Rethinking Internet Security at a Time when Hackers think Nothing of Hacking into YouTube

How do you know that surfing the Internet is getting more risky by the day? You know, when the website of Matt Cutts, search engine guru, and Google genius, has a warning attached to it on Google that it may have been compromised. This happened a few days ago, as people searching for the Google head's website found out. It's happening to thousands of websites that haven't secured themselves properly; hackers and criminals take control of these websites and try to attack anyone who visits then. Google hates to be directing its searchers to websites that may harm them. And so, these days, you see a new kind of internet warning on certain websites. It says “this site may be compromised”; and it's a warning that means that Google believes that some intruder may have taken control of the website. And this is on top of the warning that Google gives you when it is completely positive that there is a website that is distributing viruses.

You would be surprised at how far criminals can go to make an attack possible. They will for instance, design a website and maintain it for months until antivirus Internet security packages and search engines around the world begin to recognize that website is legitimate. After maintaining that website for many months and getting a clean chit from the Internet security packages and the search engines, one fine day (usually a Sunday when there are no tech staff at work who can fix anyone's computers or recognize an attack), they will put lots of viruses on the website. The website then will only stay up for that one day and try to infect whoever comes by on that day. The criminal will then take that website down and start with an all-new website.

So how far have these criminals succeeded in infecting websites and commandeering them? So far, they've been very successful. In fact, 75% of all phishing attacks on the Internet come from legitimate websites that have been taken over. They just look for websites that seem to have poor defenses. They know that on reputed websites, people feel safe enough to use the same login name and password as they do for their banks and credit cards. They know that once they get a few login credentials from a reputed website, they'll have at least one or two that will open bank and Facebook accounts. And once they get on Facebook, they'll tap all of a person's friends and try to get some financial information out of them. Websites like YouTube and Bebo are under particular attack.On Bebo for instance, not long ago, users came up against a very well-done animated page that looked completely official. It directed them to enter their financial details in a form it provided.