Tag Archives: hacking

News

Featured Article : Forget Hacking, What About Tracking?

In this article, we look at the many different ways we are being tracked online, plus which measures users can take to avoid being tracked.

Why Are We Being Tracked? 

Internet tracking is used for a number of reasons, including:

– Improving user browser experiences on websites.

– For analytics to improve business performance and inform/feed-into marketing content strategies, and to monitor a website’s usability.

– To enable the targeting of users with advertising, and to generate revenue by selling data about our browsing activities.

Why Should We Be Concerned About Tracking? 

Some of the risks associated with tracking include:

– Privacy and security risks, i.e. our personal data being taken and potentially falling into the wrong hands / being used by cybercriminals, and companies building profiles of users based on sensitive information gained from trackers in websites.

– Matters of transparency and losing control of personal data. For example, where user data is stored and who has access to it is difficult to ascertain, and feeds into privacy and security worries.

– The possible contravention of a user’s legal rights and matters of consent. For example, GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) and others have meant that tech companies can no longer legally track everything that users do and share that data with multiple other third parties as they wish without permission. For example, in the UK, since GDPR’s introduction, websites must display cookie consent and privacy information displayed on the home page.

Most Websites Use Tracking Tools 

Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.

How Are We Being Tracked? 

The different ways that your browsing and free searching behaviour on the web can be tracked include:

– IP address tracking. The IP address (a string of numbers), set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.

– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising.  Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.

– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.

– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header. This ‘agent string’ contains information such as the browser (type and version) and operating system being used.

– Web beacons. These web bugs / tracking beacons track how a user engages with a specific webpage, including the content a user clicks on.

– Mouse tracking / cursor tracking software that records online users’ mouse movements to reveal how they interact with a website.

– Session replay scripts, i.e. programs that record a website visitor’s activity, such as mouse movements, clicks, and scrolls.

– Favicons (super cookies). These work in a similar way to cookies but are more difficult to decline or remove.

– Browser fingerprinting. This involves gathering and combining a variety of information about a user’s device to create a unique online identity which can be tracked.

– Cross-device tracking. This is the matching up of a user’s browsing habits across devices.

Tracked By Mobile Apps 

All mobile apps gather basic data, e.g. the user’s phone number and email address. Also, users are now tracked by 60 per cent of the world’s most used mobile apps (i.e. harvesting and storing data generated through private conversations). 80 per cent of mobile apps collect data on messages their users send and receive.

In addition to trying to gather data, some mobile apps also try to collect cookies, and 50 per cent of them can access a user’s photos and videos.

How To Avoid Being Tracked 

There are many ways that users can try to avoid tracking, including using:

– Incognito/private browsing mode.
– Private Browsers and Private Browser Extensions.
– VPNs.
– Other privacy tools

Incognito Mode / Private Browsing 

Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome.

Switching to this browser mode loads a new private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.

Private Browsers 

Neeva is a new advert- and tracker-free search engine which has just been launched in Europe by former Google executive Sridhar Ramaswamy, using funding by investors. Neeva offers free-to-use search and a password manager, and VPN (for a subscription). Neeva also stresses that its searches are free from bias / corporate influence, suggesting a more impartial experience.

For a more detailed picture of how much tracking is taking place when visiting web pages, Neeva’s Chrome browser extension lists the trackers installed on web pages visited. See https://neeva.com/.

DuckDuckGo is a privacy-centred search engine / privacy browsing app, which is available as a download for mobile devices and a Chrome extension. DuckDuckGo retains a user’s privacy by not saving the user’s browser history, forcing sites to use encrypted connections, blocking cookies and trackers (including ‘hidden trackers’ before they load), and by stopping a user’s searches being sold to third parties for profiling and advertising.

DuckDuckGo employs Smarter Encryption which utilises a list of millions of HTTPS-encrypted websites, which has been generated by continuous crawling the of the web instead of crowdsourcing, thereby keeping it current. Also, DuckDuckGo’s Smarter Encryption enables users to be extra-secure in their browsing by being able to detect unencrypted, non-secure HTTP connections to websites and then automatically upgrading them to encrypted connections. See https://duckduckgo.com/.

Epic is a privacy and security focused, Chromium-based browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (with servers in 8 countries). See https://www.epicbrowser.com/.

The Brave privacy-focused, Chromium based browser that is free and open-source. It blocks ads and trackers and allows users to use a Tor in a tab to hide history, and masks location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination. See https://brave.com/.

The Tor browser uses a distributed network (randomly selected nodes) to anonymise a user’s IP address and encrypts traffic. This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor. However, Tor is also used for accessing and is associated with the ‘dark web.’ See https://www.torproject.org/download/.

Private Extensions For Browsers 

Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on. Examples include:

– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.

– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.

– Cookie AutoDelete. This is an extension for erasing cookies for a browser tab when it closes.

– HTTPS Everywhere. This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.

VPNs – Will Using A VPN Stop You From Being Tracked? 

The short answer is no. Although a virtual private network (VPN) routes a user’s internet through another computer (where many other users of the VPN are using the same IP address) making tracking difficult, it does not stop tracking altogether.

A VPN makes a secure connection to another network over the Internet, encrypts traffic, and hides the user’s IP address. However, VPNs do not protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they are logged into (e.g. Google), or from any VPN’s that keep logs of user activity and which could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.

Other Privacy Tools 

Examples of some other privacy tools that users can choose to avoid being tracked include combination firewall, antivirus, and VPN tools like Norton 360 Deluxe or Panda Dome, or web proxy tools like Privoxy.

Third-Party Cookies Being Phased Out 

Some recent ‘good’ news in the tracking world is that last year Google announced that it was phasing out third-party cookies (over two years) and would not use other technology to replace these cookies or build features into its Chrome Browser to allow itself access to that data. Google said that it would be switching to Federated Learning of Cohorts (FLoC), a method which groups what it categorises as like-minded online users together so they can be collectively tracked.

What Does This Mean For Your Business? 

The risk of cybercrime, data breaches, and simply being targeted by advertisers mean that for most business users, the security of knowing that they’re not being tracked and that there is a high level of privacy protection by default may be an attractive and useful part of company security measures. Also, using a trusted app/extension/desktop browser may be a convenient way to get greater peace of mind and ensure that all reasonable measures are being taken to cover the many angles of security and privacy. For many businesses, it is likely to be a case of a combination of privacy solutions, e.g. VPNs, secure browsers and extensions, and other privacy tools being used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders.

News

What SMEs can learn from high-profile cyber-attacks

Just under half of all cyber-attacks are aimed at small to medium-sized businesses but, the risk isn’t limited to just those organisations. It is a risk that everyone faces, even national and international brands.

This week, budget airline company, EasyJet, fell victim to a cyber-attack. Around nine million people’s travel information and contact details were hacked in the breach along with 2,208 customers’ credit card details.

In a statement, EasyJet clarified to its customers that “issues of security are taken extremely seriously” and customers who have had their credit card details accessed are being contacted.

The news of the cyber-attack came just days after UK Foreign Secretary Dominic Raab highlighted the rise in cyber hackers looking to exploit vulnerabilities and steal valuable information during the coronavirus pandemic.

EasyJet is not the only high-profile organisation to fall victim to such highly sophisticated cyber-attacks. The likes of the NHS, British Airways and cleaning company ISS World have all been at the centre of huge hacks or data breaches. 

What is a cyber-attack?

As defined by the National Cyber Security Centre, cyber-attacks are “malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means”.

Cyber-attacks can come in many guises. Being aware and taking preventive steps against them are the best ways to protect business from an attack.

What are the different types of cyber-attack?

There are two different categories of cyber-attack; targeted and untargeted. Each category contains different ways that hackers can target an individual or organisation.

Untargeted attacks are not specifically aimed at any one type of person or organisation. They seek out multiple revenues for exploitation. These include:

Phishing – whereby emails are sent out to a large number of people asking for personal data or containing fake links which often contain harmful material

Water holing – compromising a legitimate website or creating a fake one for users in order to exploit them and their personal details

Ransomware – a type of malware which criminals use to gain access to and lock users out of files. Files that have been locked will often be used as leverage for ‘ransom’ to have the files returned

Scanning – searching a large area of the internet randomly to find sites to attack

Targeted attacks are aimed at an individual or organisation that has been singled out and often more thoroughly thought out and damaging. These include:

Spear phishing – similar to phishing however the emails are sent to targeted individuals

DDoS extortion distributed denial of service attacks are attempts to overwhelm a website by supplying it with a large amount of traffic. This typically results in a server crash. Criminals will contact organisations and threaten to subject them to a DDoS

Subverting supply chain – this involves attacks on software or other suppliers that the organisation relies on

How do I protect myself or my organisation from cyber-attacks?

The variety of cyber-attacks and the ways in which hackers operate can be daunting, however you can protect yourself and your organisation. Bigger companies, such as EasyJet, are more at risk from more sophisticated and targeted attacks while SMEs are more likely to fall victim to untargeted attacks. SMEs can protect themselves against these types of attacks by taking preventative measures.

Not all measures to protect yourself from cyber-attacks have to be complex. Simple steps such as having secure passwords and installing security software all go a long way to protecting your computer or devices. Read our blog for six top tips for increasing your computer security.

During COVID-19 we are providing our clients with access to training, including topics such as cyber security, to pass onto their employees. Internal training on matters such as this can reduce the risk of attacks which include a decision made by an employee, for example, opening a scam email or attachment.

In a society where cyber threats are evolving at a rapid pace, the need to keep on top of cyber-security, is vital and even the most experienced computer users can run into issues. If you need advice, feel free to contact us.

News

Beware of hackable smart home devices

Here are SMY IT, we are a big advocate of evolving technology and we embrace it into our own tailored IT solutions for our clients. However, the progression of technology also opens the door for hackers. They can use smart systems against you for their own personal gain. This means you need to be extra careful about smart home devices. You can do this by making sure you take the necessary precautions to prevent a security breach.

What are smart home devices?

Smart home devices are still a relatively new concept, but you most likely already use them! They are essentially devices that allow you to control lighting or thermostat, as well as playing music. They’re basically devices that help you control what happens in your home. Examples of these include the Amazon Echo range, which permits you to control these activities using your voice.

Why are smart home devices hackable?

Sometimes, the vendors are solely focused on the functionality of the product with little regard for anything else such as security, meaning it’s even easier for them to hack into your networks.

How can I make my smart home devices more secure?

Make sure you create secure passwords for each of your device, try not to use the same one twice. You can also ensure you have two separate wireless networks at home – one for your smart home devices and one for everything else. You should make sure you have security software installed such as anti-malware and firewalls to protect against these external threats, and making sure your product has the latest updates will ensure it has the most recent security measures.

This information shouldn’t make you afraid to use smart home devices, as these devices are very useful, hence why they’re so popular! You should simply be wary that hackers could be trying to compromise your personal data.

If you’re worried about this or want advice on how to protect your devices, give us a call. We’d be happy to help.