Will hackers and scammers destroy the internet/computers?
Discussion
We seem to be seeing a huge surge in hacking of companies and organisations, with crypto ransoms being demanded or else sensitive data will be published.
There seems to be an enormous amount of bad actors around and general scamming scum.
A lot of it seems pretty well organised and funded.
State sponsored???
Of course computers or attacking them can be weaponised but it seems the floodgates have opened.
If your data is stored on a computer system that is in anyway connected to the internet then it isn't safe no matter what they say.
The BBC did a piece today about one of their staff being offered a huge sum of money to hand over his credentials and allow hackers access.
That must happen all the time....
What can we do about it all???
There seems to be an enormous amount of bad actors around and general scamming scum.
A lot of it seems pretty well organised and funded.
State sponsored???Of course computers or attacking them can be weaponised but it seems the floodgates have opened.
If your data is stored on a computer system that is in anyway connected to the internet then it isn't safe no matter what they say.
The BBC did a piece today about one of their staff being offered a huge sum of money to hand over his credentials and allow hackers access.
That must happen all the time....
What can we do about it all???
I'd say th tech companies have done a pretty good job of destroying the internet themselves. From a user experience point of views it's not exactly a good one these days. From an end user point of view, regarding security and data breaches I guess there's not alot we can do other than some basic stuff which might offer some security but not exactly Fort Knox levels.
-Encrypt all devices and ensure all updates applied
-Use a password manager and different passwords for each account (if one account is compromised then others should be safe. Granted the password manager could end up attacked).
-Use two factor authentication for anything that allows it
-Dont put on the internet, private cloud or otherwise, that you wouldn't necessarily want the world to see and anything sensitive on the cloud, encrypt it further
-Stop sharing every aspect of your current and past life to strangers on the internet were hackers/phishers can create a pretty accurate profile of you
The constant data breaches are why I wouldn't particularly trust the government with this Digital ID stuff, although if the bill goes through I'll happily take a physical card. However I guess in this age of "surveillance capitalism" we're constantly monitored via smartphones and the internet anyway, companies and would be hackers could probably obtain more information on me from Googles and Meta's servers than what the government could ever capture!
-Encrypt all devices and ensure all updates applied
-Use a password manager and different passwords for each account (if one account is compromised then others should be safe. Granted the password manager could end up attacked).
-Use two factor authentication for anything that allows it
-Dont put on the internet, private cloud or otherwise, that you wouldn't necessarily want the world to see and anything sensitive on the cloud, encrypt it further
-Stop sharing every aspect of your current and past life to strangers on the internet were hackers/phishers can create a pretty accurate profile of you
The constant data breaches are why I wouldn't particularly trust the government with this Digital ID stuff, although if the bill goes through I'll happily take a physical card. However I guess in this age of "surveillance capitalism" we're constantly monitored via smartphones and the internet anyway, companies and would be hackers could probably obtain more information on me from Googles and Meta's servers than what the government could ever capture!
Edited by NaePasaran on Monday 29th September 08:47
Edited by NaePasaran on Monday 29th September 09:06
Yes, the internet is a bit of a dangerous mess, and there's a lot of stuff going on that harms people and societies. But ultimately the majority of it (by volume) is basic stuff and easily prevented, or at least made difficult enough the threat is minimised. This basic protects are a combination of technical measures in the technology of the internet, policies backed by enforcement, and user behaviour.
The car world has gone through similar things over the last 100 years with things like headlights, seatbelts, airbags and driver assistance all coming in on the technical level, new rules and regulations on manufacturers and drivers on the policy side and the training and experience of drivers all contributing to safer motoring.
The internet won't take 100 years to sort out, however it will take a few, so very public hacking in all the flavours you see will continue for a good few years.
For once the BBC had an 'expert' that actually said fairly sensible stuff on this topic on the report you saw - he mentioned a few personal behaviours people can take to look after yourself.
If you have kids then you can also ensure they are educated in basic cyber behaviours (much as you educate them on how to behave when going out partying as a teenager or when learning to drive). Schools do some education, there's also plenty online and the UK NCSC website is a great resource for advice.
The car world has gone through similar things over the last 100 years with things like headlights, seatbelts, airbags and driver assistance all coming in on the technical level, new rules and regulations on manufacturers and drivers on the policy side and the training and experience of drivers all contributing to safer motoring.
The internet won't take 100 years to sort out, however it will take a few, so very public hacking in all the flavours you see will continue for a good few years.
For once the BBC had an 'expert' that actually said fairly sensible stuff on this topic on the report you saw - he mentioned a few personal behaviours people can take to look after yourself.
If you have kids then you can also ensure they are educated in basic cyber behaviours (much as you educate them on how to behave when going out partying as a teenager or when learning to drive). Schools do some education, there's also plenty online and the UK NCSC website is a great resource for advice.
Meh. Most of the current threats are no different than they were 30 years ago, there's just more targets and a lot more low skill people leaving themselves open.
Even the 'big' attacks are still almost always people opening an email they shouldn't, or a system facing the outside that shouldn't be, or noddy social engineering stuff by kids; all things that have been the same for decades. It's pretty disappointing how mundane these things often are and how badly prepared people seem to be for dealing with the aftermath.
Maybe less outsourcing to the cheapest third world bidder or remembering security over convenience or not providing idiots with access to tech would help?
Even the 'big' attacks are still almost always people opening an email they shouldn't, or a system facing the outside that shouldn't be, or noddy social engineering stuff by kids; all things that have been the same for decades. It's pretty disappointing how mundane these things often are and how badly prepared people seem to be for dealing with the aftermath.
Maybe less outsourcing to the cheapest third world bidder or remembering security over convenience or not providing idiots with access to tech would help?
I would say it goes even further than hackers and scammers and even further than the internet to some extent.
It only takes a tiny number of attacks to have a huge effect, especially on an individual (how many times in your life could you stand having your bank account emptied?).
As mentioned above it is also not aided by the systems, it is also compounded by the phone scammers too.
Systems have mandatory fields such as phone number 'In case we need to contact you' (which they never do) so I give a fake one. Then they insist on 2FA so I have to give my real number. Then of course they share their information with an endless list of third parties who take security very seriously and sell my data and then I get endless spam calls so I never answer my phone now if it rings.
Then add in all the 'AI' generated content and whole sections of the internet become at best untrustable and at worst unsafe. Yes, GoogleEarth and BBC Weather still works and the majority goes on as normal but there becomes a point where key parts will require so much effort to maintain that it brings no/minimal benefit and those key parts are the ones where money/power reside.
Initially we only needed a name to know who an individual was, then Name and an Address, then Name, Address and DOB, then Name, Address, DOB and phone number, then password, then 2FA... there is no end to that. I can see pressure to make a device that can only be tied to one individual and can 100% verify who they are (suspect it is not possible to create such a device).
My personal experience was with Hertz who took security very seriously so now my passport details and bank card details are out and about in the wild for whom-so-ever wants them. Thanks Hertz!
It only takes a tiny number of attacks to have a huge effect, especially on an individual (how many times in your life could you stand having your bank account emptied?).
As mentioned above it is also not aided by the systems, it is also compounded by the phone scammers too.
Systems have mandatory fields such as phone number 'In case we need to contact you' (which they never do) so I give a fake one. Then they insist on 2FA so I have to give my real number. Then of course they share their information with an endless list of third parties who take security very seriously and sell my data and then I get endless spam calls so I never answer my phone now if it rings.
Then add in all the 'AI' generated content and whole sections of the internet become at best untrustable and at worst unsafe. Yes, GoogleEarth and BBC Weather still works and the majority goes on as normal but there becomes a point where key parts will require so much effort to maintain that it brings no/minimal benefit and those key parts are the ones where money/power reside.
Initially we only needed a name to know who an individual was, then Name and an Address, then Name, Address and DOB, then Name, Address, DOB and phone number, then password, then 2FA... there is no end to that. I can see pressure to make a device that can only be tied to one individual and can 100% verify who they are (suspect it is not possible to create such a device).
My personal experience was with Hertz who took security very seriously so now my passport details and bank card details are out and about in the wild for whom-so-ever wants them. Thanks Hertz!
The user error stuff is interesting and a good point.
I was de-commisioning a server and just giving it a final check/nosey at the file structure. Noticed that the HR Business Partner had scanned and stored scanned contracts with bonus letters, passports, addresses etc into a share on the file server that was unprotected and completely open to anyone within the company. This was head of HR at a FTSE100 company!
Never amazes how stupid people can be regardless of their education and position on an organisational chart. That data breach didn't happen thankfully but wouldn't have needed a Kremlin hacker. Anyone who knows how to copy and paste or screenshot could've had a nice amount of info from that one.
I was de-commisioning a server and just giving it a final check/nosey at the file structure. Noticed that the HR Business Partner had scanned and stored scanned contracts with bonus letters, passports, addresses etc into a share on the file server that was unprotected and completely open to anyone within the company. This was head of HR at a FTSE100 company!
Never amazes how stupid people can be regardless of their education and position on an organisational chart. That data breach didn't happen thankfully but wouldn't have needed a Kremlin hacker. Anyone who knows how to copy and paste or screenshot could've had a nice amount of info from that one.
For business related stupidity it's hard to beat some of my old colleagues that would never start a new email. They would just find the last email from the person they wanted, hit reply to all and type away.
It was quite worrying / entertaining / embarrassing what you would find if you scrolled down far enough.
Back to the OP's point. I'll back up my data to the cloud but the primary working set stays local. Hacks etc can be prevented to some extent but, eg, an anchor dragged through a cable, can't and there is only so much capacity to reroute.
If there ever is a major falling out of nations I expect this is going to be a first line of attack.
It was quite worrying / entertaining / embarrassing what you would find if you scrolled down far enough.
Back to the OP's point. I'll back up my data to the cloud but the primary working set stays local. Hacks etc can be prevented to some extent but, eg, an anchor dragged through a cable, can't and there is only so much capacity to reroute.
If there ever is a major falling out of nations I expect this is going to be a first line of attack.
Do you think these opportunists and criminals were honest before the Internet?
The Internet purely facilitates in bringing the criminals and the victims together, quickly and without costs in time and travel.
In the old days, you would not fall victim to a scammer on the other side of the world.
Today, it's a reality.
This is evolution not revolution. It's annoying and hard for the "have-nots" to protect themselves well but it's the globalisation of crime and opportunity.
A media example was that you would not get spam phone calls because they used to be expensive; now phoning is free.....a barrier to entry removed....!!
The Internet purely facilitates in bringing the criminals and the victims together, quickly and without costs in time and travel.
In the old days, you would not fall victim to a scammer on the other side of the world.
Today, it's a reality.
This is evolution not revolution. It's annoying and hard for the "have-nots" to protect themselves well but it's the globalisation of crime and opportunity.
A media example was that you would not get spam phone calls because they used to be expensive; now phoning is free.....a barrier to entry removed....!!
End users are the first line of defence, whether it be at work or in the home. If Gov want to move more and more services on-line, then IT literacy is a must, not just for accessing your 'socials' but also for managing your day-to-day.
FWIW - This is why I feel the OSA is just wrong... Everyone needs to take ownership of their responsibilities, including parents and not just blame big business, for their ignorance.
...but well meaning companies and organisations help muddy the waters too.
How do you know if the email from your energy company is valid and the attached PDF file is genuine?? Frankly, you don't, so unless I'm expecting an email, it'll be binned but if I think it's something I need to check, I'll get onto the website, log in and check it out for myself.
My 2p
M
FWIW - This is why I feel the OSA is just wrong... Everyone needs to take ownership of their responsibilities, including parents and not just blame big business, for their ignorance.
...but well meaning companies and organisations help muddy the waters too.
How do you know if the email from your energy company is valid and the attached PDF file is genuine?? Frankly, you don't, so unless I'm expecting an email, it'll be binned but if I think it's something I need to check, I'll get onto the website, log in and check it out for myself.
My 2p
M
camel_landy said:
How do you know if the email from your energy company is valid and the attached PDF file is genuine?? Frankly, you don't, so unless I'm expecting an email, it'll be binned but if I think it's something I need to check, I'll get onto the website, log in and check it out for myself.
A lot of companies really don't help themselves. Virgin as a prime example used to phone me up and ask for my date of birth and postcode to confirm who I was. You just phoned me you Muppets, you know who I am but I have no idea who you are! RizzoTheRat said:
A lot of companies really don't help themselves. Virgin as a prime example used to phone me up and ask for my date of birth and postcode to confirm who I was. You just phoned me you Muppets, you know who I am but I have no idea who you are!
Just ask them for their birth date, national insurance number (got to ensure they're allowed to work in the UK after all), post code, driving licence number, random digits of their RizzoTheRat account password, and see how they like it!This is just an arms race and 'unofficial' war picking off the juicy low hanging fruit at the moment. Once people have experienced the pain they will beef up security and the hackers move elsewhere for less juicy low hanging fruit.
I think it will be a war without end consisting of a hack, counter-measure, hack, counter-measure repeating cycle as companies/people evolve their security strategies and hackers their attack methods.
It has been inevitable since someone joined up 2 computers using a network.
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
I think it will be a war without end consisting of a hack, counter-measure, hack, counter-measure repeating cycle as companies/people evolve their security strategies and hackers their attack methods.
It has been inevitable since someone joined up 2 computers using a network.
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
Inbox said:
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
I'd say its very different. More like you putting a new lock on your door but you don't realise that the bloke who sold you the lock unknowingly let some criminals have copies of the keys. Or you putting a new lock on your door, except it was someone elses door pretending to be yours, and yours still had the old one on, and they have the keys, and are in your house, and locked you out from the inside. :-)
a better analogy is that you're in a group of people being chased by lions.
unlike the analogy with one lion, you don't know how many lions there are and you don't know how many people you have to run faster than. Also the lions are able to devour more than one person at the same time. And are permanently hungry, never satisfied....
unlike the analogy with one lion, you don't know how many lions there are and you don't know how many people you have to run faster than. Also the lions are able to devour more than one person at the same time. And are permanently hungry, never satisfied....
Griffith4ever said:
Inbox said:
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
I'd say its very different. More like you putting a new lock on your door but you don't realise that the bloke who sold you the lock unknowingly let some criminals have copies of the keys. Or you putting a new lock on your door, except it was someone elses door pretending to be yours, and yours still had the old one on, and they have the keys, and are in your house, and locked you out from the inside. :-)
The trouble is you are relying on someone else to lock the door, window or keep your spare key safe, etc, it is not easy.
Inbox said:
I think there are as many permutations as there are attack vectors, taking a typical house it could be a door (choice of 2), a window (many choices), they found your lost key, broke in through the garage, kicked a hole in the roof. You just need to be aware of the possibilities and secure accordingly as best you can.
The trouble is you are relying on someone else to lock the door, window or keep your spare key safe, etc, it is not easy.
- made a copy of your garage so when you unlocked it they could copy your keyThe trouble is you are relying on someone else to lock the door, window or keep your spare key safe, etc, it is not easy.
- trained your dog to steal your key
- disguised themselves as you to get your wife to give them her key
- hid in your bag so you carried them in to your house
- tried 15 million different keys until they found one that locked
- bypassed your lock as you hadn't realised the door frame wasn't actually attached the wall
- changed your locks and want you pay them for the new key
There's a lot of ways these analogies could go
Inbox said:
Griffith4ever said:
Inbox said:
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
I'd say its very different. More like you putting a new lock on your door but you don't realise that the bloke who sold you the lock unknowingly let some criminals have copies of the keys. Or you putting a new lock on your door, except it was someone elses door pretending to be yours, and yours still had the old one on, and they have the keys, and are in your house, and locked you out from the inside. :-)
The trouble is you are relying on someone else to lock the door, window or keep your spare key safe, etc, it is not easy.
Griffith4ever said:
Inbox said:
It is no different to having a better lock on your door than next door so the burglar breaks into next door instead of yours place.
I'd say its very different. More like you putting a new lock on your door but you don't realise that the bloke who sold you the lock unknowingly let some criminals have copies of the keys. Or you putting a new lock on your door, except it was someone elses door pretending to be yours, and yours still had the old one on, and they have the keys, and are in your house, and locked you out from the inside. :-)
There is bound to be one employee who is tempted so it's easy access for the hacker who doesn't even need to be an expert in picking a lock.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff