Hackers target the home front
Thursday February 15, 2007
The Guardian
1. One of the UK's leading banks has been forced to admit that organised hacking gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation by the Serious and Organised Crime Agency.
2. The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department.
Growing threat
3. For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.
4. And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.
5. The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.
6. Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.
7. Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking industry.
8. Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank."
9. It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.
10. According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.
11. "The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."
Increased vigilance
12. Tony Neate, the head of Get Safe Online, a government-funded organisation set up to raise awareness among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.
13. "This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."
(667 words)
Questions 1-4
Answer the questions below using NO MORE THAN THREE WORDS from the passage for each answer.
1. What do the hackers use to attack the computer system of the Royal Bank of Scotland?
2. Which word is most likely to be used by hackers to describe home computers?
3. What do the majority of people in the UK prefer?
4. How do hackers collect information so as to compose emails?
5. What do hackers obtain illegally to gain access to banks’ computer network?
Questions 5-12
Complete the sentences below with words from the passage. Use NO MORE THAN THREE WORDS for each answer.
6. The use of login details of VPNs by criminals does not necessarily result in any ______________.
7. Royal Bank of Scotland claimed that they are not the only victim of ______________.
8. Corporate networks will be another target of hackers with improved _______________.
9. The attacks on individuals have been greatly increased within _______________.
10. With ________________, software used by criminals can eliminate its competing programs.
11. Home users are chosen as a target because they are considered as a __________ .
12. Get Safe Online is calling for an increase in _____________ to ensure safe home working.
Answers Keys:
1.答案:personalised emails/keyloggers (见第1段第2句:For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management.)
2.答案:vulnerable (见第2段: The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department. )
3. 答案: flexible working (见第3段: For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.)
4. 答案:trawling (the) internet (见第4段第2句: Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information.)
5. 答案: logins and passwords/usernames and passwords (见第5段第第1、2句:The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, …)
6. 答案: losses (见第7段第2句:In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result.)
7. 答案: Trojan email attacks (见第8段最后1句:Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank.)
8. 答案:techniques (见第9段最后1句: …said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks. )
9. 答案:two years (见第10段第1、2句:According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two years ago they were being seen once every two months, but now they are seeing one or two a day.)
10.答案:(an) antivirus system (见第11段: "The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors." )
11. 答案:weakness (见第12段最后1句: Home working is where they perceive a weakness. )
12. 答案:vigilance and security (见第13段:"This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office.")