Thursday, 9 December 2010

Hackers - a cautionary tale.

So you do everything that you're told. You've known the internet since 1997, kind of grown up with it, you were lucky enough to learn about computer programming on a binary system at school in the seventies. As a result, you never open any spurious e-mails and you certainly don't click on any links in mail, even when you know for sure where it came from. No, you open a new tab and type in the full address of the website you want and log in there - like any good sensible person would. You never give out your passwords, you change them regularly and you always make sure that they can't be easily guessed, they contain a good mix of upper and lower case letters with a sprinkling of numbers. You don't "do" free wi-fi and you always have up to date virus checkers, spam detectors, anti phishing software, malware scanners and every other device available to mankind to take away the fear of theft via the internet through your computer. And day you get genuine e-mails fom your very own Paypal account, one congratulating you on opening an international account and a second confirming your transfer of all of your funds to this account. But you know that you haven't logged into your account for three weeks or more and this has all happened when you were asleep at 2am this morning.

Once your heart has settled back comfortably into the left hand portion of your upper chest and you can breathe freely again, you analyse what has happened. You log in through a new tab and take a careful look around your account. Sure enough it's all true. How? How can Paypal have allowed a US land based dollar account to be set up by a UK resident with a sterling account? How was the account accessed in the first place? So you fill out the statutory report forms, print off the details for your own records and wait. Three reports later and still no cases are showing up in your "resolution" folder, then suddenly you get an e-mail that starts:

"During a recent security check, we found that someone tried to access your PayPal account.........."

No mention of any reports filed, but there is apparently one resolved case showing in your "resolution" folder with no details available. The money, (still in dollars) has miraculously reappeared in your account, but it isn't the amount in sterling that you had before, charges have been taken for the exchange rate. The international account has been deleted.

Then it's on the radio. Lots of big name internet sites have been attacked by cyber hackers for their removal of support for Wikileaks, but it's only a Ddos attack so obviously the hackers just want to bring the sites down for a while to prove that they can cause some disruption. Coincidence? Make your own mind up.

We've decided that perhaps claiming 100% security is a red rag to a website hacking bull and maybe the clever people who write the highly complex security programmes also have more than enough intelligence to break into them whenever they like. We never did trust the internet with financial information, this has just confirmed our doubts.

So apologies to everyone if it causes inconvenience, but we have no choice but to remove the Paypal option from our websites for our own sanity. It's just one thing too many to think and worry about.

No comments: