Gallery

Review of 2008

Posted on 3 Mar 2009 at 17:35

This month, Davey Winder has been looking back over things that have made him go "ooh" during 2008...

No such gratitude to the people behind a Russian password-recovery software company that announced in October it had perfected a method of using an Nvidia graphics card to hugely accelerate the brute-force cracking of Wi-Fi encryption algorithms. Elcomsoft specialises in password recovery and computer forensics, all of which have a legitimate purpose of course, but by developing tools that effectively leave WPA and WPA2 encryption dead in the water it's hard to see who could benefit, apart from the bad guys. Elcomsoft reckons that governments, forensic labs and corporate users - that's who - but I remain unconvinced. I certainly don't see how it will provide any comfort to the 280 million people who were reported in November as having fallen victim to data loss over the last three years, or for that matter how it will help to reduce the average of 34 major security incidents reported every month, as detailed in another survey published in November.

The Tesco effect

That just leaves December, and the year ends with a sickening thud as it's revealed that the crimeware marketplace has discovered the Tesco concept of piling 'em high and selling 'em cheap, the merchandise in question being malware apps and personally identifiable data. We'd all like to believe that our personal data - credit card details, bank accounts, even just the trivia that form a digital picture of our identity in the 21st century - is pretty valuable, as after all if it weren't why would anyone bother to steal it? Good question, and yes it does have a value, but it would seem that value is ever dwindling in cash terms. In fact, according to research published by security vendor Trend Micro, at the end of 2008 while cybercrime continues to go up the value of the information stolen continues to fall.

Check out the criminal underground black market websites where data is traded, and the current values are made humiliatingly clear. Certain malware tools, such as a basic and easy-to-use package that provides everything you need to go into the information-stealing business, will set you back £700 or so, while data-stealing trojans can be bought for around £60 for one "guaranteed undetectable" by its vendor. However, such price tags don't extend to the stolen data itself: a full set of bank account details (name, address, account number and passwords) can be picked up for as little as £35; a stolen credit card costs around £10 less, although if you buy in bulk (and depending on the country involved) that price can drop to just £2.50. Account logins are equally dirt-cheap, and it's easy to pick up a MySpace or Skype account login for a quid - the same for any number of multiplayer online games. Facebook profiles are a real bargain, according to Trend Micro, with a price tag of just 89p for a whole one...

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site