Could a cyber attack stop your electric meter?

The next time your TV goes on the blink, or you suffer a surprising power outage that no-one seems to be able to explain, you could be forgiven for worrying it might be a cyber attack and possibly even by terrorists.

A recent report from the North American Electric Reliability Corp. (NERC) identified cyber attacks against America’s power grid as one of the top three threats that security experts are worrying about.

Cyber threats against the nation’s power system are nothing new, and experts believe that power systems across the country are constantly being probed, perhaps thousands of times a month, by cyber terrorists looking for weaknesses. The goal of the attackers would be to create national panic and disrupt the U.S. economy that relies so much on electrical power.

The unfortunate news is that experts acknowledge how unprepared the power industry is for these attacks, how inadequate security is, and how easy it would be for attackers to disrupt the system. I guess it’s just a matter of time.

Lessons learned?

• The next time your lights flicker, don’t assume it’s a cyber attack on the power grid. But use it to remind yourself that hackers and cyber terrorists never sleep.
• It never hurts to have a backup plan, just in case. Anything battery operated, from a radio to a flashlight, is always good to have nearby. And of course constantly back up your data so a power interruption doesn’t slow you down.

Cyberattacks seen as top threat to zap U.S. power grid
http://www.networkworld.com/news/2010/060210-nerc-cyberattack-power-grid.html?page=1

Your Facebook “likes” might be “likejacked.”

This morning I received a message from a Facebook friend asking me to “like” a travel agency she worked for. I almost instinctively clicked on the like button before I paused. I had just read a story of a new scam circulating on Facebook that was tricking users into “liking” fake messages that instead hid computer worms or Trojans.

According to security firm Sophos, hundreds of thousands of Facebook users reported receiving messages with lines like “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE” and “This man takes a picture of himself EVERYDAY for 8 years!!” and asking them to “like” the pages or messages by clicking on the like button.

The trick has already been dubbed “likejacking” and the worm it installs will try to recommend the same page to all your friends. So far the attack doesn’t seem to do any significant harm – it doesn’t try to crash your computer or steal your information – which makes experts think the attackers are doing a test run to see how well the scam works and how many people fall for it. So go ahead, spoil their day, resist the temptation to “like.”

Lessons learned?

• Every time security experts think they have plugged a Facebook security hole, another dozen appear.
• As long as hundreds of millions of people like you like Facebook, hackers will like Facebook too.
• Resist the temptation to do everything your Facebook friends ask you to. Unless you really feel the need to join something, view something, download something, or “like” something, don’t bother. You might not like it as much as you thought.

‘Likejacking’ exploit fools Facebook users and friends

http://www.networkworld.com/news/2010/053110-facebook-likejacking.html

Cybercrime stays because cybercrime pays

Cybercrime is not going away any time soon and for one simple reason. It pays. Take the case of three cyber crooks who were recently indicted for conning a million internet users of out millions of dollars, for fake security software to eradicate a computer virus the victim’s never had.

The three were accused of operating a marketing company that offered anti-virus and other security software.  As part of the scam, the thieves place advertisements in a variety of legitimate web sites that warned browsing users that their computers were infected with a computer virus or had some other technical problem, and offered their software to eradicate the problem.

The real problem was there was no virus detected (it was just an advertising banner) and the software they offered was useless. Commonly known as “scareware” because the scammers try to scare users into downloading it to fix a security problem, the crooks were able to con more than one million internet users in 60 countries out of an estimated $100 million.

Crime always pays, but only occasionally do the criminals. In this case the crooks were finally indicted, maybe because they got too big or two greedy. But prosecutions like this are still rare. And the CEO of the company behind the scam is still on the run. We’ll keep you posted.

Lessons learned?

• Most cybercrimes involve some participation by the victim. If you choose not to fall for an obvious or suspicious scam, you win and the bad guys lose.
• Don’t ever fall for or click on web ads or pop ups that warn you that a virus has been detected and you need to purchase new software to fix it. You should already have reputable security software already installed on your computer and be familiar with their alerts and warnings. That’s what you should rely on, and nothing else.

3 indicted in $100 million Internet ‘scareware’ scheme

http://news.yahoo.com/s/afp/20100527/tc_afp/usukraineswedenitcrimecomputersoftwareinternet_20100527205311

Related posts:

1. Weekly News Wrap-Up for May 10, 2010
2. Weekly News Wrap-Up for 28 May 2010
3. Weekly News Wrap-Up for 17 May 2010
4. Weekly News Wrap-Up for 19 April 2010
5. Weekly News Roundup for May 6, 2010