By Nicolai Solling
Nicolai Solling, Director of Technology Services at Help AG, shares insight on the Flame virus and LinkedIn leaks, and the implications for Internet users in the Middle East.
The Middle East has over the last year seen a dramatic rise in malware attacks targeted as both private as well as government organisations recently fell victim to the much talked about Flame virus. Another major security breach that has drawn tremendous media attention has been the leakage of over 6.5 million user passwords from the business networking site LinkedIn.
Before we get into the discussion on the LinkedIn hack, let’s first gain an understanding of the much talked about Flame virus. Kaspersky Labs who first discovered the threat described it as the ‘most complex piece of malicious software yet.’ So with the widespread use of internet enabled devices and the increasing popularity of online portals for critical services such as e-banking in the region, what are the implications of this attack and how can internet users safeguard themselves against it?
Distribution method
The Flame virus is a highly advanced tool set of malicious code that can be executed on a windows based PC to gather or harvest data off the infected machine. It has now been revealed that the virus gains entry onto the machine by exploiting a vulnerability of the Windows Update Service. All updates provided for Windows require a security certificate signed by Microsoft. However, by providing a signed security certificate that appears to belong to Microsoft, the Flame virus bypasses this restriction. The unsuspecting PC then proceeds to download what appears to be a genuine Windows update which is in fact the loader for the Flame virus.
Once the loader has downloaded the actual virus, cyber criminals gain the ability to take screenshots, listen in to conversations through the system microphone and even capture video through an attached webcam.
The Implications
Currently, based on what we know about Flame, it would be safe to say that the average user should lose no sleep worrying about it. Flame wasn’t as distributed as initially feared. If you are running an updated antivirus and follow the normal practices, you will be safe.
The LinkedIn hack
Unlike Flame which was a targeted attack, the hacking of LinkedIn accounts has the potential to affect a tremendously larger group of users. Reports from the company, which had 161 million registered users as of 31 March 2012, suggest that over 6.5 million of these users’ passwords have been leaked from their database.
As a security measure, LinkedIn, and most internet companies, do not store passwords as clear-text but instead use a technique called Password Hashing. Hashing is a mathematical operation which converts the clear-text password into an irreversible hash-value of the password. So what can users do to protect themselves? The first and most obvious thing would be to change their LinkedIn password. Also, while on LinkedIn, users should check their profiles to make sure that no changes have been done. In particular, check the email addresses that have been linked to the profile and ensure that only authorised addresses are in this list.
An example being www.leakedin.org. A word of advice however would be to first change your LinkedIn password and then use this service to check if your old password was leaked.
Finally, make sure you develop your own password policy. This would involve changing your password at least once in two months and using strong passwords that use a combination of lower case, upper case, special characters and numbers. Users tend to re-use passwords across sites such as Facebook, LinkedIn, email accounts and even e-banking services. This is absolutely unacceptable as a single compromised account may lead to all other accounts being jeopardised.
