Will hackers and scammers destroy the internet/computers?
Discussion
We seem to be seeing a huge surge in hacking of companies and organisations, with crypto ransoms being demanded or else sensitive data will be published.
There seems to be an enormous amount of bad actors around and general scamming scum.
A lot of it seems pretty well organised and funded.
State sponsored???
Of course computers or attacking them can be weaponised but it seems the floodgates have opened.
If your data is stored on a computer system that is in anyway connected to the internet then it isn't safe no matter what they say.
The BBC did a piece today about one of their staff being offered a huge sum of money to hand over his credentials and allow hackers access.
That must happen all the time....
What can we do about it all???
There seems to be an enormous amount of bad actors around and general scamming scum.
A lot of it seems pretty well organised and funded.
State sponsored???Of course computers or attacking them can be weaponised but it seems the floodgates have opened.
If your data is stored on a computer system that is in anyway connected to the internet then it isn't safe no matter what they say.
The BBC did a piece today about one of their staff being offered a huge sum of money to hand over his credentials and allow hackers access.
That must happen all the time....
What can we do about it all???
I'd say th tech companies have done a pretty good job of destroying the internet themselves. From a user experience point of views it's not exactly a good one these days. From an end user point of view, regarding security and data breaches I guess there's not alot we can do other than some basic stuff which might offer some security but not exactly Fort Knox levels.
-Encrypt all devices and ensure all updates applied
-Use a password manager and different passwords for each account (if one account is compromised then others should be safe. Granted the password manager could end up attacked).
-Use two factor authentication for anything that allows it
-Dont put on the internet, private cloud or otherwise, that you wouldn't necessarily want the world to see and anything sensitive on the cloud, encrypt it further
-Stop sharing every aspect of your current and past life to strangers on the internet were hackers/phishers can create a pretty accurate profile of you
The constant data breaches are why I wouldn't particularly trust the government with this Digital ID stuff, although if the bill goes through I'll happily take a physical card. However I guess in this age of "surveillance capitalism" we're constantly monitored via smartphones and the internet anyway, companies and would be hackers could probably obtain more information on me from Googles and Meta's servers than what the government could ever capture!
-Encrypt all devices and ensure all updates applied
-Use a password manager and different passwords for each account (if one account is compromised then others should be safe. Granted the password manager could end up attacked).
-Use two factor authentication for anything that allows it
-Dont put on the internet, private cloud or otherwise, that you wouldn't necessarily want the world to see and anything sensitive on the cloud, encrypt it further
-Stop sharing every aspect of your current and past life to strangers on the internet were hackers/phishers can create a pretty accurate profile of you
The constant data breaches are why I wouldn't particularly trust the government with this Digital ID stuff, although if the bill goes through I'll happily take a physical card. However I guess in this age of "surveillance capitalism" we're constantly monitored via smartphones and the internet anyway, companies and would be hackers could probably obtain more information on me from Googles and Meta's servers than what the government could ever capture!
Edited by NaePasaran on Monday 29th September 08:47
Edited by NaePasaran on Monday 29th September 09:06
Yes, the internet is a bit of a dangerous mess, and there's a lot of stuff going on that harms people and societies. But ultimately the majority of it (by volume) is basic stuff and easily prevented, or at least made difficult enough the threat is minimised. This basic protects are a combination of technical measures in the technology of the internet, policies backed by enforcement, and user behaviour.
The car world has gone through similar things over the last 100 years with things like headlights, seatbelts, airbags and driver assistance all coming in on the technical level, new rules and regulations on manufacturers and drivers on the policy side and the training and experience of drivers all contributing to safer motoring.
The internet won't take 100 years to sort out, however it will take a few, so very public hacking in all the flavours you see will continue for a good few years.
For once the BBC had an 'expert' that actually said fairly sensible stuff on this topic on the report you saw - he mentioned a few personal behaviours people can take to look after yourself.
If you have kids then you can also ensure they are educated in basic cyber behaviours (much as you educate them on how to behave when going out partying as a teenager or when learning to drive). Schools do some education, there's also plenty online and the UK NCSC website is a great resource for advice.
The car world has gone through similar things over the last 100 years with things like headlights, seatbelts, airbags and driver assistance all coming in on the technical level, new rules and regulations on manufacturers and drivers on the policy side and the training and experience of drivers all contributing to safer motoring.
The internet won't take 100 years to sort out, however it will take a few, so very public hacking in all the flavours you see will continue for a good few years.
For once the BBC had an 'expert' that actually said fairly sensible stuff on this topic on the report you saw - he mentioned a few personal behaviours people can take to look after yourself.
If you have kids then you can also ensure they are educated in basic cyber behaviours (much as you educate them on how to behave when going out partying as a teenager or when learning to drive). Schools do some education, there's also plenty online and the UK NCSC website is a great resource for advice.
Meh. Most of the current threats are no different than they were 30 years ago, there's just more targets and a lot more low skill people leaving themselves open.
Even the 'big' attacks are still almost always people opening an email they shouldn't, or a system facing the outside that shouldn't be, or noddy social engineering stuff by kids; all things that have been the same for decades. It's pretty disappointing how mundane these things often are and how badly prepared people seem to be for dealing with the aftermath.
Maybe less outsourcing to the cheapest third world bidder or remembering security over convenience or not providing idiots with access to tech would help?
Even the 'big' attacks are still almost always people opening an email they shouldn't, or a system facing the outside that shouldn't be, or noddy social engineering stuff by kids; all things that have been the same for decades. It's pretty disappointing how mundane these things often are and how badly prepared people seem to be for dealing with the aftermath.
Maybe less outsourcing to the cheapest third world bidder or remembering security over convenience or not providing idiots with access to tech would help?
I would say it goes even further than hackers and scammers and even further than the internet to some extent.
It only takes a tiny number of attacks to have a huge effect, especially on an individual (how many times in your life could you stand having your bank account emptied?).
As mentioned above it is also not aided by the systems, it is also compounded by the phone scammers too.
Systems have mandatory fields such as phone number 'In case we need to contact you' (which they never do) so I give a fake one. Then they insist on 2FA so I have to give my real number. Then of course they share their information with an endless list of third parties who take security very seriously and sell my data and then I get endless spam calls so I never answer my phone now if it rings.
Then add in all the 'AI' generated content and whole sections of the internet become at best untrustable and at worst unsafe. Yes, GoogleEarth and BBC Weather still works and the majority goes on as normal but there becomes a point where key parts will require so much effort to maintain that it brings no/minimal benefit and those key parts are the ones where money/power reside.
Initially we only needed a name to know who an individual was, then Name and an Address, then Name, Address and DOB, then Name, Address, DOB and phone number, then password, then 2FA... there is no end to that. I can see pressure to make a device that can only be tied to one individual and can 100% verify who they are (suspect it is not possible to create such a device).
My personal experience was with Hertz who took security very seriously so now my passport details and bank card details are out and about in the wild for whom-so-ever wants them. Thanks Hertz!
It only takes a tiny number of attacks to have a huge effect, especially on an individual (how many times in your life could you stand having your bank account emptied?).
As mentioned above it is also not aided by the systems, it is also compounded by the phone scammers too.
Systems have mandatory fields such as phone number 'In case we need to contact you' (which they never do) so I give a fake one. Then they insist on 2FA so I have to give my real number. Then of course they share their information with an endless list of third parties who take security very seriously and sell my data and then I get endless spam calls so I never answer my phone now if it rings.
Then add in all the 'AI' generated content and whole sections of the internet become at best untrustable and at worst unsafe. Yes, GoogleEarth and BBC Weather still works and the majority goes on as normal but there becomes a point where key parts will require so much effort to maintain that it brings no/minimal benefit and those key parts are the ones where money/power reside.
Initially we only needed a name to know who an individual was, then Name and an Address, then Name, Address and DOB, then Name, Address, DOB and phone number, then password, then 2FA... there is no end to that. I can see pressure to make a device that can only be tied to one individual and can 100% verify who they are (suspect it is not possible to create such a device).
My personal experience was with Hertz who took security very seriously so now my passport details and bank card details are out and about in the wild for whom-so-ever wants them. Thanks Hertz!
The user error stuff is interesting and a good point.
I was de-commisioning a server and just giving it a final check/nosey at the file structure. Noticed that the HR Business Partner had scanned and stored scanned contracts with bonus letters, passports, addresses etc into a share on the file server that was unprotected and completely open to anyone within the company. This was head of HR at a FTSE100 company!
Never amazes how stupid people can be regardless of their education and position on an organisational chart. That data breach didn't happen thankfully but wouldn't have needed a Kremlin hacker. Anyone who knows how to copy and paste or screenshot could've had a nice amount of info from that one.
I was de-commisioning a server and just giving it a final check/nosey at the file structure. Noticed that the HR Business Partner had scanned and stored scanned contracts with bonus letters, passports, addresses etc into a share on the file server that was unprotected and completely open to anyone within the company. This was head of HR at a FTSE100 company!
Never amazes how stupid people can be regardless of their education and position on an organisational chart. That data breach didn't happen thankfully but wouldn't have needed a Kremlin hacker. Anyone who knows how to copy and paste or screenshot could've had a nice amount of info from that one.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff