poniedziałek, 20 czerwca 2011

Online storage leaves companies open to hackers

By Timothy McDonald

Posted June 17, 2011 22:03:00

A laptop keyboard

Vulnerable: LulzSec have targeted a number of high-profile websites. (ABC: file photo)

Cyber security experts are warning that the growing practice of sharing and storing information online could make more companies and institutions vulnerable to attack from hackers.

The warning comes as the full extent of a major attack by the hacking group LulzSec becomes clearer.

LulzSec have hacked several global companies, including Sony Pictures, Nintendo and Fox News. Yesterday, they even brought down a website linked to the CIA.

It is not clear who the group is but last night they posted 62,000 email addresses and passwords online.

The addresses included Gmail and Hotmail accounts. There were also details from Australian Government departments, local councils in Victoria and New South Wales, as well as schools and universities.

The chief technology officer for cybersecurity consultancy Pure Hacking, Ty Miller, says attacks are becoming increasingly sophisticated.

He says they are unlikely to stop because the victims seldom have the resources to find and prosecute hackers.

"We'll get companies ringing us up saying that they've been compromised. Every single time we get called in we say to them, 'Do you want to go after these people to take them to court or do you just want it cleaned up and get your systems up and running?' And every single time they say 'We just want it cleaned up and get back up and running again'," he said.

The reaction is not surprising given how difficult it can be to track down the attackers, who are often overseas.

Mr Miller says hackers can disguise the source of the attack.

"You can usually track them back down to the IP address that directly broke into the client," he said.

"Beyond that you basically have no idea if that was just a stepping stone or, it could be someone in a completely different country."

Mr Miller says many companies are making themselves more vulnerable to attacks by storing their data online.

He says it can be cost effective but it also creates openings for hackers.

"You've got your corporate systems running at a hosting provider and I come along and I purchase the same type of hosting as you did, and suddenly I've got access to a system that's sitting right next to your servers and I can start directly attacking those servers behind the firewall," he said.

"Basically, the theory goes from a hacker's point of view, the closer you are to your target the more control over its environment that you have and the more serious attacks that you can actually perform."

The University of Technology Sydney (UTS) was one of eight Australian Universities whose accounts were compromised in a cyber attack by the LulzSec group.

The university's directory of IT client services, Chris Cahill, says at this stage the breach appears to be minimal.

Mr Cahill says only one person at the university has been affected by the attack.

"We've taken measures already to resecure that person's account and we're looking and seeing if any damage was done or if any records were accessed by anyone other than the self at the moment," he said.

Mr Cahill says it is possible that other accounts may have been compromised that the university is unaware of.

"That's always a possibility and we're pretty vigilant in monitoring for that all the time and mostly with various organisations such as AusCERT, we and accounts are comprised to identify and beware of the threat level," he said.

Mr Cahill says the university is always concerned about protecting their systems from security breaches, but he says securing university networks from intruders can be difficult.

"It is a very challenging thing in a university because universities are by nature about openness and sharing information," he said.

"But we've got to get the balance right and have sufficient security in place to make sure that we're protecting our resources and our data and our IT.

Tags: information-and-communication, internet, law-crime-and-justice, crime, science-and-technology, computers-and-technology, hacking, australia, nsw, sydney-2000

Chat about this story w/ Talkita

Source: http://www.abc.net.au/news/stories/2011/06/17/3247164.htm

australia politics bush obama justin

Brak komentarzy:

Prześlij komentarz