Sinister computer hackers are now targeting YOU!
By Mail Online
As David Beckham learned this week, a lot of damage can be done if computer hackers get hold of your emails.
After the contents of the former England captain’s private messages were leaked — including foul-mouthed rants when he missed out on a knighthood — police are investigating how 18.6 million emails were apparently hacked from the servers of the firm run by Beckham’s PR chief.
But before you think such cyber attacks only happen to celebrities, don’t forget the hackers are after us mere mortals as well.
Email accounts are typically hacked by exploiting weaknesses in people’s passwords, via viruses that then track or log keystrokes as you type (and so reveal your passwords) or by ‘phishing’ — sending emails that purport to be from a legitimate source in order to trick you into giving away personal information.
This is sometimes done on a massive scale. Last December, Yahoo! finally disclosed how one billion of its user accounts had been ‘compromised’ back in 2013 — in what is regarded as the biggest hack in history.
And, in January, it was reported how hackers accessed emails between charity worker Howard Mollett and his conveyancing solicitor, and stole his £67,000 life savings which was to be a deposit on his first house.
But it’s not only the contents of emails that hackers are after. Rather than stealing private information such as bank details or documents, increasingly hackers attack by simply stopping you from accessing them — and demanding cash in return.
The ransom demand issued to Christoph Brandstaetter, manager of the Austrian hotel, the Romantik Seehotel Jaegerwirt, started politely and innocuously enough with the words: ‘Good morning?’
The email, sent on January 22, went on to explain to Mr Brandstaetter that the electronic key system at his hotel had been hacked and taken down, which meant no key cards could be issued to guests wishing to check in.
If the manager wished to regain control, he had to pay the hackers around £1,500 — an amount that would double if he didn’t pay by the end of the day. Then, in its infuriating tone of false politeness, the criminals’ email ended with: ‘Have a nice day!’
It was a busy Sunday morning, and Mr Brandstaetter was all too aware the lobby was thronging with well-heeled guests who were impatient to gain access to their rooms — which cost up to £400 per night — and then to hit the ski slopes.
Mollifying bottles of complimentary champagne were issued, but the manager knew he had little choice but to pay the ransom if he and his guests were indeed going to have a nice day.
‘We were at maximum capacity with 180 guests and decided that it was better to give in,’ he said. ‘The hackers were very pushy.’
Shortly after paying, Mr Brandstaetter and his staff regained access to the hotel’s computer systems.
Contrary to some reports, no guests had actually been locked into their rooms, but the inconvenience to new guests, and the potential damage to the hotel’s bottom line during its busiest season, meant the manager felt he had no choice but to pay up.
What made it particularly galling, was that this was the fourth time the hotel had been targeted.
On previous occasions, Mr Brandstaetter had kept the demands quiet, but sufficiently enraged, he decided to issue a press release not only to draw attention to his hotel’s plight, but also to show that such attacks are growing increasingly common.
‘We’ve seen that many, many Austrian hotels have been hacked,’ said Mr Brandstaetter. ‘The police told us: “You’re in good company.” ’
Last week, it was reported by The Times that the computer systems at two unnamed luxury hotels in Cornwall had been hacked into, with the criminals demanding payments in order to restore the systems. It is understood the hotels complied.
And it is not just hotels that are falling victim, but countless firms, hospitals, banks and even police stations, all over the world. The number of such attacks is hard to establish, as many firms are unwilling to report the problem for fear that the hackers will maliciously strike again.
However, according to the Government’s new National Cyber Security Centre (NCSC) — an offshoot of the GCHQ intelligence-gathering agency — the issue is escalating.
The NCSC states that the first half of 2016 saw three times as many such attacks compared to the whole of 2015.
The costs to victims run into millions of pounds every year, not only in the form of the ransom payments, but also the costs incurred in having to overhaul IT systems.
So what is this disturbingly effective form of cyber extortion actually called? How does it happen? And, more importantly, how can firms and institutions protect themselves against it?
This comparatively new cyber-crime is known as a ‘ransomware attack’. Ransomware is a virus-like form of software that is downloaded onto a victim’s computer, and then searches through the computer — as well as other computers on the same network — for files to encrypt.
Typically, it encrypts the type of files the hackers know will be indispensable, such as spreadsheets, word-processing documents and image files such as PDFs.
If the victim tries to open the files, all they will be able to see is an indecipherable jumble of nonsense. The only way to restore them to their legible form is to use a key that can unlock the encryption. This key is, of course, only known to the hacker and, naturally, it comes at a price — anywhere between a few hundred pounds to hundreds of thousands.
The payments are made over what is known as the ‘dark web’, an encrypted corner of the internet habituated by criminals, and the usual currency is the bitcoin, a virtually untraceable form of digital cash. The relative ease and lack of risk involved in making a ransomware attack makes it very popular for cyber-criminals.
‘Ransomware has undoubtedly been one of the favoured crime campaigns of 2016, a trend showing no signs of slowing in 2017,’ says James Lyne, global head of security research at the security firm Sophos.
‘Its brilliance for the cyber criminals resides in them not having to worry about stealing your specific valuable data, such as bank details or credit card information, but instead gambles — almost always correctly — that you value your data and will pay to get it back.’ More worrying, it’s not just data that is at risk in a ransomware attack, but potentially people’s lives. ‘What if the ransomware hits a hospital system keeping a patient alive?’ asks James Lyne.
Although no attacks on critical hospital infrastructure have been reported, other parts of hospitals’ IT systems have been targeted.
In January, thousands of files held by the Barts Health Trust — the largest NHS hospital trust in England — were subjected to a ransomware attack. In October last year, Northern Lincolnshire and Goole Foundation Trust was similarly hit, and 2,800 appointments had to be cancelled.
Although it is understood both trusts refused to pay the ransom demands, this was not the case with the Hollywood Presbyterian Medical Center in California, which paid £30,000 to hackers who had infected its medical records database.
For the time being, it looks like the most likely victims are small businesses. Any IT consultant will tell you stories of clients who have been preyed upon.
‘I know of at least six cases,’ says Steve Rice, the owner of Computer Troubleshooters, in Tonbridge, Kent. ‘There’s no doubt that it’s on the rise, and the hackers are indiscriminate about who they target.’
So how exactly do the hackers manage to install ransomware on a firm’s computer system?
‘The normal way is through an employee clicking on an innocent-looking email attachment that looks to come from someone reputable,’ says Mr Rice. ‘However, the attachment contains the ransomware software, and as soon as it is clicked on, it starts to burrow through all the computers on the network and encrypting the files.’
Depending on the number of files, an attack can take place in well under half-an-hour. Users only discover they have been targeted when a ransom demand appears, or when they find that all their documents have turned into alphabet soup.
Another way ransomware can be installed is for hackers to break into the company’s servers, often by exploiting weak passwords.
So what can firms and institutions do to protect themselves?
The first thing that all firms need to do is to install and keep updating anti-virus software. In addition, backing up data (saving computer files somewhere else — such as on an external hard-drive) as regularly as possible is also essential.
In addition, emails should be thoroughly filtered for malicious attachments. One of the best forms of email filtering is to power your email using Google’s Gmail service.
‘This filters out most of the bad stuff,’ says Will Wynne, who runs the online florist ArenaFlowers.com. ‘As we are approaching our busiest time of year in the run-up to Valentine’s Day, we have a lot of customer data we want to protect, so we also make sure we use a two-step verification process that employees have to follow in order to access any data.
‘It’s free on most services and adds a whole load of protection.’
But what can you do if you have been held to ransom? Worryingly, it appears calling the police is not much of an option.
‘There are so many attacks, I’m not really sure what the police can do,’ says Steve Rice, of Computer Troubleshooters. ‘Perhaps they can investigate the bigger cases, but most firms just want to pay the ransom and get back to business.’
If the police cannot help, then it may be worth contacting the NCSC. ‘We work with firms to provide guidance and support if needed on any cyber-attacks,’ says a spokesman. ‘The NCSC serves as a bridge between industry and government to promote the highest standard of information security, including offering help managing incidents.’
As a relatively new agency, it remains to be seen how effective it will be. In the meantime, prevention is better than cure — or indeed paying a ransom.
The money you pay the criminals will invariably be used to finance other criminal activities, and so there is also a civic duty in doing one’s best to avoid falling victim.