'Information is currency'

Nearly half a million Yahoo mail accounts were most recently hacked by a group. Due to security breach, the email addresses and passwords — supposedly known only to account owners — were leaked and might have been used for illegal, if not criminal activities. 

The hackers behind the attack were reportedly traced to a little-known outfit calling itself the D33D Company. It stole the “unencrypted passwords reportedly using an SQL injection — the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.” The Ukraine-registered website associated with D33D Company, however, could not be traced. Its contact form was inoperable while an email address and phone number attributed to the site’s registrant appeared to be invalid.

I just don’t know if those hacked Yahoo accounts included mine. A few months ago, my Yahoo account was used by someone pretending to be me and sent out email to all people in my “contacts” list.

Purportedly, I was robbed somewhere in Spain and that I lost all my money and passport. The con artist asked people in my “contacts” to help me get out of a tight financial fix so that I could return home in the Philippines. The hacker even gave specific instructions where to send their euros through fund transfers supposedly under my account’s name in a bank in Spain. 

Since some of my “contacts” know that I am a journalist who sometimes travels abroad for coverage, the letter-sender could really deceive them into sending their financial aid to help a friend in distress in a very far place. Thankfully, a few of these people either called me up first to check if indeed I was really in dire straits in Spain. On the other hand, some tech-savvy friends alerted me that my email account might have been hacked.

It took me a while before I was able to recover and restore my hacked Yahoo account with the help of my tech-savvy son. I have to re-do my “contacts” — email addresses collected through the years as a journalist — but many were lost forever.

My recent experience with these hackers came to mind after administration allies in the 15th Congress warned their colleagues against further delay in the passage into law of a long pending bill that seeks to define and penalize “phishing,” or the act of securing personal information for fraud in cyberspace. “Phishing,” as defined under this proposed law, is an act of securing personal information such as username, password, bank account numbers, and credit card details for the purpose of using it in fraud, or for participating in fraudulent business practices, or for the purpose of identity theft and misrepresentation.

Amid the alarming rise of illegal Internet activities in the country, pro-administration Reps. Mariano Michael Velarde Jr. and Irwin Tieng of the Buhay party-list have earlier filed House Bill 6199 or the “Anti-Phishing Bill of 2012.”

There are two related bills pending approval in Congress. One is Senate Bill 2796 otherwise called “An Act Defining Cybercrime, Providing for Prevention, Investigation and Imposition of Penalties thereof and for Other Purposes,” and the other one is House Bill 5808 or “An Act Preventing Cybercrime, Providing for the Prevention, Suppression and the Imposition of Penalties Therefor and for Other Purposes.” 

The Senate has already passed on third and final reading their Anti-Cyber Crime bill as early as January this year. SB 2796 also mandates the creation of an Office of Cybercrime under the Department of Justice. A National Cyber Security Coordinating Council shall also be established under the Office of the President for the creation and execution of a national cyber security plan. The Information and Communications Technology Office of the Department of Science and Technology shall likewise create a National Cyber Security Center to help in the formulation and implementation of a national cyber security policy.

If finally signed into law, penalties of fines and imprisonment will be meted out to anyone convicted of any offenses defined by the Anti-Cyber Crime law.

Browsing through the social networking site, may I share the “Internet safety alert” issued by the public information office of the Department of National Defense. Since they are the experts on security, the following tips could perhaps help us while Congress has not yet come up with laws against these cyber criminals:

“Just a safety precaution, best preventive measure is to update and replace your passwords now and on a regular basis. To help keep yourselves and your private information safe, here are three quick tips that can help limit the risks you face when situations like this occur.”

1. Use multiple different passwords: If you use the same password for everything (i.e. Facebook, email, online banking etc.) then if there is a security leak with one of those companies, suddenly all of your accounts are in danger. To avoid this, try to use different passwords at different websites; that way if a password is compromised you don’t have to worry about all your other accounts being broken into.

2. If you change your passwords on a regular basis it provides online thieves a much smaller window to try and break into your account. This will help keep your account secure and can also help if an old password has already been compromised.

3. Use more secure passwords: Sometimes when a security breach happens, cyber-vandals are only able to break into accounts that have very easy passwords. To help prevent this, try to make your password harder to guess. Try to include, numbers, letters, upper-case characters and if possible special symbols (such as !,@,#, or $). 

Don’t open suspicious e-mail coming from unknown senders and sign out after surfing, STAR technology editor Antonio Paño further suggested.

While our email accounts are not like bank accounts you can dip money from, such identity theft could be a veritable source of funds, too. Information is currency, as it can be turned into money.

That is especially true for those with criminal minds who ply their nefarious trade online. These criminals are operating unabated up to now, free and loose in cyberspace.