Tuesday, October 6, 2009
Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said in response to an AFP inquiry.
"We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
Microsoft said it learned of the problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.
Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.
"This was not a breach of internal Microsoft data," the Redmond, Washington-based technology firm said.
"Phishing is an industry-wide problem ... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software."
Microsoft is also advising Hotmail users to change their account passwords every 90 days.
Sunday, October 4, 2009
WASHINGTON — When swine flu broke out, the government revved up a massive information campaign centered on three words: Wash your hands. The Obama administration now wants to convey similarly clear and concise guidance about one of the biggest national security threats in your home and office — the computer.
Think before you click. Know who's on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.
The Internet, said former national intelligence director Michael McConnell, "is the soft underbelly" of the U.S. today. Speaking at a new cybersecurity exhibit at the International Spy Museum in Washington, McConnell said the Internet has "introduced a level of vulnerability that is unprecedented."
The Pentagon's computer systems are probed 360 million times a day, and one prominent power company has acknowledged that its networks see up to 70,000 scans a day, according to cybersecurity expert James Lewis.
For the most part, those probes of government and critical infrastructure networks are benign. Many, said McConnell, are a nuisance and some are crimes. But the most dangerous are probes aimed at espionage or tampering with or destroying data.
The attackers could be terrorists aiming at the U.S. culture and economy, or nation-states looking to insert malicious computer code into the electrical grid that could be activated weeks or years from now.
"We are the fat kid in the race," said Lewis. "We are the biggest target, we have the most to steal, and everybody wants to get us."
And if, for example, the U.S. gets into a conflict with China over Taiwan, "expect the lights to go out," he said.
The exhibit at the Spy Museum — "Weapons of Mass Disruption" — tries to bring that threat to life.
A network of neon lights zigzags across the ceiling. Along the walls computer screens light up with harrowing headlines outlining the country's digital dependence. Drinking water, sewer systems, phone lines, banks, air traffic, government systems, all depend on the electric grid, and losing them for weeks would plunge the country into the 1800s.
Suddenly, the lights go out and the room is plunged into silent darkness.
Seconds later as the sound system crackles, a video ticks off a pretend crisis: no food, no water, system shutdown.
That faux threat has become a prime concern for the government, but fully protecting the grid and other critical computer systems are problems still waiting a solution.
Federal agencies, including the Pentagon and the Department of Homeland Security, are pouring more money into hiring computer experts and protecting their networks.
But there are persistent questions about how to ensure that Internet traffic is safe without violating personal privacy.
One answer, experts said last week, is to begin a broader public dialogue about cybersecurity, making people more aware of the risks and how individuals can do their part at home and at work.
Some will find it easier than others.
Much of the younger generation has grown up online and are more likely to know about secure passwords, antivirus software and dangerous spam e-mails that look to steal identities, bank accounts and government secrets.
Older people moved into the digital universe as it began to evolve and most have not grown up thinking about how to protect themselves online.
"Detection and prevention are fast, but crime is still faster," said Phil Reitinger, director of the National Cybersecurity Center. The key, he said, "is to make sure that we're all getting the word out about not only the seriousness of the threat, but the fairly simple steps that people can take to help secure their systems and their lives and families from the threats that are out there."
In the computer world, "wash your hands" is less about tossing your keyboard into the dishwasher — although some have tried — and more about exercising caution.
Those steps include:
- using antivirus software, spam filters, parental controls and firewalls.
- regularly backing up important files to external computer drives.
- thinking twice before sending information over the Internet, particularly when using wireless or unsecured public networks.