YORK, England, May 26, 2011 /PRNewswire/ -- People can learn how
to hack into someone's account in less than 15 minutes findings
from a live investigation revealed.
In a controlled 'classroom' experiment conducted by life
assistance company CPPGroup Plc (CPP), a small group of
volunteers with limited technological knowledge, who signed a
disclaimer saying they would not use the information for illegal or
malicious attacks, followed a online tutorial using a 'man in the
middle' technique to hack into a computer network and obtain each
other's login details.
CPP's volunteers - including a TV producer, a self-employed
baker and a retiree - simply followed a 14-minute classroom-style
tutorial which is freely available online. From this they were able
to download hacking software which allowed them to access login
details and passwords for e-mail accounts, social networking sites
and online shopping accounts within a matter of minutes.
And supporting research reveals what could happen as a result –
over seven million people have had online password-protected
information accessed without their permission. Of these, nearly a
quarter (24 per cent) claim to have had their personal e-mails
accessed as a result, with 19 per cent saying their eBay accounts
have been hacked. In an age of social media, 16 per cent(1) say their social networking profiles have
been hijacked and 10 per cent claim to have had money or a loan
taken out in their name.
The opportunity for hackers to target users in this way also has
the potential to grow due to the dramatic increase in the number of
public Wi-Fi networks and smartphones with inbuilt Wi-Fi
connectivity in recent years.
With over 20,000 videos on YouTube with basic hacking
information tips teaching users how to hack social media profiles,
e-mail, smartphones and PayPal accounts, it seems the internet's
capacity to host this type of material remains unchallenged.
These online hacking tutorials are widely known about with
almost a fifth (17 per cent) of people aware of their existence.
But the vast majority (87 per cent) agree that this kind of
material should not be available online. The majority (63 per cent)
think 'hacking' tutorials should be removed from the internet; with
over half (56 per cent) saying the Government should take action to
remove 'hacking' tutorials from the internet. A similar number (59
per cent) feel these videos and step-by-step guides increase the
risk of identity fraud.
CPP is urging people to take steps to protect themselves from
online hackers where possible, and urging the Government to take a
stronger stance on internet hacking tutorials.
Identity fraud expert from CPP, Michael
Lynch said: "The recent Sony security breach that saw a
hacker gain access to the personal data of more than 100 million
online gamers including people in the UK has demonstrated the
growing and widespread risk that hackers pose to consumers and
businesses. It is important people are aware of the risks so they
can take the necessary steps to protect their identities and manage
any compromised data. As our live session has shown, these hacking
'skills' can be applied within minutes, so it's crucial for
consumers to take steps to protect themselves."
"With an increased demand for tighter online security, we're
calling on the Government to review access to these online hacking
lessons and implement tighter regulation of internet hacking
communities."
The technique taught in the live session known as 'man in the
middle' hacking works by the 'hacker' intercepting communications
between two people or what an individual is viewing on the
internet. As a user logs in to their online account, their
username and password appears on the hacker's own desktop, allowing
them to store this sensitive information and access someone's
account – either immediately or at a later date.
In addition to the 'man in the middle' hacking technique used,
step by step video internet tutorials are thriving with hacking
tutorials available for PayPal, Facebook, iPhones, Networks, Apps,
MySpace, Twitter, BlackBerry and CCTV.
Robert Chapman, CEO of
Firebrandtraining.co.uk, who were commissioned by CPP to carry out
the tutorial said: "The wide availability of free hacking tools is
a real concern, and everyone is a target. These resources are only
going to grow and become more advanced, meaning that organisations
and individuals must take steps to protect themselves. It's
imperative to keep anti-virus and firewall software up to date and
change passwords to online accounts regularly. Also use common
sense – if security warning messages appear in your browser, don't
ignore them as this could be an indicator that your network has
been hacked. We demonstrated how a very basic way of hacking could
be used to steal millions of pounds from the unprepared."
CPP's top tips on protecting your information from
hackers:
1. Change your passwords regularly - the longer and more
obscure, the better
2. Leave a website if you notice strange behaviour (unknown
certificates, pop-ups etc.)
3. Avoid transmitting sensitive data over public (free or
otherwise) Wi-Fi
4. When seeking Wi-Fi connections: know who you are connecting
to, be wary of free Wi-Fi access
5. If using a smartphone: disable Wi-Fi 'auto-connect'
6. If you are concerned about identity fraud, consider
purchasing an identity fraud protection product to help you detect,
prevent and resolve any incidence of the fraud
The Golden Rule is that unless you know your connection is
secure, do not communicate any information or data that you
wouldn't feel comfortable shouting across a crowded room.
If you want more information on how to protect yourself or see
how these experiments worked, please visit CPP's blog
Research Methodology
ICM interviewed a random sample of 2005 adults aged 18+ online
between 19 – 20 April 2011. Surveys were conducted across the
country and the results have been weighted to the profile of all
adults. ICM is a member of the British Polling Council and
abides by its rules. Further information at
www.icmresearch.co.uk
A live experiment was also carried out on April 18 2011. Firebrandtraining.co.uk were
commissioned by CPP to conduct a tutorial teaching five
participants how to download hacking software available in the
public domain and capture users' login details for various online
accounts, including PayPal, Hotmail and Amazon, with the objective
of the session being:
- Demonstrate how long it takes to teach a class of individuals
with no prior hacking experience and limited technological
knowledge to learn how to hack into another user's online
account
- Demonstrate how quickly these skills can be applied in order
for the participants to hack into another user's online
account
The five participants who took part in the class were a range of
ages and occupations.
All participants signed a disclaimer to state that they would
not use the software and skills demonstrated by Firebrand Training
for illegal or malicious attacks.
Corporate Background Information
The CPPGroup Plc
The CPPGroup Plc (CPP) is an international marketing services
business offering bespoke customer management solutions to
multi-sector business partners designed to enhance their customer
revenue, engagement and loyalty, whilst at the same time reducing
cost to deliver improved profitability.
This is underpinned by the delivery of a portfolio of
complementary Life Assistance products, designed to help our mutual
customers cope with the anxieties associated with the challenges
and opportunities of everyday life.
Whether our customers have lost their wallets, been a victim of
identity fraud or looking for lifestyle perks, CPP can help remove
the hassle from their lives leaving them free to enjoy life.
Globally, our Life Assistance products and services are designed to
simplify the complexities of everyday living whether these affect
personal finances, home, travel, personal data or future plans.
When it really matters, Life Assistance enables people to live life
and worry less.
Established in 1980, CPP has 11 million customers and more than
200 business partners across Europe, North
America and Asia and
employs 2,300 employees who handle millions of sales and service
conversations each year.
In 2010, Group revenue was 325.8 million pounds, an increase of
more than 12 per cent over the previous year.
In March 2010, CPP debuted on the
London Stock Exchange (LSE).
What We Do:
CPP provides a range of assistance products and services that allow
our business partners to forge closer relationships with their
customers.
We have a solution for many eventualities, including:
- Insuring our customers' mobile phones against loss, theft and
damage
- Providing assistance to cancel and reorder customer's payment
cards should these be lost or stolen
- Providing assistance and protection if a customer's keys are
lost or stolen
- Providing prevention, detect and resolution assistance to
protect customers against the insidious crime of identity
fraud
- Assisting customers with their travel needs be it an emergency
(for example lost passport), or basic translation service
- Monitoring the credit status of our customers
- Provision of packaged services to business partners'
customers
CPP is an award winning organisation:
- Finalist in the Plc Awards, New Company of the Year, 2011
- Winner in the European Contact Centre Awards, Large Team of the
Year category, 2010
- Finalist in the European Contact Centre Awards, Best Centre for
Customer Service, Large Contact Centre of the Year categories,
2010
- Finalist in the National Sales Awards, Contact Centre Sales
Team of the Year category, 2010
- Finalist in the National Insurance Fraud Awards, Counter Fraud
Initiative of the Year category, 2009
- Finalist in the European Contact Centre Awards, Large Team and
Advisor of the Year categories, 2009
- Named in the Sunday Times 2008 PricewaterhouseCoopers Profit
Track 100
- Finalists in the National Business Awards, 3i Growth Strategy
category, 2008
- Finalist in the National Business Awards, Business of the Year
category, 2007, 2009 and Highly Commended in 2008
- Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top
Track 250 companies
- Regional winner of the National Training Awards, 2007
- Winner of the BITC Health, Work and Well-Being Award, 2007
- Highly Commended in the UK National Customer Service Awards,
2006
- Winner of the Tamworth Community Involvement Award, 2006.
Finalist in 2008
- Highly Commended in The Press Best Link Between Business and
Education, 2005 and 2006. Winner in 2007
- Finalist in the National Business Awards, Innovation category,
2005
For more information on CPP click on www.cppgroupplc.com
(1) 16% of those who have had their password protected
information accessed.
SOURCE CPPGroup Plc