By Annette Chrysostomou
Yahoo has only now revealed, after a huge delay, that in August 2013, more than one billion of their user accounts were hacked.
Cyber-hacking is an international phenomenon that raised its ugly – and often hidden – head in Cyprus last week, when two well-known electronics supply stores, Stephanis and Bionic, were forced to pay ransoms to avoid facing to unspecified operational problems after cyber hackers. attacked and locked their software systems.
Security expert Dino Pastos, who led the negotiation of the ransoms demanded from Stephanis, shared his knowledge of the hack with the Sunday Mail this week.
The biggest problem, he pointed out, is passwords.
“Most people use the same password for everything, or at least use it more than once,” he said. “When you use the same password for your email and your social networks like Facebook or Linkedin, you are very vulnerable. And that goes for millions of people.
There are other issues with passwords. “Over 50 percent of all users use their date of birth or ID, and those who think they might forget it often write it down on a piece of paper and stick it on the screen.” , added Pastos.
Forgetting is a big problem, so even when people have multiple passwords they tend to either write them all down or, worse yet, store them on the computer they are using.
“A password should never be saved on the same machine the user is working on,” Pastos warned.
Aris Savva, 27, an ethical hacker specializing in hacking to test or assess the security of a computer network, agrees on the importance of a good password.
The safest thing people can do, says Savva, is to use a 16-digit password with numbers, symbols, and a few uppercase letters that can take up to five years to decipher. But if someone specifically targets you, it will take a lot less time.
Another solution, while not perfect, is to use a password manager, software application, or hardware that helps a user store and organize passwords. Password managers typically store passwords encrypted, requiring the user to create a master password, a one-time, ideally very strong password that allows the user to access all of the password. its password database.
But Pastos wants to send the message that nothing is perfect protection, because there is always the human factor. “There is no software that has not been pirated,” he said.
Therefore, the first thing to do is to change the mindset of people so that they understand the gravity of the situation. It requires more openness. Yahoo, for example, probably did not want to disclose the hack, as immediately after its publication there were widespread concerns that the new disclosure would negatively affect the planned acquisition of Yahoo by Verizon with a price tag of $ 4.83 billion. . Verizon said they will “review the new development, before drawing any final conclusions.”
For five physical attacks, there are 500 cyber attacks and their number is increasing. “The abusers will always be better than those who apply the law because they are more motivated. Hackers are hardly ever caught.
Pastos explained that they can operate from anywhere. Stephanis’ hackers, for example, were Russians. The money they demanded was paid in Bitcoins, a currency that cannot be found. They had claimed 20 Bitcoins (14,200 euros) but Pastos traded them for 15 bitcoins (10,650 euros).
Although large companies like this save all their files in a secure location, they often pay the ransom because the recovery process is considered too long and expensive.
Pastos fears that there will be much larger attacks in the future, against the government, power companies, the public transport system or hospitals. Hospitals are just one example where the hack probably wouldn’t go public, because who would trust a clinic knowing their private health records are in the hands of hackers?
Yet people do not take safety seriously. “It’s a bit like health. When you have it, you don’t care. People don’t understand what is going on and they blindly rely on their devices, ”he commented, adding that people are inclined to act in the event of a disaster and do not take preventative measures.
We are now more in danger than ever, because we have everything in our pocket. The phones have two cameras, a microphone and sensors, and a GPS, and “can even tell if you are turning right or left”.
Many users, especially at work, don’t care if their business is hacked or trust their business to have backups and a firewall, both of which are more of a problem than the public realizes.
A firewall monitors and controls incoming and outgoing network traffic. But people tend to inadvertently invite hackers. There is piracy, as many download movies for free or use unlicensed software to avoid paying license fees, which all hackers can take advantage of.
And, once so many people do, more follow suit. Governments, as can be seen in Cyprus, do little to enforce existing laws.
Even those who think they are following the rules can invite viruses by clicking on links that look innocent but were created by hackers.
What about backup? “A lot of times people never check if it actually works,” the security expert said, “they never check if they can actually restore the information. Plus, the backup should never be on the same machine. It must be sent to a remote location or hard drive.
When in trouble, individual users often seek advice from the wrong experts. “It is wrong to ask someone because they are ‘good with computers’ or IT people. It’s not security, ”he warns.
Dino Pastos at [email protected] or 99-463940