Experts warn hackers are winning internet war
As websites reel from multiple security breaches, a leading company warns that its antivirus software cannot keep up with growing threats. Is the internet descending into chaos?
It starts with a mindless click on an email attachment. Then the screen instantly freezes and a message appears – ‘We have encrypted your files. You must pay £300 in the next hour or they will be gone forever’. The user panics, turns the computer off and on, yet the message remains. Dazed, they pay, not realising the files have already been lost.
This is a ‘ransomware’ attack, and last year they increased by 500%. Security experts say it is just one example of the increasingly sophisticated bugs that hackers are using to steal data.
And the problem is getting worse. This week the vice-president of Symantec, the company that invented antivirus software, said antiviruses now only detect 45% of threats and said they are ‘dead’ as a security solution.
Just last month, experts discovered a major flaw in online security known as ‘Heartbleed'. It could have given hackers access to millions of internet users’ passwords. It may well have been the biggest security failure in internet history. Experts are calling 2013 ‘the year of the mega breach’ as 552m people had at least some part of their online security compromised.
The $70bn-a-year internet security industry used to be able to scan computers against a database of known threats, removing any they found. But viruses evolved. Once on a computer, they can mutate into forms no databases recognise. They can then lurk undetected for years, scanning documents for credit card details, analysing each click of the keyboard for password patterns. Some even secretly take photos of the user through the webcam.
Experts are focusing on detecting and removing viruses, rather than preventing infections to begin with. One warns, ‘at some point, your network will be compromised. What matters is how you react’. But this is little comfort for most internet users. Are we nearing a point when staying secure online is impossible?
Surfing with sharks
Some are starting to wonder whether they can trust the internet. Just this week, Microsoft fixed a security breach that had left millions of Internet Explorer users vulnerable to hackers. We can no longer trust antivirus and even the security of major companies fails. They say the internet is being crippled and no one is secure from random attacks.
Yet others say that most people have always known antiviruses are not entirely secure and that the simplest way to stay safe on the internet is to stay smart, be careful with passwords and stay away from risky sites. Some reports say 61% of people who knew about Heartbleed took preventative measures and changed their passwords. It shows that while there will be a few errors, most security problems can be overcome with safety awareness.
- Do you think it is becoming impossible to stay safe online?
- ‘The internet is a dangerous place because it brings out the worst in humans.’ Do you agree?
- In pairs, produce a poster illustrating ways to stay safe online. Compare with the class. Which are the best ways to stay safe?
- Using the links in ‘Become an expert’, research who is responsible for hacking and what have been the biggest hacks of all time.
Some People Say...
“The internet is like the Wild West 150 years ago; a vast, exciting, unexplored, but lawless space.”
What do you think?
Q & A
- I don’t go on any dodgy websites, why should I worry?
- Not clicking on any suspicious-looking links is smart, but the security problems with ‘Heartbleed’ showed that even safe websites can be compromised. Changing your password regularly and making it a code that only you would know is a very good idea, as is keeping an eye open for news stories about new security threats.
- So are antiviruses a waste of time?
- Security experts say that while antiviruses cannot be solely relied on, they are still essential for blocking lots of the hundreds of thousands of viruses that exist on the internet. Yet they say the biggest online security risk is internet users themselves. Symantec thinks that 50% of them do nothing to protect themselves online beyond very simple passwords.
- Experts discovered that there was a backdoor for hackers in OpenSSL. This is a system which encrypts, or codes, users’ data so that the details of someone making an online payment cannot be discovered. Some of the world’s largest companies, like Google, Facebook and Dropbox use its services.
- Experts say there is a large underground market in ‘crypting’ software. An antivirus database has certain digital virus signatures it will look for. But 'crypting' software helps a virus’s creator to find a signature that will not be detected. Once the virus is on a computer, it mutates, and is then very difficult to spot.
- This virus would advertise itself as antivirus software called ‘Antivirus Security Pro’. Once an unwitting user installed it, the virus would take photos of the user, warn the user they had a virus, and ask for payment to remove it.
- The Internet Explorer browser is on 58% of computers. A flaw in it allowed misdirecting links to appear which would lead users to viruses. It has now been fixed.