Don’t Let Identity Thieves Have A Happy Christmas
December 2007 by Marc Jacob
While it is allegedly better to give than to receive, many people purchasing presents on the Internet may be unwittingly giving the gift of their identity to fraudsters. The good news, however, is that Manchester-based Global Security One (GSEC1) is launching XGate 2.0, the only wireless Internet security device which tackles threats before they reach your home PC.
"Our hardware device will disappoint crooks who were hoping that Christmas had come early, as it can thwart phishing, pharming and attempts to hack into the PC or laptop," says Mark Brooks, speaking in the run up to the launch at Manchester’s Trafford Centre on the 8th and 9th December. "XGate 2.0 is a single unit that provides wireless internet connectivity to home PCs and Laptops, and supports both ADSL and Cable connections through one device.*. A single unit can secure up to five wired or wireless computers."
Most online fraud occurs as a result of phishing, a technique that mimics a genuine website such as that of a bank. It entices genuine account holders to part with sensitive information like account numbers or credit card details that are later used in fraudulent purchases.
"The XGate 2.0 Secure Banking module provides stringent protection against phishing attacks," explains Mark. "Generally, the phishers compile an email requesting that the intended victim updates his or her account details. The email looks genuine on the face of it and a percentage of recipients historically click on the email link. They are transported to a site which again appears genuine, where they enter all their details, sometimes including passwords, blissfully unaware that this valuable information will be stored by the phishers in a database for fraudulent use.
"XGate 2.0’s Secure Banking module deploys a number of technologies to thwart the phishing attack, developed as a result of GSEC1’s expertise in countering online crime.
Many phishers will create a site which looks like the real deal, but they will not own the domain name, for example www.xgate.com and so will rely on an IP address.
"The Banking Module features a dynamic database storing the real domain names and thousands of phishers’ IP addresses," continues Mark. "The module makes a millisecond comparison and blocks the consumer from the fake site, thus eliminating the opportunity for them to pass their precious data to the phishers."
This poses the same threat as phishing, however it is far more sophisticated in its approach, which means it is less noticeable to victims. Identity thieves attack computers that connect to network hardware using factory installed passwords.
Mark comments: "The pharming attack redirects a user to fraudulent sites once they have visited a booby-trapped webpage. Pharming changes the Domain Name System (DNS) which is a system that computers use to translate a web address such as www.xgate.com and then take the surfer directly to the specific computer that contains the website.
"Instead of the DNS sending users to the legitimate banking sites, it directs them to an imitation site, where they will be asked to enter their login credentials before being informed that the site is currently down. The unsuspecting user is left in the dark to the fact that they have just passed their details to fraudsters."
The attack relies purely on a user not having changed the default password on a piece of hardware such as their modem provided to them by their Internet Provider. Up until now, the easiest way to change has been to either refer to the user guide or contact the Internet Provider. However, even though users can change their passwords, it is only a matter of time before another trap is set and banks and consumers alike are being defrauded of their money.
The XGate 2.0 does not rely on the Domain Name System (DNS) referring the surfer to a bank’s specific computer. Rather, it is pre-programmed with the particular address of the computer it needs to contact and so it is able to guide the surfer directly to that machine. This revolutionary approach means that attacks such as pharming pose no threat, as the XGate 2.0 cancels out the threat.
The XGate 2.0 retails at £89.99 and will be available from 8th December via Amazon, Zavvi Entertainment (formerly Virgin Megastores), Maplin, and dabs.com.
XGate 2.0 is compatible with the 802.11g industry standard 54mb per second for wireless and it will support 802.11n at 125mb per second once that standard receives approval. It offers additional levels of security beyond traditional wireless solutions offered by ISPs.
PCs and laptops communicate via IP addresses. Should a user connect to the Internet wirelessly without security the hacker can see the IP address, create a similar IP address and then hack into the box to see the computer. There are three levels of security:
WEP Wired Equivalent Privacy - a password based system where any data that is sent contains the full WEP password. Crackable within 60 seconds.
WPA Wi-fi Protected Access - another password based system but unlike WEP, WPA uses the password to generate a new random password everytime data is sent and is therefore more secure.
WPA-2 - this is more secure still using a password to generate a random algorithm to produce a unique identifier. This would require vast computing power and time to hack.
Traditional solutions require the user to come up with WEP and WPA passwords of eight alphanumeric case sensitive plus one non-alphanumeric characters. Once a user activates the XGate 2.0 it will initiate a number of security measures. Each XGate 2.0 has its own unique WPA-2 password. It will only allow wireless access to a machine with the correct WPA-2 password. The XGate 2.0 goes beyond the traditional three security levels and automates the registration of the MAC address, a combination of 10 alphanumerics in five groups of two, unique to each wireless card.
"Often users are unaware of the different levels of security they are expected to deal with, whereas XGate 2.0 removes the margin for error and the opportunity for the hacker," explains Mark. "Its deployment of the IP address, WPA-2 and the MAC address makes the computer virtually impregnable and, because XGate 2.0 is a piece of hardware which stands in between the PC and the Internet, it eradicates any threats before they reach the computer."
Key benefits of the XGate 2.0 approach include:
unified approach to home Internet security, so user does not need to buy disparate pieces of software or worry about integration, compatibility and licensing issues.
A single renewal relieves the user from tracking multiple software subscriptions
It’s a stand alone device which stops threats before they reach the computer, unlike conventional security software which will only identify threats when they have actually infiltrated the computer system
GSEC 1, which has over 100 employees, was founded in 2000. It has a facility in Manchester and an office in Birmingham in addition to offices in Godalming, India and Taiwan. XGate 2.0 is based on GSEC1’s Prodigy range of business-class products. These were the first products to offer protection against blended threats and incorporate all aspects of business security including Anti-Virus protection, comprehensive spam filtering, secure banking and web filtering in addition to an impenetrable firewall.