By Steven J.J. Weisman
BOSTON — As reported in Talkers earlier in May, Washington D.C. radio stations WTOP and Federal News Radio had their websites hacked resulting in the possible infection of anyone who accessed the two websites using the popular Internet Explorer web browser prior to the discovery and correction of the problem.
The hacking of these two websites is particularly insidious because unlike infections that occur when a computer user is lured to a phony infected website set up for the specific purpose of infecting unwary computer users — a technique called “phishing” — in this case, the computer users were infected when they went to legitimate websites that they believed were trustworthy.
One of the two malware programs that became installed on the computers of those people who used Internet Explorer to access the websites of WTOP and Federal News Radio resulted in the victim having a pop-up message appear telling him or her that their computer was infected with a virus and then provided a link to a website offering phony security software and invited the victim to order the software by providing credit card information. This is a common scam. You should not click on the link to go to the phony security software website and you certainly should not provide your credit card information.
Vulnerabilities in Adobe Reader, Adobe Acrobat and Java 7 software were exploited by the hackers to infect the two targeted websites. Java software which is widely used by many companies and individuals has been both a great benefit to hackers and a danger to computer users in the last few years. According to the security software company, Kaspersky Labs, flaws in Java software has been responsible for half of all cyberattacks last year. The situation has gotten so bad that in January of 2013 the Department of Homeland Security advised people to disable Java and although Java issued updates to correct 42 separate vulnerabilities in April, many computer experts are still skeptical as to the safety of using Java. Also according to Kasperksy Labs, the much used Adobe Reader was responsible for 28% of all cyberattacks last year.
So what do you do?
When you are up to your ass with alligators, it is hard to remember that your original goal was to drain the swamp so the first thing you should do is get rid of the alligators, or in this case, the malware. Here is a link to an alert provided by the Department of Homeland Security with links to software to enable you to update Adobe and Java software: www.us-cert.gov/ncas/alerts/TA13-141A.
You also should always make sure that you have a proper Firewall in place as well as security software that is automatically updated as well as anti-malware software that also should be automatically updated.
But that is not enough.
As we have seen by recent hacking into major media outlets such as CBS, the New York Times and AP among many others, media outlets are more and more becoming a target of hackers. Yet too many companies still do not take the proper precautions to protect themselves and their customers. The problem is not as bad as you think – it is worse. In a future column I will provide a framework for what media companies should be doing to protect themselves.
Steven J.J. Weisman, a practicing attorney, is a senior partner in the talent management firm Harrison Strategies, LLC. He is also legal editor for TALKERS magazine and publisher of the website www.scamicide.com. He can be e-mailed at: email@example.com. Steven J.J. Weisman is available as a guest to discuss the subjects of identity theft and scams. Meet Steven J.J. Weisman at Talkers New York 2013 on Thursday, June 6.