EXCLUSIVE: As hackers steal details of 380,000 BA customers, we are given unique access to the agents fighting masterminds of financial crime
The recent data breach at British Airways saw hackers steal the financial details of 380,000 customers.
It is the latest in a maelstrom of cyber attacks that are spreading computer viruses and installing malware to plunder bank accounts and make ransom demands.
The Mail on Sunday gained exclusive access to the secret service’s National Cyber Security Centre to discover more about this growing dark web threat.
These days James Bond requires more than just a poison dart-firing fountain pen or an Aston Martin with revolving number plates. He also needs the skills of an IT expert.
While the secret agent may be a fictional character, his evil nemesis Spectre is becoming a reality. Led by super-villain Blofeld – portrayed by cat-stroking actor Donald Pleasence in You Only Live Twice – Spectre stands for Special Executive for Counter Intelligence, Terrorism, Revenge and Extortion. The shadowy organisation could also be used as a 21st Century description for the dark web.
To combat this growing threat of cyber terrorism, the National Cyber Security Centre was set up two years ago as a new arm of the Government’s intelligence service that includes the Security Service (MI5) and Secret Intelligence Service (MI6).
Controlled by the Government Communications Headquarters (GCHQ), which cracked the German Enigma codes in World War Two, it is housed in a grand office block close to the Secret Intelligence Service headquarters in Millbank, Central London.
Its cyber security technical director is Dr Ian Levy, who invited The Mail on Sunday into his lair to learn how its secret technology is defending us from an avalanche of cyber attacks.
Welcomed by half a dozen sharply dressed security guards in the foyer, we are ushered through two security level checks requiring separate colour code passes. A guide taps digits into the wall as we walk through bank vault-style doors to an open plan office.
There is no sign of Daniel Craig sitting at a desk doing his expenses and outside M’s meeting room Miss Moneypenny appears to have gone to lunch. Even the hat stand in the corner is missing.
The intelligence service has gone smart-casual. Dr Levy arrives sporting a trendy Ted Baker jacket, two-tone brown brogues and blue jeans.
He says: ‘There is a common misconception that cyber security is all spooks on the trail of hackers in hoodies. The reality is that cyber security is something we need to be open about. We use our technical expertise and knowledge to block an average of 4.5 million malicious emails a month that would otherwise reach computer users.’
A dedicated army of computer boffins housed within the top-security building works around the clock to keep up this cyber ring of steel for the nation.
Staying one step ahead of the hackers is a constant challenge and requires the best IT brains in Britain to develop new software to block the fraudster attacks. The moment a new phishing website targets our shores, an ‘active cyber defence’ unit pounces – blocking the criminal in an hour.
Some 80,000 cyber attacks were thwarted last year – including 590 ‘significant instances’ that might have led to widespread computer virus infections and ransomware stealing our personal data. The centre also provides online security advice to up to 100,000 computer users a month.
The Secret Service’s behind-the-scenes work has been funded with a £1.9 billion cash injection from the Government. It is not only stopping millions of unwanted emails getting through but the centre’s work is also helping to crack down on copycat websites and block 120,000 spoof ‘@gov.uk’ addresses.
Foreign government hackers – from Russia, China and North Korea – are also regularly intercepted from the tell-tale way their software codes are written.
Levy says: ‘Our job is to make Britain an unattractive target for cyber criminals, but we are not a regulator. We are here to offer real support. There is no need to panic but we must all take cyber security seriously. As a computer user you should not only always back up data but consider using security software and password managers that store complex password codes on your behalf.’
The National Cyber Security Centre offers advice to combat fraud at ncsc.gov.uk. It also supports businesses wanting to improve their cyber security. Last year, it worked with the National Health Service when WannaCry ransomware hacked into the computers of 47 trusts.
Fight email ‘phishing’ fraudsters
About 17 million victims in Britain were swindled out of a total of £4.6 billion last year as a result of cyber fraud, according to the software security firm Norton.
One of the most common methods employed by criminals to steal our money was by getting computer users to reveal key personal banking information through the sending of bogus emails.
Known as ‘phishing fraud’ the sender often pretends to be someone official to gain trust, perhaps posing as a bank official or tax inspector. There is usually a sense of urgency involved, such as a claim that someone else is emptying your bank account, thereby panicking you into taking rash action.
The best response is to stay calm and not reply. Often just checking the details of the email address from which the message was sent is enough to send alarm bells ringing. Spelling mistakes are rife because the senders are often based overseas.
Phone the company the email sender claims to be representing to check if they are real. A bank will never ask you to share your personal details with them or with anyone else.
Colin Tankard, of Harlow-based data security company Digital Pathways, says: ‘Look at whether the email address tallies with whom it claims to be from. Small spelling mistakes are a tell-tale sign something is up.
‘You might also do a search of an email address on Google to see if it is flagged up as a security risk.’
It is not just bogus emails that can trick you into revealing key personal information.
Also keep an eagle eye out for copycat websites. Accommodation websites, passport assistance and tax support services can look the real thing until you study the email’s suffix. For example, ‘co.uk’ is normally an indication of an official website. But ‘co.com’ could well suggest the website is a copycat, hoping to trick you into paying for services free from official websites.
Website ActionFraud offers advice to victims but you must first contact your bank and the police.
Read the full article in Mail on Sunday here