Share This

Showing posts with label Hackers. Show all posts
Showing posts with label Hackers. Show all posts

Thursday 4 August 2016

Bitcoin falls after exchange is hacked, US$72 mil stolen from Bitfinex exchange in HK

Securing the bitcoin trading platform has proved elusive.


The price of bitcoin fell sharply today exacerbating an already ongoing decline as global market participants reacted to news that one of the largest digital currency exchanges had been hacked. Bitcoin Drops Nearly 20% as Exchange Hack Amplifies Price Decline


The price of the virtual currency bitcoin fell sharply after Hong Kong-based digital-currency exchange Bitfinex said it was hacked, resulting in the possible theft of about $65 million worth of bitcoin.

News of the Bitfinex hack hit the price of bitcoin hard in heavy trading on Tuesday. It fell to $540 by late in the day, down about 12% from its level near $613 early Tuesday, according to CoinDesk. At one point, it traded as low as $480, down about 22%, though it recovered to about $548 by late morning in New York on Wednesday.

The hack marks one of the largest thefts in bitcoin’s short history and follows a separate alleged theft of an estimated $60 million worth of ethereum, a rival virtual currency, in June. In 2014, investor confidence in bitcoin also was dented by another larger cybersecurity breach, at the Japanese exchange Mt. Gox.

Hacking and thefts of investor property stand as two of the biggest issues that may prevent the fast-growing digital currency from gaining more widespread use. Bitcoin trades on an open ledger known as the blockchain that has excited technologists for its ability to cut out expensive layers of bureaucracy in various areas of commerce.

But securing the bitcoin trading platform has proved elusive. Tuesday, Bitfinex acknowledged the latest theft in a statement on its website and said it was halting all trading on Bitfinex as well as the deposits and withdrawals of digital tokens.

“The theft is being reported to—and we are co-operating with—law enforcement,” the statement said. “We are deeply concerned about this issue and we are committing every resource to try to resolve it.”

Zane Tackett, Bitfinex’s director of community and product development, confirmed that 119,756 bitcoins were stolen and said the company knows “exactly how relevant systems were compromised.” At Tuesday’s value, the amount of bitcoin stolen was worth about $65 million. Mr. Tackett said the company is working with law enforcement and analytics companies to try to track down the stolen coins and is working to get its platform back up so customers can check their accounts.

It wasn’t clear what percentage of Bitfinex’s overall assets were stolen or whether or not the company had adequate insurance to cover the theft.

“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the statement added. “We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.”

In 2014, the Tokyo-based exchange Mt. Gox collapsed after a yearslong series of attacks resulted in the theft of about 850,000 bitcoins, at the time worth about $450 million. About 200,000 were later recovered. In June, Mt. Gox Chief Executive Mark Karpales was released from a Japanese prison on bail, after serving 10 months. The company’s liquidation is ongoing.

Bitcoin rallied earlier this year but had been selling off lately after an anticipated event known as a “halving” in early July lowered the subsidy paid to bitcoin miners supporting the network.

In 2015, Bitfinex switched to a system protected by what is known as “multiple signature” security, a feature that requires multiple “keys” to access bitcoin in a virtual wallet, and keeps the customers’ money in separate accounts, rather than pooling them into one larger account.

The exchange was fined $75,000 by the U.S. Commodity Futures Trading Commission in June for offering illegal off-exchange commodity transactions financed in bitcoin and other cryptocurrencies and for failing to register as a futures commission merchant. The CFTC said at the time that Bitfinex cooperated with its investigation and voluntarily made changes to its business practices to comply with regulations.

- The Wall Street Journal BY PAUL VIGNA AND GREGOR STUART HUNTER

Bitcoin worth US$72 mil stolen from Bitfinex exchange in Hong Kong


A Bitcoin (virtual currency) paper wallet with QR codes and a coin are seen in an illustration picture taken at La Maison du Bitcoin in Paris, France, May 27, 2015. Reuters/Benoit Tessier/File Photo

HONG KONG (Aug 3): Nearly 120,000 units of digital currency bitcoin worth about US$72 million was stolen from the exchange platform Bitfinex in Hong Kong, rattling the global bitcoin community in the second-biggest security breach ever of such an exchange.

Bitfinex is the world's largest dollar-based exchange for bitcoin, and is known in the digital currency community for having deep liquidity in the US dollar/bitcoin currency pair.

Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoin had been stolen from users' accounts and that the exchange had not yet decided how to address customer losses.

"The bitcoin was stolen from users' segregated wallets," he said.

The company said it had reported the theft to law enforcement and was cooperating with top blockchain analytic companies to track the stolen coins.

Last year, Bitfinex announced a tie-up with Palo Alto-based BitGo, which uses multiple-signature security to store user deposits online, allowing for faster withdrawals.

"Our investigation has found no evidence of a breach to any BitGo servers," BitGo said in a Tweet.

"With users' funds secured using multi-signature technology in partnership with BitGo, a lot more is at stake for the backbone of the bitcoin industry, with its stalwarts and prided tech under fire," said Charles Hayter, chief executive and founder of digital currency website CryptoCompare.

The security breach comes two months after Bitfinex was ordered to pay a US$75,000 fine by the US Commodity and Futures Trading Commission in part for offering illegal off-exchange financed commodity transactions in bitcoin and other digital currencies.

BITCOIN SLUMP

Tuesday's breach triggered a slump in bitcoin prices and was reminiscent of events that led to the 2014 collapse of Tokyo-based exchange Mt Gox, which said it had lost about US$500 million worth of customers' Bitcoins in a hacking attack.

Bitcoin plunged just over 23% on Tuesday after the news broke. On Wednesday it was up 1% at US$545.20 on the BitStamp platform.

Tackett added that the breach did not "expose any weaknesses in the security of a blockchain", the technology that generates and processes bitcoin, a web-based "cryptocurrency" that can move across the globe anonymously without the need for a central authority.

A bitcoin expert said the scandal highlighted the risks of companies using cryptography for their ledgers.

"The more you rely on its benefits, the greater the potential for damage when keys are stolen. We still have some way to go to create highly secure but convenient systems," said Singapore-based Antony Lewis.

The volume of bitcoin stolen amounts to about 0.75% of all bitcoin in circulation.

It is not yet clear whether the theft was an inside job or whether hackers were able to gain access to the system externally. On an online forum, Bitfinex's Tackett said he was "nearly 100% certain" it was no one in the company.

Bitfinex suspended trading on Tuesday after it discovered the breach. It said on its website that it was investigating and cooperating with the authorities.

The security breach is the latest scandal to hit Hong Kong's bitcoin market after MyCoin became embroiled in a scam last year that media estimated could have duped investors of up to US$387 million. The bitcoin trading company closed after the scandal.

The president of the Hong Kong Bitcoin Association said the only way to protect information is to disperse it in so many small pieces that the reward for hacking is too small.

"For an attacker, the cost-benefit strategy is quite easy: How much is in the pot and how likely is it that I'm getting the pot?" said Leonhard Weese.

The attack on Bitfinex was reminiscent of a similar breach at Mt. Gox, a Tokyo-based bitcoin exchange forced to file for bankruptcy in early 2014 after hackers stole an estimated $650 million worth of customer bitcoins.  - Reuters

Related posts:


Aug 25, 2015 ... Tokyo (AFP) - The arrest of MtGox boss Mark Karpeles has begun to shed light on the defunct Bitcoin exchange after hundreds of millions of ...


Jun 27, 2016 ... Despite the increase in the price of bitcoin amid the UK's recent EU referendum, a new research note from Needham & Company asserts it ...
 

Mar 30, 2014 ... It seemed ludicrous that the man credited with inventing Bitcoin - the world's most wildly successful digital currency, with transactions of nearly ...

Apr 14, 2014 ... The Internet has spawned a new form of currency that's purely digital called Bitcoin. Picture this — a high speed car chase with a slew of ...

Tuesday 31 May 2016

World's first Quantum communication satellite to be launched in China against hackers

China is poised to become the first country to send encoded information from space that cannot be hacked. Scientists are making final adjustments to China’s first quantum communication satellite. The project chief describes it as a revolution in communications.




China will launch its first experimental quantum communication satellite in July, according to the Chinese Academy of Sciences.

China is poised to become the first country to send encoded information from space that cannot be hacked. Scientists are making final adjustments to China’s first quantum communication satellite. The project chief describes it as a revolution in communications.

A quantum photon cannot be separated or duplicated, which means if someone tried to decode information, the encryption would change, and the receiver would know that his letter was opened by someone.

Scientists hope the new technology will protect China from future cyber issues. In 2015, cases involving information technology in China rose by more than 120 percent, according to survey by a non-profit cybersecurity institution. China plans to use its quantum satellite system to cover the planet by 2030.

On the ground, China is also building its own quantum information sharing network for use in national defense and security. At some point, China plans to connect the ground network to the quantum satellite system.

It has taken five years for Chinese scientists to develop and manufacture the first quantum satellite. In June, it will be transported to the Jiuquan Satellite Launch Center in southwest China for final preparation and launch in July., 2016

China wins space race to launch world's first 'quantum communication' satellite in fight against hackers





Related posts

May 9, 2016 ... The Long March-7 rocket departed for its launch base in Hainan on ... A container carrying China's new-generation Long March-7 rocket is ...
Mar 1, 2016 ... China space station will be completed by 2020, the super "eye" to speed up space rendezvous ... The "eye" is China's newly developed third-generation rendezvous and docking CCD optical imaging sensor. It will be used on China's ... China's Space Age Grows Up As U.S. Space Race ... Jun 25, 2012 .

Sunday 22 May 2016

Hackers in your heads, Cybercriminals preying on gullible


Cyberscammers tapping into minds - Conmen get personal data from social media


<< You’ve been had: A user checking an SMS alert about an unauthorised credit card transaction.

PETALING JAYA: Cybercriminals are getting into your head.

Realising that victims are no longer falling for the ‘I’m a Prince who wants to deposit US$50mil (RM199mil) into your account’ e-mail, these syndicates have enlisted psychologists and behavioural experts to launch targetted attacks on companies, groups and individuals.

By going through their victims’ social media accounts, they learn more about their targets and are able to craft attractive e-mail, prompting them to respond.

Clicking on the link in the e-mail will download malware that encrypts your device. Computers, smartphones, smartwatches and any other network-connected device, can be locked by cybercriminals who will only release it for a fee, or “ransom”.

Such ransomware has reached our shores, with a total of 5,069 attacks in Malaysia last year, according to cybersecurity company Symantec Corporation.

“The new modus operandi uses social engineering, with the e-mail being crafted by Malaysians who know the local scenario and how to trigger emotional reactions,” Symantec (Asia Pacific and Japan) cyber security services senior director Peter Sparkes told Sunday Star.

For example, if they find out from Facebook that you went shopping, you could get an official-looking e-mail from a trusted source like a government body or postal department saying: ‘You’ve received a free gift from shopping at our KL outlet. Click this link to trace your parcel’.

“Or if they see you at a cycling event, the e-mail could say: ‘Thank you for participating. Click on the link for photos and videos of the ride’,” he said.

“To decrypt your device, they’ll ask for about US$200 (RM782) in virtual currency like Bitcoin, to bypass the banks,” Sparkes added.

Acknowledging this new threat, Malaysian Communications and Multimedia Commission (MCMC) strategic communication head Sheikh Raffie Abd Rahman urged the public to be more alert.

He said one of the most commonly used social engineering techniques was phishing attacks targetting online banking customers.

Such cases would be investigated by the police under the Computer Crimes Act 1997 or the Penal Code.

A total of 1,311 phishing websites have been blocked by the MCMC between last year and March 8.

This includes fake pages created to acquire personal information such as usernames, passwords, banking information and credit card details by masquerading as a trusted entity in an electronic communication.

CyberSecurity Malaysia (CSM) chief executive officer Dr Amirudin Abdul Wahab said the number of incidents reported to the CSM indicates the growing threat of ransomware here.

Revealing that local businesses are also targeted, he said the CSM will work together with international communities to share current information on ransomware threats and disseminate them to the public.

Malaysian Mental Health Association deputy president Datuk Dr Andrew Mohanraj said cybercriminals have become more sophisticated in their approach by enlisting psychologists.

“But whichever methods they use, there is an underlying modus operandi of appealing to human emotions of fear, greed, curiosity, loneliness, compassion or even spirituality,” he said.

By Christina Chin Yuen Meikeng The Star

Cybercriminals preying on gullible


Users beware! With cybercriminals leveling up, ransomware attacks are expected to spike here. Malaysians shouldn't let their guard down when it comes to personal information and should be on the lookout for online scams.


HE wasn’t the fastest, but Eugene (not his real name) feels like a champion after finishing his first marathon.

Posting a selfie he made public on his Facebook account, the 28-year-old later receives an e-mail congratulating him on the feat. “Click on this link to see more pictures and videos of the event,” says the e-mail, which appears to be sent from the organiser of the run.

Curious and hoping to see images of himself, Eugene clicks open the link on his laptop but instead, gets a message telling him his device is now locked. All his files have been encrypted and he can’t access them, including his work document to be submitted on Monday.

The only way he can retrieve them is to pay a hacker a ransom of US$300 (RM1,181) in Bitcoin currency. Such an incident, known as a ransomware attack, could very well happen to you if you are not careful.

To top it all off, these cases are expected to increase this year, with “very specific ransomware targeted very specifically at Malaysians” being detected, says Symantec (Asia Pacific and Japan) cyber security services senior director Peter Sparkes.

According to cybersecurity company Symantec Corporation, Malaysia ranks 47th globally, and 12th in the Asia Pacific and Japan region, in terms of ransomware attacks.

Last year, there were 5,069 ransomware attacks or 14 per day in Malaysia. But Sparkes foresees that these numbers will surge.

“Ransomware is very attractive because it makes lots of money. It’ll be big here in the coming months, probably averaging 20 attacks per day.

“We’ve seen a lot of smartphone attacks recently. They love WhatsApp because the best way to get someone to click on a link is if it comes from someone you know,” he says.

Sparkes describes such crypto ransomware as the latest, and most dangerous malware threat because it’s near impossible to get rid of.

He adds that the experience is very emotional because many people do not back up their data.

“For individuals, losing personal data like photos and videos is traumatic so most victims will pay. Some will even tell you how to infect your friends to decrease your ransom,” he reveals.

Ransomware hackers are also using help from psychologists and behavioural experts to study their victims on social media before sending them personalised messages to trigger a response.

But it is not just ransomware that needs to be taken seriously as Malaysians need to be vigilant over social media scams, with these two being named as key trends in the country now by Symantec Malaysia systems engineering director David Rajoo.

He says cybercrime is extremely widespread with one in three Malaysians surveyed having experienced it in the past year and 83% know of someone else who was a victim.

“Consumers here lost an average of 27 hours and about RM8.9bil over the past year, dealing with the fallout of online crime.

“The amount of personal data stored online continues to grow, and while this free flow of data creates immense opportunities, it also opens the doors to new risks,” he warns.

Cybercriminals preying on personal data are also a cause for concern here and globally.

Sparkes points out that personal assistants and those in human resources are popular targets because that’s how cybercriminals gain access into an organisation’s database.

“Take a hotel for example. I’d target the CEO’s personal assistant. All I need is 200,000 of their best guests. If I sold the details at US$50 (RM197), it’s pretty good money for a day’s work. HR staff’s another good one because they look at CVs,” he says.

Last year, 500 million personal information was breached globally. That, he says, is a conservative estimate.

Someone checks out your Facebook activities, creates a personalised e-mail to get you to click on a link, and that’s it.

Everytime you download an app on social media, you could be giving access to your life, he cautions.

Of 10.8 million apps analysed in 2015, three million were collecting way more information than necessary, Sparkes says.

“Cyber scammers are also making you call them to hand over your cash,” he adds.

They send fake warning messages to devices like smartphones, driving users to attacker-run call centers to dupe them into buying useless services.

The services industry is the most vulnerable sector in the country, attracting 72.4% of spear phishing attacks.

There was also a significant spam increase with Malaysia jumping up the global ranking from 44 in 2014 to 23 last year, he adds, lamenting how many still don’t realise that cybercrime is an industry.

Cybercriminals are professionals using very sophisticated tools and techniques.

“They work like any other legit organisation – it’s a 9am to 5pm job with weekends off, holidays and proper offices. A lot of users still think it’s 18-year-olds in the garage fooling around. Nothing could be further from truth. The guys sell info to the underground economy,” Sparkes says.

Syndicates only need three things – cheap broadband, a cyber-savvy workforce they can hire, and countries where cyber laws are weak. Asia Pacific and Japan has invested significantly to give their population access to the Internet, he adds, explaining the shocking rise of cybercrime.

“I’m particularly concerned about the senior citizens as many are just discovering the Internet. They’re very trusting and will download without questioning. People stress on being streetsmart, but it’s just as crucial to be cybersmart,” he feels.

By Christina Chin Yuen Meikeng The Star

Related story:

M’sians still giving away sensitive info

Wednesday 22 April 2015

FireEye threats of cyber espionage loom with the coming 26th Asean Summit in Malaysia

Photo by hfuchs/Relaxnews.

PETALING JAYA: Regional government and military officials, businessmen and journalists involved with the coming 26th Asean Summit in Kuala Lumpur could be among the targets of a recently discovered cyber espionage group, claims an Internet security firm.

 
https://www.fireeye.com/

FireEye, which exposed the presence of the APT30 group of hackers snooping on governments and businesses, including those in South-East Asia, said some of its previous attacks had been launched before key Asean meetings.

“Based on previous experience, I believe that this group and possibly others will try to use that meeting (26th Asean Summit) as part of their ruse to potentially target businesses and governments in the region,” said Bryce Boland, FireEye’s chief technology officer for Asia Pacific in a telephone interview here yesterday.

In its report, FireEye, which is based in the United States, said APT30 had a distinct interest in organisations and governments associated with Asean.

The group had released a malware in the run-up to the 18th Asean Summit in Jakarta in 2011 and the Asean-India commemorative Summit in 2012.

One of the domain names it used to command its malware was aseanm.com

AFP had reported that the APT30 group was “most likely sponsored by China” and that there was no immediate reaction from the Chinese government, which had always denied allegations of cyber espionage.

The two-day Asean Summit from April 26 is expected to discuss various issues, including maritime disputes between China and Brunei, Malaysia, Vietnam and the Philippines in the South China Sea, and the formation of a single market and production base in the region.

“The hackers are after intelligence and information, primarily about political changes, political positions, especially over disputed territories, border disputes and trade negotiations,” said Boland.

“We have also seen that when they target journalists, they are specifically looking for information in relation to understanding concerns about the legitimacy of the PRC (People’s Republic of China),” he said.

The group has also attacked businesses to steal information on deals, manufacturing plans and intellectual property such as schematic diagrams.

According to the FireEye report, Malaysia is one of seven countries with targets hit by the group, which has operated largely undetected for the past 10 years.

Others are Thailand, Vietnam, South Korea, Saudi Arabia, India and the United States.

Boland said the group mostly attacked their targets via spear phishing emails with attachments that appeared to be from a known contact but were in reality sent by the hackers.

The attachment, which can be in the form of a document with an Asean-related title, will contain a customised malware that is activated the moment that it is opened.

It allows the attacker to gain control of the victim’s computer and retrieve information from it.

Boland advised computer users not to open suspicious e-mails.

“Businesses and governments should ensure that their IT infrastructure not only protects them from attacks but can detect the extent of damage done in the event of a successful hack.”

By Razak Ahmad The Star/Asia News Network


Related:

 FireEye: Cyber Security & Malware Protection

Sunday 21 December 2014

2015 Hack of a year ahead!

2014 has seen a tsunami of epic hacks and identity thefts, including the recent massive cyber attack on Sony Pictures Entertainment. Security experts are predicting more or worse cases of such hackings, including in Malaysia where the awareness of cyber threats and security measures is still very low


Brace for more cyber attacks

PETALING JAYA: If you think that a cyber attack like what happened to Sony Pictures Entertainment could only happen in Hollywood, think again.

It is a sign of what’s to come globally in 2015, say cyber security experts.

In the attack on Sony on Nov 24, the attackers hacked the company’s network and took terabytes of private data, deleted original copies from the company’s computers and left messages threatening to release the information if Sony did not comply with their demands.

Nigel Tan, director of systems engineering for software security firm Symantec Malaysia said the prominent data leaks of 2014 would keep cyber security in the spotlight in 2015.

“With the interconnected nature of a global Internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed.

“Malaysia was affected in the data breaches this year and will continue to be affected next year,” he said.

Tan recalled a hack last month by a site called Insecam, which downloaded and displayed images from unsecured webcams of CCTV and simple IP cameras around the world, including from Babycams.

Symantec expects more mega data breaches next year, especially with the rising use of mobile devices for e-payment and the cloud computing technology for storage of personal and confidential information.

“Mobile devices will become even more attractive targets for cyber attackers in 2015 as mobile carriers and retail stores transition to mobile payments.

“Mobile devices are also used to store troves of personal and confidential information. They are left switched on all the time, making them the perfect targets for attackers,” said Tan.

He said the growing use of smart home automation, like smart televisions, home routers and connected car apps had also increased the potential of cyber attacks as more devices were being connected to the network.

Cyber law expert Dr Sonny Zulhuda agreed that the idea of synchronisation and interlinking of smart home automation (or the Internet of things) would be too tempting for both users and “abusers”.

“Users need to balance the use of these devices and smart technology with the efforts to preserve security, privacy or confidentiality.

“Just imagine how many mobile users are concerned about installing a good malware scanner on their devices. In the mind of the criminals, on the other hand, this will make their work even easier.”

Dr Sonny, who is assistant professor at the law faculty of the International Islamic University Malaysia, said it would come to a point where people would get too tired with the intrusion and abuse of their privacy.

“In Malaysia, for example, more people are being aware about the need to protect personal data thanks, to the enforcement of the PDPA 2010 (Personal Data Protection Act).

“Perhaps it is timely now to consider the development and penetration of cyber insurance as a new product for our insurance industries,” he said.

Imam Hoque, managing director of business analytics software and services company SAS said another reason why more cyber criminals target mobile devices was the increasing number of corporations embracing the “bring your own device” (BYOD) to work policy.

“This coupled with a general trend for business to provide more methods of interaction with consumers using mobile devices opens up further opportunities for hackers.

“The emergence of more mainstream malicious software kits for these mobile devices will accelerate the number of attacks on the mobile channel,” he said.

Hoque said that the continued trend to store data within the cloud, coupled with the high-publicised data losses from corporations such as Sony would encourage more hackers to consider large data loss exploitation.

“This in turn will lead to higher levels of identity theft and the ability of hackers to compromise the relationships between individuals and the institutions with which they interact,” he said.

CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab said while malware would continue to rise steadily on mobile devices to attack individuals, cyber criminals would also exploit the mobile device for advanced persistent threats (APT) on specific targets, resulting in high impacts on security, prosperity and public safety like critical infrastructure and big corporations.

“We foresee sophisticated APT carried out using a combination of technical sophistication, excellent planning and coordination, and social engineering,” he said, adding that another major cyber threat next year was the increasing influence of social media.

“Social media can be exploited to propagate political and racial radicalism as well as religious extremism that could destabilise our national security and societal harmony which we have taken for granted all these years.”

BY Hariati Azizan The Star/Asia News Network

Common hack job used to attack Sony Pictures 

The entrance of Sony Pictures Studios in Culver City, California is seen December 16, 2014. "Guardians of Peace" hackers invoked the 9/11 attacks in their most chilling threat yet against Sony Pictures, warning the Hollywood studio not to release a film which has angered North Korea. - AFP

PETALING JAYA: The hack on Sony Pictures Entertainment might have been one of the most incredible cyber attacks ever, but it was carried out in one of the most common modus operandi of cyber crime.

As reported on Friday, US investigators had evidence that hackers stole “the keys to the entire building” of Sony Pictures by getting the password of a top-level information technology employee in the entertainment company.

Security experts in Malaysia have warned that we are also vulnerable to similar attacks with low level of awareness of cyber threats and security measures.

Cyber criminals exploit “users’ ignorance”, along with the rise of social media and mobile devices, to mount attacks against them,” said CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab.

He said more cyber criminals were using a combination of technical sophistication and social engineering - a non-technical method of intrusion that relies heavily on human interaction – to trick people into breaking normal security procedures and giving up their personal data.

Nigel Tan, director of systems engineering for Symantec Malaysia, cautioned that user behaviour will continue to be big target points for cyber crime next year.

“Sometimes the weakest link is the person behind the keyboard. If they visit dodgy websites, click on unknown links in fake emails and download apps or malicious software, cyber criminals will take advantage of this to siphon off information like passwords for online banking or e-mails.”

Tan said as most people still tend to use the same password for all their online transactions, services and websites, a stolen password can give the thief access to the victim’s whole life.

“And once they access your email, they can reset all your passwords and take over your identity,” he said.

Imam Hoque, managing director (Fraud and Security Solutions) with business analytics software firm SAS said the growing number of online services has created a goldmine for cyber criminals.

“If you think about how many different services you interact with over web and mobile channels, the numbers are forever growing.

“You need to consider what a hacker would need to know to compromise your accounts and then what damage they could do,” he said, stressing that hackers tend to go for the weakest link and then work their way from there.

Tan highlighted the case of a group of hackers in August who claimed to have stolen 1.2 billion usernames and passwords belonging to more than 500 million e-mail addresses in a hack described as the “largest data breach known to date”.

“They did it by targeting every site their victims visited, instead of focusing on one large company,” he said.

Cyber law expert Dr Sonny Zulhuda said cyber criminals tended to exploit people’s greed to attack them.

“While it is important to equip ourselves with some technical knowledge about the risks and threats to security, we also need to use our common sense when facing possible threats.

“One thing we need to understand with technology is the law of economy – why would people provide you mobile apps for free? Or any online service for that matter, for free?”

“How do they make profit if not from the access to users’ information that they acquire when you install such a free app? If one is keeping this in his mind, then he will be more mindful and careful in using the mobile devices.”

Dr Amirudin warned local computer experts not to be seduced by the seemingly easy but lucrative reward of cyber crime.

“Cyber crime is preferred by criminals due to its profitability, convenience and low risk, and their ‘success’ has boosted the global underground economy. It has even become a money-making profession for some computer experts.

“If this trend affects Malaysians, our own experts could be recruited to join the lucrative international underground economy, while our general public become their potential victims.”

Related posts:

Anonymous hackers has begun the cyber war on Singapore
Anonymous hackers has begun the cyber war on Singapore. Singapore's internet and phone regulator said it was investigating the hack. Anonymous hackers have declared war on Singapore with a pledge to hit at official ...
A woman browses the Internet at a cyber cafe in Kuala Lumpur. (File photo)
Malaysia Websites hacked but not whacked after threatened; time to build secured websites
PETALING JAYA: Local websites have been hacked ahead of the deadline set by a foreign-based hacker group, Anonymous, that said it would attack the Malaysian Government portal at 3.30am today. On the micro-blogging ...

NSA secretly hacks, intercepts Google, Yahoo daily

Rightways