Battling cyberattacks: Companies go the distance to protect customers
The recent hacking of retailers Target and Nieman Marcus through a virus, reportedly created by a 17-year-old Russian boy, has opened the eyes of many to the constant assault on computer systems, and those attacks do not miss the Flathead.
At MontanaSky Networks Inc., founder Frederick Weber said the attacks are far from isolated incidents, but rather a constant norm.
In addition to having fought the Russian virus for two years, he estimated that attacks from all sources on accounts serviced by his company occur at an average rate of three per second. That totals 259,200 individual hack attempts per day or roughly 94.6 million per year.
Those attacks are logged and the logs are kept for one month, but Weber said it would be a Herculean task to keep track of every attempt.
“We can’t watch these logs all day long,” he said. “It’s insurmountable.”
The main way those attacks occurred, Weber said, is by cracking users’ email passwords.
He used one of their users as an example of a virus traced back to Russia.
“She got the virus, it launched on her computer, and the first thing it set up was a mail server,” he said. “Then it goes through all her address books and picks up anything that looks like an email address — not hard to find, look for the ‘at’ sign, find the chunk to the left of it after the space, find the chunk to the right of it with a dot and three letters, and you’ve got an email address.”
Once the virus collects those email addresses, it sends out copies of itself to each of them from the original infected account. Infected systems can then be mined for valuable data, damaged remotely or hacked to make a political statement, among other possibilities.
On behalf of his own customers, Weber said he blocks about half of their emails — known to be spam — right off the top. The remainder that come in are scanned for viruses before they ever show up in any folder, even in a customer’s spam filter.
According to Cisco Systems email and Web traffic monitoring network SenderBase, self-described as the world’s largest monitoring network of its kind, only a little more than 14 percent of emails are legitimate, with about two hundredths of a percent being malware (short for malicious software) and a whopping 85.72 percent being spam.
Weber said he has taken the additional step of blocking all of China and all of Russia — from which a large number of hacking attempts originate — as well as most Third World countries.
But part of the problem is that companies such as Comcast, Verizon and others are big and use a pool of Internet Protocol, or IP addresses that cycle from customer to customer. So if they block particular IP addresses used by those companies, they will eventually cycle back to a legitimate user who is then blocked.
He added that he could even subscribe to a service that blocks “poisoned” IPs, but it creates the same problem.
“We can’t block Verizon, you know?” Weber said. “We’ve got customers with cellphones.”
MontanaSky also offers its customers a subscription-based PC Fitness Service Program to have their computers regularly cleared of viruses, spyware, adware and fake alert software.
John Bemis, marketing manager at CenturyLink, said that company also is taking steps to protect its customers from hackers.
“In our day and age you see a lot of cyberattacks that have impacted customers with credit cards through restaurants and stores. It’s a very common threat that we recognize,” Bemis said. “We work with our vendors very closely to make sure our customers’ information is protected.”
Bemis called that protection an ongoing process monitored “on a 24/7 basis” by a “very dedicated team that is constantly keeping up with the different cyberattacks.”
Despite the volume of attacks and the amount of potentially dangerous email, Weber said users can protect themselves from most of that danger by taking one simple step — changing their passwords.
In fact, Weber said the reason both Target and Nieman Marcus as well as URM Stores Inc., locally, were successfully hacked was because of simple passwords.
“The simplest thing could have saved it — if they all had complex passwords,” he said.
According to Weber, 85 percent of all email passwords are four letters or fewer, and five percent are the email address itself. For example, an email address of “JohnDoe@emailserver.com” with a password of “johndoe.”
Complex passwords include both lowercase and capital letters as well as numbers and special characters, such as =, & or #.
Weber said his users will soon be required to have passwords that include non-sequential numbers and will be barred from including words that can be found in a dictionary.
“It’s time for you to pull up your big boy pants and realize that you own a computer and you’ve gotta figure out how to run this in the future,” he said.
He noted that Windows computers are the most vulnerable, adding that Macintosh computers, by and large, “have no problems.” He said Windows users should make sure to take the additional steps of keeping their Windows software up to date and paying to keep their antivirus software up to date.
The investigation into the URM Stores Inc. hacking, which affected thousands of residents in the greater Flathead Valley area as well as consumers elsewhere in Montana, Idaho, Oregon and Washington, is now coming to a close, according to a release issued by the company at the end of last month.
URM processes credit and debit card transactions for its customer businesses, and was hacked and had information stolen pertaining to transactions between Sept. 1 and Nov. 24, 2013.
The press release stated that Super 1 Foods stores in Kalispell, Whitefish and Columbia Falls, Blacktail Grocery in Lakeside and Stein’s Market in Eureka were affected by the cyberattack
The investigation was unable to come up with enough information to identify which specific cards or information was taken, only that it is believed that the hacker was only able to access “track 2 data” — card account numbers, expiration dates and card verification numbers — for most of the transactions, only obtaining the cardholder’s name in a small number of cases.
No customer addresses, phone numbers or Social Security numbers were compromised in the incident, URM said.
“We are incredibly grateful to our customers for their patience and understanding through this difficult experience,” URM Chief Executive Officer Ray Sprinkle said. “We are humbled by their support and continue to extend our sincere apologies for any frustration and inconvenience.”
Local banks were quick to work with their customers to help them recover money stolen from their accounts and to cancel affected cards and take other precautionary measures.
Cisco Systems released its annual security report last month, indicating what its research has shown were the biggest challenges in the last year and what threats are emerging as the biggest dangers this year.
Among the “key discoveries” listed in the beginning of the report are that spam is continuing to decrease while the proportion of “maliciously intended spam” remains constant, that 99 percent of all mobile malware in 2013 targeted Android devices and that “malicious exploits are gaining access to Web hosting servers, nameservers and data centers.”
Based on Cisco’s own inspections of web traffic, 4.5 billion emails and 80 million Web requests are blocked every day and 50,000 network intrusions are detected every day.
The report indicates that the top nine themes for spam/fraudulent messages worldwide are, in reverse order, PayPal, gift cards or vouchers, Facebook, taxes, online dating, shipping notices, attached photos, online product purchases and bank deposit/payment notifications.
To read the entire report, visit www.cisco.com/en/US/prod/vpndevc/annual_security_report.html.
Reporter Jesse Davis may be reached at 758-4441 or by email at jdavis@dailyinterlake.com.