• Home
• /
• Opinion

Stay safe, be paranoid about online security

It was just another day at work. I stepped out to order my regular lunch from my regular restaurant with my regular credit card. There was nothing extraordinary about it. Except that my credit card was declined. Repeatedly.
I was perplexed because there were no payment dues. I initially thought that perhaps the card swiping machine was faulty or there was a system failure. Later I learnt that someone had been racking up online purchases using my credit card in two different countries at about the same time. The bank luckily discovered this anomaly in transactions, and promptly blocked my card.
Despite all the secure mechanisms, some websites allow for transactions without a two-factor authentication. They do not need the OTP code that you get on your phone. In my case, the timing of the transactions couldn't have been more fitting - at the stroke of midnight when I was fast asleep and would not notice the SMS notifications about the transactions.
A few days later, someone called my bank, managed to get past the security checks, blocked another card of mine and sent me a message to call a mobile number and update the details to unblock it. Now I was obviously more vigilant. I promptly reported the matter to Dubai Police's Cybercrime section.
I had this frightening realisation that someone had gotten hold of my personal details. I suddenly had the urge to turn Amish and go back to good old cash. One can never be too safe. Admittedly, I have been liberal with online purchases on my card as my penchant for online shopping has grown.
You don't have to be the richest person on the planet to be vulnerable. You needn't have ticked off the likes of Ocean's Eleven, and yet you could lose your life savings. Your bank account or your credit card details could be part of a large database that was hacked or stolen. To the hacker, you are just a number. To you, the hacker could be the difference between a comfortable retirement and lifelong hard labour.
Criminals are using the dark web to mask their activities. Before your curiosity gets the better of you and you are tempted to have a peak at the dark web, know that it is where crooks of all shades congregate online. In this parallel online universe, all sorts of nefarious activities happen. The websites that operate in these seedy parts of the Internet can largely be accessed by a special browser called Tor, which has multiple layers of encryption, making it almost impossible to know the origins of the websites.
The Tor browser employs what is called an onion routing technique, where a communication circuit consisting of three nodes is forged between the client and the server. The data is encrypted at each node when it moves in this circuit. It masks the actual IP address of the client and enables a user to anonymously surf the websites.
Cybercrime units across governments are trying to grapple with this growing menace by indexing, sorting, and cataloguing the dark web to bring it under their surveillance. They are collaborating across countries to find the hidden services.
Ironically, it was originally created by the US government for spies to exchange information anonymously. Later, US Navy researchers released Tor into the public domain so that spies' activities could be harder to trace if other people were using it. Now it is used to sell guns, drugs and every conceivable illegal material. The data being sold on the dark web tells us how vulnerable we are.
Recently, hackers put up for sale on the dark web some 617 million account details from 16 websites. Fortunately, they don't include credit card details. In these shady corners of the Internet, your profile could be on sale for less than $2.
Who are the buyers? These could be hacker outfits conducting cyberattacks, even companies tracking consumer behaviour, or political rivals. One set of hacker leaks the data with encrypted passwords, another group decrypts it, and a third group stores it in a repository for future attacks. Sales are done using cryptocurrencies.
It is therefore safe to assume that our information online is unsafe. It is a fact that mid-small companies need to be made more accountable for data breaches. As individuals, we need to do what is under our control. We could perhaps think like criminals to preempt them. That is what happened in classic police-thief pursuits. But that is hard given the kind of sophisticated tools they have at their disposal. We can't beat that.
So, it's best to think like a security officer of an organisation and take all possible precautions. We must conduct our online shopping on well-known websites. At times, even these could be subverted despite their military grade security system. Let us not save credit card details online for future purchases. Let us voluntarily block our plastic money when we are not using it. It is important to share our experiences so that others can be careful. Because there is nothing absolute about online security, let us be a little paranoid.
Shalini Verma is the CEO of PIVOT technologies