YORK, England, May 26, 2011 /PRNewswire/ -- People can learn how to hack into someone's account in less than 15 minutes findings from a live investigation revealed.
In a controlled 'classroom' experiment conducted by life assistance company CPPGroup Plc (CPP), a small group of volunteers with limited technological knowledge, who signed a disclaimer saying they would not use the information for illegal or malicious attacks, followed a online tutorial using a 'man in the middle' technique to hack into a computer network and obtain each other's login details.
CPP's volunteers - including a TV producer, a self-employed baker and a retiree - simply followed a 14-minute classroom-style tutorial which is freely available online. From this they were able to download hacking software which allowed them to access login details and passwords for e-mail accounts, social networking sites and online shopping accounts within a matter of minutes.
And supporting research reveals what could happen as a result – over seven million people have had online password-protected information accessed without their permission. Of these, nearly a quarter (24 per cent) claim to have had their personal e-mails accessed as a result, with 19 per cent saying their eBay accounts have been hacked. In an age of social media, 16 per cent(1) say their social networking profiles have been hijacked and 10 per cent claim to have had money or a loan taken out in their name.
The opportunity for hackers to target users in this way also has the potential to grow due to the dramatic increase in the number of public Wi-Fi networks and smartphones with inbuilt Wi-Fi connectivity in recent years.
With over 20,000 videos on YouTube with basic hacking information tips teaching users how to hack social media profiles, e-mail, smartphones and PayPal accounts, it seems the internet's capacity to host this type of material remains unchallenged.
These online hacking tutorials are widely known about with almost a fifth (17 per cent) of people aware of their existence. But the vast majority (87 per cent) agree that this kind of material should not be available online. The majority (63 per cent) think 'hacking' tutorials should be removed from the internet; with over half (56 per cent) saying the Government should take action to remove 'hacking' tutorials from the internet. A similar number (59 per cent) feel these videos and step-by-step guides increase the risk of identity fraud.
CPP is urging people to take steps to protect themselves from online hackers where possible, and urging the Government to take a stronger stance on internet hacking tutorials.
Identity fraud expert from CPP, Michael Lynch said: "The recent Sony security breach that saw a hacker gain access to the personal data of more than 100 million online gamers including people in the UK has demonstrated the growing and widespread risk that hackers pose to consumers and businesses. It is important people are aware of the risks so they can take the necessary steps to protect their identities and manage any compromised data. As our live session has shown, these hacking 'skills' can be applied within minutes, so it's crucial for consumers to take steps to protect themselves."
"With an increased demand for tighter online security, we're calling on the Government to review access to these online hacking lessons and implement tighter regulation of internet hacking communities."
The technique taught in the live session known as 'man in the middle' hacking works by the 'hacker' intercepting communications between two people or what an individual is viewing on the internet. As a user logs in to their online account, their username and password appears on the hacker's own desktop, allowing them to store this sensitive information and access someone's account – either immediately or at a later date.
In addition to the 'man in the middle' hacking technique used, step by step video internet tutorials are thriving with hacking tutorials available for PayPal, Facebook, iPhones, Networks, Apps, MySpace, Twitter, BlackBerry and CCTV.
Robert Chapman, CEO of Firebrandtraining.co.uk, who were commissioned by CPP to carry out the tutorial said: "The wide availability of free hacking tools is a real concern, and everyone is a target. These resources are only going to grow and become more advanced, meaning that organisations and individuals must take steps to protect themselves. It's imperative to keep anti-virus and firewall software up to date and change passwords to online accounts regularly. Also use common sense – if security warning messages appear in your browser, don't ignore them as this could be an indicator that your network has been hacked. We demonstrated how a very basic way of hacking could be used to steal millions of pounds from the unprepared."
CPP's top tips on protecting your information from hackers:
1. Change your passwords regularly - the longer and more obscure, the better
2. Leave a website if you notice strange behaviour (unknown certificates, pop-ups etc.)
3. Avoid transmitting sensitive data over public (free or otherwise) Wi-Fi
4. When seeking Wi-Fi connections: know who you are connecting to, be wary of free Wi-Fi access
5. If using a smartphone: disable Wi-Fi 'auto-connect'
6. If you are concerned about identity fraud, consider purchasing an identity fraud protection product to help you detect, prevent and resolve any incidence of the fraud
The Golden Rule is that unless you know your connection is secure, do not communicate any information or data that you wouldn't feel comfortable shouting across a crowded room.
If you want more information on how to protect yourself or see how these experiments worked, please visit CPP's blog
ICM interviewed a random sample of 2005 adults aged 18+ online between 19 – 20 April 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk
A live experiment was also carried out on April 18 2011. Firebrandtraining.co.uk were commissioned by CPP to conduct a tutorial teaching five participants how to download hacking software available in the public domain and capture users' login details for various online accounts, including PayPal, Hotmail and Amazon, with the objective of the session being:
- Demonstrate how long it takes to teach a class of individuals with no prior hacking experience and limited technological knowledge to learn how to hack into another user's online account
- Demonstrate how quickly these skills can be applied in order for the participants to hack into another user's online account
The five participants who took part in the class were a range of ages and occupations.
All participants signed a disclaimer to state that they would not use the software and skills demonstrated by Firebrand Training for illegal or malicious attacks.
Corporate Background Information
The CPPGroup Plc
The CPPGroup Plc (CPP) is an international marketing services business offering bespoke customer management solutions to multi-sector business partners designed to enhance their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability.
This is underpinned by the delivery of a portfolio of complementary Life Assistance products, designed to help our mutual customers cope with the anxieties associated with the challenges and opportunities of everyday life.
Whether our customers have lost their wallets, been a victim of identity fraud or looking for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to enjoy life. Globally, our Life Assistance products and services are designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.
Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year.
In 2010, Group revenue was 325.8 million pounds, an increase of more than 12 per cent over the previous year.
In March 2010, CPP debuted on the London Stock Exchange (LSE).
What We Do:
CPP provides a range of assistance products and services that allow our business partners to forge closer relationships with their customers.
We have a solution for many eventualities, including:
- Insuring our customers' mobile phones against loss, theft and damage
- Providing assistance to cancel and reorder customer's payment cards should these be lost or stolen
- Providing assistance and protection if a customer's keys are lost or stolen
- Providing prevention, detect and resolution assistance to protect customers against the insidious crime of identity fraud
- Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service
- Monitoring the credit status of our customers
- Provision of packaged services to business partners' customers
CPP is an award winning organisation:
- Finalist in the Plc Awards, New Company of the Year, 2011
- Winner in the European Contact Centre Awards, Large Team of the Year category, 2010
- Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010
- Finalist in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010
- Finalist in the National Insurance Fraud Awards, Counter Fraud Initiative of the Year category, 2009
- Finalist in the European Contact Centre Awards, Large Team and Advisor of the Year categories, 2009
- Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100
- Finalists in the National Business Awards, 3i Growth Strategy category, 2008
- Finalist in the National Business Awards, Business of the Year category, 2007, 2009 and Highly Commended in 2008
- Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250 companies
- Regional winner of the National Training Awards, 2007
- Winner of the BITC Health, Work and Well-Being Award, 2007
- Highly Commended in the UK National Customer Service Awards, 2006
- Winner of the Tamworth Community Involvement Award, 2006. Finalist in 2008
- Highly Commended in The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007
- Finalist in the National Business Awards, Innovation category, 2005
For more information on CPP click on www.cppgroupplc.com
(1) 16% of those who have had their password protected information accessed.
SOURCE CPPGroup Plc