By Richard Engel
NBC News Chief Foreign Correspondent
We all know the drill: Don’t open those suspicious email attachments, or oddly impersonal or out-of-character messages that seem to be from friends or your mom.
OK, but it’s hard to avoid. We read so many emails and type and click and link and cut and paste so quickly, sometimes it just happens.
What then? What if you open a nasty email? I’ve learned that really bad things can happen. It can wipe you out.
Before I was assigned to Wednesday night’s Rock Center story on cybercrime, I was oblivious to cybercrimes and cyber threats. My life isn’t that technical. I’m often more worried about finding gasoline for a generator than downloading the latest application. Perhaps because my relative Internet isolation, I was shocked at how pervasive hacking has become and how rampant and insidious cybercrime can be.
To research this story, we met the top cybercrime officials at the FBI, leading computer scientists and numerous victims of hackers.
I learned the hackers are much better than I suspected. Take the example of a malware (basically a software that’s been maliciously designed to hurt you) with the imposing name of Zeus.
Zeus gets into your computer through emails, links and attachments. You open a link that doesn’t look suspicious, even by accident, and Zeus gets in. The hackers who use Zeus disguise the emails as updates to software you need or fake notes from friends or family. “Check out this new video.” “Did you see this?” “Download the latest update for (insert your favorite software).” The email might even look like it has come from your best friend.
You can’t assume you’ll spot them all. Zeus has loaded itself onto millions of American computers. Once it’s in, Zeus watches you. Technically, the hacker uses Zeus to watch you, but in reality the two can’t be distinguished. Zeus watches what you type. It copies your keystrokes, and it waits. Zeus will baby-sit your computer until you type something really important, like the password for your bank account. When Zeus notices that you’ve gone to your bank’s website and start typing, it gets very excited. It alerts its boss, the hacker, that he or she might want to pay attention. It’s like a pager service for thieves. You type in your bank details. Zeus copies it, then tells the hacker it’s got something good.
Did I mention Zeus is on millions of American computers? Armed with Zeus, the hackers steal so many bank passwords that they sell them to each other on a secondary market. You can buy bundles of personal information, which might include the password for Judy the Deadbeat who’s in debt, or Warren Buffet’s personal accountant.
With so much information, the hackers have the luxury of picking and choosing their targets. They like small businesses. They like small-town America. They like church groups or retirement homes or bakeries or delivery companies or any business or organization they think won’t be overly suspicious and pays its bills and salaries online, preferably thought automatic payments. They love automatic payments.
As I said, I’m not a computer expert, but after interviewing specialists and FBI officials, the best advice they gave me can be summed up in a few simple tips. But they’re only simple if you do them.
FIVE TIPS TO IMPROVE ONLINE SECURITY
1. Have a separate computer for online banking. Buy a cheap out-of-the-box new laptop and only use it for banking. It doesn’t have to be powerful or slick. A simple “net book” costs a couple hundred dollars. It does have to be new to ensure it’s not already compromised. Once you have the computer, don’t use it to surf the Internet. Don’t load any software onto it. Don’t send emails from it. Turn it on, do your banking, turn it off, unplug it, and put it in a drawer. Don’t let your kids order music on it. Think of it like a key.
2. Have different passwords and change them frequently. Your banking password should be unique. It’s easier to rip off a password from your local gym than your bank. If the passwords are all the same, you’re making a hacker’s job easier.
3. Another way to increase security is to cut-and-paste passwords, instead of typing them in. Some people do this to protect against keylogger programs.
4. Don’t leave the computer on all the time. It’s like leaving a door unlocked.
5. Think before you click. You can’t always win, but don’t blindly open attachments or links. Do you really need to see that video? Do you need to see it on the computer that you use to send sensitive information? Be wary.
There are also many antivirus or protective software applications which can add an extra layer of security.
The online world has been compromised. There are more thieves online than in your neighborhood, and they want to get into your life though your computer.