SA falls prey to Gmail hacks
South African Gmail users are increasingly becoming victims of a global security issue faced by Google, which has raised concerns around the security of cloud computing.
Over the last few weeks, hundreds of locals have fallen prey to a popular hack, which has seen users' Gmail accounts hijacked and their entire contact lists spammed with junk mail.
The problem has been in the global arena for some time, but this is the first time local users have been targeted by the attack on such a large scale.
While it is unclear why locals have suddenly become targets, it is likely an increase in the number of South African Internet users is part of the cause. The hacks have also caused industry concern around the security of cloud computing.
Google is possibly one of the most widely used cloud computing services, with the company serving a large variety of applications from the Web. All Google-based accounts, including Gmail, use the same username and password for access, meaning if one is compromised, so are the rest.
Problematically, many locals use the Gmail service for office-related e-mail and document production.
[EMBEDDED]Despite the concerns, Google says these types of mails are not a full hack. The company says it is likely the e-mail addresses of users have been spoofed, saying reply e-mail addresses are easily created, without actually having access to e-mail accounts.
However, the spoofing does not explain how hackers gain access to users' contact lists.
“Google invests substantial amounts of time and money in security, and is constantly improving its systems. As always, we advise computer users to deploy reputable anti-virus and anti-spyware programs, to install patches for their operating systems and to update their Web browser,” the company says.
Get it together
Manoj Bhoola, HP's enterprise storage networking country manager, says with cloud computing becoming a reality locally, concerns around security really need to be addressed and fast.
He says hacks like those experienced by Gmail users definitely hamper the roll-out of cloud-based services in SA. “But it will have to happen, it just makes more economic sense,” he notes.
With that in mind, Bhoola says software companies taking on the cloud now need to really jack up their security focus. “They need to up their game if we really want to get cloud computing off the ground in this country, because the benefits of cloud far outweigh the challenges,” he adds.
More to come
Steven Ambrose, MD of World Wide Worx Strategy, says online crime is only likely to increase, and as such, cloud computing security awareness in SA needs to be top priority. “Hacks are happening all the time and Gmail is just one big target,” he says.
World Wide Worx expects to see around 10 million people accessing the Internet in SA by 2015, most of whom will be looking at some sort of cloud-based service. “The implication is that Internet-based fraud and crime as a result of exploits into Internet security will more than double in the next four years,” he adds.
While he says the move towards cloud computing will not necessarily exacerbate the issue, people will have to be more aware of security issues when they increasingly turn to Web-based application serving.
“Those moving sensitive data to the cloud will have to ensure all computers attached to the Internet are fully and constantly updated in all respects, including, but not limited to, all browsers such as Internet Explorer and Firefox, as well as the base operating systems, and even plug-ins such as Adobe Flash, as these are backdoors into people's systems.”
Not always the user
Colin Erasmus, head of Microsoft SA's Windows business, agrees that education will be key to making the cloud work in SA.
According to Erasmus, there are three aspects that need to be addressed when it comes to the cloud concerns. “People, process and technology. If you have the best technology in the world, that isn't properly implemented, you will have trouble.”
The company has already joined forces with the Film and Publications Board of SA to hammer home the concept of security to the youth, hoping to mitigate foolish victimisation of users later in life.
However, Erasmus says one of the likely means of attacks is not necessarily the fault of the users. He says one way that many hackers attack accounts is by stealing an unencrypted session cookie.
This means hackers don't need a username or password; they simply need a packet of data streamed across the Internet which is easily hijacked. They then have access to the account without actually stealing any user information.
Processes within businesses and among vendors are also not up to scratch, he adds. “Vendors need to follow what they preach in their own policies for users. Often those policies are completely disregarded.”