Scam of the day – August 31, 2013 – Lesson of New York Times hacking

By now you are probably aware of the recent hacking of the website of the New York Times.  A hacking group known as the Syrian Electronic Army (SEA) who are vocal supporters of embattled Syrian President Bashar Assad, managed to take over control of the New York Times’ Website and disrupt it for much of the day.  In recent weeks, the SEA has also hacked into Twitter, The Washington Post and CNN among other companies as well as another successful attack against the New York Times which apparently did not learn its lesson and tighten its security.  Without boring you with the precise details, the weakness exploited by the hackers involves the connection of corporate websites with the companies involved in the Domain Name System and underscored that when it comes to security, you are only as secure as the security of the weakest entity with which you are involved.  Using a simple technique called spear phishing, the hackers were able to fool an internet service provider in India who was tied to the New York Times website by tricking the Indian employee into downloading tainted software that enabled the hackers to get his user name and password and ultimately gain access up the line to the New York Times’ website.

TIPS

The lesson for us all is a simple one.  Your security is always in jeopardy even if you appear to be doing all the right things including not downloading attachments or clicking on links that may contain the type of malware that ultimately brought down the New York Times.  So what can you do?  Recognizing that your password and user name may be able to be hacked somewhere else other than your own electronic devices, you should consider using multiple-factor verification as much as possible.  With multiple-factor verification, access to your various accounts is protected by more than just a password and a user name.  Multiple-factor verification may require you to obtain a changing PIN through a text to your smartphone before you can log on to a particular account or you may be required to answer a security question.  Following a major hacking into Twitter, it now offers two-factor verification.  Other companies that offer it are Dropbox, Facebook, Google, Hotmail, LinkedIn, PayPal and Twitter.  It may seem like a time consuming burden to you to use multiple-factor verification, but the inconvenience is really quite slight, particularly compared to the potential problems if your accounts are hacked.