Monday, December 29, 2014

Identity theft techniques become more sophisticated

Hijacking or personal data theft is a clear trend that we will have to face more and more often. The techniques remain the same, but due to the digital crime industrialization and the fierce technological evolution, they are becoming more sophisticated.

Let’s imagine a scenario in which most services use fingerprint reading as identification method. In this environment, let’s imagine that a group like the Chaos Computer Club is able to obtain anyone’s fingerprints from some pictures of their hands from different angles. Actually this scenario is not a utopia, but reality. In one of his last lectures, these Germans showed how they obtained the ones of their defense minister, Ursula von der Leyen, thanks to some photos gathered from public sources.

Whenever we talk about hijacking, the word “phishing” always arises. Identity theft is usually the goal of most personal data thefts. This is done by tricking the victim, who is redirected to a fake website under attackers’ control that mimics the original one. Many times the only thing that prevents you falling into the trap is usually the little care they put in its design, referring to us by ambiguous terms and perhaps even with a misspelled text. Unfortunately, this is changing, and you can see a real case of phishing targeting GoDaddy customers on the video attached to this article. An email including personal data of the victim redirects to a cloned website with sufficient measures in order to make sure that victims don’t realize that they have been deceived.

Information is power, and many large Internet companies have been erected by this principle. One of them is Facebook. It bases its potential on all knowledge it has about its users. However this company must now face a class action lawsuit accused of violating its users' privacy by scanning their private messages in order to display advertisements related to what is being said on each profile.

Whether you want to keep yourself safe from phishing campaigns or maintain the privacy and security of your company, it does not hurt to have a look to the cases where the defenses failed. What do you can learn from the attack against Sony Pictures? On the one hand, you may have learnt that email is not the most useful way for sending confidential information. On the other hand, you have surely noticed that not all workers should have access to all services. In addition, you won’t store passwords on a file called ‘passwords’. Moreover you must take attention to security warnings. And above all, you can not live without an incident response plan.


Post a Comment