Antivirus software is something that many online shoppers have come to depend upon, so it must come as a bit of shock for users of the Lush website to find their credit card details being attacked by a gang of determined cyber hackers.

Indeed few would doubt that anti virus is not a good idea, but it’s not just the individual computer user which has to be careful – companies and their websites need protection as well.

Lush is a cosmetics website and it would appear that it was penetrated over a four month period spanning October 2010 to January 2011. The site was brought down by the management on 21 January, 2011. It’s usual Home Page was replaced with one that mentioned the attack. It told users of the website that anyone who placed an order between the start of October (4th) and near the end of January (20th), should now contact their card’s issuing house to ensure that it had not been compromised.

A number of Lush customers have reported problems with their cards and say fraudulent transactions have happened since using the compromised website. The Lush Facebook page took the full vent of some customer attacks as they complained that the problem had not been spotted early enough, taking place as it did over four months, and that they were seeking compensation from the company. It was not only the fact the cards might have been used by someone else, but that just the mere threat of a fraudulent charge meant that cards had to be cancelled and renewed.

A security expert told the BBC:
“I was initially alerted to the attack by one of my own friends whose card, along with her husband’s, have subsequently been used to make fraudulent purchases totalling almost £6000 from well-known online retailers. The risk of these stolen card numbers being used by criminals has already moved from the theoretical to reality.

The Lush management said that more had been done to stop the problem than might at first be apparent to its customers. A director of the company, Hilary Jones, explained that they had first become aware of the issues on Christmas Day and the site was brought down promptly. Then management set about discovering the intentions of the hackers, whether to steal money, or just be awkward.

The first sign of trouble came when large numbers of small transactions began to appear. This is a way that hackers ‘test’ a credit card to see if it is ‘live’ and worth exploiting. What’s more, she emphasised that during the four month period the site was not penetrated all the time, but that was the time needed to safeguard their customers.

She said: “As an ethical company we could not keep that information to ourselves. We had to tell a huge raft of customers. We really want to make sure we cover all possibilities. We wanted to tell more customers than less.”

The Lush website has since been replaced by a new online shop and payments will only be accepted through PayPal, which just goes to show, that all companies must also make sure they have the best possible security software.

Guest Article by Neil Camp 

Worries about internet security were notched up another gear as Facebook blamed a bug for an apparent case of Zuckerberg hacking.

Internet security is a constant worry for all users of the web so to hear that Facebook had been targeted again only heightens concerns about overall security.

The BBC and a few tech sites reported that what was described as an ‘odd’ posting which claimed to have come from Mark Zuckerberg, the founder of Facebook.

The 26-year-old American who has made billions from Facebook apparently made a posting to a fan page which is said to have called for the website to become a social business. And one which does not require the backing of the world’s financial markets. This was obviously a reference to recent stories about a possible Facebook IPO which would give a public company status.

The posting read:
“Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Prize winner Muhammad Yunus described it?”

Facebook issued a statement saying:
“A bug enabled status postings by unauthorised people on a handful of pages. The bug has been fixed. It was a handful of public Facebook pages and no personal user accounts were affected.”

The posting was not Mark Zuckerberg of course, but the fact that the erroneous message was the result of a hacking, won’t endear many to the website’s ability to beat off attacks.

The Muhammad Yunus referred to in the message is the founder of the Grameen Bank. This acts as a loan institution to individuals who have business ideas, but no collateral to get started.

The fake post pulled in 2,000 comments before it was brought down and software security company Sophos say that the page in question, which has three million fans, has been moved to a new address.

A spokesman for Sophos told the BBC:
“It’s quite possible that other people than Zuckerberg had access. It could have been one of those that got hacked. I can easily imagine that something like that could have happened. The other possibility is that [Mr Zuckerberg] strode away from his desk for a while and someone grabbed it and typed the message in. Although you wouldn’t think that would do much for their job prospects.

“As a general rule this can happen to anyone. Just because a person is famous or well known doesn’t mean that everything that is posted from their account is legitimate.”

It is said that French President Nicholas Sarkozy suffered a similar fate recently when his account was hacked and message released saying he was resigning. Experts are worried that tools like Firesheep make it easy for people to grab login information for unsecure websites.

With incidents like this, worries will continue about the current state on internet security.

Guest Article by Neil Camp 

Social networking is a popular online activity. Millions of people have social profiles on sites such as Facebook and Twitter. Due to their popularity these sites they are prime targets for cyber crime attacks. Internet security threats via social networks are on the up, so it is essential you are aware of the risks. 

Twitter and Facebook are very appealing to hackers as they are very easy to reach millions of computer users very quickly. Internet scams and spam messages are sent from supposed “friends”, which instantly give a false element of trust. When browsing your favourite social network typical behaviour involves clicking shared links which if caught of guard could harm your computer. 

As well as social networks being used to spread links which direct you to sites with malicious code and fake antivirus software, your data can be harvested to be used for fraudulent activity. As these attacks are becoming increasingly common luckily a lot of social network users are becoming wise to suspicious activity. 

The reason for the growth in social networking internet security attacks is due to the continued improvement in spam email filters, coupled with the fact computer users are becoming more email security conscious. People realise when they have received a scam email as the same old tricks have been used by Internet criminals for years now. 

Social networking remains a relatively new phenomenon. Many young people use them who do not have internet security high up on their agenda. Sometimes scam messages will come from friends’ accounts which have been hacked so it can be difficult to spot harmful content.

According to the National Fraud Authority in the UK threats to internet security threats from malware and spyware via social networking has increased 90% since 2009, whilst spamming has doubled over the last couple of years.

To protect you and your computer whilst using social networks, be wary of any links to stories or videos that sound too unbelievable. Also be aware of people who want to connect with you who you don’t know.

Guest Article by Louise Goldstein

The mantra from the computer security industry has always been buy antivirus software, and these are wise words considering the number of concerted attacks on systems and websites.

One of the latest attacks, and one which enforces the buy antivirus software mantra, was directed at online gossip website Gawker Media. The hackers managed to get into Gawker servers, and the result was that 1.3 million user account passwords were compromised in the attack. The hackers then posted the file with all of the details onto a file-sharing site that has been associated with the infamous 4Chan.

To add insult to injury, the group ‘Gnosis’ released a file taken from Gawker on the file-sharing website Bittorent, and more passwords were put at risk.

With the passwords at their fingertips, spammers got into thousands of Twitter accounts and used the opportunity to advertise dieting pills. Although the motivation for the attacks has not yet been ascertained, it is not the first time that Gawker has suffered in this way.

In the past it has also been used to attain passwords, that are then used to hack into Twitter accounts and publish messages of support for the whistle-blowing website Wikileaks, most likely in response to Gawker’s publishing of blogs that are critical of Julian Assange, Wikileaks’ founder.
Graham Cluley, a consultant at security firm Sophos, highlights the dangers of a password being discovered: “Anybody that has had their Gawker account details published can expect to be targeted by other hackers. Every identity thief, hacker and spammer out there will be attracted to that password file.”
Rik Ferguson, a security research at Trend Micro, highlights a problem that has led to so many passwords being accessed so easily: “It’s all too common that people use the same password for multiple accounts.”

Internet security advisors and websites are therefore continuing to stress the importance of using varying and complex passwords. Users are encouraged to not be put off by having to remember difficult passwords; all passwords, Mr Ferguson claims, can be made simple to remember. This is particularly poignant advice, as in the latest attack on Gawker, the passwords that were used by spammers were the ones that were simple, and therefore easy to decrypt.

Harvesting passwords and allowing spammers into peoples’ accounts is a fluid and increasing activity, and although in this case it was only social network accounts that were affected, it could have been much more serious information that was accessed. For banking details and other personal information, more complicated and safer passwords are a necessity, stress industry officials. This, combined with the right kind of software, can help keep your most personal details secure. The mantra buy antivirus software has never been more relevant in today’s world of sophisticated hacking.

Guest Article by Neil Camp 

Antivirus firewall software is not going to stop internet surfers accessing websites that sell fake, or unlicensed medicines, but the US Government is determined to target such operations.

The problem is that antivirus firewall software cannot determine the legitimacy of online products, especially those selling pills, and although it will guard against malicious attacks, the confused consumer can easily be tricked. This is the concern of the US government, who have given a solid promise to try to shut down web stores that sell a various array of pills and drugs.

Alongside their promise for affirmative action, they also hope to educate internet users about the dangers of trusting such websites, and buying potentially harmful drugs over the internet. The numbers of users who do buy pills over the internet tally to nearly 36 million, and that is in America alone. These unlicensed pharmacies are not only illegal, but dangerous.

Victoria Espinel, US intellectual property enforcement co-ordinator, says: "Those who sell prescription drugs online without a valid prescription are operating illegally, undercutting the laws that were put in place to protect patients, and are thereby endangering the public health. It is a real wake-up call that so many Americans have engaged in this dangerous behaviour.”

It is not only the US government that has pledged to help in the crackdown; internet search engine giants, net hosting companies and payment providers have all given their backing to the government’s drive. Google, Network Solutions, Visa, MasterCard and PayPal have all given their names to the operation.

With these names, combined with the power of the government, the US hope to target every area and block up any gap that may lead to unlicensed pharmacies selling their illegal and dangerous trade to online users. A variety of methods will be used: for example taking websites offline, delisting domains known to be used by unlicensed pharmacies, and even stopping payments from getting to their pockets. By taking this proactive approach, they hope to quash this alarming trend.

Of course, the question must be asked as to why so many Americans risk their health by using unlicensed pharmacies online. It has therefore been decided that, alongside the crackdown, research should be taken to see why Americans buy pills online in such alarming numbers. Drugfree and the Alliance for Safe Online Pharmacies are part of the team undertaking research.

Steve Pasierb, president of non-profit Drugfree.org, says: "The abuse of prescription medications is one of the most troubling public health problems in our country today.”

It is hoped that by combining a proactive crackdown with research, and with education campaigns, the trend for Americans to buy pills over the internet from unlicensed pharmacies can be reversed. In this case, technology such as antivirus firewall software is not the answer to the problem, but it is hoped that a concerted human effort will bring down illegal pill-peddlers in the US.

Guest Article by Neil Camp