South Korea
is a perfect example of a soon to be interconnected world where all its
citizens have high speed broadband, regularly access online ecommerce and
e-governance services and where online activities like games form a major part
of social interactions. Large scale online services centralize the aggregation
of user credentials such as email ids and passwords, making these online stores
a juicy target for cybercriminals and offensive nation state actors.
Cyber
criminals who obtain possession of these caches of personal data sell it to
organized gangs which specialize in email frauds or who withdraw small sums
from the online balance in gaming and other financial accounts. Nation state
actors may use these credentials to disrupt vital economic operations by
shutting down or altering the integrity of operation of financial system or
utilities.
Not only are
these credentials hacked through the exploitation of online vulnerabilities and
poor system security design, but they are breached by trusted insiders with
privileged access who steal and sell it for a fee.
Four major
incidents, in South Korea, all in the last year where almost 50% of the
credentials of the nation’s population were stolen, highlighted the impact and
ease of exploitation of these online stores. According to press reports:
·
A
group of hacker’s successfully compromised 220 million records of 27 million
people from online gaming sites
·
Hackers
broke into the popular Nate and Cyworld websites extricating names, email
addresses, phone numbers and resident registration numbers of 35 million users.
·
Regulators
fined three credit card companies after 20 million residents had their data
stolen by an IT contractor.
·
12
million names, resident registration numbers and bank account details stolen
from telecom company KT Corp were being investigated by the government.
These
incidents will not remain isolated to South Korea but will happen across the
world, as in-country online services proliferate.
Email
addresses are no longer secret; they are freely given away by people on
business cards, survey forms or even to solicit advertising mails. These emails
have been aggregated and compiled into large databases which are sold globally
for a small fee. There are also programs which trawl the net searching
specifically for email addresses. Given the scale of data breaches or
aggregation of email information, every cybercitizen should consider their
email to be in the hand of atleast one organized cybercriminal ring.
Given, this
assumption one should expect to be a target of an email scams or deliberate
attacks to steal banking credentials or to install malware that will later be
used to steal banking credentials and personal data. To minimize the impact of
such adverse fallouts cybercitizens must ensure that they do not use the same
password on multiple systems and use unique passwords for key banking and other
services that can affect their wallet or reputation. Frequently changing
passwords reduces the window of exposure and consequently losses. The other
important consideration is to keep an eye on email scams. To know more do read
“Online Email Scams a multibillion dollar business or not? You decide”.
To prevent
malware, ensure that you do not log onto your computer with administrative
rights when using the Internet. Create another profile without administrative
rights for Internet use.
No comments:
Post a Comment