Six Biggest Rising Threats from Cybercriminals

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

1 2 Page 2
Page 2 of 2

For companies, it's a little trickier. Joffe says there is no way to prevent a hacker from setting up a fake Facebook page initially, but companies can use monitoring tools such as Social Mention to see how the company name is being used online. If an unauthorized page turns up, companies can ask the social network to remove the fake listing.

4. Cyberstalking

Social networks like Twitter and Facebook have changed the way we communicate in our personal and work lives, many would say for the better. Yet these useful portals also provide conduits that others can use to make our lives miserable.

Workplace-related cyberstalking might involve another employee or someone trying to steal company information, says personal safety consultant Kathleen Baty.

A relatively new concept variously called cyberstalking, cyberharassment or cyberbullying involves an individual or a group making repeated personal attacks online, such as posting negative comments on every tweet you make or posting crude altered photos of you on a social network. The perpetrators may hide behind online aliases to hide their identities. By law, cyberbullying becomes a federal crime if a stalker makes any life-threatening comments.

Most of us have heard of a handful of well-publicized cases of cyberbullying among teens, but it's also on the rise for adults who connect to social networks from their place of employment, according to Kathleen Baty, a personal safety consultant and CEO of SafetyChick Enterprises. These workplace-related attacks might involve another employee, or someone trying to steal company information.

"Cyberstalking in the workplace has become more and more common and is tough to define because there are so many different forms to threaten or harass in this digital world and so many different motives behind the behavior. It can be anything from a personal/romantic relationship gone bad, to a co-worker/business conflict, to a competitor trying to wreak havoc on a company," says Baty.

To keep cyberstalkers off company networks, businesses should implement all the usual corporate security tools, such as firewalls and encryption, Baty says. Additionally, companies should institute a social media policy that outlines clear guidelines for what kinds of information employees should and should not post or discuss on public sites.

If you do become a victim of cyberstalking or cyberbullying, Baty advises you to report it immediately to local law-enforcement authorities; if it happens at work, report it to your HR department as well. Don't delete harmful posts or other electronic communications, she says, but instead retain all documentation of incidents, mainly as evidence but also because the headers for e-mail and forum postings can be used to track down the offender.

That said, the best defense is to protect your personal information as carefully as you can. For instance, never reveal online such details as where you live, and don't announce your movements, such as that you are on vacation or home sick and have left your workplace computer open to attack -- which rules out public "check-in" social networks such as Foursquare.

5. Hackers controlling your car

The age of the connected car is dawning. Vehicles like the Ford Edge now provide 3G network access, a Wi-Fi router in the car, and the ability to tap into your home Wi-Fi network (only while parked). In the next few years, more automakers will provide wireless access for Web browsing and streaming high-def movies. And by 2013, a new FCC-mandated wireless signal called DSRC (dedicated short-range communications) will run at 5.9GHz and provide a vehicle-to-vehicle communication network.

For anyone who follows network computing or computing in general, adding these new features to a moving vehicle should raise a red flag as yet another way hackers can cause problems. Since these systems often tap into the car diagnostics and safety features, a hacker could potentially interfere with such systems and, for example, cause a car's engine to surge at just the wrong time, says Stephan Tarnutzer, chief operating officer at automotive control console manufacturer DGE.

While no real-world exploits are known to have happened, security researchers from the University of California, San Diego, and the University of Washington have hacked into the computers of several late-model cars and remotely disabled the brakes, altered the speedometer reading, turned off the engine, locked passengers into the car and more.

The research team's initial tests relied on plugging a laptop into the car's diagnostic system, but later tests identified other entry points for an attack, including the cars' Bluetooth and cellular connections. More wireless communications in future cars will create even more attack vectors.

The good news, Tarnutzer says, is that most of the forthcoming wireless technology for cars is for short-range communications -- say, from one lane to another or just as you pass through an intersection. That makes it difficult for hackers because they need to be in close proximity to the car.

Nevertheless, wireless connections in cars will undoubtedly make a tempting target for hackers. The answer, says Tarnutzer, is for the auto industry to use strong, hardware-based encryption technology.

For example, the OnStar communications and security service offers a theft-recovery feature that makes use of wireless signals. If your car is stolen, you can report the theft to the police, who then contact OnStar, which can transmit a signal over a 3G network to stop the accelerator from working in the stolen car. OnStar's transmissions are encrypted to thwart unauthorized attempts to tap into signals and interfere with vehicle operations.

Modules like this one that connect to car diagnostics systems are protected by strong encryption technologies. In the future, carmakers and the DOT will need to certify devices that connect to a wireless network.

Car companies are, of course, aware of the potential for hackers to disrupt in-car wireless services. Representatives from Ford and GM, for instance, said they are developing strong encryption standards for vehicle-to-vehicle and vehicle-to-back-end-infrastructure communications.

The technology for the connected car is for the most part still in a testing phase, says Tarnutzer. The DSRC network in particular will undergo thorough testing by both the car companies and the U.S. Department of Transportation to make sure it is hacker-resistant and uses strong encryption, he adds. "This is why it takes two to three years for an OEM to qualify a new vehicle, compared to six months for a new smartphone," he says.

6. GPS jamming and spoofing: Threat or nuisance?

Another emerging criminal tactic -- interfering with GPS signals -- has security experts divided on just how harmful it could become.

Jamming a GPS signal at the source is next to impossible, says Phil Lieberman, founder of enterprise security vendor Lieberman Software. Blocking the radio signals broadcast from orbiting GPS satellites would require a massive counter-transmission. And because the satellites are operated by the U.S. military, jamming them would be considered an act of war and a federal crime, says Lieberman.

However, it is easy to jam GPS receivers with a low-cost jamming device like one sold by Brando. The devices jam the GPS reception by overloading it with a similar signal -- the receiver becomes confused because it can't find a steady satellite transmission.

Lieberman says this kind of jamming is usually more of an annoyance than a major security threat. A hacker could, for instance, set up a jammer in an intersection and temporarily disable the GPS in passing vehicles. These attacks are relatively rare, says Lieberman: "It is usually just sociopaths doing this kind of thing."

Lieberman doesn't give much credence to fears about jammers disrupting airplanes or air traffic control systems, because those networks use a completely different GPS signal from the one we use in cars and handheld devices. Jamming could, however, be a potentially dangerous issue when it comes to financial records, he says, because GPS devices are used in the banking industry to add a timestamp to financial transactions. Although completely blocking transactions would be difficult, Lieberman said, an industrious hacker could theoretically disrupt transactions and cause headaches for banks.

Security expert Roger Johnston, a systems engineer at the Argonne National Laboratory in Chicago, says spoofing GPS signals is the greater danger, explaining that GPS receivers are low-power devices that latch on to any strong signal. In tests, he has set up a GPS spoofing signal, operated out of a passenger car, that sends erroneous GPS information to nearby receivers. "You don't have to know anything about electronics or GPS to set these up; they are very user-friendly," says Johnston.

car with GPS spoofing system
car with GPS spoofing system
The Argonne National Lab set up a spoofing system that fed inaccurate data to GPS receivers -- such as those found in ambulances or delivery trucks -- from the trunk of a car.

Johnston says spoofing could be used for serious crimes -- transmitting information to a delivery truck that routes it into a dark alley where criminals are waiting, changing the timestamps on financial transactions, delaying emergency vehicles from finding their routes. There have been no reported cases of GPS spoofing to commit a criminal act, but Johnston warns that government and business should work to deter the attacks.

Typically, he says, the security industry is reactionary: "We wait until there is a catastrophic exploit until we do anything about it." With about $15 worth of parts, today's GPS devices could be retrofitted to detect GPS spoofing and notify the user that an attack is underway, Johnston says, "but because almost nobody is interested in GPS spoofing, this is not a project we have pursued."

In the end, as Lieberman explains, there isn't a lot individuals can do to prevent GPS jamming or spoofing. If someone transmits competing signals as you drive in a car or use a handheld, the receiver will fail or be fooled -- but keep in mind that your GPS device will begin working properly again as soon as you move out of range of the jamming or spoofing device. However, it is worth noting that GPS jamming is illegal in the U.S. and violates FCC regulations. If you suspect jamming or see someone using a GPS jammer, report it to the police.

For all the other threats we've covered in this story, taking some extra precautions -- using strong encryption technology, engaging only with trusted friends on social networks, and using penetration testing software on corporate networks -- can help alleviate some fears, even if the bad guys keep coming up with new ways to make us nervous.

John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He's written more than 2,500 articles in the past 10 years. Follow his tweets at @jmbrandonbb.

This story, "Six Biggest Rising Threats from Cybercriminals" was originally published by Computerworld.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
1 2 Page 2
Page 2 of 2
 
Shop Tech Products at Amazon