As experts warn Russian cyber army could target British homes, there’s a simple way to foil them… You don’t need a tin hat to stop Putin’s hackers: just press delete, delete DELETE!
- State-sponsored cyber attacks are a genuine threat
- Fears that Russians will look to spread their cyber firepower further afield
- Ordinary Britons could well be in the firing line
- Russian state seeking to disrupt Western economies in any way it can
A war being waged more than a thousand miles away may not seem so remote if it triggers a cyber attack inside your home. Toby Walne looks at how you can protect your household if Vladimir Putin deploys an army of hackers to wage cyber warfare.
Although state-sponsored cyber attacks might seem like science fiction, they are a genuine threat. According to Israeli security firm Check Point Software, online attacks on the Ukrainian government and its defence websites tripled in the first three days of the invasion by Russian troops.
But there is now a fear that the Russians will look to spread their cyber firepower further afield. Ordinary Britons could well be in the firing line as the Russian state seeks to disrupt Western economies in any way it can – a tit for tat for the measures that Western governments have introduced to hurt the Russian economy.
Disrupter: How Vladimir Putin might look in a hoodie, trying to launch a cyber attack
The Russian state could get its cyber experts to cause key computer systems to crash, bringing all-important services such as the National Health Service to their knees. Consumer panic would arise if one of the country’s biggest banks was hacked, resulting in customers either being blocked from accessing their money or having their personal data compromised.
Colin Tankard, owner of data security company Digital Pathways, says: ‘There is no need to strap on your tin hat yet, but this is certainly a time to be vigilant.’ He adds: ‘A week ago, a line was crossed for the Russians when the West banned it from using the international online payments system Swift. We expect it to retaliate by targeting individuals and firms over the coming weeks and months.’
In 2017, a cyber attack called NotPetya was launched from Russia targeting the Ukraine. It was a variant of another software attack known as WannaCry which was believed to have started in North Korea and then ended up in Britain. It closed down computers in 80 NHS hospitals and medical centres, resulting in the cancellation of 20,000 appointments.
Internet giants such as Meta-owned Facebook, as well as Google and its streaming channel YouTube, are now barring Russian state-sponsored media from running adverts on their platforms in a propaganda crackdown.
Start by protecting all your personal details
The first step in the fight against all cyber crime is to be vigilant with your personal details. Even basic information such as a name, address and date of birth might be enough for a criminal to steal your identity and take out a loan or credit card in your name.
But what they really want is your bank details and any passwords. The theft will often start with a so-called phishing expedition – where a fraudster tries to hook you into providing details by pretending to be someone they are not.
Often they pose as figures of authority, such as your bank or the taxman. Genuine authorities never ask for such details in an email. Check out the ‘suffix’ – the last letters on an email – as this can indicate if the sender is abroad. The Russian suffix is ‘.ru’.
Don’t fall for the phishing exercises
Reformed convict ‘King Con’ Tony Sales went to prison 12 years ago for stealing £30million after committing a series of online scams and buying personal data off the dark web. The poacher-turned gamekeeper now works for security training company We Fight Fraud.
He says: ‘Cyber crime is all about exploiting human vulnerability. If a fraudster can find your weak spot – greed, guilt, love, even a sense of duty – they will exploit it to steal your money.’
Sales does not see Russia as a bigger cyber threat than any other pariah country. But he believes that it might make use of the ‘dark web’ where stolen identity information about people can be bought. He says: ‘There are websites, such as haveibeenpwned.com, where you can see if there have been any security breaches for any of the internet services that you use and where personal data may have been stolen. Crooks will sell this information for just a few pounds.’
Sales says one of the most common ways that criminals get people to hand over money is by using the word ‘free’ in an email or creating a fake ‘copycat’ website. He says: ‘It’s a classic sucker-punch scam.’
Tankard says: ‘Do not open any email attachments you are unsure about. Simply press the delete button.’ Pulling at the heartstrings is another popular way to reel in victims. Dating scams featuring women looking to settle down and get married are popular – later involving requests for gifts or personal information that once given can lead to identity theft. Many originate from Russia.
Another particularly nasty trick is ransomware – where messages are sent demanding you pay a ransom of perhaps £500 using cryptocurrency to an anonymous encrypted account.
The message might include personal information about you – such as your phone number or a password – as a frightener.
If the ransom is not paid, the criminal threatens to release embarrassing information about you to family and friends – perhaps even videos that claim to have recorded you watching an adult website.
You should ignore such messages and delete them. But it might indicate your details were bought off the dark web. If you are unsure whether you are being scammed, ‘google’ details of the potential fraud – and see if others have reported it. Copycat websites pretending to be official might have unusual suffixes, such as ‘co.com’.
Install security software to combat viruses
Arm yourself against international internet criminals with security software. This is designed to spot and stop viruses that get on to your computer through website windows or email attachments that you open.
The software should include a ‘virtual private network’ (VPN) that encrypts what you look at over the internet. Tankard says: ‘You can download basic security software for free from providers such as British firm Sophos. But for £50 a year, software can protect your computers, phones and ‘smart’ gadgets such as a home assistant Alexa.’ Other security software providers worth considering include Avast, Avira and McAfee. But Tankard says people should be wary of Russian security provider Kaspersky.
You should never download security software that is offered in a random pop-up window on your computer – this could be malware trying to get you to install a virus.
Viruses are not just designed to plunder data that may be used to hack into bank accounts and steal money – they can delete information. Attacks may come in a ‘Trojan horse’ where perfectly innocent looking software, perhaps from a computer game, is downloaded that hides a nasty surprise.
Alternatively, it could be a malware ‘worm’ that infects computers by arriving as an attachment in a spam email or an online message.
It is also vital to back up computer memories on an external hard drive in case of attack. Such devices typically cost £50 and can be plugged into your laptop.
They can even hack your doorbell
Computers will be the main target for most online hackers. But homes also have ‘smart’ gadgets – ranging from phones through to doorbells and energy meters – that online criminals can hack.
Most of these are linked to each other via wi-fi signals shared from an internet hub sitting inside the home. This internet signal should be secure – as shown by a padlock logo beside the wi-fi signal on your computer. This means it can only be accessed using a password.
Alarm: Online criminals can hack into ‘smart’ gadgets and spy on homes through doorbells
If the padlock logo is not shown, contact your internet provider and ask for one. Tankard says: ‘If a criminal knows your password, most smart gadgets can be hacked. This means they could spy through your doorbell and reconfigure a personal assistant device to cause disruption or steal vital data. Cyber attackers might even be able to cut off your power supply.’
The National Cyber Security Centre, part of the Government Communications Headquarters intelligence service (GCHQ), says hard-to-crack passwords are vital.
It says: ‘Make a strong password by stringing three random words together.’
You could also use a password manager – a software app that allows you to store passwords for different online accounts in one place.
A master password gains access to them. Providers such as Dashlane, Keeper and Bitwarden charge around £30 a year.