Placeholder Content Image

"Deplorable": Medibank hacker announces ransom demands

<p>As more sensitive health data has been posted on the dark web, the Medibank hacker has shared their ransom demands for the information to be returned safely. </p> <p>Along with the unlawful release of the information, the hacker stated, "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."</p> <p>At current rates, US$9.7 million is worth $15.07 million.</p> <p>The alleged hacker, also posted: "Medibanks (sic) CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."</p> <p>Following the release of 200 users' personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.</p> <p>While the file is titled "abortions", it is understood that the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for "Supervision of high risk pregnancy, unspecified, first trimester", according to <a href="https://www.9news.com.au/national/medibank-hack-update-more-health-data-ransom-demand-posted/32e7d105-1b5f-4291-bbb4-32620cbe3456" target="_blank" rel="noopener">9News</a>. </p> <p>Medibank CEO David Koczkar has called the latest health data release as "deplorable", while assuring customers they are working to secure their information. </p> <p>He said, "The release of this stolen data on the dark web is disgraceful."</p> <p>"We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.</p> <p>"We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.</p> <p>"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.</p> <p>"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."</p> <p>With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.</p> <p>Those customers should be on high alert for scammers.</p> <p>Medibank has yet to reach out to the 500,000 customers whose health data is in jeopardy, to advise them whether more information has been lost to the scammers. </p> <p><em>Image credits: Getty Images </em></p>

Legal

Placeholder Content Image

Don't leave yourself vulnerable to hackers in 2022

<p><br />Passwords are just as vitally important as they are frustrating. However, making a mistake with our passwords could leave us exposed to hackers and other fraudulent activities online.</p><p><br />According to the Australian Competition &amp; Consumer Commission, Australians lost a record $323.7 million to scams and identity theft in 2021, with phishing scams up 62% on the previous year.</p><p><br />It’s not just your main accounts like social media or online banking that are at risk. As our list of logins grows, all it takes is one data breach to compromise everything. So, what can you do in order to protect yourself?</p><p><br /><strong>1. Don’t use the same password across multiple sites</strong><br />If you use one password across multiple platforms or sites, you’re at greater risk.<br />“By far the biggest mistake people make with passwords is using the same one across multiple sites,” says Val Quinn, Sunrise tech expert.<br />“Because if one site gets hacked, then the hackers have the same password that they can use on different sites to try to login under your name.”</p><p><br /><strong>2. Use a passphrase instead</strong><br />“Hackers can use special tools where they can actually brute force guess your passwords,” says Quinn.<br />“That means we have to make them very complicated, long combo of letters, characters and numbers, upper and lower case.”<br />For extra protection, try using a passphrase instead of a traditional password. But – make sure to remember that phrase!<br />It’s also a good idea to ensure it’s not a common or popular quote or song that can be easily guessed by somebody who knows you.</p><p><br /><strong>3. See if you’ve been breached</strong><br />Sites like <a href="https://haveibeenpwned.com/" target="_blank" rel="noopener">Have I Been Pwned?</a> allow you to check if your email address or password have been caught up in known data breaches.<br />Started by Australian cyber security consultant Troy Hunt, who is also Microsoft’s regional director, the site aggregates known issues, providing a snapshot of that sites where your data may have been compromised.</p><p><br /><strong>4. Don’t use personal information</strong><br />This tip sounds simple but a lot of people continue to fall into the trap of using personal information. Avoid using obvious things like a pets name or birthday.</p><p><br /><strong>5. Use a password manager</strong><br />Most of us have passwords across email, social media, banking, streaming services and online shopping.<br />Keeping track of login details can be daunting, that’s where password managers come in handy.<br />“A password manager is almost a must,” explains Quinn.<br />“It really helps ensure you use different passwords for all of the sites you log into, otherwise you just can’t remember very easily.”<br /><br />Most common passwords of 2021<br />According to NordPass, these are the most common passwords globally in 2021, all of which the tech company estimates take under one second to hack.</p><ul><li>123456</li><li>123456789</li><li>12345</li><li>qwerty</li><li>password</li><li>12345678</li><li>111111</li><li>123123</li><li>1234567890</li><li>1234567<br /><br /></li></ul><p>NordPass research also revealed these were the most common passwords in Australia.</p><ul><li>123456</li><li>password</li><li>lizottes</li><li>password1</li><li>123456789</li><li>12345</li><li>abc123</li><li>qwerty</li><li>12345678</li><li>holden</li></ul><p><em>Image: Getty</em></p>

Technology

Placeholder Content Image

What hackers can do with just your phone number

<p><strong>Your number can be used in many malicious ways</strong></p> <p>Your phone number is an easy-to-find key that can be used by hackers and scammers to unlocking your personal data. They can also use your number in many other malicious ways.</p> <p>I used to think that maybe, at best, a person could possibly find my name and address using my phone number. I was wrong. Recently, someone I don’t know used my phone number to find out the private details of my life, then emailed me everything they had discovered.</p> <p>With just my phone number this person found out where I live, my previous addresses, information on if I’ve ever been evicted, some personal financial information, a map of my neighbourhood, and my birth date. They even found the only speeding ticket I’ve ever had, way back in 2006. It was disturbing, to say the least.</p> <p>I felt, and still feel, violated. I reported the person to the social media site they contacted me through and blocked them, but is there more I can do?</p> <p>After contacting some security experts for their take, it turns out that finding important details about someone’s life with just a phone number is incredibly alarmingly easy…and profitable.</p> <p>“In the wrong hands, your phone number can be used to steal your identity and take over almost every online account you have,” Veronica Miller, cybersecurity expert at VPN overview, tells Reader’s Digest.</p> <p>There are several ways a hacker can use a phone number to turn your life upside down. Here are some ways criminals can target you.</p> <p><strong>Data mining the easy way</strong></p> <p>The easiest way to use your phone number maliciously is by simply typing it into a people search site. Sites like these can reveal personal information about you in less than a few seconds, according to tech expert Burton Kelso.</p> <p>People search sites, purchase your personal information and then sell it to people who want your data, like hackers with your phone number.</p> <p>The information found through these sites includes your address, bankruptcies, criminal records and family member’s names and addresses. All of this can be used for blackmail, stalking, doxing or identity theft.</p> <p><strong>Rerouting your number</strong></p> <p>Another tactic is to contact your mobile carrier provider claiming to be you, said Miller. Then, the hacker can make it so your number routes to their phone. From there, the hacker will log into your email account. Of course, they don’t have your password, but they don’t need it.</p> <p>They just click “Forgot your password” and get the reset link sent to their phone that now uses your phone number. Once the hacker has access to your email account, it’s easy to gain access to any of your accounts.</p> <p>While many service providers have some security features to prevent scammers from switching phones, if the person has your phone number, though, they may be able to find enough information about you to get past the security questions.</p> <p><strong>Spoofing</strong></p> <p>There were billions of scam calls in 2019, according to data collected by YouMail, and scammers are getting smarter. Now they are using a technique called spoofing to make it easier to scam you. Spoofing is when someone makes your phone number pop up on a caller ID when it really isn’t you that’s making the call.</p> <p>For example, a scammer once spoofed my daughter’s phone number to make me think she was calling me. The goal was to trick me into answering the phone. It worked, because what if it was an emergency and my daughter needed me?</p> <p>When a scammer gets you to pick up, they have the chance to trick you into whatever scheme they’ve come up with, like tricking you into giving them your credit card information.</p> <p>It doesn’t take much to spoof a phone number. There are apps and websites that allow scammers to simply type in a phone number and make a call. It’s super easy and quick, which makes it appealing to scammers.</p> <p><strong>Texting scams</strong></p> <p>Scammers can also use your phone number to send you malicious text messages. This type of scam is called ‘smishing’, according to digital privacy expert Ray Wallsh.</p> <p>In these texts, scammers can send links that can infect your phone with malware that can steal your personal information, or they can straight-up scam you by pretending to be your bank, the IRS, or your doctor.</p> <p>Posing as someone you trust, the scammers will then try to trick you into giving them personal information and credit card numbers.</p> <p><strong>How to protect yourself</strong></p> <p>All of the experts I contacted recommended that to combat your phone number being misused, share it as little as possible. “Many apps and services require a cell number for verification at sign up. By handing your data to these apps, services and businesses, you increase the likelihood that your phone number will be passed on to third parties and data aggregators,” said Wallsh. Limit giving out your phone number to friends and family and your doctor.</p> <p>For everyone else, you need a virtual number that can forward calls to your phone so you don’t need to give anyone your real number that is linked to your personal information. You can set up a virtual number for free through Google Voice or through services like Burner.</p> <p>Also, never click on links sent to you in text messages, even if they look like they were sent from a trusted contact. If your bank, credit card company, doctor or service you use contacts you through text, call them using a verified number from their website to confirm the communication was truly sent from them to avoid malware or scams.</p> <p>To protect yourself from hackers rerouting your number, ask your mobile carrier to add an extra layer of security like a password or PIN number to your account, advises Miller.</p> <p>All of these steps can help keep your personal information private, but it only works to a point. Your personal data has probably already been sold to people search sites and while you can send these sites requests to remove your information, it’s a huge task. Plus, the site may simply repost your information later.</p> <p>So, in the end, there may not be a way to completely prevent hackers and scammers from getting access to your phone number. Knowing what someone can do with your number, though, can help you avoid scams and protect your information from being more widely spread.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This article originally appeared on <a rel="noopener" href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/what-hackers-can-do-with-just-your-phone-number" target="_blank">Reader's Digest</a>.</em></p>

Technology

Placeholder Content Image

Fake Banksy print sold on the artist’s website for over $450,000

<p><span style="font-weight: 400;">A hacker has been forced to return over $450,000AUD to a British art collector after he tricked him into purchasing a fake Banksy print. </span></p> <p><span style="font-weight: 400;">The NFT (non-fungible token) print was posted on Banksy’s official website, fooling many fans of the elusive street artist. </span></p> <p><span style="font-weight: 400;">The auction of the print ended early after the art collector offered 90% of rival bidders. </span></p> <p><span style="font-weight: 400;">Banksy’s team spoke to the </span><a href="https://www.bbc.com/news/technology-58399338"><span style="font-weight: 400;">BBC</span></a><span style="font-weight: 400;"> and assured art fans that, </span><span style="font-weight: 400;">"any Banksy NFT auctions are not affiliated with the artist in any shape or form."</span></p> <p><span style="font-weight: 400;">NFT’s are a relatively new phenomenon in the art world, which show artworks that can be “tokenised” to create a digital certificate of ownership that can be bought and sold. </span></p> <p><span style="font-weight: 400;">They often don’t give the buyer the actual artwork of copyright, but are seen as more of an investment. </span></p> <p><span style="font-weight: 400;">The man who got duped by the site believed he was buying Banksy’s first ever NFT. </span></p> <p><span style="font-weight: 400;">The man, who wished to remain anonymous, explained over Twitter that he suspected Banksy’s official site was hacked and that he was the victim of an elaborate scam. </span></p> <p><span style="font-weight: 400;">The hacker returned all the money, with the exception of $9,000AUD transaction fee once he was caught out. </span></p> <p><span style="font-weight: 400;">The prominent NFT collector used the online name Pranksy, and said the whole experience was bizarre but that the hacker may have got scared.</span></p> <p><span style="font-weight: 400;">"The refund was totally unexpected, I think the press coverage of the hack plus the fact that I had found the hacker and followed him on Twitter may have pushed him into a refund. “</span></p> <p><span style="font-weight: 400;">"I feel very lucky when a lot of others in a similar situation with less reach would not have had the same outcome," he said.</span></p> <p><span style="font-weight: 400;">The NFT was called Great Distribution of the Climate Change Disaster, and is not linked to the famous street artist.</span></p> <p><em><span style="font-weight: 400;">Image credits: Banksy</span></em></p>

Art

Placeholder Content Image

Urgent email warning to Aussies over China hackers

<div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <p>Australians are being urged to check their emails after a major Chinese infiltration of Microsoft's email system has left many exposed.</p> <p>There are fears that 7,000 servers are impacted by the threat in Australia after the Chinese state-backed hacker group known as HAFNIUM hit more than 30,000 servers in the USA.</p> <p>The campaign led by the hackers found recently discovered flaws in Microsoft Exchange software and stole emails while infecting computer servers with tools that left hackers to take control of the servers remotely.</p> <p>Brian Krebs, a cybersecurity expert, has reported on this massive breach.</p> <p>“At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organisations,” Krebs wrote in the<span> </span><a rel="noopener" href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/" target="_blank">post</a>.</p> <p>One insider close to the incident explained whose been hit.</p> <p>“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter.</p> <p>“Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”</p> <p>A zero-day attack is where hackers exploit potentially serious software security that the developer might be unaware of.</p> <p>The Microsoft Threat Intelligence Center (MSTIC) attributed the attacks with "high confidence" to a "state-sponsored threat actor" based in China which they named Hafnium.</p> <p>Microsoft is urging network owners to download the security patches available as soon as possible.</p> <p>It told customers "the best protection" was "to apply updates as soon as possible across all impacted systems".</p> <p>However, if your Microsoft Exchange servers have already been compromised, the patches are not "full protection against attack". You can find out<span> </span><a rel="noopener" href="https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/" target="_blank">more information here.</a></p> </div> </div> </div>

Legal

Placeholder Content Image

Hackers are getting smarter by targeting councils and governments

<p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat.</p> <p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p> <p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.</p> <p><strong>A new plan of attack</strong></p> <p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said.</p> <p><em><a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span> <span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span></em></p> <p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust.</p> <p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p> <p><a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span> <span class="attribution"><span class="source">pule_madumo/twitter</span></span></p> <p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder.</p> <p><strong>When to trust the word of a cybercriminal?</strong></p> <p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them.</p> <p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>.</p> <p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly.</p> <p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware.</p> <p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys.</p> <p><strong>The traditional ransomware attack</strong></p> <p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>.</p> <p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere.</p> <p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms.</p> <p><strong>Trouble close to home</strong></p> <p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p> <p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat.</p> <p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever.</p> <p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught.</p> <p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/126190/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/roberto-musotto-872263">Roberto Musotto</a>, Cyber Security Cooperative Research Centre Postdoctoral Fellow, <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a> and <a href="https://theconversation.com/profiles/brian-nussbaum-874786">Brian Nussbaum</a>, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, <a href="http://theconversation.com/institutions/university-at-albany-state-university-of-new-york-1978">University at Albany, State University of New York</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">original article</a>.</em></p>

Technology

Placeholder Content Image

7 alarming things a hacker can do when they have your email address

<p><strong>1. Send emails from your address</strong></p> <p>This is probably the most obvious thing hackers can do with your email address, and it’s a nuisance for sure. Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. As Garry Brownrigg, CEO &amp; Founder of <a href="https://www.quicksilk.com/">QuickSilk</a>, explains, “They can ‘spoof’ an email message with a forged sender address – they don’t even need your password for this.” The things they send can be anything from harmful malware to scams and requests for money; either way, you’d certainly rather they didn’t come from your address.</p> <p>And although it’s mostly harmless (most savvy internet users are able to catch on when they receive a scam email from a friend’s address), it could still be a problem in some cases. “If a criminal really wanted to hurt someone, they could use this as a way to hook a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems in their personal or professional life by impersonating them online,” says Jason Glassberg, co-founder of <a href="https://www.casaba.com/">Casaba Security</a> and former cybersecurity executive at Ernst &amp; Young and Lehman Brothers.</p> <p><strong>2. Send phishing emails</strong></p> <p>Since there isn’t a lot that hackers can do with just the email address, they’re not going to stop there. “When a hacker knows your email address, they have half of your confidential information – all they need now is the password,” warns Greg Kelley of <a href="https://www.vestigeltd.com/">Vestige Digital Investigations</a>. They employ a few different methods to access it, the most common being the phishing email. This is an email, in the guise of being a legitimate email from a trusted source, designed to trick you into logging in. “They might create a legitimate-sounding email that appears to be sent from a service such as Amazon, eBay, Paypal or any number of other popular services… Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service,” explains Ray Walsh, a digital privacy expert at <a href="https://proprivacy.com/">ProPrivacy.com</a>. “However, if people use the login on that fake website, the hacker instantly receives the credential and password for the real account.”</p> <p>Another way they can do this, ironically, is by sending you an email saying that your account is compromised or has been accessed from a new device, so you need to change your password for security reasons. (You’ve almost definitely had one of those at one point or another!) When you change your password, then your account really is compromised and the hacker has your password. Once hackers have your password, the range of things they can do becomes much greater.</p> <p><strong>3. Access your online accounts</strong></p> <p>Nowadays, our emails do double duty as our logins for scores of social media sites, in addition to Google Docs, online retailers, and so on. Internet users also have a very understandable tendency to use the same passwords for all of these accounts. And even if you don’t use the same password, the hacker can click the old ‘forgot password’ button and use the resulting email – which comes to your email address, which they do have the password for – to change the password, and voilà. Your accounts are their accounts, and they have access to anything on them that you do.</p> <p><strong>4. Access personal information</strong></p> <p>The things hackers can do with your information seem to be something of a chain reaction. Once a hacker has access to your online accounts, just think about all of the information that is right at their fingertips. Allan Buxton, Director of Forensics at SecureForensics, sums it up: “At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures,” he says. “Throw that email address into LinkedIn, and they’ll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school. That’s more than enough to start some real-world stalking. That’s just two sites – we haven’t talked about political views, travel or favourite places they might glean from Twitter or Instagram.”</p> <p>Glassberg admits that such ‘real-world stalking’ is rare, sure, but anything is possible in an era where people document nearly everything online.</p> <p><strong>5. Steal financial information</strong></p> <p>Things start to get really problematic if hackers are able to find your credit or debit card information – which, more likely than not, you’ve sent via email at one point or another. Your online bank accounts can also be a major target for hackers, especially if you use your email address as a login for those, too. And, needless to say, once a hacker has access to those, your money is in serious jeopardy. “This is one of the biggest risks you’ll face from an email hack,” Glassberg says. “Once [hackers] have the email, it’s easy to reset the bank account and begin issuing transactions.” In addition to potentially being devastating of your finances, this can also hurt your credit score, as <a href="https://www.beenverified.com/">BeenVerified</a>’s Chief Communications Officer Justin Lavelle explains: “Cybercriminals can use your credit card details, open bank accounts in your name, and take out loans. It will likely ruin your credit card’s rating and your credit report will take a hit.”</p> <p><strong>6. Blackmail you</strong></p> <p>As if things weren’t scary enough, hackers can use your personal info to ruin, or threaten to ruin, your reputation. This is fairly rare, but it can happen, especially if a hacker finds something that the user wouldn’t want to be seen publicly. “[Hackers] can use this access to spy on you and review your most personal emails,” says Daniel Smith, head of security research at <a href="https://www.radware.com/">Radware</a>. “This kind of information could easily be used to blackmail/extort the victim.”</p> <p><strong>7. Steal your identity</strong></p> <p>This is definitely a worst-case scenario, but “once the hacker has your personally identifiable information, they can steal your identity,” Brownrigg warns. With information like your tax file number and credit card info, identity theft can sadly be well within reach for hackers. So, if you start noticing signs someone just stole your identity, consider that your email address may have been compromised.</p> <p><strong>How you can stay safe from hackers</strong></p> <p>Hopefully, though, you won’t have to encounter any of these problems, and there are some measures you can take to keep your information safe. Avoid using your verbatim email address as a login for other sites, and make sure that your password is strong and difficult to guess. You should also change those passwords every couple of months or so for maximum security. Glassberg also recommends securing your email account with two-factor authentication. This “[requires] a one-time code to be entered alongside the password in order to gain access to the email account,” he told RD. “In most cases, the code will be texted to the person’s phone, but there are also apps you can use, like Google Authenticator.”</p> <p>And, of course, just use common sense. Don’t share information or type in your email password on public WiFi networks, and be smart about the information you share over email.</p> <p><strong>What to do if you think you’ve been hacked</strong></p> <p>Starting to notice some strange online activity? There are a couple of ways you can try to get ahead before it gets too bad. If you hear about spam emails being sent from your address, change your password immediately. You should also tell your contacts so that they know to ignore anything coming from you. Finally, Lavelle offers some other suggestions: “Change your email settings to the highest privacy setting, scan your computer for malware and viruses, and be sure your browsers are updated,” he says.</p> <p><em>Written by Meghan Jones. This article first appeared in </em><em><a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/7-alarming-things-a-hacker-can-do-when-they-have-your-email-address">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, </em><a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA93V"><em>here’s our best subscription offer</em></a><em>.</em></p> <p><img style="width: 100px !important; height: 100px !important;" src="https://oversixtydev.blob.core.windows.net/media/7820640/1.png" alt="" data-udi="umb://media/f30947086c8e47b89cb076eb5bb9b3e2" /></p>

Technology

Placeholder Content Image

How to stop hackers from attacking your mobile phone while online shopping

<p><span style="font-weight: 400;">In new research revealed by Norton’s cyber safety insight report, about 30 per cent of shoppers have fallen victim to cybercrime in the past year at a cost of a shocking $1.3 billion.</span></p> <p><span style="font-weight: 400;">The report noted that 21 per cent of smartphone users had no idea that their device was able to be hacked.</span></p> <p><span style="font-weight: 400;">Cybercrime expert Julian Plummer agrees that users are laxer about mobile security compared to their laptops.</span></p> <p><span style="font-weight: 400;">“As mobile becomes increasingly de rigueur the security risk to consumers will only rise,” said Mr Plummer, who is the managing director of Midwinter Financial Services in Sydney.</span></p> <p><span style="font-weight: 400;">There are two ways that your smartphone is able to be hacked, which is phishing and over public wi-fi networks.</span></p> <p><span style="font-weight: 400;">As hackers are only getting smarter at duping their victims when it comes to phishing, sophisticated criminals are now impersonating big-name brands, including banks and other institutions.</span></p> <p><span style="font-weight: 400;">“It used to be that seeing a padlock in the URL bar meant that the site was safe, but now hackers are ‘securing’ their sites using cheap security certificates to provide a false sense of security,” Mr Plummer warned to </span><a href="https://thenewdaily.com.au/life/tech/2019/05/29/mobile-phone-cybercrime-safety/"><span style="font-weight: 400;"><em>The New Daily</em></span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">The second way is via public Wi-Fi networks, which is surprisingly sophisticated.</span></p> <p><span style="font-weight: 400;">“Hackers use a ‘Wi-Fi pineapple’ to mimic a public wi-fi access point,” he explained.</span></p> <p><span style="font-weight: 400;">“Unfortunately, logging on to these malicious wi-fi access points allows hackers to intercept any unencrypted personal data. Always be very wary when connecting to an untrusted wi-fi network – especially overseas.”</span></p> <p><span style="font-weight: 400;">It’s easy to protect yourself from hackers though, according to Mr Plummer.</span></p> <p><span style="font-weight: 400;">“The crucial thing for mobile phone users is to stop reusing passwords,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“With a major security breach happening almost on a monthly basis, if hackers were to get your password from one shopping website, they then have access to all your online accounts if you re-use your password.”</span></p> <p><span style="font-weight: 400;">The second way to keep your information safe might be tedious, but it’ll be worth it in the long run. It involves keeping your phone’s operating system up to date.</span></p> <p><span style="font-weight: 400;">“The main reason manufacturers provide updates is to close off security loopholes within their device,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“Hackers are well versed in any security bugs in your mobile device, so make sure you have automatic updates turned on for your mobile phone.”</span></p>

Technology

Placeholder Content Image

The scary new way hackers can find out your passwords

<p><span style="font-weight: 400;">New research from the University of Cambridge in England as well as Sweden’s Linköping University has explained that malware is now capable of accurately guessing your passwords by listening to the sound of your fingers tapping the screen.</span></p> <p><span style="font-weight: 400;">The hackers use the malware to listen via the microphone of your smartphone and use technology that can accurately guess where you’re touching the screen to get every password you use on the smartphone device. </span></p> <p><span style="font-weight: 400;">“We showed that the attack can successfully recover PIN codes, individual letters and whole words,” researchers wrote in the paper, according to </span><a href="https://www.9news.com.au/technology/iphone-android-hackers-can-find-out-your-passwords-by-hearing-how-you-type/bf7c66ce-0d49-4c26-8be2-1dd5c6196d30"><span style="font-weight: 400;">9News</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">“We have shown a new acoustic side-channel attack on smartphones and tablets.”</span></p> <p><span style="font-weight: 400;">Research showed that during testing, the machine learning software correctly guessed a four-digit passcode 73 per cent of the time after ten tries.</span></p> <p><span style="font-weight: 400;">The software was also able to identify 30 per cent of passwords that ranged from seven to 13 characters in length after 20 tries.</span></p> <p><span style="font-weight: 400;">The malware is reliant on machine learning to predict which key a user has tapped by tracking which sound the microphone heard first. This is a detail that is picked up in a matter of seconds.</span></p>

Technology

Placeholder Content Image

Warning: WhatsApp voicemail scam gives hackers access to your account

<p>A worrying new WhatsApp hack allows cyber criminals to access victim’s accounts via their voicemail inbox.</p> <p>According to <a href="https://nakedsecurity.sophos.com/2018/10/08/attackers-use-voicemail-hack-to-steal-whatsapp-accounts/"><strong><em style="font-weight: inherit;"><u>Naked Security</u></em></strong></a>, a blog run by British security company Sophos, scammers are attempting the attacks at night so they can take advantage of the app’s six-digit verification code.</p> <p>The attacks have become so prevalent that Israel’s National Cyber Security Authority issued a nationwide warning.</p> <p>Hackers start the scam by installing WhatsApp on their own phone using a legitimate user’s phone number.</p> <p>To verify the login attempt, WhatsApp sends a six-digit verification code via text message to the victim’s telephone.</p> <p>However, hackers are carrying out this scam at night, so victims are most likely sleeping rather than checking their phones.</p> <p>WhatsApp then allows the hacker to send the six-digit verification code via phone call with an automated message.</p> <p>As the victim is not on their phone, the message ideally goes to voicemail.</p> <p>The cyber criminal then exploits a security flaw in many telecommunication networks which allows customers to use a generic phone number to call and retrieve their voicemails.</p> <p>For many mobile phone owners, only a four-digit pin is required to access their voicemails – which if they haven’t changed is commonly 0000 or 1234 by default.</p> <p>Hackers will then enter the password and gain access to the victim’s voicemail inbox, allowing them to retrieve the WhatsApp message containing the six-digit code.</p> <p>Once the scammer enters the code into their own phone, they have complete access to the victim’s WhatsApp account.</p> <p>To avoid being hacked, it is recommended that users turn on two-factor authentication on their account, adding an extra layer of security.</p> <p>“Using application-based 2FA ... mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers,” Sophos researchers explained. </p> <p>This can be done by navigating to Settings in WhatsApp, then tapping ‘Account’.</p> <p>Users must then press on ‘Two-step verification’ and tap ‘Enable’.</p> <p>Experts also encourage users to have a strong PIN on their voicemail inbox.</p> <p>Have you encountered this WhatsApp scam? Let us know in the comments below. </p>

Technology

Placeholder Content Image

MasterChef star homeless after hackers steal $250K in scam

<p>Former <em>MasterChef Australia</em> star Dani Venn has been caught up in an online hacking scam that has cost her and her family $250,000.</p> <p>The cyber-attack has left Dani, her husband Chris and their two young children homeless.</p> <p>Appearing on <em>MasterChef</em> in 2011 where she came fourth in the reality TV series, Dani and Chris’s life savings were wiped out after an online conveyancing giant was linked to a hacking scam.</p> <p>Apparently, Dani and her family were warned twice about the security fears in the weeks leading up to the cyber-attack, which resulted in their funds being stolen.</p> <p><img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819434/1-dani_498x280.jpg" alt="1 Dani"/></p> <p>The substantial lump sum that was sitting in their bank account was proceeds from the sale of their old home. But after the $250,000 was stolen, it meant they could not settle on their new property.</p> <p>“This is our life savings here,” an emotional Dani told <em><a href="https://www.9news.com.au/national/2018/06/26/19/40/masterchef-contestant-dani-venn-home-sale-hack-pexa">A Current Affair</a></em>.</p> <p>“We’ve got two small children, a four-and-a-half-month old and a three-and-a-half-year-old,” she continued. “You just can’t do this to people.”</p> <p>Since the hackers wiped out their account, Dani and the couple’s two kids have had to move in with her mother. Her husband Chris has been forced to live in a caravan.</p> <p><img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819435/4-dani_498x280.jpg" alt="4 Dani"/></p> <p>Meanwhile, because the couple missed the settlement on their new home, they are being charged $500 a day in contractual penalties. They are at risk of losing the property and their deposit if they don’t come up with the $120,000 needed to finalise the purchase.</p> <p>“It’s scary because it could happen to anyone buying or selling a property,” Dani explained.</p> <p>PEXA (Property Exchange Australia) is the online platform that Dani and Chris’s conveyancers used to settle the real estate purchase when the proceedings were compromised by hackers.</p> <p>The conveyancing company was unaware the hackers created a fake username under their PEXA account.</p> <p>In the meantime, the Commonwealth bank has managed to freeze $138,000 of the stolen funds, however, $110,000 is still missing and not recoverable.</p> <p><iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2FACurrentAffair9%2Fvideos%2F1595163487256689%2F&amp;show_text=0&amp;width=560" width="560" height="315" style="border: none; overflow: hidden;" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true"></iframe></p> <p><em>A Current Affair</em> said they repeatedly requested PEXA for an on-camera interview and sent close to 20 questions for them to respond to, but all requests were ignored.</p> <p>However, PEXA’s Acting CEO James Ruddock said in a statement to <em>ACA</em> that their system is safe, and the loan offer still stands.</p> <p>“PEXA provides a platform to conduct property settlements. Like the paper process, individual conveyancers are responsible for conducting the settlement process accurately,” Mr Ruddock stated.</p> <p>“Ms Venn’s funds were misdirected when her conveyancer approved bank account details that were incorrect by using their digital key and password to authorise the settlement of the transaction through the PEXA system.”</p> <p>Dani’s scam follows two other incidents where one client lost more than $1 million during the settlement process, while another lost close to $700,000.</p> <p> </p>

Legal

Placeholder Content Image

The rise of fake Wi-Fi: How hackers are stealing your personal data

<p><span>A new report has revealed how hackers are able to easily access personal data using fake Wi-Fi accounts.</span></p> <p><span>The investigation by the US <em>Today</em> show found that cyber scammers can quickly access your credit card information, flight details and purchase history, once a victim is logged onto their fake Wi-Fi.</span></p> <p><span>Investigative journalist Jeff Rossen used a security expert to set up fake Wi-Fi hotspots at the Grand Fiesta Americana hotel in Cancun, Mexico, reported <em>The Sun.</em></span></p> <p><span>Tourists were tricked into clicking on the fake Wi-Fi hotpots because the duo gave them names similar to the hotel's secure Wi-Fi.</span></p> <p><span>After various tourists had clicked on the fake W-Fi, Rossen went around the resort tracking people by their phones to warn them of what they had done.</span></p> <p><span>The tourists were shocked at how easily they had been fooled.</span></p> <p><span>Rossen shared tips to the tourists about how they could stay safe online while on holiday.</span></p> <p><span>One key piece of advice Rossen shared was to log off public Wi-Fi when making online purchases on your phone.</span></p> <p><span>He recommends using your mobile phone network, even if it is more expensive, as it will ensure you are safe from fake Wi-Fi.</span></p> <p><span>He also advised phone users to click “forget this network” after using public Wi-Fi, to avoid auto-logging on to hotspots.</span></p> <p><span>You can also turn off your Wi-Fi’s “auto-join” feature for safer use.</span></p> <p><span>One last trick Rossen shared was, the best way to test the authenticity of the Wi-Fi claiming to be your hotel is to enter the wrong room number when prompted.</span></p> <p><span>If you still receive access, you will know it is a scam network that is letting anyone in. If it is actually your hotel network, you will be denied access.</span></p> <p><span>Over the summer holidays, Australian families were warned to be careful when logging into free Wi-Fi networks.</span></p> <p><span>One man had $155,000 worth of digital currency Bitcoin stolen after logging into a restaurant’s unsecured public Wi-Fi network. </span></p> <p><span>Have you ever had a dodgy Wi-Fi experience? Tell us in the comments below. </span></p>

Accommodation

Placeholder Content Image

It’s shockingly easy for hackers to steal your mobile number

<p>Cyber criminals are using a surprisingly simple trick to steal unsuspecting people’s mobile phone numbers.</p> <p>As most important personal accounts rely on a two-factor authentication, where you receive a text message of a code to log into accounts, fraudsters are increasingly looking to pinch people’s mobile numbers. They then move the mobile number to a different carrier and use the stolen information to gain access to the victim’s other personal information, such as bank accounts.</p> <p>It’s shockingly easy to do. In most instances, all the hacker needs are your mobile provider account number and your date of birth.</p> <p>Sydney woman Deborah Brodie, 37, was a victim of this scam. On the Friday before the Queen’s birthday long weekend she received a text message from Optus confirming her number would be moved to Vodafone. However, she had not requested this change but just minutes later she received another text confirming the change had been successful. Shortly after her phone switched to SOS mode.</p> <p>Ms Brodie’s bank account was hacked with someone using her credit card to go on a spending spree.</p> <p>“It was really violating, it leaves you feeling really exposed,” Ms Brodie told news.com.au. “It was done in such a calculated manner.”</p> <p>Despite being an Optus customer for years, the telco didn’t seek personal verification of the mobile porting from Ms Brodie. There seemingly is little in place to stop this fraudulent change of mobile providers.</p> <p>For now, Ms Brodie has her number back but the matter is still being investigated.</p> <p>“This is a new scam that’s happening more and more,” Ms Brodie said. “Is it the phone companies that have to better? I think it is.”</p> <p>Judging by social media comments, the fraudulent practise is becoming increasingly common.</p>

Technology

Placeholder Content Image

Hackers target customers of major Aussie bank

<p>Customers of a major Australian bank have been warned to be vigilant when banking online, with hackers targeting personal accounts in the latest scam.</p> <p>NAB online banking customers have been sent emails which tells victim their account has been disabled before prompting them to enter their password.</p> <p>But the link the victims are redirected to a fake website when they follow the prompts. From here the scammers take your password and access your account.</p> <p><img width="497" height="350" src="https://oversixtydev.blob.core.windows.net/media/37163/fake-site_497x350.jpg" alt="Fake Site"/></p> <p><em>The fake NAB site. Image credit: Fairfax Media</em></p> <p>A NAB spokeswoman said, “We remind customers, NAB will never ask you to confirm, update or disclose personal or banking information via email or text.”</p> <blockquote class="twitter-tweet"> <p dir="ltr"><a href="https://twitter.com/NAB">@NAB</a> ummmm I literally used my card today... is this a scam orr?? <a href="https://twitter.com/hashtag/help?src=hash">#help</a> <a href="https://t.co/TiA6NZUMlb">pic.twitter.com/TiA6NZUMlb</a></p> — Dana Ashley (@Danaaaashley) <a href="https://twitter.com/Danaaaashley/status/866975434709229576">May 23, 2017</a></blockquote> <p>MailGuard CEO, Craig McDonald, told <a href="http://www.smh.com.au/" target="_blank"><span style="text-decoration: underline;"><em><strong>Fairfax Media</strong></em></span></a> consumers should remain vigilant when banking online, “A phishing scam is a fraudulent attempt to steal your information or identity for financial gain. In this case, the perpetrators want victim's banking details.</p> <p>"Creating a fake website allows them to collect peoples' account number and passwords without arousing suspicion.</p> <p>"That valuable information is collected and used to make future unauthorised transactions."</p> <p>Have you ever fallen victim to a scam?</p>

Money & Banking

Placeholder Content Image

How hackers can get into your accounts without the password

<p>On Wednesday morning, high-profile Twitter accounts were hacked and then flooded with swastika-laden propaganda.</p> <p>Twitter accounts such as Duke University, Forbes and Amnesty International were victims of this latest online scandal.</p> <p>These accounts are most likely protected by high security measures including two-factor authentication and strong protections. Although these measures are important, hackers have found a way to bypass them.</p> <p>Hackers are now using app permissions to infiltrate online accounts. App permissions involve logging into an app or service by using one of your key social accounts such as your Google, Facebook or Twitter account. This feature allows you to worry about fewer passwords and sometimes is necessary for apps to work with other accounts, but it also presents security issues.</p> <p>This recent hack was caused by an app called “Twitter Counter”. This app provides analytics of Twitter accounts and the app not only requests permission to see your data, but to also Tweet. This feature could prove helpful if you want to send out tweets inside the app but this is how these high-profile accounts were compromised.</p> <p>Apps that have permissions are generally limited in the access they have over your account. In most cases, they don’t have the ability to change your password and they also never get your real password. Your main account just gives them a generated one once you use that account to sign up. Although you can still have control over your password and regain your account back, once an account has been infiltrated, the world has already seen the information the hacker has posted on your profile.</p> <p><strong>The solution</strong></p> <p>Take a look at what apps have access to the accounts you use online. Revoke as many permissions as you can and create a practice of checking it regularly.</p> <p>On Twitter, click on your avatar on the top right next to the “Tweet button” and then press <strong>Settings and privacy</strong>. Look at the list on the left side and then select <strong>Apps</strong> and you can scroll through and revoke access to any apps that don’t need to be linked to your Twitter account.</p> <p>On your Google account, conduct a <a href="https://myaccount.google.com/secureaccount" target="_blank"><strong><span style="text-decoration: underline;">Security Check-up</span></strong></a> which will automatically run through your app permissions. Then revoke the apps that have permission to use your account.</p> <p>On your Facebook account, click on the question mark menu on the left side of your notifications icon and select <strong>Privacy</strong>. On the left-hand side select <strong>Apps</strong> and then press <strong>Show All</strong> at the bottom of the box that is marked with <strong>Logged in with Facebook</strong>. Get rid of any apps that you don’t need on the list. </p>

Technology

Placeholder Content Image

Foreign hackers responsible for census shutdown

<p>If you had trouble getting online last night to fill out your census you certainly weren’t the only one, as the Australian Bureau of Statistics (ABS) has confirmed the shutdown of the census website is due to a series of “malicious” attacks from foreign hackers.</p> <p>ABS has confirmed that the website was deliberately hacked four times yesterday, which ABS statistician David Kalisch explained in an interview on ABC Radio this morning, “It was an attack, and we believe from overseas. The Australian Signals Directorate are investigating, but they did note that it was very difficult to source the attack.”</p> <p>More than two million forms were successfully submitted before the beach, and the ABS has stressed that the data submitted before the hack is secure.</p> <p>Kalisch said, “I can certainly reassure Australians the data they provided is safe.”</p> <p>The attacks are believed to have begun during the day on Tuesday.</p> <p>While the initial hacks were repelled, as their frequency increased and more people tried to access the website, many Aussies trying to login after 7pm couldn’t connect.</p> <p>While the location of the hackers is yet to be established, Kalisch believes the website will be up online again at around 9am on Wednesday. The ABS has also reminded Australians not to panic about fines, as they <a href="/news/news/2016/08/why-you-dont-have-to-panic-about-census-tonight/"><span style="text-decoration: underline;"><strong>have until 23 September to complete the form</strong></span></a>.</p> <p>Did you have trouble getting online last night? Are you worried a government website can be held to mercy by foreign hackers? Let us know in the comments. </p> <p><em>Image credit: Twitter / Broken News </em></p> <p><strong>Related links:</strong></p> <p><span style="text-decoration: underline;"><em><a href="/news/news/2016/08/census-concerns-have-aussie-seniors-worried/"><strong>Census concerns have Aussie seniors worried</strong></a></em></span></p> <p><span style="text-decoration: underline;"><em><a href="/news/news/2016/08/why-you-dont-have-to-panic-about-census-tonight/"><strong>Why you don’t have to panic about Census tonight</strong></a></em></span></p> <p><span style="text-decoration: underline;"><em><strong><a href="/news/news/2016/08/homelessness-crisis-point-in-regional-australia/">Homelessness hits "crisis point" in regional Australia</a></strong></em></span></p>

News

Placeholder Content Image

How to secure your Wi-Fi network from hackers

<p>An insecure Wi-Fi network can result in more than just slower internet and a burnt-through data cap. You could lose access yourself or even let private information get into the wrong hands. As more devices in our home become Wi-Fi connected - from your home security to your lightbulbs - making sure your Wi-Fi is secure is more necessary than ever. Here's how.</p> <p><strong>Change passwords</strong></p> <p>This seems obvious, but stick with me. While you might have set a pretty good password for your Wi-Fi network when you set it up – what with capital letters and numbers and everything - the password to log in to your actual router might still be the default.  This means anyone already on your network can easily change the actual Wi-Fi password themselves.</p> <p>(There's also the possibility that your Wi-Fi password is still the one written on the back of your router. You should definitely change that.)</p> <p>To change either of these passwords, you'll want to log in to your router. (Your router is that box with flicking lights that gives you internet. It probably has some antennas.)</p> <p>Open a web browser (Chrome, Safari, Internet Explorer - whatever you use) on a device that's connected to your Wi-Fi and type "192.168.0.1". This should open a login page. (If it doesn't try "192.168.1.1".)</p> <p>Logging in here, disturbingly, should be pretty easy. Check your router's make and model here or on Google. It's likely "admin" and "admin" or "admin" and "password".</p> <p>Once you've logged in you should see your router's settings page. Each one of these is different, but changing the password for both the router and the Wi-Fi network itself should be relatively easy. If not, Google is your friend. Remember to go long and to add numbers. If you're worried about forgetting it, try a long sentence of song lyrics along with a few numbers - easy to remember, extremely hard for a computer to crack.</p> <p><strong>Change the name of your network</strong></p> <p>If your Wi-Fi network already has some dumb joke name, skip this section. If it's called NETGEAR 5345 or something like that, time to get one of those dumb joke names. You can do this, again, by logging into your router. Look for an option to change the "SSID".</p> <p>Why? Because for potential hackers, knowing the type of router or connection you have makes the job a lot easier. Getting rid of the default name makes this a bit harder for them.</p> <p><strong>Encrypt your network</strong></p> <p>Your router is likely already encrypted with WAP encryption, which is fairly standard, but is also quite easy to crack. Luckily, most newer routers should offer "WPA2" encryption - don't worry about what it means - which is much stronger. However, it also will lock out any device from prior to 2006, so if you've got some ancient laptop somewhere, be wary.</p> <p>To do this, you're going to want to - once again - log in to your router. (See why it's so important to make sure your router is password protected too?) Encryption options should be under security settings.</p> <p><strong>Restrict your Wi-Fi to certain devices</strong></p> <p>This is something of a nuclear option, and can be extremely inconvenient. Basically, instead of allowing any device with the right password onto your network, it will restrict the network to only allow access for devices on a list. To do this, assemble a list of all the MAC addresses of every device you own, then input them into their router. MAC addresses are basically unique IDs for every device that has Wi-Fi - Google how to find them on each of your smartphones, laptops, tablets, and consoles.</p> <p>Once you've got that list, log back in to your router and into the security settings again.</p> <p>Have you ever taken measures to secure your Wi-Fi? Do you think you’re going to take them now? Share your thoughts in the comments.</p> <p><em>First appeared on <a href="http://Stuff.co.nz" target="_blank"><strong><span style="text-decoration: underline;">Stuff.co.nz</span></strong></a>.</em></p> <p><strong>Related links:</strong></p> <p><a href="/entertainment/technology/2016/06/14-tricks-that-will-change-how-you-use-your-ipad/"><strong><em><span style="text-decoration: underline;">14 tricks that will change how you use your iPad</span></em></strong></a></p> <p><a href="/entertainment/technology/2016/06/how-to-keep-your-facebook-messages-private/"><em><span style="text-decoration: underline;"><strong>How to keep your Facebook messages private</strong></span></em></a></p> <p><a href="/entertainment/technology/2016/05/hints-for-using-gmail/"><em><strong><span style="text-decoration: underline;">5 hints for using Gmail</span></strong></em></a></p>

Technology

Our Partners