Cybersecurity Monthly Round Up

Novmber has seen both ups and downs in the world of cyberscurity. The video gaming service Steam fell victim to a devastating hack, potentially exposing personal information and credit card details of 35 million users. In a similar attck, Norway’s oil, gas, and defence firms was attacked by hackers. Norway’s National Security Agency confirmed that the details of contract negotiations along with industrial secrets had been stolen. The NSM said it was the biggest attack of its kind Norway had experienced with 10 or more businesses affected.

A report published found the UK consumer protection system to be failing to keep up with the digital revolution, leaving people at risk of scams. The result of this is online shoppers being at risk of email scams and fraud, says the Commons Public Accounts Committee. Online security experts also warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts.

Facebook hit the headlines more than once, firstly as researchers from the University of British Columbia managed to steal information from the social netwroking site using social bots. The researchers were able to befriend genuine Facebook users, and then steal personal details. The second piece of news from camp Facebook was more positive; the site announced that it is changing the way it amends users’ privacy settings. Facebook will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners.

Continuing with more upbeat news, EU and US cybersecurity experts came together to stress-test their response to an online attack. Following a global rise in cybercrime and hacking attacks, Brussels played host to the European and US online security exercise this month. The event was the first time both had come together to role-play an emergency scenario. The beginning of November saw London play host to the London Conference on Cyberspace. The international conference gatherd representatives from 60 nations to discuss how to tackle the increasing levels of cybercrime. The attendees included foreign secretary William Hague, EU Commissioner Neelie Kroes, a variety of leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales, Cisco vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.


Facebook to Seek Consent

Facebook has announced that it is changing the way it amends users’ privacy settings. The news that the social network site will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners. Facebook is yet to comment.

Whereas previously Facebook merely announced changes to a users’ settings without requesting permission, this change puts the user back in control. The change comes after an investigation by the US Federal Trade Commission, according to a report by the Wall Street Journal. It is also suggested in the report that the social networking site has agreed to privacy audits for the next 20 years by an independent organisation.

One point that has not been clarified by the FTC is exactly how a users consent will be obtained. Privacy International, a UK based advocacy group commented “Facebook has historically been extremely resistant to transparency in its own operations, so we welcome measures that would force the company to obtain express consent of its users.

“However, it seems likely that the FTC’s demands will only present a temporary obstacle in the path of Facebook’s ambitions to collect its users’ information. “Faced with reams of small print, most users are likely to automatically agree to policy changes, with each change bringing us one step closer to Zuckerberg’s vision of a privacy-free future.”

Facebook founder, Mark Zuckerberg, was questioned on US show Charlie Rose about the firm’s privacy policies earlier this week: “You have control over every single thing you’ve shared on Facebook,” he said, “You can take it down.” Mr Zuckerberg also claimed that other search engines and advertisers gathered a “huge amount of information” about internet users through cookies, which is  “less transparent than what is happening at Facebook”.

Online security and cybercrime expert, Tero Pollanen, commented “Privacy policies and security settings are a hot topic at the moment. Statistics have shown a rise in the amount of personal information found on the internet, and a rise in online scams and identity theft. People need to be more aware of online risks and know how to protect themselves. My blog, has tips for staying safe online, news about current scams and security essentials”.

As to the reason for the FTC’s intervention, it is reportedly being linked to the campaign group Electronic Privacy Information Center (EPIC). The group filed a complaint 2 years ago with the commission, claiming that the changes in privacy settings “violate user expectations, diminish user privacy and contradict Facebook’s own representations”. EPIC also noted that Facebook users, security experts, and others had raised concerns about the change. A year later, EPIC filed a follow-up complaint claiming the social network had violated consumer protection law.

Facebook’s performance is staggering: according to the site it has over 800 million members who have used the site at least once in the past 30 days. In addition to this, the Reuters news agency reported that the site’s revenues for the first six months of this year alone totalled £1bn, thanks to advertising. Andrew Charlesworth, director of the centre for IT and law at the University of Bristol, points out “Users are not social networking sites’ primary customers, advertisers and marketers are,” said.

“While the FTC settlement indicates sites must be more open about the ways they make personal data available, and provide users with greater control, Facebook and others will already be rethinking the techniques they use to persuade users to keep their personal data publicly accessible.”

Malware Disguised as Smartphone Apps

Online security experts this week warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts. The scams work away in the back-end of smartphones, sending expensive messages and making calls to premium-rate numbers. No evidence shows in the messages folder or call history, so the user is unable to tell what is going on., an internet security initiative, tells that the messages can be sent as regularly as once a minute, costing as much as £6 each. As the user is unaware of the rogue app, for most victims the first instance they realise what’s been going on is when they receive an astronomical bill. Rik Ferguson, of Trend Micro, warns: ‘The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s “back end” infrastructure. This can often continue for weeks before being noticed.’

So why are people downloading the app? According to Tero Pollanen, an online security expert: “the malware is disguised as something else. Often as an add-on to a popular and legitimate online game, or even as a security tool. Furthermore, once installed, fraudsters have full control of the victims device. This enables them to browse the internet, gain access to personal information, access payment data etc. This information is valuable and can be sold, and also used to commit further fraud”.

How do you avoid smartphone scams? Cybercrime and online security expert Tero Pollanen recommends protecting your phone the same way in which you protect a computer: “Installing anti-virus or anti-malware software is advisable”

“Before downloading an app, check reviews and ratings as well as developer information. Signs that malware is present on your device include a fast draining battery: the malware can use a lot of energy, so any change in battery performance could be a sign. Finally, it is always best practice to check your bills every so often”. If you do find signs of online fraud, report it at