Telstra, Optus customers at risk, says 'ethical hacker'
HACKERS are using open 'digital doors' to access personal information stored on external hard drives.
An Ipswich 'ethical hacker' has raised the alarm after realising 70% to 80% of Telstra and Optus customers are vulnerable.
He says it's a simple case of closing the door but most people don't even know their files, such as personal photos, are accessible.
The settings are within each internet user's router and if a particular internet portal isn't set to closed, hackers can use websites to scan for ways in, then flick through your personal files.
For example, the Ipswich hacker showed us files, namely photos, retrieved from one man's Seagate external hard drive, left plugged into his computer.
Those photos, in folders named 'Michelle and I', included nude photos of a woman and happy snaps of the pair holidaying in Sydney.
And while it's a real threat, an Ipswich IT specialist says most 'mum and dad' residents should be more worried about scams.
The QT has been waiting two days for a response from the Federal Government on what it is doing to protect Australians against hackers using these 'doors'.
What's an ethical hacker?
An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.
The ethical hacker said these open pathways into people's computers are used to gleam personal information including Medicare card details and bank account numbers to commit fraud, and sometimes extort people for money.
It's not just average citizens at risk - the hacker said he has previously accessed documents from private companies.
He has seen copies of birth certificates, drivers' licences and other personal documents.
Using an FTP, File Transfer Protocol scanner website, the hacker also accessed information from a security company.
"The company was exposing all its clients' pin codes for security access points," the Ipswich hacker said.
An 'ethical hacker' will access this information then contact the person or company to let them know, and how to close the port, whereas a hacker might be inclined to use documents, such as explicit photos to manipulate or extort people.
When this Ipswich hacker contacted the security company whose customer information he had downloaded, he was told the files had been online - and open to hackers - for 10 months.
You can search for these open ports using various websites including filemare.com and specifying a region, city, country or keywords.
A search of 'Ipswich Qld' brought up a variety of files including photos from golf days, business information from a personal trainer and a range of personal documents.
There is also a map which shows open ports across the country.
A quick search this week showed hundreds of accessible ports in Australia including 69 in Brisbane.
Beware trying to use these websites to access other people's information because in doing so, without the proper protections, users open themselves up to being targeted by other users.
What can you do?
Check if your computer is sharing files without your knowledge;
First, you will need your IP address.
This can be found by going to https://www.whatismyip.com/
Next, go to your web browser (Internet Explorer, Firefox or Chrome) and enter ftp:// (IP address goes here).
If it shows 'Page Error' or 'Unable to connect' then your files are not being shared.
If you have a page showing a folder, click on that folder and see if any files are able to be viewed.
To disable the FTP file sharing, call your Internet Service Provider (i.e. Telstra, Optus, Dodo etc).