How secure is your computer?

Today, with computers in our pockets, most of us spend a good deal of time. But when something is everywhere, we can forget how it might be affecting us, how it might be changing us, how it might be unsafe. So Adam took a trip, with an old laptop, down to visit Adrian Winckles at Anglia Ruskin University, to brush up on his cybersecurity 101...

Adrian - Malware stands for malicious software, and really is any software that has not been intended to be installed on your computer that has a malicious intent.

Adam - That is Adrian Winckles from Anglia Ruskin University.

Adrian - By malicious intent, it could be a virus, something that infects the computer. It could be a what we call a backdoor that lets someone take over remote control of your computer. Things like Ransomware, is a branch of malware. But the idea it’s effectively a form of extortion in fact, is that more correct term. All your firewalls will generally be encrypted, made turn to gobbledegook, and you'll be held to ransom for you to pay a portion of a bitcoin to get the password to return your files to their normal state.

Adam - How easily can it happen though. Surely it's got to put in the work right?

Adrian - It can happen without you knowing. Essentially if you go on to particular websites that maybe you haven't vetted, you may be a victim of drive by malware just by visiting the website. You get some malicious code installed into your browser and whilst the malicious code might not do anything directly, it will download other more malicious malware that may install a Trojan backdoor, may install ransomware, or may install some sort of spyware that's looking at what you're doing.

Adam - How easy is it to have something like spyware on your computer and not know?

Adrian - Very easy. Unless there's something that indicates to you that there's a performance problem in your computer or your getting spurious emails sent out on your behalf. You might not know. Or suddenly if you've got unauthorised credit card transactions they might be telltale signs that something may be lurking on one of your computing devices. But unless you see something like that you might never know.

Adam - But that's all right. If I notice the website is a bit dodgy I can just smash the back button on my browser. It'll take me right back to safety. Won’t it?

Adrian - Once you've visited a website usually the malicious code's been installed. Unless you've got something to protect you just going back and deleting it won't change anything.

Adam - Oh right. Let's change the subject. USBs. It can't be that bad to just plug in a USB. Sure we've all done it. Just grabbed a friend’s or stuck one in the work computer. How dangerous can that be.

Adrian - That can be very dangerous. So there's a form of USB that I know called a rubber ducky. Which is essentially, it can be a storage device but it also has a form of malware on it that makes the computer think it's a wireless keyboard. So it will actually then act as a key logger and log everything you type in, while that device is connected. It could open up applications or do all kinds of things, and download that device and it'll be taken away afterwards. But USBs are a common form of technique to get access to computing devices because someone picks up a USB. What’s the first thing they do with it? Plug it in. Or “Who does it belong to?” A common technique for example, if I was acting in an unethical capacity and wanted to get access to someone's network, if I wanted to target for example a particular firm, I could get a branded USB with that firm's logo. I could install malware, a remote Trojan to get remote access, and if I dropped a handful around the most expensive cars within that corporation's carpark, the likelihood at some point somebody would pick one up saying “Oh it's one of our USBs, I'll plug it in and someone will plug it in”, and of course as soon as you plug it in, no one's had to break a firewall. No one's had to go direct anyone to a website. You've now got a backdoor into one of the chief executive's office and they're targeted just by general human nature trying to be helpful. That's how easy it is. It's a form of social engineering

Adam - But my passwords are safe aren't they?

Adrian - People still go for secretpassword123, their spouse’s name, the eldest child's name, the dog's name. Plus adding some characters. The trouble is, people tend to use the same password over and over again for multiple websites, for multiple accounts, online banking. The National Cyber Security Centre's advice nowadays is to have complex passwords to use things like password managers to manage them for you so you have unique passwords.