The digital world is changing rapidly – what does that mean for our security?Cem Karakayais an expert on cybercrime and got to the bottom of the topic in his new book. Cem Karakaya was a long-time Interpol employee and is an expert in cybercrime and prevention. He advises authorities and companies, carries out educational work in schools and is CEO of the consulting firm Blackstone432.
By the way:In their book “Click here – digital self-defense made easy” (Ariston, 20 euros), Cem Karakaya and Tina Groll uncover current cyber threats – from criminal tricks to dangers posed by AI. With extra chapters for the protection of children, young people and seniors.
girlfriend:Mr. Karakaya, is the online world becoming more and more dangerous?
Cem Karakaya:“Through online shopping, online banking, social media and the like, our world is at least becoming more and more digital. But: In principle, digitalization is nothing to be afraid of – it has an incredible number of advantages. For example, I'm happy every time I can call my parents in Turkey via FaceTime. But what you should always keep in mind is that just as quickly as digitalization develops, so do fraud schemes and the skills of hackers.”
Under “Providers”Xymatic GmbHActivate to see content
A few days ago I received a text message: “Hello Dad, this is my new number. Can you write to me on WhatsApp?” I am a woman and have no children. The scams don't seem to be all that sophisticated.
“(Laughs) In my opinion, such messages tend to come from 'wannabe hackers' who just blindly try out what might work. What is really dangerous, however, are the fraudsters who hack into systems and misuse data. This can be in the form of a Trojan that is installed on your computer and secretly monitors you, or in the form of a fake profile on eBay, or phishing emails, calls and text messages tailored to you.”
As a private individual, how can I best protect myself from such attacks?
“The best protection is prevention. This primarily includes regular updates to apps and operating systems. Ninety-five percent of all successful cyberattacks only happen because something wasn't updated, which could create a security hole. In addition, passwords – even if it is idle – should be at least 13 characters long. An eight-character password can now be cracked within a second, no matter how complicated it is. With 13 characters it currently takes 47 years. The last tip I would give is to pause for a moment before entering your data anywhere. Ask yourself, 'Is it really necessary for me to reveal this? Is the website legitimate?'”
Each of us should have something to hide.
In the past, my motto in this regard was often “I have nothing to hide”. That's probably not the best approach, is it?
“I hear this sentence again and again, including at my lectures. I then ask the people in the audience for their credit card numbers - and suddenly everything becomes very quiet. What I mean by this is that each of us should have something to hide. Be it your date of birth, your own address or your telephone number. This is all sensitive data that can quickly be misused. That's why I always advise caution when it comes to supposed bargains online: nothing is free! If something doesn’t cost money, you usually pay with your data.”
What data do fraudsters need to hack someone?
“Strictly speaking, just her name and date of birth. For 33 euros you can also find out where someone lives at the residents' registration office, completely legally. Fraudsters can then, for example, set up a website in your name on which they sell coffee machines. Your name and address are in the legal notice. If the coffee machines never arrive after payment, the cheated customers ring your doorbell. Everything has already happened.”
Her co-author Tina Groll was a victim of massive identity theft. What exactly happened to her?
“Tina’s name and date of birth were used for trade credit fraud. The result was several thousand euros in outstanding claims, entries in the debt register, arrest warrants and even convictions in absentia. It took Tina over a year to defend herself against the fraud and prove that she did not cause the debt. In the end, she was left with very high costs – not to mention the psychological and time-related stress.”
Is there any form of protection so that you don't have to bear the costs in the event of fraud?
“There are some insurance companies that offer protection against identity theft. It's just important to read carefully in which cases the insurance actually applies, so as not to spend money unnecessarily. The problem with such cases is that the legal situation is often very complicated. An example: The hacker is in the USA, the server through which he or she 'attacks' is in Russia and the victim is in Germany. According to which law will the judgment be made? Ironically, the strict data protection laws in Germany often make the police’s work even more difficult.”
If I've been a bit sloppy with my online data in the past, is there anything I can do to straighten things out?
“There is a Plus package from Schufa that costs around five euros a month. This gives me access to my credit rating and sees all the contracts I have ever concluded. This means I can see relatively quickly if something isn’t right.”
We need [...] new laws, regulations and above all: education.
The more you look into the topic, the more you get the feeling that there are dangers lurking behind every corner on the Internet. Is it best to go completely offline?
“No, that’s nonsense and no longer possible for most people in everyday life. I see it this way: When the car was invented, there were no traffic rules, seat belts or driving licenses. This only developed over time. It's similar with digitalization: Our cell phones are now small computers and even though we've been living with them for a few years now, it's all still relatively new. We therefore need new laws, regulations and above all: education. We are still among the first generation of parents who have to pass on media skills to their children and prepare them for using the Internet.”
How can you sensitize children well?
“I would only recommend a smartphone for children starting fifth grade. And when the time comes, the following applies: communicate with each other and set up rules for use. TikTok, for example, is only officially permitted from the age of 13 - and not without reason. If the app is used, accompanied mode can be set up here by parents. But I want to emphasize it again: Talk to your children and let them show you things that they don't yet know themselves. I sometimes look at deepfakes with my daughter to sensitize her not to immediately believe everything she sees on the internet.”
Artificial intelligence can now imitate voices in a deceptively realistic manner. How can I protect my grandma from falling for it when someone calls her with my voice and asks for money?
“In my opinion, the best way is to agree on a password that your grandparents can ask you as soon as - supposedly - you ask for money or something similar on the phone. Because not only can the voice be easily imitated, I could also easily have your name and real number displayed on your grandma’s phone screen.”
...So you are a professional hacker yourself?
“You could say it that way, yes. The correct term would be 'Ethical Hacker' or 'White Hacker'. My job also includes hacking companies. Of course only if you commissioned me, otherwise it wouldn't be legal. Through white hacking, we can help companies find and close security gaps. This is how you can protect yourself from a real black hacking attack.”
Where does your interest in IT come from? Have you ever been a victim of a hacking attack yourself?
"When I was 13, my dad brought home the Commodore 64 computer and said, 'Learn how this thing works, because this is the future.' And then I sat down and watched the whole thing and never lost interest again. To this day, thank God, I have never been a victim.”