Neotec Computer

4/2/2012 10:38:00 AM
Cyber security more essential with attacks up
Scott Sanders/ssanders@dailyherald.comJeff Bingham, from Wheaton, travels all over DuPage County solving networking and computer security problems for business for his company, Neotec Computer Inc.
Scott Sanders/ssanders@dailyherald.com
Jeff Bingham, from Wheaton, travels all over DuPage County solving networking and computer security problems for business for his company, Neotec Computer Inc.
By John T. Slania
Contributing Writer

Suddenly, the Anonymous movement didn’t seem quite so faceless with the arrest of a native son.
Jeremy Hammond, born and raised in suburban Glendale Heights, was arrested in early March by FBI agents who accused him of being a “hacktivist” connected to an international cyber terrorism group known as Anonymous.
Hammond, 27, a graduate of Glenbard East High School and a one-time student of the University of Illinois at Chicago, didn’t fit the typical profile of a computer hacker: a sinister criminal banging away on a laptop in a Slovakian cybercafé.
But he was charged with being part of a group of hacktivists that has taken credit for attacking an array of government and corporate computer networks.
The arrest was a wake-up call for local companies that cyber attacks, and cyberterrorists, are not far from home.
“It’s a very real, very serious threat, and it happens a lot more than people think. Unfortunately, many companies think it will never happen to them,” said Jeff Bingham, president of Neotec Computer Inc., a Naperville-based computer support and security firm.
Nationwide, the number of computer security breaches, and the resulting costs, are on the rise.
There were 86 reported attacks on computer systems in the United States between October and February, compared with just 11 in the same time frame a year earlier, according to the U.S. Department of Homeland Security.
Each attack costs organizations an average of $6.75 million to repair, according to a recent study by the computer security firm PGP Corp. and the Ponemon Institute, an information management research company.
Those figures represent only the reported cyber attacks.
“A lot of companies don’t report attacks because they don’t want to alarm their customers,” Bingham said. “There are many cases where a hacker will steal information and ransom it back to a company. You never hear about it.”
High profile organizations that have been subjected to recent cyber attacks include Sony, PBS, the CIA, FBI and the Vatican.
The severity of the attacks ranged from complete security breaches to simple distributed denial-of-service or DDoS attacks, in which a site was flooded with visitors until it crashed.
Sony reported in early March that hackers downloaded the entire 50,000-track catalog of the late pop star Michael Jackson. This attack came on the heels of a hack on Sony’s PlayStation Network, in which the personal information of 77 million customers was stolen.
Less serious, but equally embarrassing, were DDoS attacks that took down the websites of the CIA and FBI.
“The attacks are becoming more sophisticated and are happening more frequently,” said Keatron Evans, a senior researcher with InfoSec Institute, an Elmwood Park-based organization offering security training classes.
Evans, who also operates his own computer security firm, Blink Digital Security LLC in Chicago, cautions that companies should be thinking about preventative security measures before a cyber attack takes place.
“Unfortunately, many times, companies don’t think about security until they’ve already been hacked,” Evans said.
As a result, a preventative computer security package that may have cost $10,000-$50,000 to install might balloon to $100,000 or more after an attack because a computer network must be sanitized, rebuilt and secured, local security experts said.
Another shortcoming of companies is that too much focus is placed on protecting the firewall, the main parameter around the computer network. While this is important, security experts are finding that more hacks are occurring beyond the firewall.
“Companies spend too much time on the firewall and not enough on all the other devices connected to the Internet that aren’t protected,” said Christopher Willis, director of security solutions for Sayers Inc., a Vernon Hills-based information technology and security firm.
Willis said all Internet-connected devices are subject to attack.
“If your salespeople are sitting in Starbucks using a laptop or iPad on the public wireless network, you’re company is susceptible to attack. If you use voice over Internet protocol phones — where your company’s phones use the Internet to make calls — you’re vulnerable. People don’t think about the printers. If they’re on a network and not locked down, they can be hacked,” Willis said.
Willis even warns corporations of people bearing gifts. That Trojan horse that invades the company network doesn’t always come from a cyber attack.
“Any plug-in device — like a flash drive — you get free at a trade show, you don’t want it. It can be loaded with malware, and when plugged into your computer, will take over your system,” Willis said.
Even Naperville is facing cyber attack concerns from some citizens as the city is implementing its Smart Grid Initiative, installing smart meters that transmit electricity usage data to the city’s electrical utility. Some citizens claim the meters are vulnerable to hackers, which the city refutes.
Ironically, while the Anonymous attacks are garnering the most publicity, they might actually pose the least threat to organizations because these hackers seem more intent on disruption rather than monetary gain, some security experts said. And in some respects, the Anonymous attacks have placed cyber security in the forefront of people’s minds.
“Anonymous has called the public’s attention to a point security experts have emphasized for too long: in many cases, Internet security is too easily breached,” said Richard Warner, faculty director of the Center for Law and Computers at IIT-Chicago-Kent College of Law.
Warner makes it clear that he does not approve of the Anonymous movement.
“Anonymous hacks are crimes, and crimes that may cause significant harm. To justify such civil disobedience, you would have to believe that we face a political and social system so unjust, corrupt, and unlikely to change that we are justified in violating criminal laws for the sake of effective protest,” he said.
But corporations would be wise to heed the larger lesson being taught by Anonymous, Warner said. “Corporations, but also end-users and others on the Internet are not as well prepared as we should be,” Warner said. “We lose more money, time, effort and other hard to quantify losses to unauthorized access than we should. We would save more by spending more on prevention.”

The 25 Worst Passwords on the Internet

If you’re trying to protect your email or your bank account online, the dumbest password you can use is … “password.” This is according to SplashData, a California software firm that happens, among other things, to sell an app that helps you manage your passwords.

The list is one of those things that’s fun to poke through, but security people remind us that we’re more vulnerable online than we like to think, and sometimes we make it easy for the bad guys. Take a look, and if you use one of these, SplashData says it’s probably a good idea to change it.

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passwOrd (The “O” is a zero here)
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Neotec Computer

Monday, April 2, 2012

Monday, March 19, 2012

Sunday, January 1, 2012

Wednesday, December 7, 2011

Monday, November 21, 2011