It’s not just celebrities who get their mailboxes hacked

The phone hacking and other claims of data intrusion that have been levelled at the News of the World newspaper have resulted in one of the oldest publications in the UK being earmarked for closure.

It has also highlighted a worrying issue, the fact that it is surprisingly easy for unskilled individuals to gain access to voicemail and other mailboxes, largely by taking advantage of default passwords and PIN numbers.

These alleged activities have shown that it is not just high profile celebrities and politicians that can find their voicemail, email and other communications accounts being hacked by an outside entity.

Everyday members of the public have allegedly had their privacy and data security compromised by this, again revealing how easy it is for an opportunistic hacker, identity thief or fraudster to infiltrate and intercept sensitive communications for their own gain.

The various cases that have occurred as a result of the alleged actions of a small group of people – who were not security or surveillance professionals – are a clear illustration that a cavalier attitude towards data security can be exploited by others very easily.

If there is anything we can all learn from these reports of phone hacking is that everyone needs to take steps to protect their data and access, and be careful about how they protect their information and communications.

Changing default PIN numbers on mobile phone and home landline voicemail is an absolute must, as is changing default passwords on wireless routers and turning off file sharing when connected to public networks such as wireless networks in coffee shops, restaurants and airports.

Complex passwords for email accounts are incredibly important, especially if you use a prominent free email service like Gmail or Hotmail, while malware remains one of the biggest threats to personal information security, with examples of rogue software – such as the recently shut down Coreflood botnet – designed to illicitly log keystrokes or install ‘back door’ access to your PC in an effort to harvest username and passwords for online banking and retailers where you might have stored payment details.

Additionally it is advised not to save sensitive passwords in web browsers. If a laptop or a phone is lost or stolen, the thief would have a full list of passwords and personal information they can use for malicious activity. It’s not just a few rogue investigators looking to do this; these same tactics are regularly in use by criminal gangs and individual fraudsters trying to rip-off the general public.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Christopher Boyd is a Senior Threat Researcher for GFI Software. He is also a 6-time Microsoft Most Valuable Professional (MVP) awardee for Consumer Security and former Director of Research for FaceTime Security Labs. He has given talks at RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure. Chris has been credited for finding the first instance of a rogue Web browser installing without permission, the first Twitter DIY botnet kit, and the first rootkit in an IM bundle. Chris is regularly quoted in relation to his work on gaming security issues.