Commenting on the release of personal details and credit card information of Saudi consumers supposedly stolen from the databases of online shops, Christiaan Beek, principal architect IR & Forensics, Foundstone Services EMEA, a division of McAfee, said it can be difficult to recognize which online shops have the best security so common sense is important.
He added it was important for consumers to use a credit card with a low limit and not to use their primary e-mail addresses when registering details for online shops.
“If your main e-mail account is exposed, it can take a lot of effort and time to change those account details because a primary e-mail address could be registered in many sensitive places,” explained Beek. “It’s hard to just stop using it.”
Beek believes that the security breach is just a taste of things to come. It should be a wakeup call for people to take security measures that they should have been following for years, he said.
Foundstone’s intelligence sources advised Beek that they do not believe that the original hacker in the incident was a Saudi national.
“Investigation indicates that this is a citizen of the UAE in Dubai. Some of the Web shop owners have traced him back through traces he left in their logs. He was not a sophisticated hacker, because he used his own IP address. Normally when you’re attacking a site, you’d mask where you’re coming from,” said Beek. “Unfortunately, because the hacker claimed to be Saudi, Israeli hackers immediately attacked back. That’s a bad situation because you can’t verify the original source. You get a conflict going on and retaliation back and forth.”
It’s time for the Saudi public to consider online security basics. People need to understand that they must be careful when giving out any private information. Only register the information that’s really necessary at e-commerce sites. Don’t put your full name. Don’t provide your primary e-mail address. If possible give a fixed line telephone number instead of a mobile number. Have adequate security on your computer so you don’t receive spurious online offers or get directed to fraudulent sites.
“In this hack, some of the fault lies with the online merchants,” said Beek. “Online vendors need better security on their websites and customer databases. We saw that two of the Web shops from the original attack stored credit cards in a very old way in their databases. Some basic failures in their applications probably made it simple for a hacker with minimal skills to get those files out of the Web shops. There were security failures from both the customers and the online merchants which enabled the criminal activity.”
