One of the greatest myths that I have realized in the current world is that There is Security.
We are not talking about kids or novices on some other social networking web site or some site that offers free “cracks and cheat code” for various games, and the like. All that is “kid stuff”.
We are talking about a whole set of companies involved in defense contracts and also high tech organizations. Not only that, even governments which consider themselves as “advanced” including US, Canada, besides India, and also the UN are not safe from these attacks. And I believe some of these organizations and nations spend billions of dollars on security and to security experts.
What could be the danger? National secrets, including defense plans, budgets and others could be out in the open. These could help “terror” and other criminal elements to stay “one step ahead” in the game. Information about budget outlays of governments as well as companies, as well as various business and other plans will help various contractors to plan so that they get the largest share of the pie. Of course we always knew about “inter-company espionage”. Wherein each company tries to find out about the business plans, new products and launches, their customer and related information (including tenders and bids) so that they can get the edge on the competition.
Of course for normal human beings like you and me, a hack could result in entire bank balances being wiped out even before you could say “whodunnit”. It could also result in personal computers and devices being used in a “proxy” warfare like bots. This might result in suddenly finding a whole platoon screeching to a halt outside our doorstep, automatic weapons in hand, finger on the trigger (as in the movies) about something sinister discovered, but which we were probably not even aware of in our dreams. We know how in the past, some elements of terror hacked into wireless networks of “innocent” people and organizations, that were not secured, and sent out deadly messages. Of course, it is not just ordinary lay people, but also governments and organizations handling highly confidential information, have found RATs hidden in the works for years and quietly digging into mounds of secret data (RAT – Remote Access Tool).
I have tried to understand this problem (with my limited understanding) and often to me (though not always) very often it is as simple case of building a high security burglar system, and then leaving the key in the keyhole.
Yes, very often by ignorance or forgetting or worse still carelessly breaking basic security processes and postures we could probably allow unwanted elements to gain access and control of systems.
Of course we all also know about phishing and pharming, and probably take sufficient care to ensure against it.
I remember receiving certain SMS which promised a free holiday to “car owners” and asked for details about the car. It seemed too tempting, until I realized that the secret question to some of the logins were the same details about the car.
Do we give in to social engineering, and end up getting into serious trouble..