Sneaker ware was the very first computer virus ever created in the 1980s. It was written on to a floppy disk video game and inserted into Apple Mackintosh computers. Someone had to physically walk from computer to computer to do this, hence the name Sneaker ware.
In 1999, David L. Smith, of Aberdeen, USA, launched the world's first email-borne virus when he posted an infected MSWord document to the alt.sex Usenet newsgroup. When people opened the file, thinking it held pornographic pictures, the virus then sent emails from the infected computer to other email addresses on file. It was called Melissa, evidently after his favourite stripper. Smith was eventually tracked down and sentenced to 20 months in a Federal prison.
In 2001, Code Red, a complex viral threat, went around the world in three days. In 2010, Stuxnet was first discovered. It was a malicious computer worm, evidently developed by the USA and Israeli intelligence services, and deigned to attack Iran's nuclear plant.
And now, the big threat is Ransomware. If your computer becomes infected, you will be held to ransom and forced to pay cyber criminals for an encryption code to unlock your computer. I personally know of an Auckland business which has been attacked in this way, as have many.
Cyber security is an important issue. We all have to defend ourselves and we cannot rely on the government to do that for us. However, the government has invested over $22 million over four years to set up a national Computer Emergency Response Team (CERT) which is headed by the GCSB and has been rolling out malware detection services to strategic government agencies.
The Prime Ministers of New Zealand and Australia have also undertaken to run joint cyber security exercises to ensure they can respond to incidents that affect both nations. Just recently, Nato Secretary-General Jens Stoltenberg announced that Nato will now treat cyber security as a military responsibility.
Interestingly enough, from a local perspective, a quick scan of the Whanganui District Council's website, using penetration testing software, found a few potential vulnerabilities. A simple request validation highlighted that requests to the website could possibly contain a malicious payload and cross-site scripting (XSS) vulnerabilities. It also showed that excessive information about the server and frameworks in the website headers and that the website may potentially be vulnerable to a POODLE attack (which is a man-in-the-middle attack) that allows an intruder to inject malicious JavaScript into the victim's browser through an SSL 3 protocol vulnerability.
The biggest risk most organisations leave themselves open to is having a computer system that is unpatched. Keeping your system up to date and installing all patches your software/system providers send you is extremely important. Changing passwords on a regular basis is another important activity and can easily be actioned by using password vault software that easily updates all your passwords and is extremely secure.
Backing up your data on a secure external hard drive and or to a secure online data backup service may also save you when you turn up tomorrow morning and find your computer with a ransomware request.
Securing your handheld mobile device that has access to your network is a security issue often forgotten. Even the most secure system on earth is weak if you leave an unsecured mobile device that has access your network at the local cafe, or if you download valuable documents to an unsecure USB drive. The most important issue to remember with cyber security is that it is not a set-and-forget exercise. Cyber security changes rapidly and continuous monitoring is vital to success.
Steve Baron is a political commentator, author and Founder of Better Democracy NZ. He holds a degree in Economics and Honours degree in Political Science.
