Unless you've been living on the moon for the past week, you'll have no doubt heard of the “Panama Papers Breach”, a potentially career-limiting data exposure that seems to be affecting (very rich) people all over the world.
Well, there's a chance that it could have been caused by simply having an out-of-date plugin on their website. Yes, you know you get all those alerts on your site saying “this plugin is out of date”, it may need to have a bigger warning to the effect “you really should update it now or face having all your information stolen and leaked to the Daily Mail.”
Because who wants that?
The Problem With Old Software
A mistake that many people make is to believe that the only problem with out-of-date software is that it might not quite have as many features as the newer stuff. Take, for instance, Adobe PhotoShop. People are still using version 6 because it does the job, and there's nothing wrong with that.
The thing is, for software that allows you to change the colour of your photos, it's all well and good. Most updates to PhotoShop are to make it do things that you never thought you'd ever need to do, and you're probably right, so there's no need to upgrade.
It's very different for software like operating systems, though. Many people are steadfastly refusing to upgrade from WindowsXP. Now, Microsoft is pretty clear in their support of it, in that they don't. They might fix the odd bug if one crops up, but eventually, that version of Windows will be left to rot and if you stick to it because you like the colour of the start button, well, you're asking for trouble.
And it's even more critical for web based software.
Attack of the bots
Web sites are constantly under attack.
Yours is being attacked right now. A good proportion of your traffic is from bots that are knocking at the door, sliding cards into locks, peeking through windows, trying to find a vulnerability and when they find it, boom, they're in.
We install security software on our sites, and it informs us when something's going on. One of the alerts is a “site lockout notification” and this is when someone or something has been trying a number of ways to log into a site and been unsuccessful. After a certain amount of attempts, the site will block their IP address completely, so they won't even be able to see the login page.
For one site in our network, I get about 50 alerts a week.
First off, let's get one thing straight. It's unlikely that a person has anything to do with it. It'll be other software bots that are doing all the work. These computer programs will be trying thousands of websites a day trying to find a vulnerability, so it's nothing personal.
When it finds one, it will then try a number of ways to exploit it. A common attack is to upload a file which will then enable the hackers to send thousands of spam emails from your account, very often containing viruses, malware or phishing attacks.
But, it could be more sinister than that.
In some cases, the hackers (by the way, see the note below) who have set up the bots will have specific targets or patterns that they're looking for.
Their bot might alert them to a particularly interesting exploit for example.
It might start as a simple attempt to take over a server to send spam, but after a successful hack and then a port scan on the victim's site, it might discover that the website is actually on a network containing other computers. That's when someone might get involved to see if they can get into those systems. It's when the real fun begins.
All because of an out of date plugin.
And it appears that might be what happened here:
Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause
Mossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.
Scary stuff eh?
Already this is causing political repercussions and the Icelandic prime minister Sigmundur David Gunnlaugsson has recently been replaced after his links to dodgy investments was exposed. David Cameron is also facing calls to explain his part in it, not to mention Putin's involvement.
Of course, your site is just telling people about your fantastic plumbing supplies; you don't have lots of documents on your site telling people about weapons of mass destruction, your off-shore millions or the secrets of local politicians you recently photographed in compromising situations.
So what's the worst that could happen?
How about you receive a warning like this:
What that's saying is that Google has had enough of your dirty site's ways mucking up its index, so it's going to kick you out. That's right, you're out of the Google search results and you better sort your act out.
It also states that when someone visits your site using the Google Chrome browser (one of the most popular browsers don't you know), they'll get a warning telling them that the site is unsafe. You're unclean.
So there goes all your traffic then. And your reputation and credibility, too.
All because you didn't update your site.
Not good, is it?
How to Prevent Attacks
First off, make sure your plugins are up to date. I know it sounds obvious, but often the most obvious things are the ones that are overlooked.
At least once a week, log into your site and check for out of date plugins and update them. It takes seconds, and it could mean your site is safe from prying eyes.
Secondly, consider using a security plugin. We like these ones:
Thirdly, consider using a hosting company that has a focus on security. We use Krystal, and they let us know every day when there's a problem with out of date software, or if viruses have been found. They also have a system whereby they will intercept attempts to attack your site before it even gets there.
However, none of these will give you 100% protection because hackers are a smart bunch. Or at least a persistent bunch. But, you shouldn't make it easy for them.
Go check your site now.
Let’s clear something up.
“Hackers” is a term used for the bad guys who break into computers, steal account details and bring down governments. However, it’s wrong. The term for that is actually “cracker”. As noted here:
A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.
That’s what I was describing above. It’s “crackers” who are the bad guys, the Panama Papers weren’t the subject of a “hack”, they were the subject of a “crack”.
Thing is, Hollywood gave us Sandra Bullock “hacking” into “The Net”, whatever that was. And the news prefers the term hackers because it sounds good. It’s like someone is hacking down a digital door or something.
But, hackers are this:
A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data.
Those are the good guys.
However, if my article above used the term “cracker” all the way though, you’d probably think these papers were found by Robbie Coltrane in his role as a psychologist with the police department or something.
Tch, the English language eh?