Is there any hope against the hackers? - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


Is there any hope against the hackers?

A website hijacking security cameras and broadcasting Britons' private lives is the latest in a string of hacker attacks. Perhaps the question we should be asking ourselves is not 'how do we protect ourselves' but 'can we ever hope to', says Matthew Sparkes.

This week’s news that hackers had built a website to collate live video from homes around the country, without the owners’ knowledge, was unsettling – but not surprising.

By visiting the website the Telegraph was able to watch an elderly woman asleep in bed, several babies in cots and a man making a cup of tea in his Norwich kitchen. None had any clue that the security camera they had bought to protect them was allowing total strangers to invade their privacy.

A total of 584 cameras in the UK were listed. And thousands more worldwide. The problem has surfaced periodically for several years, but has been thrust into the spotlight by this audacious website which makes it easy to exploit.

The issue stems from internet-connected cameras which have a feature enabling the owner to log-in remotely and check that their home is secure when out-and-about. This is useful, but also open to abuse if a strong password is not used.

Many choose to leave the default password in place when they buy the devices. But these passwords are easy to find online. This latest website pulls together these streams, logs in automatically and lists them in an index by country and location. It’s as easy to spy on Britons at home as it is to browse TV channels.

What was already a gaping vulnerability has now become an internet tourist attraction. Despite making noises about removing the site from the internet, Information commissioner Christopher Graham has not yet been able to stop it.

It begs a question: not ‘how can we make ourselves secure’? But, bearing in mind a seemingly endless list of vulnerabilities online, ‘can we ever make ourselves secure’?

In September Home Depot allowed hackers to copy 56 million credit card numbers, in August almost 200 private photos of celebrities – many sexually explicit – were leaked from Apple’s iCloud.

In May eBay asked all of its 145m users to change their passwords after it emerged that hackers had stolen names, email and postal addresses, phone numbers and dates of birth of customers – information that makes identity theft a breeze.

Are the people who design and make these devices and websites always going to be one step behind the hackers?
David Emm, senior security researcher at security software company Kaspersky, believes so.

“Typically security gets retro-fitted. It’s only the first time that there’s a subversion of some technology that people realise there’s a risk. Everybody stands on the shoulders of the previous generation and learns from that,” he said.

“It a bit like saying ‘will road travel ever be safe?’ There is an inherent risk: you get into a car and you know that a child could run out into the road. Cars have become safer, but there is always that inherent danger. And I think computing is the same.”

Any electronic device or service can, given enough resources, be hacked, he says. The only way to avoid that is to avoid the internet, mobile phones and all digital devices entirely – something that is virtually impossible in 2014. “It’s woven into the fabric of our lives,” he says.

“I’m not going to not drive my car: I recognise there’s a potential danger, but I wear my seatbelt. Does that mean I’ll never be in an accident? No.”

What we can do, he says, is mitigate risk. By taking an interest in security, educating ourselves to the dangers and ensuring that we aren’t the easiest targets, we can avoid becoming the low-hanging fruit that hackers with potential targets numbering in the hundreds of millions prefer.

“Some things are under your control. I can’t stop an online provider being hacked, that’s down to their security. What I do have control over is if my password is the same for every provider. They’re not going to be able to get from my Amazon password to every other site I use,” said Emm.

We can not click on random links in emails, not log-in to our online banks from unsecured Wi-Fi in cafes, choose strong passwords and regularly install software updates. Companies have teams of experts working on patches to protect against emerging threats – if you don’t install them, you’re at risk.

Ultimately, though, we can never reduce these risks to zero. While hardware and software designers must do their jobs perfectly all the time, hackers need only get it right once to sneak past the defences. The odds are stacked in their favour.

Going back to the security cameras, he says that in retrospect designers could have “forced peoples hands” by requiring them to change the default password as part of the installation process. This is something that the companies involved have now implemented. Another door closes to the hackers, but they’ll be looking for the next one.

By Matthew Sparkes, Deputy Head of Technology (The Telegraph)