Hacking
Hacking is an everyday growing issue. Companies have an
obligation to their customers to have in place adequate technical and
organisational measures to keep personal customer data secure in order to
prevent hackers from gaining access to and exploiting sensitive data. Methods
of precaution include encryption of personal data as well as physical measures
such as firewalls, malware protection and patch management software.
Aside of these measures, many companies have Privacy
Policies; for some this is a legal requirement and others may do so to build
customer relationships and it could also help to improve retention. These
policies aim to clarify the purpose of collecting customer information, what
information is collected and how and when they may use it. Additionally,
compliance with The Data Protection Act must also be necessary, namely the
seventh principle stating that ‘information is kept safe and secure’ since the
issue addressed is Hacking.
The TalkTalk hack which occurred in October 2015 resulted in
nearly 157,000 customers’ personal details being accessed including bank
account numbers and sort codes stolen. It’s thought that TalkTalk was targeted
as they are a broadband and mobile phone Company that provide to four million
customers therefore are required to store vast amounts of personal data.
TalkTalk made incorrect assumptions regarding their hacks as this is not the
first time they had been hacked, prior to this they had been hacked four times.
They needed to strengthen their defences, and invest in the best security
systems possible.
“TalkTalk was exploited through a well-known vulnerability
that would indicate poor patch management of its systems.” (Tankard, 2015) Poor
patch management could have been a result of the lack of time, personnel, resources
or even testing of patches to ensure they would have worked on the systems. For
an unknown reason, if TalkTalk were unable to patch their system, they should
have deployed a ring-fencing methodology in regards to their servers as an
additional security measure to have prevented the hacks. Poor strategy and
response times to unusual behaviour on their servers and systems also
contributed to the breach that occurred.
This could raise the question of whether it is ethically
correct for ISP’s such as TalkTalk to be offering such reassurance in their
Privacy Policies to the data protection of customers, when in some cases such
as those talked about in this article, TalkTalk clearly did not stage security
measures to the best of their abilities resulting in sensitive customer data
being accessed.
Additionally, a way in which hacking could be prevented is
that TalkTalk and other ISP’s such as Virgin and Sky may employ Certified
Ethical Hackers to try and access their systems and breach their software in a
way that would be classed as illegal. Certified Ethical Hackers are employed by
companies where security measures are paramount, such as ISP’s. Ethical Hackers
attempt to hack the company’s systems and servers, with permission from the
company, in order to locate possible breaching entries which shouldn’t be
there. Using this method is one of the most effective ways for companies to
find shortfalls in their security systems as it simulates a real-life situation
of being hacked by a real-life hacker.
Despite what is commonly thought, breaches of security
aren't always due vulnerabilities found in software or hardware. Data sensitive
areas are most commonly accessed by criminals using stolen identities such as
login information or other delicate account data. This is often accomplished by
the perpetrator imitating a figure of authority from within in the company and
attempting to directly contact the victim through e-mail or telecommunications,
whilst seeking to be seen as legitimate as possible. When successful, they can
then request information from the user, disguised with a lie, which makes them
seem they are helping in some way. Unknowingly, the victims will hand over the
requested information giving the criminals control of their account.
Raising awareness of these attempts have been a sure fire
way of combating it. Social Networking offers companies a world of
opportunities in interacting with their customers. One example of this is
Twitter, where companies can hold a ‘verified’ account which can be contacted
by ‘followers’. This is extremely useful as it offers a simple method for
companies to contact masses of customers simultaneously, as TalkTalk have done
here using one of their Twitter accounts.
By this tweet, customers can clearly see the blue tick by
the company’s name. This indicates that this twitter account is verified and
can be trusted. With 30,000 followers on twitter alone, this message was
delivered to a large percentage of TalkTalk’s customers. It could be argued
that contacting customers through social media is even safer than sending
emails or letters, as these could easily be forged and members of staff could
be impersonated. However, through social networking, the company’s account is
protected further and posts can only be made by the company themselves and no
one else.
Another way in which companies often combat hacking is by
providing a page within their website outlining basics methods of preventing a
hack. Sky offer a page purely dedicated to this topic offering simple
instructions, which anybody with any amount of computing experience can do, on
spotting or preventing hacks. In addition to spotting or preventing hacks,
there is also information on what action customers can take if they believe to
have already been a victim of hacking. Virgin also offer a similar service,
drafting user friendly encryption techniques and firewall information. As a
result of this, customers will not only feel like there are measures put into
place to prevent this sort of criminality, but will also feel more in control
knowing there are preventative measures they can take themselves. Additionally,
this information will be largely distributed to all customers considering the
amount of traffic these websites receive. However, even though this information
can be incredibly useful to customers, it is available online for any member of
the public to view, including potential criminals, possibly giving them a
better idea of the measures ISP’s take to prevent hacking. So although useful,
this public information may prove counter-productive.
Internet Access
As a society we have a lot to gain from having access to the
internet. It lessens the gap in communications and allows for sustainability
and growth in online businesses. Successful companies have noticed this and
have taken the initiative to provide internet access to remote areas.
Facebooks internet.org and Googles loon are all attempts to
do this in the hopes to further the development of rural parts of countries
such as Egypt and India. Despite providing free internet access there are
concerns regarding net neutrality and hidden agendas that raise several
questions. For example Facebook has said that “internet.org aims to provide
people with access to basic websites for free – like news, job postings, health
and education information, and communication tools like Facebook.” One concern
is that Facebook could directly impede and inhibit growth of other competitors
or organisations that may have a conflict of interest.
Net neutrality is the principle that all traffic on the
internet should be treated equally. The success of this technology has come
from the freedom of information and allowing an open and free internet. This
means that the traffic from a video streaming service like Netflix should not
be treated any different from a government information website. Net neutrality
means that ISP’s should not be able to charge you extra for different services
or slow down particular websites that go against their own ethos. It shouldn't
be up to Royal Mail as to when you should receive a package, a card for a
family member has the same importance as your ISP’s bill and should therefore
be charged the same and delivered in the same fashion.
In the UK, internet access is for the majority widespread
however there are issues with net neutrality. For example, in the UK
legislation has been put forward to introduce filters to block certain
websites, which is a breach of net neutrality, however the majority of these
websites and services are in breach of copyright law. Although this seems to be
a good thing by enforcing laws to protect our rights, our concern lies with
flawed methods of governing our internet access.
In the UK, only 11% of the adult population have never used
the internet. As time goes on, this number is going to continue to fall as more
and more of the critical things we do are moving to the internet. This is
mainly not due to people not having access to the internet but is more linked
to people either not being aware of the benefits of the internet or having a
lack of digital knowledge and confidence. Internet access is so important that
the government are calling for internet to be a public utility and therefore
available to everyone. Currently, electricity, natural gas, water and sewage
are classed as public utilities but a report published by the House of Lords
called ‘Make or Break: The Digital Future’ has called for internet to be
included as one of the public utilities. The report said the UK is falling
behind other developed countries in terms of internet access. There are two
main factors that the report is talking about; internet speed and widespread
internet access even in rural areas.
In summary the digital skills committee from the House of
Lords states that everyday activities, like shopping and banking, increasingly
require technology and access to the internet. Digital skills are becoming more
important and part of life skills that everyone needs to function in this
increasingly digital age. Because of this, it is not acceptable for any group
to be excluded from digital technologies. Therefore we must aspire for the
majority of people to achieve the level of digital skills needed to participate
in society.
During the Make or Break report, major ISP’s were asked to
produce a written evidence document describing how and what they are doing as a
company to promote internet access and what recommendations they had for the
digital skills committee.
If internet access becomes a public utility it could affect
the current ISP’s, including Virgin Media, TalkTalk and Sky. It could mean that
the government would help the ISP’s to not only get internet in areas that are
currently disconnected, but also make infrastructure upgrades to the many areas
that have very slow internet and are paying the same that someone has broadband
speeds in London and other major cities. However it could also give the
government more power in what can and cannot be accessed on the internet, which
directly goes against net neutrality.
Virgin Media, TalkTalk and Sky all feel strongly about
maximising children’s potential online, whilst staying safe. Research has found
that 74% of parents want more information and advice about child internet
safety. In response to this they have collaborated to launch
internetmatters.org, an online portal specifically designed for all parents to
access simple, easy and practical advice so that you can make confident,
informed choices when it comes to children’s online safety. Exposure to the
internet is inevitable and necessary as a learning tool for children. Becoming
more knowledgeable about the benefits of using the internet in an approach that
is both safe and beneficial for both adults and children.
By Farid Nanou (13040105),
Farrah Aslam (13080357),
Chris Stavrou (14012304),
Izaak Bacchus (13042919)
Bibliography
Anthony, S. (2015) Ars picks the UK’s safest Internet
provider. Available at:
http://arstechnica.co.uk/business/2015/05/ars-technica-the-uk-safest-isp/
(Accessed: 4 December 2015).
Anthony, S. (2015) UK parliament calls for Internet to be
classified as a public utility. Available at:
http://arstechnica.co.uk/business/2015/02/uk-parliament-calls-for-internet-to-be-classified-as-a-public-utility/
(Accessed: 4 December 2015).
Arcy, S. D’ (2015) TalkTalk hacked: Everything you need
to know. Available at:
http://www.mirror.co.uk/news/uk-news/talktalk-hacked-everything-you-need-6687736
(Accessed: 28 December 2016).
BBC (2015) TalkTalk hack ‘affected 157, 000 customers’.
Available at: http://www.bbc.co.uk/news/business-34743185 (Accessed: 27
December 2015).
Ciarlo, M. (no date) The open Internet: A case for net
neutrality. Available at: http://www.theopeninter.net/ (Accessed: 10
January 2016).
Cuthbertson, A. (2015) UK internet should be classified
as vital public utility service like water and electricity. Available at:
http://www.ibtimes.co.uk/uk-internet-should-be-classified-vital-public-utility-service-like-water-electricity-1488621
(Accessed: 4 December 2015).
Data protection (2015) Available at:
https://www.gov.uk/data-protection/the-data-protection-act (Accessed: 27
December 2015).
House of Lords Digital Skills Committee (2015) The select
committee on digital skills. Available at:
http://www.publications.parliament.uk/pa/ld201415/ldselect/lddigital/111/111.pdf
(Accessed: 10 January 2016).
Internet users, 2015 (2015) Available at:
http://www.ons.gov.uk/ons/rel/rdit2/internet-users/2015/stb-ia-2015.html
(Accessed: 10 January 2016).
Jackson, M. (2015) BSG warns against turning UK home
Broadband into a utility service - ISPreview UK. Available at:
http://www.ispreview.co.uk/index.php/2015/03/bsg-warns-against-making-uk-home-broadband-a-utility-service.html
(Accessed: 10 January 2016).
O’Farrell, R. (no date) The disadvantages of businesses
on the web. Available at: http://smallbusiness.chron.com/disadvantages-businesses-web-4040.html
(Accessed: 1 January 2016).
Our mission (2015) Available at:
https://info.internet.org/en/mission/ (Accessed: 10 January 2016).
Protecting your wireless network (no date) Available
at: http://help.virginmedia.com/system/selfservice.controller?CMD=VIEW_ARTICLE&ARTICLE_ID=3673&CURRENT_CMD=SEARCH&CONFIGURATION=1001&PARTITION_ID=1&USERTYPE=1&LANGUAGE=en&COUNTY=us&VM_CUSTOMER_TYPE=National
(Accessed: 10 January 2016).
Riley, T. and Schumack, D. (no date) The importance of
privacy policies. Available at:
http://www.katalystsolutions.com/newsletter/57-the-importance-of-privacy-policies.html
(Accessed: 27 December 2015).
Sky help: Keep your email account safe (no date)
Available at: http://help.sky.com/articles/spam-and-hoax-emails (Accessed: 10
January 2016).
Tankard, C. (2015) What can we learn from the TalkTalk
hack?. Available at:
http://www.itproportal.com/2015/12/03/what-can-we-learn-from-the-talktalk-hack/
(Accessed: 1 January 2016).
Virgin Media (2014) Written evidence - virgin media -
written evidence. Available at:
http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/digital-skills-committee/digital-skills/written/12560.html
(Accessed: 10 January 2016).