 |
|
| FREE NEWS SERVICES • Newsletters • RSS feeds • Alerts |
CAREERWEB • Register • Post your CV • Find your job |
BRAINSTORM
• Subscribe • Read online |
iWEEK • Subscribe • Read online • Get into iWeek |
IT TRAINING • TrainingWeb ITWEB EVENTS • Events Calendar |
FEEDBACK
• Post your feedback • Send us a news tip |
 |
 |
|
25 August 2003
Absa hacker saga encourages better IT security
JUSTIN THORPE
, BUSINESS DEVELOPMENT AND SECURITY MANAGER
[
25 August 2003
] -
The key to avoiding identity theft when transacting online is to practise good PC housekeeping. Making sure you have the latest anti-virus software, a personal firewall and some form of privacy control on your machine is critical for safe Internet banking practice.
These are lessons that can be learned from the Absa hacker attacks, where over R500 000 was fraudulently removed from several Absa client accounts.
According to Justin Thorpe, business development and security manager at IT systems distributorComztek , home PC users must follow these safe practices, to reduce their chance of being defrauded like the Absa Bellville clients in the recent widely reported identity theft cases.
Thorpe says the problem appeared to have arisen because the hacker used information gained via 'spyware' to illegally access a number of accounts and transfer money from them. Spyware is a program that deposits a payload on a PC - usually through e-mail - which can then track the keystrokes a person uses.
"There are various kinds of spyware freely available for download on the Internet. It has the ability to record keystrokes, Web sites visited and even e-mails sent. It provides instant notification and has a 'stealth' operating mode so the person using the infected computer is unaware that he or she is being monitored.
"Depending on the type of spyware used, it can automatically send all recorded information to a designated e-mail address. The hacker is then able to use the collected information as he or she pleases. It is believed that the hacker obtained victims' bank account numbers and personal identification numbers (PIN) in this manner.
"The hacker attacked the Absa clients' home computers to steal their money. It's unlikely that the bank's own security system was breached. In fact, hackers are turning to weaker links outside of banks' systems such as Internet service providers (ISPs) or the customers' own PCs," he points out.
"Banks have people testing for penetration every day, to make sure their sites are secure. One needs to remember that the bank's security was not compromised in this reported incident; it was a security problem on the customers' side that allowed the hacker access to the various login and password details.
"Many individuals share their passwords and other details with second-parties, which explains why most of the accounts hacked were located in one area: Bellville, north of Cape Town. The people targeted included bookkeepers and attorneys in charge of trust accounts," he adds.
He says banking online is just as safe as going to the bank itself. "Provided the security on your home PC is up-to-date and your environment is secure and correctly configured, hackers will struggle to enter your system using 'loopholes' in your configuration," says Thorpe.
"The banks are, understandably, concerned about online security. In the online environment, the user being more alert, aware and disciplined in terms of general online security practices can improve his or her security.
"People need to be made aware that there are bigger issues than purely anti-virus software and that additional tools are required for a home PC to remain secure," he adds. This includes regularly updating anti-virus software, updating the licensed copy of the PC operating system (which can be done online) and not opening any suspicious e-mails.
"Customers must also practice 'safe surfing' habits such as not following links to unknown Web sites and be cautious of PCs with public access to them," he concludes.
Thorpe says Comztek keeps its resellers, customers and partners informed on an ongoing basis of the latest trends in security. "We had warned that this was going to happen. No online transaction is 100% safe, but it can be made safer if users are vigilant and educated about what procedures to follow to improve security," he says.
Various solutions are available to SOHO (small office home office) users from software vendors, including Symantec and McAfee. Both have developed software that monitors online traffic, provides an intrusion detection facility and anti-virus software - all in one package.
Norton Internet Security 2002 is the essential solution for any small business or individual as it protects users from viruses, hackers, and privacy threats. It protects your PC when sending e-mail, banking, shopping, or playing online. This powerful suite includes Norton AntiVirus, the world's most trusted anti-virus solution, Norton Personal Firewall to block hacker intrusions, and Norton Privacy Control to keep personal information private.
When it comes to PC security, a firewall is your first line of defence. McAfee Firewall v4.0 includes a sophisticated intrusion detection system, which provides effective detection and automatic blocking of common security threats. With this system you can set up your firewall to provide audible alerts that notify you in real-time as threats arise.
Your PC is vulnerable without a firewall. You need a firewall to prevent hackers from stealing your private information, block Trojan horse applications from taking control of your PC, and deny access to any number of dangerous online intruders. McAfee Firewall runs transparent in the background, preventing hackers from accessing your PC and damaging or stealing your files.
These are lessons that can be learned from the Absa hacker attacks, where over R500 000 was fraudulently removed from several Absa client accounts.
According to Justin Thorpe, business development and security manager at IT systems distributor
Thorpe says the problem appeared to have arisen because the hacker used information gained via 'spyware' to illegally access a number of accounts and transfer money from them. Spyware is a program that deposits a payload on a PC - usually through e-mail - which can then track the keystrokes a person uses.
"There are various kinds of spyware freely available for download on the Internet. It has the ability to record keystrokes, Web sites visited and even e-mails sent. It provides instant notification and has a 'stealth' operating mode so the person using the infected computer is unaware that he or she is being monitored.
"Depending on the type of spyware used, it can automatically send all recorded information to a designated e-mail address. The hacker is then able to use the collected information as he or she pleases. It is believed that the hacker obtained victims' bank account numbers and personal identification numbers (PIN) in this manner.
"The hacker attacked the Absa clients' home computers to steal their money. It's unlikely that the bank's own security system was breached. In fact, hackers are turning to weaker links outside of banks' systems such as Internet service providers (ISPs) or the customers' own PCs," he points out.
"Banks have people testing for penetration every day, to make sure their sites are secure. One needs to remember that the bank's security was not compromised in this reported incident; it was a security problem on the customers' side that allowed the hacker access to the various login and password details.
"Many individuals share their passwords and other details with second-parties, which explains why most of the accounts hacked were located in one area: Bellville, north of Cape Town. The people targeted included bookkeepers and attorneys in charge of trust accounts," he adds.
He says banking online is just as safe as going to the bank itself. "Provided the security on your home PC is up-to-date and your environment is secure and correctly configured, hackers will struggle to enter your system using 'loopholes' in your configuration," says Thorpe.
"The banks are, understandably, concerned about online security. In the online environment, the user being more alert, aware and disciplined in terms of general online security practices can improve his or her security.
"People need to be made aware that there are bigger issues than purely anti-virus software and that additional tools are required for a home PC to remain secure," he adds. This includes regularly updating anti-virus software, updating the licensed copy of the PC operating system (which can be done online) and not opening any suspicious e-mails.
"Customers must also practice 'safe surfing' habits such as not following links to unknown Web sites and be cautious of PCs with public access to them," he concludes.
Thorpe says Comztek keeps its resellers, customers and partners informed on an ongoing basis of the latest trends in security. "We had warned that this was going to happen. No online transaction is 100% safe, but it can be made safer if users are vigilant and educated about what procedures to follow to improve security," he says.
Various solutions are available to SOHO (small office home office) users from software vendors, including Symantec and McAfee. Both have developed software that monitors online traffic, provides an intrusion detection facility and anti-virus software - all in one package.
Norton Internet Security 2002 is the essential solution for any small business or individual as it protects users from viruses, hackers, and privacy threats. It protects your PC when sending e-mail, banking, shopping, or playing online. This powerful suite includes Norton AntiVirus, the world's most trusted anti-virus solution, Norton Personal Firewall to block hacker intrusions, and Norton Privacy Control to keep personal information private.
When it comes to PC security, a firewall is your first line of defence. McAfee Firewall v4.0 includes a sophisticated intrusion detection system, which provides effective detection and automatic blocking of common security threats. With this system you can set up your firewall to provide audible alerts that notify you in real-time as threats arise.
Your PC is vulnerable without a firewall. You need a firewall to prevent hackers from stealing your private information, block Trojan horse applications from taking control of your PC, and deny access to any number of dangerous online intruders. McAfee Firewall runs transparent in the background, preventing hackers from accessing your PC and damaging or stealing your files.
|
EDITORIAL CONTACTS
Comztek
Justin Thorpe Business development & security manager (011) 237 1800 Citigate ICT PR |
 |
||||||||||||||||||||
|
  |
|||||||||||||||||||
 |
||||||||||||||||||||
When
the economy is down, business begins not only cutting costs, but
gearing up or changing services, says HP's David Cannon. This
comprehensive two-day event promises to bring together experts from
all over the world providing solutions to your most pressing
business challenges.
|
Copyright (c) 1996 - 2012 ITWeb Limited. All rights reserved. Would you like to see your news here? Contact us for more details at itnews@itweb.co.za |
|||||||||||
|
