2,500 UK web sites hacked every hour

02 Nov 2010 View Comments
A Computing logo
Jason Hart
Jason Hart, the ethical hacker, explained that passwords are inherently insecure

Some 2,500 web sites with the .co.uk domain are hacked every hour, according to Jason Hart, senior vice-president of authentication specialist Cryptocard, who was speaking at the 'Cyber-Proofing the British Enterprise' event in London today.

Hart, who describes himself as an ethical hacker, blamed the increase in attacks on the proliferation of consumer devices and the growth of home working. He argued that organisations and users are also to blame for being too relaxed over password security.

Tony Neate, managing director of GetSafeOnline, a joint initiative between government, enterprises and law enforcement agencies to provide free security advice, agreed. Neate provided the example of a friend who had the link to his personal online banking tool on his iPhone.

"When I looked up the bank in the contacts section of his phone, sure enough there was his user name and password," Neate said.

But those of us who are more guarded with our passwords are equally at risk, as Hart demonstrated, with a live hack at the event.

He set up a portable wireless router, with a 3G mobile card connected to it, and simply named the network 'BTOpenzone'. IPhones are set to connect to any network with this name by default, and don't differentiate between the real BT network and rogue networks, such as Hart's.

He showed how simple it was to gather information on user names, passwords and IP addresses from this network, leaving no trace of the malicious activity.

"Once you have a user name and password, you're invisible," said Hart.

Once a cyber criminal has access to user names and passwords, they are able to take data or even complete control over web sites. Hart showed a web site where hackers go to brag about their conquests, called Zone H, where Berkshire council is near the top of a list of victims, having been hacked this morning.

The answer, according to the panel, lies in two-factor authentication. For example, where a user name and password is combined with a one-time code from a secure token. Security can be further enhanced by adding mutual authentication, where the other party also sends authenticating data back to the user, or out-of-bound authentication, which could send a code via a different medium, such as SMS.

Hart explained that varying levels of security can be applied in a scaleable manner depending on the individual, and the sensitivity of data they are likely to access.

Reader comments
blog comments powered by Disqus
Windows 9 - what do you want?

What would your business require from Windows 9 "Threshold" to make it an attractive proposition?

32 %
4 %
8 %
7 %
49 %