In a controlled ‘classroom’ experiment conducted by CPPGroup, a small group of volunteers with limited technological knowledge, who signed a disclaimer saying they would not use the information for illegal or malicious attacks, followed a n online tutorial using a ‘man in the middle’ technique to hack into a computer network and obtain each other’s login details.
CPP’s volunteers - including a TV producer, a self-employed baker and a retiree - simply followed a 14-minute classroom-style tutorial which is freely available online. From this they were able to download hacking software which allowed them to access login details and passwords for e-mail accounts, social networking sites and online shopping accounts within a matter of minutes.
And supporting research reveals what could happen as a result – over seven million people have had online password-protected information accessed without their permission. Of these, nearly a quarter (24 per cent) claim to have had their personal e-mails accessed as a result, with 19 per cent saying their eBay accounts have been hacked. In an age of social media, 16 per cent say their social networking profiles have been hijacked and 10 per cent claim to have had money or a loan taken out in their name.
The opportunity for hackers to target users in this way also has the potential to grow due to the dramatic increase in the number of public Wi-Fi networks and smartphones with inbuilt Wi-Fi connectivity in recent years.
With over 20,000 videos on YouTube with basic hacking information tips teaching users how to hack social media profiles, e-mail, smartphones and PayPal accounts, it seems the internet’s capacity to host this type of material remains unchallenged.
These online hacking tutorials are widely known about with almost a fifth (17 per cent) of people aware of their existence. But the vast majority (87 per cent) agree that this kind of material should not be available online. The majority (63 per cent) think ‘hacking’ tutorials should be removed from the internet, with over half (56 per cent) saying the Government should take action to remove ‘hacking’ tutorials from the internet. A similar number (59 per cent) feel these videos and step-by-step guides increase the risk of identity fraud.
CPP is urging people to take steps to protect themselves from online hackers where possible, and urging the Government to take a stronger stance on internet hacking tutorials.
Identity fraud expert from CPP, Michael Lynch said: “The recent Sony security breach that saw a hacker gain access to the personal data of more than 100 million online gamers including people in the UK has demonstrated the growing and widespread risk that hackers pose to consumers and businesses. It is important people are aware of the risks so they can take the necessary steps to protect their identities and manage any compromised data. As our live session has shown, these hacking ’skills’ can be applied within minutes, so it’s crucial for consumers to take steps to protect themselves.”
“With an increased demand for tighter online security, we’re calling on the Government to review access to these online hacking lessons and implement tighter regulation of internet hacking communities.”
The technique taught in the live session known as ‘man in the middle’ hacking works by the ‘hacker’ intercepting communications between two people or what an individual is viewing on the internet. As a user logs in to their online account, their username and password appears on the hacker’s own desktop, allowing them to store this sensitive information and access someone’s account – either immediately or at a later date.
In addition to the ‘man in the middle’ hacking technique used, step by step video internet tutorials are thriving with hacking tutorials available for PayPal, Facebook, iPhones, Networks, Apps, MySpace, Twitter, Blackberry and CCTV.
Robert Chapman, CEO of Firebrandtraining, who were commissioned by CPP to carry out the tutorial said: “The wide availability of free hacking tools is a real concern, and everyone is a target. These resources are only going to grow and become more advanced, meaning that organisations and individuals must take steps to protect themselves. It’s imperative to keep anti-virus and firewall software up to date and change passwords to online accounts regularly. Also use common sense – if security warning messages appear in your browser, don’t ignore them as this could be an indicator that your network has been hacked. We demonstrated how a very basic way of hacking could be used to steal millions of pounds from the unprepared.”
CPP’s top tips on protecting your information from hackers:
1 Change your passwords regularly - the longer and more obscure, the better
2 Leave a website if you notice strange behaviour (unknown certificates, pop-ups etc.)
3 Avoid transmitting sensitive data over public (free or otherwise) Wi-Fi
4 When seeking Wi-Fi connections: know who you are connecting to, be wary of free Wi-Fi access
5 If using a smartphone: disable Wi-Fi ‘auto-connect’
6 If you are concerned about identity fraud, consider purchasing an identity fraud protection product to help you detect, prevent and resolve any incidence of the fraud
The Golden Rule is that unless you know your connection is secure, do not communicate any information or data that you wouldn’t feel comfortable shouting across a crowded room.
If you want more information on how to protect yourself or see how these experiments worked, please visit CPP’s blog