Made this happen
Ask A Hacker: How Can We Protect Our Devices From Cyber Attacks?
The Debrief: We asked an actual (former) hacker...
Last week, the NHS was hit by a massive cyberattack which meant hundreds of their systems were shut down by a virus called WannaCry. The cybercriminal hackers, surely knowing the NHS needs more, not less money, held each system to ransom, demanding that a ransom be paid (this is why the software they deployed is known as ‘ransomware’) in order for the computer to be freed up. It affected 200,000 organisations in 150 countries, including 47 NHS trusts. This caused operations to be cancelled, and patients to be turned away from A&E. In the end, a young hacker called Marcus Hutchins from Devon saved the day by providing a simple patch for the problem.
But how much could a potential hack affect you? How can you keep your devices - laptop, phone and tablet - free from viruses? The Debrief caught up with Jake Davis, another young hacker - or, well, former hacker, who used to work under the name of Topiary for the Anonymous hacking group and has even served time for his crimes!
Hi Jake, should the average person be worried about their device being hacked?
Yeah, for sure. The good news is that it’s very easy to patch against. With the recent NHS hack it was actually extremely amateur stuff, it could all been fixed by patching one thing. Keeping systems up to date stops 95% of ransomware.
What’s the difference between ransomware and malware?
Ransomware is a type of malware: the ‘mal’ means malicious. Other kinds of malware included adware which is spamming or spyware, where the virus sits on your computer and records everything you do, or activates your webcam. I was trying to come up with a ransomware that doesn’t ask for money, it just ask for a poem or something endearing
That’s very sweet of you! Is a computer completely damaged for good once it has malware on?
No, unless it’s government-level hacked, where the malware takes over parts of the machine and then requires a massive wipe, a lot of ransomware will go away once you pay the ransom, or when some clever security researchers find a way to automatically decrypt the files (that have been encrypted by the hack). Adware stuff is quite easy to get rid of, too, but if you’re targeted directly by someone, once they’re in the system, what they might want is your password or pictures. Very few viruses actually sit on a system for long but there is a paranoia - I’ll never touch a computer that’s been through something like that, even if I knew it was 100% gone.
What’s the likelihood of the average tech user being hacker?
It’s not very but not to go full Fight Club, but after a large enough period of time everything will be hacked. It’s not normally an individual person being hacked, but most hacks occur when the people we put our trust in are hacked, rather than us ourselves.
If you asked me a few years ago, I’d say that everything is doomed because the government don’t trust hackers, but these days there are so many different companies and banks have programmes out there that allow hackers to find bugs in the system and fix it. Security has gone through the roof, but to mitigate the risk you have to accept mentally that the internet is not this big secure place. Ask yourself: ‘I can put this on here, but if it’s compromised what would that mean? Can I get everything back?’
Phishing is something people are quite easily susceptible to (it’s how many nude photos of celebrities were released without their consent in 2014), how different is phishing to hacking?
Phishing is when someone with a company or personal email receives an email claiming to be from someone you know, or it appears to be a legitimate request, like a fake Paypal or WePay email. You open the email, you go through to a link and that asks for credentials, or you open an attachment, and then your information is stolen via a fake website or a hack that infects your system with a virus. It’s the easiest thing to do and hackers do look down on phishers because it’s such a low-level annoying thing to do. It’s also the most effective because it relies on human error. Even if the system is up to date, as in, no amount of basement dwelling, Doritos and Mountain Dew consuming weeks of research from a hacker would break a system, all the phisher needs to do is send an email pretending to be a marketing team from someone’s company and 10 minutes later, they own the while company. There’s training to be put in place, because hackers do fall back on phishing because it genuinely works: you wake up at 6am and you’ve got a work phone and you just happen to click on the wrong email…everyone makes mistakes.
Are there risky behaviours people should not be engaging in if they want to be safe from hacking?
I guess Cloud storage is one big thing. Tech companies do their best to keep things secure, but it depends on third party websites, uploading your files or syncing your computer to as many places as possible is probably a bad idea, also don’t use the same email address everywhere, because if hacker manages to hack some tiny blog you signed up to two, three years ago, they could have the same credentials you use for your bank account. It can be quite therapeutic to have a bit of a clean up online, just like you would in your house. Hackers in security now work on giving workshops to famous and public individuals, sitting them down and saying ‘Right, this isn’t good, your password on neopets is the same as your bank account password!’
I barely back my phone up, I can’t even see the new emojis! How can tech companies get people to keep their devices up to date?
Emojis are a great incentive! But really, update buttons should be branded more explicitly, like saying ‘Your stuff isn’t secure right now, it will probably be hacked and you will probably regret not updating’ Updates sink into our heads as pieces of marketing, that’s there to get in the way and annoy us, like an advert. But when something like this NHS thing happens everyone goes ‘Oh, I should do an update’. Sadly, the best - well, the worst, but most effective incentive - for people to update is seeing things actually being hacked, which is horrible.
You might also be interested in:
Follow Sophie on Twitter @SophWilkinson
At work? With your gran?
You might want to think about the fact you're about to read something that wouldn't exactly get a PG rating