As Papua New Guinea catches up in its adoption of digital technologies, there is an urgent need to improve cybersecurity. According to Alberto Cimas, Senior Manager in Deloitte’s Risk and Consulting Practice in PNG, the first step is to understand how easy it is to hack a computer system.

Papua New Guinea’s IT sector is growing quickly, it is adopting new technologies and the arrival of the Coral Sea Cable will see more affordable internet for more people.

While these are positive moves, the country has also never been more vulnerable because, as a developing nation, it is a preferred target for hackers.

Deloitte PNG’s Alberto Cimas says ‘ransomware attacks [a type of disruptive software that prevents users from accessing their system or personal files and demands ransom payment in order to regain access] are common. Phishing attacks [a fraudulent attempt, usually made through email, to steal your personal information] are also routine in PNG.’

‘Hackers also love Facebook and LinkedIn because they provide a lot of information.’

Cimas warned hacking a computer system is not difficult.

‘It is very easy. You don’t need to be an IT or a computer engineer to do it,’ he says. ‘Hackers know there are not a lot of cybersecurity skills in the country. By contrast, if you try this in the US, you are likely to get in trouble because they are very well defended.’

Targeting the weakest link

Alberto Cimas. Credit: Rocky Roe

Cimas says a usual first step for hackers is to take metadata  – properties, or information, in documents that are hidden and which may prove useful – from files that are easy to access.

‘Printers are great because they are often connected by Wi-Fi and very easy to hack because there is no firewall between the printer and the rest of the world. That means if you can hack the printer, you are inside the network. Very few administrators think about that.’

Cimas points out that organisations typically use many different software packages. The more in use, the greater the likelihood that there will be weaknesses that can be exploited.

‘Adobe Acrobat, for example, has a lot of security holes and companies often run many different versions of Adobe,’ he explains. ‘Hackers also love Facebook and LinkedIn because they provide a lot of information,’ he says.

Data mining on the dark web

The easiest way to get into a computer system, Cimas notes, is to find the username and password. He said some hackers go to the dark web to look at what has happened previously in Yahoo, Gmail and Facebook.

‘I have done analysis on this and the most common password is 123456 – that is the preferred password in the world.’

‘The first thing a hacker does is to download the usernames and all the passwords. So, even if the administrator kicks that hacker out, they will still have thousands of accounts to get into a system.’

Finding passwords is often far easier than it should be.

‘People do not use strong passwords,’ says Cimas. ‘I have done analysis on this and the most common password is 123456 – that is the preferred password in the world; tens of millions of people use it. The second is 123456789 and the third is qwerty. The fourth one is 12345678 and the fifth is 1111.’

Cimas added that many people use their username as a password, which makes it easy to hack. Other common ones are: Password1; then, when that expires, Password2 and so on.

‘I am not saying we should go back to the Stone Age but be aware,’ he says. ‘Be aware of what applications you are installing on your phone. Be aware of what emails you open. Don’t click links that say you won the lottery.

‘Anything can be hacked: Facebook accounts, Gmail accounts, TVs, webcams, even smart watches.’