The television series CSI Cyber, based in Washington (USA), which presents cases that until recently were only science fiction, is based on real events.
Live-streamed kidnapping, student bullying, extortion, identity theft, customer lists, industrial espionage, the hacking of defence systems and access to bank accounts are among the internet crimes that a team of specialised police officers must solve.
On the other hand, hackers who are able to get past the barriers set up by computer security systems are at the root of the problem.
Uruguay, like others, also receives this type of attack and the number is increasing year after year. According to official data, in 2015 there were 577 computer incidents (attacks via the internet), of which 30 were of high severity and three of very high severity, i.e. capable of affecting the operations of an institution.
The overall number showed that the problem grew by 20% compared to 2014.
Santiago Paz, director of information security at Agesic, the Agency for Electronic Government and the Information and Knowledge Society, told El Observador that in the first half of 2015, what is known as RamsonWare attracted attention.
This is a hijacking of user data on the Internet. A virus is used to encrypt all the information on a computer and then a ransom is demanded so that the person can regain access to their folders.
Paz said several Uruguayans paid between US$1,500 and US$2,000 to get the information they had, including photos of her children.
The manoeuvre was carried out from the outside and the investigation did not find the fraudster. Hackers also use bitcoins as a digital currency, with which they can make online transactions. They can also convert them into hard cash.
In Uruguay, most of the attacks received (45%) are Spam-Phishing, attempts to deceive users, for example, by redirecting them to pages identical to those of the bank they are customers of.
The moment you enter your password or PIN on that other page, the hacker gets hold of your personal information.
«Lo más atacado es donde se puede monetizar rápido el resultado», explicó Paz, quien por los acuerdos de confidencialidad de Agesic no puede dar a conocer los nombres de las instituciones afectadas.
Phones
Los teléfonos celulares inteligentes también son hackeables, dijo Paz a El Observador. «La tendencia», explicó, muestra que la mayoría de los ataques vía celular no son sofisticados, sino que buscan engañar al usuario que baja determinadas aplicaciones. Es «hackear a la tienda», a la tiendaa Apple, Google o Android que obviamente buscan evitar que ese tipo de aplicaciones estén disponibles en sus sitios.
Uruguay ranks well internationally for its IT security capacity. This definition takes into account, among other aspects, the country's legal framework and its institutional framework, as well as the fact that it has an attack response centre.
The International Telecommunication Union ranked Uruguay second in Latin America behind Brazil, which is the safest of all.
Of the 577 computer incidents in 2015, 214 were reported to Agesic by those affected, and the rest (363) were detected by systems that search for anomalies in the network.
Para prevenir ataques, desde Agesic «se monitorean permanentemente» más de 500 sitios web del Estado, y actualmente se demora 10 minutos en detectar uno.
The internal communications network linking 150 public offices is also monitored, where data traffic is analysed for suspicious movement.
In addition, Uruguay has signed protection agreements, known as HoneyNet, which are sensors distributed over the internet that notify of possible attacks, Paz told El Observador.
Testean sistemas con «hackeo ético»
The idea of recent governments to have an e-government that will mean that 100% of transactions will be done online, as well as paying bills online, is a challenge for those working in security.
En ese caso se está haciendo un «hackeo ético» que son ataques simulados para ver cómo responde el sistema.
The middle man scam
The man-in-the-middle scam has gained notoriety on the Internet. The manoeuvre consists of intercepting a communication between two parties.
The attacker controls communications (e.g. emails) without the other being aware of it. This has occurred in conversations between individuals and also between companies negotiating a transaction.
If the attacker gains access to one of the emails, he can change the account number of the running business to one of his own and divert the money from the transaction to keep it for himself.
To avoid being tricked, authorities recommend avoiding connecting to unknown wifi networks, as users can be tricked into visiting phishing sites to gain access to their email accounts.
It is also suggested not to send confidential information by e-mail; and to change the password every few days.
When entering personal or sensitive information, check that the site's URL begins with https and verify that the certificate is valid. This is validated by clicking on the padlock to the left of the site's web address.
Source: By Leonardo Luzzi for portal El Observador
Connect