilities that are beyond patching. A successful hacker, or spy agency, can listen in and record calls, read text messages and track the location of a targeted phone.
During his presentation at the Wais event, Mr Martiniouk gave tips on how delegates could better protect themselves from hacking and cybercrimes.
One way to protect a bank account is to have it locked so that activity such as withdrawals must be authorised by the bank manager. Mr Martiniouk said it was a good idea to have a bank book without an accompanying magnetic card or “tap-and-go” embedded card, in order to reduce the opportunities for fraud.
He also identified public wi-fi as a danger area easily exploited by hackers.
“Avoid connecting to banking sites over wi-fi,” he said. “And where possible use VPN over wi-fi.”
VPN, or virtual private network, allows individuals and companies to send and receive data across public networks as if they were directly connected to a secure private network.
Mr Martiniouk’s other tips included:
• Use a banking app rather than a browser for online banking.
• Open an account at a bank that provides two-factor authentication, such as needing to provide information from a hardware token during the login process.
• Where possible, make payments with cash rather than using a bank card.
• Encrypt e-mails.
• Use long passwords, ideally of 12 characters or more.
• Regularly update software on your phone and computer, and use full disk encryption on both.
• Have a back-up of your data stored elsewhere, which can be used to restore your computer or phone should you fall victim of a ransomware attack.
With mobile phones constantly updating your location in the world using GPS, it can be easy for a cybercriminal to deduce when you are away from your home on business or vacation, particularly if they have harvested other personal information from social media sites, such as your community connections, level of wealth and home location.
With that in mind, Mr Martiniouk cautioned delegates about the use of social media. He said: “Avoid having too much of your personal details online.”
Date set for Bermudians on UK terror charges
Bus drivers agree to earlier shift start
Analyst: Arbitrade must ‘come clean’ on gold
Simmons calls for a ‘meeting of the minds’
Clarence “Tessi” Terceira (1927-2018)
Customer service key to Tuck Shop success
Best ‘sickened’ by Sterling abuse
Waiter raises $9,000 for foster parents
Doctor feeds adrenalin rush on Survivor
Bermuda Plan 2018 tackles sidewalks issue
Group linked to Scientology holds seminar
Two injured in domestic incident
Sick-outs a last resort, teacher declares
Take Our Poll