01.Consumers at risk
The biggest companies in the world are under constant online attack, says one of the world’s foremost “friendly” hackers.
Even your private personal and financial information held by banks is vulnerable.
There's no such thing as unbreakable security and nobody’s secrets are truly safe, says international security engineer and professional hacker Jonathan Brossard. And he should know, he’s been paid by some of the world’s top companies to break through their own online security to find the holes used by cyber criminals and help close them. Brossard is a “white-hat” or “ethical” hacker.
The French-born security consultant is based in Sydney and counts defence agencies, European car manufacturers and major financial institutions among his clients. Brossard’s expertise has also been called on for the upcoming Watch Dogs video game, to help add authenticity. Speaking in Sydney this week he said that while individuals can have their information stolen and PCs compromised every day by viruses, Trojans, phishing emails, spam and online scams, the bigger dangers are cyber criminals going for the larger targets, such as banks, with consumers getting caught in the larger net.
“Virtually any large company gets attacked multiple times a day,” Brossard said. “Everybody is [targeted] unless your business is not interesting or you’re not doing anything fancy.”
These companies are the big enchilada, while individual consumers are low-hanging fruit in the eyes of cyber criminals which, practically speaking, aren’t worth picking. Most cyber criminals focus their attention on major companies so they can snatch the data of millions of customers in one fell swoop, rather than picking apart the computer of a single person. Banks are common targets.
“Usually when you go with a bank you’re there for your entire life, so the information they have on you is massive,” Brossard said. “People are concerned about Facebook, I would be more concerned about financial institutions, they have way more information on you.”
Brossard says company security has improved significantly in the past three years, after attacks from online groups Anonymous and Lulsec prompted companies to invest in widespread intrusion detection software and plug data leaks. Things are improving, Brossard says, but he still encounters unbelievable exceptions.
“I’ve [seen] companies in Europe that are very, very large, they’ve been hacked for five years and they only discovered the intrusion by accident,” he said. “It’s pretty crazy.”
Brossard says that realistically, if you’re online there is a chance that you will at some time fall victim to cyber-criminals, either directly or indirectly. Direct attacks almost always require user interaction from an individual, such as downloading a dodgy file in an email or clicking a malicious link. Most people know to avoid these, he says, using a combination of commonsense, security software and strong passwords. But consumers have no control over how vulnerable their information is that is held by large companies.
The key to maximising your security chances, Brossard says, is to develop a better understanding of your computers and mobile devices, while monitoring how much information you share day-to-day. Most people don’t realise how much of their daily life revolves around the internet, directly or indirectly. This “digital footprint” is growing every day, and the risks along with it.
“Whenever you use, say, public transport or you make a payment, not just talking about online, it’s going through the internet without you knowing it,” Brossard said. “This indirect footprint is leaving a lot of information behind you, and this where I think the risk really lies, more than Facebook and things like that.”
New vulnerabilities: internet-connected cars
He adds that the list of vulnerabilities is expanding every day where few people expect it, as more companies add internet connectivity to their products.
“A big trend is hacking cars, because modern cars are all connected to the internet,” Brossard said. “It’s exactly the same technology as a smartphone, so if you buy a Ferrari it’s iOS, but the rest of the industry is mostly Android. The question is if a hacker manages to hack this smartphone that is embedded into your car, will they manage to drive it. There is research that shows, yes, hackers can control a car using a computer.”
Brossard's revelations came in the same week online auction and retail giant eBay revealed sellers' details had been hacked, and advised users to change their passwords on its site. For more articles on online security, see our internet section.