Is the internet becoming less secure?

There’s been no shortage of scandals surrounding internet security within recent months. A seemingly endless stream of websites appear to be hacked, with companies such as vTech, Ashley Madison and TalkTalk, to give a few high-profile examples, having their databases compromised.

These security breaches have been detrimental to the image of these companies. TalkTalk was perhaps hit the hardest, with 101,000 customers leaving on the back of the hacking scandal.

But what do hackers have to gain from breaching a website’s security?

Well, that depends on the data stolen. But data, generally, can be sold and used for nefarious activity. In the case of the TalkTalk breach, customers’ addresses and bank details were put up for sale on the dark web. In the wrong hands, this data could be used to make illegitimate purchases or money transfers.

How do hackers gain access to sensitive data?

There are a number of ways in which hackers can penetrate a website’s security. One of the most common attack types is  SQL injection (SQLi), which involves manipulating a website’s database to show restricted information.

Another method involves tricking site users into supplying the data themselves through a submission form or email which looks legitimate but is actually a ploy for cyber criminals to capture your details. This is known as phishing and it targets the individual directly, rather than attacking an internal website database.

The UK Daily Telegraph have highlighted how one such ‘honeypot’ was set up as part of a security experiment to expose the most frequently used passwords, and how easy it is for hackers to gain access to accounts by simply knowing these insecure passwords.

In more complex attacks, phishing attacks can be used in conjunction with malicious files to target an entire network of computers, turning an infected machine into a harvester of information.

But what about ethical hackers

Even ethical hacking still raises complex issues, such as the Apple v FBI case. Even though cracking Apple’s security would technically be for a noble cause, the company are concerned that this information could fall into the wrong hands and then impinge the privacy and security of their customers.

The FBI v Apple saga is still being played out in full view of the public, bringing the issue of cyber security to the fore of the international media yet again. Public opinion is split on the matter, with Congress and top US tech companies being drawn into the battle, as highlighted by The Guardian.

Big businesses are also taking note and are stepping up the demand for ethical hackers to stress test their systems and discover any loopholes or flaws before cyber criminals. In fact, the Pentagon have really confirmed the importance of ethical hackers in the modern world by inviting seasoned hackers to ‘Hack the Pentagon’, in order to expose any potential security bugs.

So is the internet becoming less secure?

This is a ‘yes and no’ type answer. No, the internet is not becoming less secure per se, however, attackers are becoming more intelligent and their methods are being disseminated across the web.

For example, a simple YouTube search will reveal plenty of tutorials on how to carry out an SQLi attack.

The majority of the recent, high-profile attacks use existing, known vulnerabilities, not newly discovered methods. The issue simply is that, for reasons of time or budget, a lot of websites do not go through the proper stress testing, which leaves these flaws intact - only to be discovered once it’s too late.

The methods of the attacks themselves have long been known, especially to security experts.

And even when security and encryption is top quality, as it is with Apple’s iPhones, this presents the dilemma where, in effect, parties are actively trying to break it.

It’s unfortunate that these latest internet security stories have all hit the headlines in rapid succession as this creates the image of a less secure web. In reality, the most common exploits have always been there, and have been known to exist - they just need to be closed.