Friday, June 13, 2014

Cheating yourself

The new European System of Accounts (SEC 2010) assumes the inclusion of items not covered in national accounts so far, ie GDP. This is leading some media to write in their headlines that GDP will increase, "as a matter of magic." If you believe it, it's like if you are cheating yourself. Or hacking yourself.

In fact, cheating yourself is the source of many security incidents today. For instance, if you are going to host such an important event as the World Cup, and you don’t put all eggs in one basket to avoid shocks, it is quite likely that you end up suffering a DDoS attack and finding the event’s websites blocked and, for dessert, some government ones too.

Well, in this business we all leave some doors open behind, even the most unlikely. Those evil cybercriminals who we always imagine wearing balaclavas in front of the keyboard are also vulnerable, and often by their own miscues. An over 2,000 hacker passwords leakage unveiled their passwords are not very good indeed. On one hand, the most common are "hack", "root", "pass" and "hax". On the other hand, their passwords are short, they do not mix characters and they are easily detectable by social engineering. Who knew that they, the "experts", are also cannon fodder.

Another common way to cheat yourself is having corporate services nor sufficiently secured. In 2012 a Nigerian found a curious way to cash in: he used phishing techniques to lead several federal agents of New Jersey to  fake web pages of the Census and the Environmental Protection Agency. There they were asked to log in. Once they did it,  their login credentials were immediately sent to the attacker. Then he ordered purchases on their behalf. The products were sent back to Nigeria to be resold on the black market. A bizarre story that has just been unveiled.

Further away, a journalist from the old American Public Radio (NPR), along with another one from Ars Technica, decided to test access to his smartphone in open WiFi networks. Within seconds, he had access to all his passwords from another device. The story has showed how impulse given to open WiFi’s by some technological majors can be harmful: anyone can imitate the name of the network to impersonate someone else and have hundreds, thousands of credentials to countless services.

More ways of cheating yourself: living in an environment that facilitates the development of computer (un)security phenomena. An accurate analysis on VentureBeat provides economic, sociological and cultural keys to understanding why "Russian hackers are so good." It is not because they are smarter but because their environment encourages such "industry".

Speaking of cheating and tricks, Razvan Cernaianu has a curious method to get money out of Paypal (actually, to detect a vulnerability). It’s easy: a user creates three accounts; account A pays € 500 to account B; this one pays another 500 to account C; thereupon he denies payment from account A claiming having been a victim of fraud; PayPal withdraw € 500 to account B which will have a negative balance of 500 € that Paypal cannot require anyone; the user withdraw the money back into account A, and the money paid in account C, and he has twice the money he invested in just 24 hours. While the account B is in perfect anonymity, the move is brilliant.

If you do not want anyone to cheat you, the best you can do is to know his tricks. And spread, spread and spread “the word”. Rate our posts, comment them, spread them… Please, find the links to our social channels at the sidebar. ;-)


Post a Comment