While WikiLeaks garnered massive media attention during 2010 around the world by publishing leaked documents that turned governments upside down, and caught multinational companies off-guard, smaller businesses and even individuals are facing a very similar threat of their own, which is as dangerous as it is overlooked.
So said Stefan Tanase, senior security researcher, Global Research and Analysis Team at Kaspersky Lab. Drawing an analogy to water, Tanase said: “For thousands of years we've been willing to go to extraordinary lengths and travel far and wide to get our hands on it. We like it fresh, crystal clear and uncontaminated. We're thirsty for it. And information is just like water, it leaks.”
He said some notable sources of leaks are government and corporates. Tanase described these as the 'big players'.
“Information such as diplomatic cables, war journals, intelligence reports, telephone intercepts, companies' internal documentation and the like, are examples of the sort of information that leaks. The stakes are high, we are talking about national security and the global economy. Hundreds of billions of dollars are invested in protecting data like this.”
In terms of the small players, he cites the average computer user. “In this case it is passwords, bank account details and credit card numbers that are stolen. Moreover, cyber criminals are stealing chat logs, photos, personal documents. The stakes may be lower, but the stakes are always relative. You don't need to be anyone special to own data that is important to you. How secure is the average computer? Not very.”
He said Kaspersky Lab processes over 70 000 malicious and unwanted programs every day. This equates to nearly one malware sample every second. “Compounding the problem are the literally hundreds of millions of infected computers out there. Classic botnet operations stay under the radar, most infected users are completely unaware. The criminals stay under the radar, using classic monetisation techniques.”
Tanase cited a couple of examples. “Trojan-Banker programs are designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. Trojan-Spy programs are used to spy on a user's actions, to track data entered by a keyboard, make screen shots, retrieve a list of running applications, and suchlike.
“Ultimately, we are sitting on a time bomb. Average botnet herders are sitting on information goldmines. There are huge amounts of information at risk of potentially becoming public. Average users don't realise the possible consequences of using an infected computer. Classic malware can also easily be converted for spying purposes.”
While highly customised malware is being used in sophisticated targeted attacks to gain access to corporate or governmental networks, the potential dangers of classic malware infections are being massively overlooked by the security industry. Right now, cybercriminals are inadvertently sitting on a goldmine of information in the PCs they have already infected and added to their botnets. “Nearly everyone has some overlap between work life and personal life. Who doesn't have some work related items on their personal computer and vice versa?”
Tanase said there are several steps towards avoiding a personal 'Wikileaks' situation. “Use secure environments. Public computers are a no-no. Secure your own environment. Keep malware off your computers and smartphones. Use a good AV product. Avoid getting hacked.”
In addition, he said users should be aware of physical security. “What if your device is lost or stolen? The answer is encryption. Encrypt the data, and remember to backup. You can't have encryption without backup.”
Education is also key. “How many parents teach their children not to talk to strangers? Now, how many parents teach their children not to share their personal documents on P2P networks?”
“Remember,” concluded Tanase, “the stakes are always relative.”
Share