NOTW malware attack would be a breeze

Gordon Brown has hinted at the use of malware in the investigative methods used by News of the World journalists.

Speaking in a Commons debate, former-PM Brown, who is himself believed to have been subject to hacking, said a variety of methods had been used aside from default answer phone services.

Brown highlighted “new crimes with new names: blagging, hacking, Trojans” that were used to “break into computers and not just phones.”

Although there is little evidence to back up Brown’s claims, we can’t rule it out.

As mentioned in his blog, security expert at Sophos Graham Cluley believes it’s probable such methods were used to obtain information illegally.

As he points out, the now defunct News of the Screws has been accused of the same tactics in the past, by way of a BBC documentary.

According to Cluley, it wouldn’t be very tough for the average journo.

First. you could send an email to the victim, either containing a malicious attachment such as a Trojan horse or a web link to a site that contains one.

Then with a bit of social engineering it wouldn’t be impossible to dupe the unsuspecting target into opening the link or attachment.

When the Trojan is installed it could allow access to read files on the victim’s computer, and see what is on their screen – or log key presses to grab passwords.

“This isn’t complicated, and there are hundreds of thousands of pieces of malware which do just this,” Cluley explains.

“I wouldn’t be at all surprised to hear that rogue journalists or investigators have used such methods to spy upon people and access information on their computers.

“It is, of course, quite illegal.”

Senior security researcher at antivirus firm Kaspersky Lab, David Emm, also believes that if it Trojans were used to obtain information it is a significant development.

“If it does turn out to be true then it is very worrying,” he told us.

“Although there are of course differences of scale, there is little difference between this and, say, the hacking of the Playstation network.

“In both cases, and indeed with phone hacking, there is unauthorised access.

“However, to compare with phone hacking, with a Trojan virus there is actual modification of a private system, and can even mean stealing information, such as passwords for example.

“This is certainly different to phone hacking which would generally mean listening in on a message rather than actually illegally taking information.

“So it is certainly more serious because of these potential consequences.”

Emm also told us that the possibility of others being infected inadvertently is significant, meaning a virus could quickly be passed to friends, family or colleagues of the victim of an infection.

“There is also the possibility that the Trojan can be passed on, with a self replicating virus doing this easily, or just by forwarding the message on.

“Unfortunately, it is very difficult to prove that it has happened.”