While South Africans are obsessed with physical safety
Wednesday saw a major victory for the online hacking community: six million encrypted passwords were successfully “stolen” from LinkedIn and published on a Russian website, along with an open invitation for hackers to decrypt the data.
The experience left many of South Africa’s 1.6 million LinkedIn users scurrying for virtual “cover”, as they changed their passwords to pre-empt a personal security breach.
According to Panda Security country manager Jeremy Matthews, it also highlighted something about South African internet users: a naive “carelessness” about our security measures online.
“As South Africans, we’re very conscious of physical security and traditional crime. But [what we don’t realise] is that there is as much danger in the the online world as there is in the physical one,” he said.
National oblivion, he stated, happens because South Africans are not “conscious” of our “shift from the physical to the digital”. This leads to a naivete that makes us more vulnerable to virtual attack, he said.
The weakest link
And public vulnerability is a hacker’s biggest opportunity.
Illustrative of this is the second wave of online-intruder-opportunism that saw hundreds complaining on Twitter on Thursday. Fake emails bearing the LinkedIn logo invited users to enter their new password after clicking on a link.
Unaware that LinkedIn’s Vicente Silveira has indicated that “there will not be any links” in the authentic directive email from the company, many users unwittingly provided their new passwords to further would-be invaders.
But according to Matthews, the problems stemming from this “would not have been so bad if people had better passwords”.
“People need to learn the necessity of password management. Digital security is part technology, part management,” he said.
Robert Fall, a web application developer in Cape Town, explained the knock-on effect of poor password management.
“If someone has used the same password on another account, the intruder would now be able to gain access to both,” he said.
“People may say ‘if someone gets access to this silly little blog, I don’t really care’. But what they don’t realise is that if someone accesses that blog, then they know your email address, and then they could re-set the password to your internet banking,” added one of Fall’s colleagues.
“Basically everything you have online is linked to your email address. Once hackers have access to that, your entire online personality is at risk.”
How to up our virtual ante
According to Fall, one way to avoid becoming an easy target is to use a “strong” password.
Strong passwords contain a combination of letters and digits, and are not related to anything personal about the user.
“If you posted the name of your dog on facebook, and also put it as a password question on gmail, you are at risk,” he said, explaining how easy it is to unwittingly link a password with personal details that are publicly available.
Another way, he said, is to have separate passwords for each account – thus limiting the damage to only one account if a hacker ever did invade.
For Matthews, the public must realise that “just because you have an anti-virus or a firewall installed, it doesn’t mean you are safe.
What we need is human firewalls!” he said. Part of Matthews’ suggested “human fire-walling” is making sure that users do not share passwords or discuss sensitive information within earshot of others.
In spite of his belief that people are far more aware of security risks today than they were a year ago, Matthews said “we [still] need to up our game, both at a corporate level and a personal level.”
“As a South African, I might have electric fencing and security beams – and that’s all well and good – but I still need to be careful who I answer the door to,” he said.
How to reset your LinkedIn password. Click here
Check if you LinkedIn account has been hacked. Click here