There are basically two ways to gain unauthorised access to any program, computer file or server over the internet, Peter Barbas, the managing director of Data Enhancement Solutions, an internet security and transaction management systems company based in Johannesburg, says.
The most difficult way is to try and "hack" into an organisation's file server or personal computers (PCs). This is a direct and aggressive invasion to gain access to privileged information. The probability of detection is high because most servers have early warning systems to alert the organisation's computer administrator of such an invasion.
The second, more effective, way to access your computer is for the fraudster to "steal" your user name and log-in details. This is done using computer programs called spyware. Spyware can gather information about you, such as your internet banking log-on details, by clandestinely monitoring your PC using methods such as "keystroke tracking".
Once the fraudster has your details, the chances of detecting this type of access are low, as you first have to alert the administrator (the bank) of a change in the information status, for example, an unexpected withdrawal from your bank account. The administrator cannot distinguish between you and a person using your online identity.
In the case of the defrauded Absa Bank clients, if the access had been gained by hacking into the bank's computer system, the bank would probably have noticed immediately. However, by using the real user name and log-in details of Absa's online banking clients, the theft took place without the bank being immediately aware of it.
It is up to accountholders to alert the bank of the discrepancies in their bank accounts for Absa to track the perpetrator, Barbas says.
In order to gain access to your computer, spyware must be installed or install itself on your PC. This can be done by a virus, an unauthorised email, a cookie (a small file placed on your computer by a website) or software you download from the internet.
Barbas says spyware has been around for over 15 years, but has become more sophisticated over the years. It is freely available on the internet and can be used for less malign purposes than fraud.
Police forces and webmasters use spyware to catch internet users who download and disseminate child pornography and other illegal content. Governments, employers and parents can use it track the internet behaviour of their citizens, employees and children.
Barbas says an estimated 82 percent of internet users have some form of spyware operating on their computers.
It silently gathers information on you and your computer and when you connect to the internet, the information is fed back to a collection point for the spy to sort through. From here it is simple to extract user names, passwords, times, dates and other information.
Many forms of hi-tech protection are available, such as triple password systems for logging on to secure sites, electronic signatures and random password associations. However, if a person has access to your PC and your personal information or online identity, the effectiveness of these solutions is limited.
Unfortunately, as with computer viruses and even more so with spyware, the only sure way to protect yourself and your PC is with a proper "anti-spyware" software package. These can be downloaded from the internet or bought from companies specialising in internet security applications, he says.
Spyware doesn't always show up in the form of a virus or an actual file. In many cases it is attached to a program running in the background that the user is not even aware of.
Most computers that have this form of spyware running have anti-virus software, and users aren't aware anything is happening in the background.
The only sure way to detect this type of software is with specialist anti-spy software which can be purchased at commercial software outlets. This type of software is aimed at sniffing out and eliminating keystroke trackers and other information-gathering systems.
How spyware proliferates
You are most likely to receive spyware in the following ways:
- Internet software downloads;
- Freeware products downloaded or installed from giveaway CD-Roms;
- Unsolicited emails from recipients not known to you;
- Cookies and other temporary internet files placed on your computer while browsing the internet; or
- Viruses, worms and trojans, which are all variations of malicious programs.