Tag Archives: Internet Security

Panda Security

10 Tips for protecting your company’s email

Practically all important information that we work with nowadays reaches us via corporate email. That’s why email security is so important for companies. Here we offer some advice to bear in mind to prevent unauthorized people from accessing your email – and the information it contains.

keys

10 Tips for protecting your company’s email

Many of the cyber-attacks that target large companies can be traced back to email. When all’s said and done, this is the place where a company’s most useful information can be found; where employees chat; where credit card details -even passwords- are sent. Read on if you want to know how to look after this information.

  1. The first thing you should be thinking about as a company owner is training your staff in IT security, to eliminate dangerous behavior when using company email.
  2. Employees can counter risks by deleting old emails. You accumulate hundreds (even thousands) of messages in the belief that the information is really important (it could be for a cyber-criminal!). If you genuinely regard the information as vital, you could always save it to an external hard drive or data base and then delete the original emails.smartphone email
  3. Encrypt your email. One of the main features of corporate email is that it gives companies control over sensitive information, and prevents it from being circulated through employees’ personal email accounts. The best way to ensure such control and keep it from falling into the wrong hands is to encrypt it.
  4. When you have to create a password make sure it’s complex and that nobody could guess it. That said, make sure you can easily remember it too.
  5. You should also be careful when starting a corporate email session from public computers in libraries, Internet cafes and the like. Make sure you close the session before leaving the computer, though even then you can leave traces of your activity that are easily detected by cyber-criminals. Better only to access your company email on trusted networks.
  6. Don’t give your email address to everyone, and don’t post it on public Internet sites, remember that scammers are always on the lookout for new victims. inbox
  7. Careful with fake emails that try to trick you into resetting passwords as part of a supposed security check. These are normally scams designed to steal your passwords and access your email account. If you really need to change your password, go to your email provider’s website and make any changes from there, but don’t click on links sent to you via email.
  8. On a similar note: don’t even open emails sent from unknown sources.
  9. And of course don’t forget that company email is a working tool, it’s not for exchanging messages with friends and family. Remembering this will also help keep information from falling into the wrong hands.
  10. Last but not least, a good tool for protecting email from malware and other dangerous content is Panda GateDefender, which can prevent unwanted files from entering into contact with your company’s most sensitive data. This software filters spam to safeguard employee productivity, and also enables the secure and centralized storage and administration of your network’s users’ messages, ensuring flexibility and complete connectivity.

 

The post 10 Tips for protecting your company’s email appeared first on MediaCenter Panda Security.

Panda Security

Can they spy on you through your smartphone microphone?

Smartphone spy App
Smartphone users are highly sensitive about privacy, not least because so much personal data is stored in just a few square centimeters. We shudder at the thought of what happened to Jennifer Lawrence and company, and that it may happen to us; someone spying on our most intimate data.

Yet that’s not all we should be wary of: There are some spy programs that can even remotely activate the microphone on your device and record you. One of the most infamous of these is StealthGenie, a spyware app that behaves like a Trojan and supports iOS, Android and Blackberry. It can geolocate the device, listen to conversations, capture messages and images and even activate the microphone, tracking all your actions throughout the day.

A company video claimed that the app had more than 100,000 satisfied customers, though it looks like the game is now up. Last October the company’s CEO was arrested in the USA for promoting and selling this phone monitoring app..

It is paradoxical at least that this arrest should have occurred in the United States, where it has been revealed, thanks to Edward Snowden, that the government has been spying on the phones of so many users around the world. Such revelations from the CIA’s ex security analyst revealed that the NSA was using all types of systems to spy on smartphones, even using apps such as Angry Birds. And you thought killing a few pigs from your cell phone wouldn’t have any consequences!

A simple search will return a host of apps that promise to enable you to spy on your neighbor’s phone. So next time you need to visit the bathroom, perhaps it’s best not to take your phone with you.

smartphone spy

Researchers at Stanford University have been analyzing these apps and the ease with which our phone mikes can be turned against us. For this purpose they have developed their own app, Gyrophone, which turns the phone gyroscope into a means for capturing acoustic signals between 80 and 250 Hz (e.g. the human voice). This demonstrates how easy it is to spy on users.

By using this app, they have shown that it is possible to identify both the person speaking as well as what they are saying by measuring the acoustic signals in the vicinity of the phone. The researchers have already demonstrated this on Android devices and are now working on iPhone.

Other universities are also concerned about smartphone spying. Researchers at Citizen Lab at the University of Toronto have analyzed the Italian ‘Hacking team’ spyware. They have worked out how it manages to store all user information, take screen grabs, record audio conversations, use the GPS tracker or activate the microphone when users are connected to a public Wi-Fi network.

The researchers have also uncovered the existence of 350 servers in 40 countries around the world storing data from this tool. Are governments around the world using these tools to monitor our every move?

So if you thought that tapping phones in hotel rooms, with a group of police or high-tech criminals monitoring all conversations belonged only in spy movies, you were wrong. Be aware that your smartphone, which you always keep within arm’s length so as not to feel lonely, is potentially a tool for spying on every sound you make. All you can do is be more careful with your phone security and pray that your life is so boring that nobody wants to spy on you.

More | 10 Reasons to install an Antivirus on your phone or Android Tablet

The post Can they spy on you through your smartphone microphone? appeared first on MediaCenter Panda Security.

Panda Security

Major security attacks in 2014 – Part 2

Major security attacks in 2014 – Part 2
A few days ago we published a summary of six of the most important security attacks in 2014.

Today we continue this list with some other notable attacks, which stood out not just because of the stature of the companies attacked, but also because of the volume of compromised data.

Major security attacks in 2014 – Part 2

  1. KCB and the theft of 106 million accounts
    banking corea

    banking corea

     

    The Korean financial agency, Korea Credit Bureau (KCB), was the victim of an attack that exposed more than 105,8million user accounts, including credit card details, first names and last names, phone numbers, addresses and even passport numbers.

    In this case however, no malware was used. The thief worked for KCB -ironically in the company’s anti-fraud department- and for 11 months had been copying the data before selling it to the highest bidder.

    Had the information been adequately encrypted, the damage could have been far less, yet this wasn’t the case.

  2. Orange: The importance of storing passwords on a secure server

    In February, a vulnerability on the website of the French telecom firm Orange allowed hackers to access the data of hundreds of thousands of customers, including names, addresses and phone numbers.

    Fortunately, and despite the security hole, Orange’s systems were sufficiently well set up as to prevent passwords from being compromised, thereby greatly reducing the damage to the 800,000 users affected.

    It appears that these passwords were stored on a separate, more secure server.

  3. SEA compromises Forbes’ security

    Also in February, the Syrian Electronic Army (SEA) managed to compromise the website of Forbes. This resulted in the theft of data of more than a million users, including company employees.

    Stolen data included names and email addresses, as well as (encrypted) passwords. Worse still, the SEA published the data on the Internet.

  4. Data of 650,000 customers stolen from Domino’s Pizza

    In June this year, the Domino’s Pizza fast-food chain was attacked by a group called “Rex Mundi”, and the data of some 650,000 French and Belgian customers was stolen.

    In this case, the criminals demanded a ransom for the information, though the company’s chiefs said they were not willing to give in to blackmail.

  5. Attack on DIY giant Home Depot

    the home depot

    In September, Home Depot, the home improvements retailer, confirmed there had been an attack on its servers, compromising the data of 56 million credit and debit cards.

    Moreover, according to the The Wall Street Journal, some of the accounts associated to these cards had been emptied.

  6. Sony

    To end 2014, we have witnessed one of the most significant targeted attacks on a company.

    Many details of the attack are still unclear, but the effects on Sony have been tremendous: a week without being able to connect to computers, massive deletion of data, theft of internal company information…

    The attackers have published five unreleased films and are threatening to leak confidential data.

    There have also been reports of malware appearing with Sony’s digital signature, the passwords for which were stolen with the rest of the information.

 

The post Major security attacks in 2014 – Part 2 appeared first on MediaCenter Panda Security.

Panda Security

Prevention is better than cure: These eleven threats could compromise your corporate systems in 2015

Threats corporative systems

We don’t know what next year has in store for us, yet predictions are always useful to be better prepared for what might be around the corner. This also applies to IT security. If we analyze current trends in vulnerabilities and attacks, we may be able to forecast patterns for the future and avoid the dangers.

The Spanish government’s National Intelligence Center publishes annual reports detailing the main threats to businesses and organizations, and those that can be expected to be prevalent the following year.  Here we outline the eleven most notable dangers expected in 2015 so you can start to take measures before it’s too late.

  1. Cyber-espionage has been the single greatest threat in recent years and this can be expected to continue over the next few months. Cyber-criminals will continue working to improve methods to attack organizations and companies, as well as making them more difficult to detect.
    The simplest strategy is to choose targets with the least protection, such as contractors, suppliers or private computers. They often use social networks to gather basic information and then use the data on Web services and email.

    Threats corporative systems

  2. It is also important to keep a close eye on a factor that is often ignored: outdated operating systems. Microsoft stopped supporting Windows XP last April, so any vulnerabilities discovered since then won’t be patched, making it an easy target for criminals.
  3. Next year, just as we have witnessed in the last few months, there will be no shortage of ‘watering hole’ attacks. In this strategy, cyber-criminals observe the websites most visited often by an organization and then infect the pages with malware knowing that sooner or later some computers in the targeted organization will be infected.
  4. Something else to bear in mind when talking about threats to companies are mobile devices, as a lot of corporate data now passes through them. The best thing is to protect both smartphones and tablets with an antivirus for Android.
  5. Social networks also represent a possible entry point for cyber-criminals. The professional or personal profiles of employees on sites like LinkedIn or Facebook can be used to get to their email addresses. They are then sent malware via email in the hope of compromising the company’s systems.
  6. Many attacks target data stored in the cloud, as well as that stored on corporate networks. If the information is not properly protected, it can be easy to access files in the cloud. You can never take too many precautions when protecting data from threats.
  7. Another negative statistic is that studies indicate the increasingly sophisticated and damaging malicious code in circulation takes longer to detect. The same thing goes for the removal of malware from infected systems.
  8. Complex attacks on large companies with many systems and admin platforms can go undetected for long periods of time.
  9. However, attacks are no longer limited to computers. Many phone lines are associated to inter-communicating systems, such as alarms or dataphones. ‘Machine to machine’ or M2M communication is the basis for the ‘Internet of Things’.
  10. Home automation systems and devices, as well as industrial control systems, have begun to suffer from the first attacks by malicious software. Embedded systems in security cameras and monitors could be compromised if the program developer does not implement adequate protection measures.
  11. Cybercrime is constantly developing new strategies to evade ASLR mechanisms. This automatic process protects the security of operating systems by saving key program data on strategic areas of the hard disk to prevent hackers from deliberately accessing it.

We’ve given you a few pointers, it’s now in your hands to prevent these sorts of attacks. Keeping your computers protected with a corporate antivirus and updating your software are two key practices that you should encourage in your company.

The post Prevention is better than cure: These eleven threats could compromise your corporate systems in 2015 appeared first on MediaCenter Panda Security.

Panda Security

The number of leaked email addresses and passwords has exploded in 2014

The number of leaked email addresses and passwords has exploded in 2014

The statistics speak for themselves: The emails you send and receive every day at work are a time-bomb.

This is not just because they can be an entry point for cyber-crime, such as extortion or malware that can infect your computer, but also because through email, cyber-criminals can steal your account.

In fact, the email account you use in your company is now in more danger than ever before, simply because the number of compromised email accounts has reached astronomical figures.

Just a few months ago, five million Gmail account details were leaked on a Russian cyber-security forum, raising doubts about the security of the Google service, and creating jitters among the service’s millions of users.

However, the scandal of leaked Gmail accounts was barely the tip of the iceberg. Shortly after, Home Depot, the home improvements retails chain, announced a security breach in its payment platform that had compromised the details of no less than 53 million email addresses.  It’s clear then that our details of email addresses can be obtained from anywhere.

As if this weren’t enough, a group of cyber-security experts recently published a study confirming the trend (as if it were really in any doubt): In just three months the details of more than six million accounts have been leaked, along with the corresponding passwords.

five million Gmail account details leaked

It’s a frightening figure, and more so considering that these are just the confirmed cases.

According to the study, most cases are due to people using company email addresses in private environments and the low levels of security associated with such email accounts.

Trojans infecting poorly protected computers or the use of email accounts with inadequate security are the most probable causes of this increase in the leaking of email addresses and their passwords.

The result of all this is seriously concerning: the use of these passwords by cyber-criminals against the users themselves. Moreover, if millions of account details have been leaked in just the last three months, the amount for the whole of 2014 could be twenty times greater.

Given how this trend underlines that corporate email accounts are not as secure as they should be, it is advisable to implement security measures such as two-step verification or at least frequent changes to email passwords.

The post The number of leaked email addresses and passwords has exploded in 2014 appeared first on MediaCenter Panda Security.

Panda Security

The Snowden effect: Has cyber-espionage changed the way we view security?

snowden

In the history of international espionage in general and specifically in the case of the US National Security Agency (NSA), there has been a turning point. Previously, everyone speculated about the extent to which the USA was monitoring us, yet without there being any clear evidence of this. Who has never thought that someone, somewhere was keeping track of all the messages you write on Facebook or in emails?

Thanks to Snowden of course, we know now this is true. The NSA has been spying left, right and center on all the tools that people use every day: data from Microsoft, Facebook, Yahoo, Google, Skype and YouTube were carefully analyzed by the NSA and the FBI. Even Hollywood couldn’t have come up with such a scarcely credible plot. Yet they hadn’t foreseen that Edward Snowden, one of their employees would jump ship and reveal their little secret to The Guardian and The Washington Post

Over a year later, the ex-CIA operative continues to be a famous name. One Internet security survey of more than 20,000 people across 24 countries, organized by the Canadian Centre for International Governance Innovation (CIGI) has revealed that 60% of participants in the survey had at some time heard of Snowden. Germany was the country where most people had heard of him: some 94% of respondents. Not so surprising when you think that Chancellor Angela Merkel had had her phone tapped by US spies.

Some 85% of Chinese citizens also know who Snowden is, and with good reason. He revealed that Washington had been spying for years on China and Hong Kong. Paradoxically, citizens of these countries are more aware of Edward Snowden than those from his native soil: just 76% of Americans know what he did. Kenya is bottom of this particular ranking: just 14% of the population is conscious of just how far the tentacles of the U.S. security agency spread around the globe.

security

In fear of the all-seeing eye of the U.S. ‘Big Brother’, 39% of respondents who knew about Snowden have taken measures to improve their privacy and security because of the scandal. Curiously, citizens of India are those that have been most diligent in protecting themselves (69%), followed by those in Mexico and China. The French, Swedish and Japanese have barely changed their security habits, while in the USA, some 36% have improved their privacy. Perhaps most are resigned to their government’s knowing who they are friends with on Facebook or how many hours they spend playing Candy Crush, as they suppose there is not much they can do about it anyway.

Indirectly, the Snowden case and the widespread paranoia about the possibility that governments are spying on your digital life has had other effects, even for those who weren’t aware. Some two-thirds of respondents confessed to being more concerned about their privacy than a year ago, while 62% say they are aware that government agencies in other countries may be secretly spying on them online. A similar figure, 61%, expressed concern that their own government could be monitoring everything they do on the Web.

It also turns out that we now change passwords more than ever to protect our privacy. Some 39% of respondents claimed they regularly change their passwords, and that they do so more frequently than in the previous year. So even if you have to click the ‘Password reset’ button a hundred times because your brain is unable to remember which digit you changed the last time, at least you won’t feel that someone is reading your confidential data.

Moreover, 43% of respondent confessed to avoiding certain Web pages, just in case, and 73% said that they wanted their personal details and private information stored physically on a secure server.

More than one year on, the Snowden revelations continue to resound in the halls of power and across cyber-space, though it’s rare to see the young IT engineer in the media. He now lives in Moscow, reads Dostoevsky and spends his days watching ‘The Wire’. Revealing that the world is not secure and that the U.S. government has its nose in everyone’s business has led to a life in exile for this brave man, though at least it has served to encourage all of us to improve our security.

If after reading this article your level of paranoia has gone from Def Con 5 to Def Con 1, we remind you that you can also safeguard the privacy of the data on your phone with Panda Mobile Security, our free antivirus for Android.

The post The Snowden effect: Has cyber-espionage changed the way we view security? appeared first on MediaCenter Panda Security.

Panda Security

More controversy for Uber: The app compiles user data without permission

uberThe emergence of Uber has put taxi drivers around the world on red alert. Just this week, the Spanish High Court has ordered the company to cease operations on the grounds of unfair competition with taxi drivers.

Yet it’s not just the business model (putting customers in touch with unlicensed drivers) that stretches the limits of legality. The app, which effectively manages requests and responses, also contains some dubious aspects.

This is what a group of IT security researchers have discovered after analyzing how the mobile app works. They have analyzed the code of the Android app in detail and their findings don’t reflect well on Uber.

The study revealed that while users take advantage of the services they offer, the system transmits information about their Internet habits along with certain features of their phone, details that are entirely unrelated to the service.

The San Francisco based ‘start-up’ would seem to be interested in the people its customers are in contact with; it collects data on the length of calls and the phone numbers.

It also gathers information about the apps installed on the device, the free memory space and byte circulation. Similarly, the GPS coordinates and the IP address of the phone are recorded.

taxi

 

The company wants to know what messages (SMS, MMS and emails) are sent and received by users, and suspiciously, the tool reports the malware that the phone is vulnerable to and the security algorithm used on the device. The obvious question is, why would a company that only offers a transport service need all this information about its users?

Some have defended its strategy, claiming that this is an anti-fraud measure to identify fake accounts (competitors could use the app covertly with other intentions). Still, the end doesn’t justify the means. The terms and conditions of the app don’t reflect the entire flow of information that really takes place.

For the moment these experts have only analyzed the app for Android; it’s still unclear whether the same things happen on the iOS version. Nevertheless, it may be best to fear the worst, as Apple is hardly renowned for its discretion.

If you think that after this news Google will be withdrawing the app from its platforms, you’re probably forgetting a small detail -in the form of a bundle of cash. Google Ventures, the branch of the company that invests in new ventures and business opportunities, has financed Uber to the tune of $258 million. It’s unlikely to write that off just for a small problem of privacy.

Uber is not the only app that uses your data without clarifying the reasons. We recently discussed some torch apps that do the same with GPS coordinates, photos and text messages.

You can’t entirely avoid being spied upon, though revelations like these are a wake-up call to be on your guard with respect to the permissions on the apps that you download. It’s common to accept conditions without reading them in the belief that an app must be trustworthy, but all that glitters isn’t gold.

Remember that Panda Mobile Security, our free antivirus for Android, can help you to monitor which personal data on your phone is shared with third-parties.

The post More controversy for Uber: The app compiles user data without permission appeared first on MediaCenter Panda Security.

Panda Security

The six most infamous attacks of 2014

2014-security-attacksDropbox, Paypal, Gmail… There were many technology giants who suffered security problems of one sort or another in 2014.

Sometimes, even the best antivirus isn’t enough to protect the files you share with others, but we can offer you an antivirus software that includes a password manager which helps you securely access all your Web services while only having to remember one master password.

Below we offer a summary of the most infamous attacks of the year, and take the opportunity to remind you to set strong passwords and use them on all your devices.

The six most infamous attacks of 2014

  1. eBay and PayPal, the first to be hit

In May, eBay took us all by surprise when it asked users of PayPal, its online payment platform, to change their passwords.  

The Internet auction site seemingly confirmed that cyber-criminals had accessed, a couple of months earlier, the accounts of some employees.

This, in turn, would have given them access to the company’s internal network, and from there to the database with user names, phone numbers, email addresses and passwords.

They did assure however that neither the bank details nor the credit card data of customers had been compromised.

  1. Hollywood images leaked to the Web

September witnessed one of the most talked about attacks of 2014: CelebGate.

The leaking of nude images of 2013 Oscar winner, Jennifer Lawrence, as well as of other models and actresses via the 4Chan /b/ forum, was the subject of much debate.

jennifer-lawrence-oscar

Apple claimed that the accounts of these celebrities “were compromised by a very targeted attack on user names, passwords and security questions”. A practice “that has become all too common on the Internet”.

This way, Apple denied that the hacking of these accounts was the result of a vulnerability in its iCloud or ‘Find my iPhone’ services.

  1. Theft of five million Gmail passwords

In September, a Russian cyber-security forum published a file with more than five million Gmail account details.

Several experts confirmed that over 60% of the username/password combinations were valid. Google claimed however that the information was outdated, i.e. that the accounts either didn’t exist or were no longer used.

Like Apple, it said there was no evidence that its systems had been compromised.

  1. Viator and user bank details

Also in September, Viator was the victim of a security attack through which cyber-criminals accessed the bank details of its users. Company sources said that the attack took place between September 2 and 3.

It appears that Viator became aware of the hacking thanks to complaints from customers about unauthorized charges on the credit cards used on the service.

credit-card-pc

As you would expect, and to prevent the theft of more data, Viator asked users to change their account passwords and to keep an eye on any transactions charged against their credit cards.

  1. 200,000 Snapchat images

After the invasion of privacy of Hollywood actresses and models, in October, users of Snapchat had the security of their files compromised.

Snapchat is a mobile app for sending photos and images that are deleted between one and ten seconds after the message is read.

Although Snapchat doesn’t store users’ images, another app, Snapsave, available for Android and iOS, does save them, and this enabled the theft of 200,000 photos.

  1. Attack on Dropbox

A user of Pastebin, a meeting point for hackers and IT security specialists, claimed to have obtained the passwords of seven million Dropbox users and, in order to prove this, made some of them public.

On the company’s official blog, Dropbox was quick to announce that it had not been hacked, but that the data had been stolen from other services and consequently used to access its platform.

What does Dropbox advise? Not using the same password for all services and enabling two-step verification.

The post The six most infamous attacks of 2014 appeared first on MediaCenter Panda Security.

Panda Security

Christmas is coming… And cyber-criminals are on the prowl

Christmas-shopping

Christmas is coming, and what could be better this year than doing your Christmas shopping without having to leave home. All you need is a computer, an Internet connection and your credit card. Yet although this is one of the great benefits of the Web, it can also be the perfect trap: It gives certain types of criminals the chance to steal from a store’s customers without even going near the stop.

Stores’ Web pages receive their customers’ account details in order to complete the online transaction. If a cyber-criminal manages to access the store’s system, they would have access to this information and could exploit it to carry out their own transactions. To prevent this, you should make sure that the website interacts with the platform that your bank has set up in order to purchase online securely.

While such systems are at risk throughout the year, the Christmas period sees a lot more of this type of crime, given the amount of transactions that take place.

However, even if you go physically to the point-of-sale, there are still risks. In 2013, Target, the US retail chain, fell victim to an attack that leaked the credit card details of 40 million customers.

During the store’s Christmas campaign, cyber-criminals used a type of malware that targeted point-of-sale (POS) terminals, infecting the credit card payment systems. Since then, there have been many more such attacks, and the tools used are continually updated.

The strain of malware that hit Target was BlackPOS, a program that exploits a vulnerability to install on computers connected to POS terminals. It identifies the card reader process and steals information from the terminal memory with another malware: RAM Scraper.

online-credit-card

This year another malicious code, FrameworkPOS, is doing the rounds. So far it has been used in attacks aimed at The Home Depot. With this system, cyber-criminals have managed to obtain the credit and debit card details of more than 50 million customers.

According to the Department of Homeland Security, as many as a thousand companies around the United States have been affected by another malicious code, dubbed Backoff, which targets POS terminals. Its effects are similar: It extracts data from the terminals’ memories to obtain card passwords. It infiltrates systems through the file ‘explorer.exe’.

Although there is little that customers can do about the malware that affects POS terminals, companies can take preventive measures. They should make sure that their antivirus solutions are up-to-date, use complex passwords on all devices, check their firewall and use encrypted data transfer systems.

The post Christmas is coming… And cyber-criminals are on the prowl appeared first on MediaCenter Panda Security.

Panda Security

The FBI’s most wanted cyber-criminal used his cat’s name as a password

Not for the first time here, we find ourselves talking about passwords. In January, the software company SplashData listed the most popular passwords of 2013, on the basis of millions of passwords found on the Internet. Among the most frequently used were simple combinations: ‘123456’ was in first place followed by ‘password’.

We’ll have to see what comes out in the next report, though we’ve already seen how even cyber-criminals can make such a simple mistake.

Jeremy Hammond was arrested in Chicago in 2012. In those days he was the most wanted cyber-criminal. He had managed to compromise the Web page of Stratfor, an intelligence and espionage firm whose customers include the U.S. Defense Dept.

The authorities managed to track him down with the help of Hector Xavier Monsegur, leader of the now defunct hacker group Lulz Security. This organization was the alleged perpetrator of the attack on the CIA’s website in 2011 and the theft of Sony Pictures user account details in the same year.

They finally caught him, though Hammond had time to shut down his Mac laptop before the police got into his house. To start it up again they needed his password.

saved-password

Hammond is now serving time in Manchester Federal Prison. While behind bars, he’s explained that hacking Stratfor’s Web page was not difficult. The main error, he claims, was that those responsible for the site had not encrypted their customers’ credit card details.

His own error, however, was quite different. Hammond has acknowledged that the weak point of the computer that he had used for a number of ‘jobs’, and which no doubt let police IT experts get into the machine, was its password. “Chewy123” is simply the name of his cat (plus the obvious sequence of numbers).

We have often spoken here of the techniques you can use to avoid making the same error as Hammond. Make sure your password is complex, and never use a sequence of numbers or letters.

There are also tools available to check the strength of your passwords, and you should change them regularly and use a password manager.

However much you think your data won’t be of interest to anyone, cyber-criminals can exploit information in many ways, not just for direct financial gain. And it’s not just large organizations that are targeted by hackers. IT security experts have recently warned of the leaking of passwords from platforms such as Gmail and Dropbox.

It’s difficult to stay ahead of cyber-criminals, but it’s not too hard to ensure that your passwords don’t figure in the ranking of the worst combinations. We all have to start somewhere.

The post The FBI’s most wanted cyber-criminal used his cat’s name as a password appeared first on MediaCenter Panda Security.