Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors
Richard R. Thompson

GET UPDATES FROM Richard R. Thompson
 

Hacking: From Siberian Pipelines to Your SME's Data

Posted: 16/07/2013 10:28

Hacking Back

An early instance of hacking (and one of the most extreme) resulted in an explosion which was 3 kilotons in strength or about one-fifth as powerful as the atomic bomb dropped on Hiroshima.

That's the kind of hacking you see in films and the kind of hacking which, though shocking, surely isn't relevant to the average business or SME. But hacking doesn't have to result in an explosion to cause significant damage. According to Hiscox, cyber-crime is costing the UK £11bn a year and 1 in 10 small businesses in the UK have experienced a data hack. The issue is that data, no matter how boring or useless you might think it is, is the gold dust of the digital world. That's why both powerful governments and your average small business are all at risk.

"The most monumental non-nuclear explosion ever seen from space"

Some of the most famous and radical instances of hacking make for good stories. In 1982 the Reagan administration discovered that the KGB had been stealing technology from the West for a number of years. After establishing exactly what the KGB might steal in the future, the CIA planted a piece of software which would act as a Trojan virus.

The software, which was programmed to change the mode of operation and logic of software controlling pipelines, was designed to take effect only after 10 million cycles (in real time a few months) to ensure it wouldn't be detected. The CIA's intention was to cause a few leaks across the pipeline by ramping up the pressure in pumps and compressors, but the actual result was a gargantuan explosion described as "the most monumental non-nuclear explosion and fire ever seen from space".

The spy in your computer


Espionage has inevitably evolved to take maximum advantage of developments in computer technology and now spies don't need to come in human form. Flame was a 20megabyte programme which was used to spy on Middle Eastern countries, especially Iran.

The programme had the ability to copy data files, capture screenshots, download message transcripts and even remotely turn on a computer's microphone and camera to record any conversations taking place nearby. Amazingly the virus had the ability to fool anti-virus software into thinking it should be there and appeared as a Microsoft software update. The programme also had the ability to erase all evidence of itself if it were discovered. By the time the virus was discovered Iran had to announce that it had infected computers nationwide.

These are a couple of major hacks, and though they're interesting to read about it's difficult to see how such large scale hacks are relevant to you personally or to your small business. These viruses were designed to infiltrate well protected and advanced security systems, but hacking doesn't have to be sophisticated, as Wired writer Mat Honan unfortunately found out.

Mat Honan describes his hacking experience as having his "entire digital life destroyed". Within the space of an hour hackers went through his Google, Amazon, ITunes and Twitter account, erasing data and posting on his behalf, effectively hijacking his online identity. The worrying thing is that hackers didn't have to use any technical wizardry. They simply took advantage of the common trend of linked accounts across the internet and as Honan puts it,

"What happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices."

So what does this mean to you?

And this is a potential problem for small businesses if they don't take care of their security properly. It's easy to assume that hackers are only out to get big business or attract attention via high profile hacks, but the reality is that any kind of data, including the data you have about clients and your own business, is always valuable.

41% of SME owners are concerned about their computer systems being hacked, yet only 25% are very confident about the security measures their company has in place to protect against these risks.

Any data you have is of potential value, whether this be to a competitor or just to a cyber-criminal scouting around for financial information. It's essential to remember that a small amount of data can easily lead to more data, so everything you have is of value.

But this doesn't mean that you can't protect yourself. Complying with the most up-to-date IT security standards or outsourcing your IT support to an IT support company which does, will put you in the best position possible. The ISO 27001 standard is the latest standard to look out for. It indicates that a company have gone through a thorough process to comply with security standards and have been repeatedly assessed and audited to ensure all their data and IT services are as secure as possible. If you want to improve your in-house IT then it's worth investigating the ISO 27001; if you're outsourcing then make sure you look for an IT support company which complies with the standard.

As technology evolves, so hackers' expertise develops meaning that security is and will continue to be one of the most prevalent issues in IT. Investing in proper security for your small business then, is well worth your time.

 

Follow Richard R. Thompson on Twitter: www.twitter.com/CentralTechLtd

FOLLOW UK TECH