Image courtesy:
Image courtesy:

Hackers target big online companies – does it mean a setback to BYOD?

By Sorab Ghaswalla

Mumbai, February 22, 2013

Hacking reared its ugly head last week. For the first time, social network Facebook acknowledged the fact that attempts were made to get into its servers by a group of hackers, sending shock waves through the entire online community. 

Just when it was recovering came the second shocker. Apple Inc. claimed that its online defences, too, were breached but timely intervention had prevented damage.
Then, as if the proverbial Pandora’s Box had been flipped open, complaints started pouring in from all over. Micro-blog Twitter had already let it be known in January that around 250,000 user accounts may have been compromised. 
In the Facebook and Apple cases, it is now almost certain that the same group of hackers was behind the attacks. This is based on the modus operandi adopted. The hackers had surreptitiously put in malicious pieces of code on the computers of FB and Apple employees when they had logged to particular developers’ websites. The malware was then used to try and infiltrate into the mainframe servers.
Initially, though not many said it out openly, this was thought to be the handiwork of certain Chinese hackers, strongly denied by the government of China. The US is paranoid about  Chinese hackers, so that was a given. Now, even as I write this column comes the news by CNN that it could be the work of an east European gang. 
Quoting from a Bloomberg report, CNN said the news agency, quoting two unnamed people, was reporting that the gang wanted to steal secrets from these companies. East Europe is the other ‘favoured status’ region of the online players to pin such hacking attempts on.
Forget the identity of the hackers for the moment, what is lost in the din and the noise is the
fact that when massive online companies are unable to thwart hacking attempts, with all their latest hardware and software, what happens to ordinary mortals? The other area of concern is its implications on the Bring Your Own Devices (BYOD) to work culture that’s fast becoming popular.
If employees start doing this, encouraged by their own company managements, what happens to malware, hacking attempts, and stuff like that?
Anyway, for ordinary users, here’s some online security advice from me, some old, some new.
The most basic one – do not, I repeat, do not click on any link that looks alien to you or try and open any email that seems suspicious. Not in your Inbox, not in your Facebook account, not on Twitter.
Keep the Spam filters of your emails on ‘High’.
Keep your anti-virus software updated, always. That is if you have one. You will be shocked if I were to tell you how many people out there are still using the Net without any, I repeat, any kind of anti-virus software on their computing devices.
Do not use free versions of anti-virus programmes. There are no free lunches in life. Free versions just skim the surface, and do not go deep. Buy a reputed anti-virus software. The basic ones are really not expensive.
If you use a mobile computing device like a smartphone or a tablet, get a licence for that, too.
As far as possible, since mobile computing is not as robust as desktop computing, except for conducting your basic computing needs on them, do not do anything else. Do not log into bank or credit card accounts from your smartphone, for example. Even well-known companies have in the past, acknowledged that their apps were always running in the background, collecting user information, so why take the risk? 
Also, this is another basic precaution, when keying in important passwords to log in, use the virtual keyboard provided by the bank or service provider, do not use the physical keyboard because there are now software that can copy your every keystroke.
When making online payments, check if the portal has an SSL certificate, and also check its type.
Keep the number of browser plugins to a minimum. Plugins are additional pieces of software located in our browser.
Since we are on plugins, there’s major concern being expressed online about the once-popular Java computing software application. Java, as some of you may know, is used for playing online games, for using web-based applications, and stuff like that. In the Facebook hacking case, it was reported that the hackers had exploited a zero-day Java exploit to compromise the employees’ computers.
Java has been in the news for all the wrong reasons for a while now. There are hackers out there who use loopholes in the Java programming to get into people’s computers, and Oracle, the owner of Java, has constantly been updating Java with new security patches. So much so, that the US federal government has asked computer users to disable or even uninstall Java. 
Personally, I feel that is too extreme a response. But if concerned users still want to know how to disable Java, at least till the time the present crisis blows off, it`s easy to do that. Just go into your browser, find out where the plugins section is, and search for the Java plugin, then click on the ‘disable’ button. To uninstall it, you have to go to your computer’s Control Panel, where you will see an Uninstall button, click on it, find Java, then press the Uninstall Programme tab.
Previous columns by Sorab Ghaswalla

See News Videos