If computer “hacking”/penetration testing is something you are interested in, and to make a career of it to work with a reputable company to test the security of companies’ environments, as we’ve said before, contact us for information on how you can get started and we’ll help you with areas of study. Most people start off on their own and become self-taught until a certain stage where it helps to join the likes of a Securus Global. If you fit into any of these categories, here’s the document you should read first. Don’t get yourself into trouble. Learn the law:
http://www.comlaw.gov.au/Details/C2004A00937/Download
Download the Cybercrime Act and understand the scope of boundaries of what you can do on your own. And if in any doubt about your research, don’t do it…check with people who know first.
Tag Archives: cybercrime
Online Frauds and Scams – how safe are you online?
By Helen Teixeira, Securus Global
Originally published in Profile Financial Services – Summer 2013 Newsletter
“Technology is a queer thing. It brings you great gifts with one hand – and it stabs you in the back with the other.”
This quote from CP Snow (a respected 20th century UK scientist and author) could have been written specifically for the internet age. This incredible resource, which has brought us unimagined access to knowledge and huge productivity growth, hasn’t come without a cost. These tools are now available to fraudsters and scammers as well as legitimate individuals and businesses, and they are being used to serve criminal as well as positive ends. This article looks at who the attackers are, how they attack, and what you can do to protect yourself online.
How big is cybercrime?
According to the ABS, between 2007 and 2011 the number of victims of personal fraud in Australia increased from just under 800,000 to almost 1.2 million – an increase of 50% in just a few short years*. Around the world, “Cybercrime” is a well-funded, sophisticated global industry estimated to be worth around USD 388 billion annually – bigger than the legitimate global travel industry***.
The attackers
Around 80% of cybercrime is believed to be perpetrated by organised cells**. The industry is very attractive to organised crime for many reasons: the pool of easily-accessible victims is huge (every individual and business connected to the internet worldwide), the technology and expertise required to exploit them is cheap, and enforcement and recovery is hampered by national borders and jurisdictional issues.
AFP issues young people with warnings for cybercrime activities
Cybercrime is no longer solely the domain of professional criminals. Today, many teenagers and young adults have access to complex technological equipment which can be exploited for criminal purposes.
That is why constant vigilance through penetration testing or ethical hacking assessment is so important in ensuring that businesses keep private information safe and secure at all times.
Yesterday (June 26), the Australian Federal Police (AFP) released information on an operation that saw six young people issued with warning notices for suspicion of cybercriminal activities.
Earlier this month officers attended residences in Brisbane, Sydney and Perth in order to educate both the suspects and their guardians on the risk of such behaviour.
“Activities such as hacking, creating or propagating malicious viruses or participating in DDOS attacks are not harmless fun,” said the national manager of high tech crime operations Neil Gaughan.
“They can result in serious long-term consequences, such as criminal convictions and perhaps jail time.”
However Mr Gaughan added that no arrests had been made, and that the operation was purely intended as a deterrence measure to help educate the community while preventing any further illicit behaviour from taking place.
“These activities are just part of the on-going commitment by law enforcement to deter cyber criminals,” Mr Gaughan added.
Serious cases of cybercrime being perpetrated by young people are becoming more common in the media. Earlier this month, Essex police indicted a 19-year-old man on suspicion of violating the Computer Misuse Act and the Criminal Law Act 1977.
Ryan Cleary was accused of developing and maintaining a large botnet which was used to conduct DDOS attacks as part of the Lulzsec hacking group.
According to the AFP, hacking and other computer related cybercrime offences can carry a maximum penalty of up to ten years in prison.
The AFP encourages Australians to use the internet and other technology safely in order to ensure they stay safe from cybercrime.
Vulnerability management vital in battle against online threats
It’s no secret that businesses need to take measures to protect their essential data on a regular basis – ever-changing cyber threats mean that security processes also need to evolve.
When it comes to monitoring an organisation’s security, it’s important to consider the various option – internal reviews, third-party testing, or a combination of the two.
Often, internal reviews on their own can be inefficient – which is why an impartial assessment can be a useful measure of how effective security measures are.
This provides a thorough breakdown of strengths and weaknesses – a team of highly trained experts can seek out and identify the most common flaws in security systems, as well as locating out-of-the-box problems which may not occur to those without specific industry knowledge.
Once those vulnerabilities are assessed, it is then essential to evaluate how any potential weaknesses affect the security of your business.
A good risk assessment will address any changes that need to be implemented, schedule further evaluation for future dates when security could again become compromised, and plan for the future.
Internet and computer technology is constantly evolving, with new software designs and systems emerging on a regular basis. Businesses who allow their vulnerability management systems to stagnate are potentially putting themselves at risk.
Not having complete security measures in place can have a range of consequences, ranging from simple lapses in security which make confidential documents available to unqualified employees to creating backdoors that are susceptible to cybercrime.
Aus-US alliance to combat cyber crime
A new collaboration between Australia and the United States will improve cyber security standards at home – as well as across the globe, according to Nicola Roxon.
The Australian attorney-general, who is also the minister for emergency management, stated last week (May 18) that recent discussions between US and Australian policymakers in Canberra spelled good news for cyber security management.
Roxon said: “Countries everywhere are increasingly reliant on critical infrastructure such as telecommunications, which enables online activities that contribute to global commerce and trade and play an increasingly important role in national security.”
She added that while such activities have a widespread benefit to the Australian and US economies, they also pose new risks and challenges when it comes to cyber security management.
The two nations will work closely in the coming years to actively combat malicious activity in the online space – and will meet regularly to discuss effective strategies for cyber security co-operation. The May 18 statement of cyber security intent follows a number of other statements jointly signed between the United States and Australia that will foster greater collaboration when tackling international crime.
According to Roxon, the latest collaboration will primarily centre around digital control systems and other aspects of critical infrastructure.
Under the new agreement with the United States, the two countries will create collaborative education and training opportunities , as well as an exchange of information – such as IT and cyber security best practices.
National cyber incident response teams in both nations will also work closely with one another to share information and awareness on specific cyber security incidents and issues. Representatives from Australia and the US will meet annually for progress reviews – identifying successes and challenges.
Earlier this year, Roxon also announced the creation of an Australian branch of CREST – the Council of Registered Ethical Security Testers.
This represents another significant collaboration with international security efforts – CREST Australia is affiliated with CREST Great Britain, which requires its members to meet competency requirements by passing a series of exams.
CREST Australia’s role is to create and enforce the ground rules for Australian cyber security testing – a move that will ensure penetration testing and other work carried out by security professionals is carried out to a recognised standard.
In March, Roxon asserted that the creation of CREST Australia would establish clear and uniform cyber security testing standards.
Red cell testing takes on mobile security
When considering an organisation's digital security, it is commonplace for workers to take into account common features such as password strength and regular updates of antivirus software.
While these certainly help to form part of a strong security plan, these components do not constitute a complete suite of protection.
This is because malicious parties are constantly evolving the way they seek out information that can be used in a penetration attack.
As an example, the 2012 Threat Report by Websense Security Labs analysed over 200,000 smartphone apps and found what it calls "a noticeable percentage" of the mobile programs were containing elements of malware and non-essential permissions.
The report states: "The popularity of mobile devices is creating a large target installed base and cybercrime is actively innovating to harvest information for profit."
On top of this, researchers found that 51 per cent of mobile users turn off password permissions and security protections on their devices – making a lost or stolen phone a valuable commodity for malicious parties.
This is just one of the avenues that red cell testing teams could use when helping to examine possible exploitation routes – making use of the same methodologies and processes as real-world hackers and data thieves, but without the danger of losing control of proprietary information.
Securus Global 