You surf internet porn. Fine. But do you know how to avoid the hackers?
They’re questions many ponder, but most are too embarrassed to answer:
Are internet porn sites filled with malicious software? And what are the best ways to prevent the malware from ending up on your computer or smartphone?
No sense in pretending this isn’t an issue; few things generate as much traffic online as pornography.
One company alone — Pornhub — said it attracted 23 billion visits from around the world last year, and they collectively viewed nearly 92 billion videos.
It would take a single person 5,246 centuries to watch all of it.
The malware infection rate isn’t known; a lot of the problem goes unreported. But Stephen Cobb, a senior researcher in the San Diego office of ESET, has a lot of insight on the matter. He’s studied the interconnection between porn and the internet for more than 30 years.
Q: Does a person face an unusually high risk of downloading malicious software — or malware — if they visit a porn site?
A: It depends on the user’s behavior.
Porn sites generally don’t have more malware than other kinds of sites. But some users exhibit risky behavior. They keep click-click-clicking on links that promise free, high-definition porn. The more you do that, the greater your risk of installing malware.
In some cases, the problem is compounded by the fact that a person is so embarrassed about getting a malware infection that they don’t seek technical support in a timely manner.
There’s another risk issue: blackmail. We have see numerous cyber crime campaigns that scare people into paying bogus fines with warnings like this: “This computer was used to visit websites containing illegal pornography.” Obviously a threat like that is more effective if the person receiving it has actually been visiting porn sites.
Anyone who is planning on visiting an adult website should make sure their computer or mobile device has a full suite of up-to-date anti-malware and anti-phishing software, and they should know the latest tricks and scams.
Alternatively, they should use a Chromebook or a cheap secondhand Windows 7 laptop that has no personal information or banking/shopping/email/file-sharing apps on it. And they should be prepared to hit the off switch the moment anything weird happens.
Q: Do hackers develop malware that targets people who use these sites? And is the malware more sophisticated than you would find on other types of sites?
A: Most cyber crime is driven by classic business principles, like return-on-investment and targeted marketing. So, yes, you will see malware on porn sites that leverages video display software.
For example, you might see an advertisemnent that says, “Download this video player now to see this celebrity sex tape” or “your system needs the latest video driver to see this, download it now.”
I have not done enough research to conclude that porn sites are using malware that is more sophisticated than you would find on other types of sites. But I would say that porn-related malware is sometimes as sophisticated as anything you see in any other sector, particularly when it comes to things like click fraud.
Q: Don’t porn sites sometimes experience malware problems that they’re actively trying to avoid?
I read a news story on TheNextWeb.com that said ESET researchers discovered earlier this year consumers were being tricked into downloading malware that was hidden in what appeared to be a legitimate mobile app for Pornhub.
A: Yes, that can happen. But I’d say that the porn industry has helped pioneer things like video streaming and online payment services, and they don’t want to do things that hurt their businesses. They’ve invested a lot in keeping sites secure.
Q: As you said, many people are too embarrassed to admit that they downloaded malware from a porn site. Does that mean that security experts don’t have a clear idea of how big of a problem this is?
A: The embarrassment factor definitely complicates things, from gathering accurate metrics to determining the root cause of the problem. Are the adult sites highly infectious? Or could it be that the folks who visit them are naïve and lacking in security awareness?
Either way, I think all security experts have seen a surfeit of computers riddled with malware, spyware, adware, and bloatware, along with a browser history chock full of adult website URLs.
Q: I read a story in a British paper that said that a hacker had developed a smartphone app that took a person’s picture when they visited certain porn sites. The hackers then used the photos to try to extort money from people.
Is that true? Is it even possible?
A: It is certainly possible and might strike an ethically challenged criminal hacker as an interesting business proposition.
We saw a variation of this scheme in “Shut Up and Dance,” the third episode of the third series of the British sci-fi video series “Black Mirror.” A young man is blackmailed by someone who used the webcam in the lad’s laptop to record him watching porn.
Q: I’ve also read that some users receive pop-up messages on their screens saying things like, “Microsoft windows has detected that a porn virus has infected your system and is trying to steal pictures, data and social networking passwords.”
How should a user respond to a message like that?
A: Users should ignore this message and they should not call the toll free phone number that typically appears with it. This message is associated with adware that hawks flaky support services. Use a malware scanner to find and remove the adware (ESET offers a free scanner at https://www.eset.com/online-scanner).
Q: I suspect that many people wouldn’t take an infected computer to a repair store to get the malware removed. What are the options for getting rid of the malware?
A: A good security suite will be able to remove most malware infections and should also come with free phone support. Those support agents are likely to have a “seen it all before” attitude and are not going to be judgmental, unless of course the content is clearly illegal, such as child pornography.
Q: Is it possible that a person could unknowingly download child porn from virtually any site on the web?
A: While that risk does exist, there are some limiting factors. The creation, possession, or distribution of child pornography carries very serious penalties, not to mention social condemnation, even in some criminal circles, and one would hope this limits its use in malware schemes.
However, the mere possibility that a person could unknowingly have such content on their phone or computer renders plausible blackmail threats and ransom demands based upon false allegations.
Q: Are there a lot of hackers making a lot of money by placing malware on porn sites?
A: Quantifying the level of criminal hacking activity by sector is not only difficult, but a relatively low priority for resource-strapped authorities who are struggling to document and prosecute mainstream cyber crimes.
Priority tends to be given to tracking attacks on government agencies, the military, finance, energy, and retail sectors. What we can say is that the leading players in the adult website industry have a vested interest in self-policing and ensuring a risk-free customer experience.
Sticking with established sites makes as much sense for porn sites as it does for shopping sites. That said, brand name sites are not immune to problems, as the Ashley Madison hack amply demonstrates.
Q: You’re referring to an incident in 2015 in which hackers stole a lot of subscriber information from Ashley Madison, an online dating service that caters to people who are looking to have affairs. Data was stolen from more than 30 million subscribers. They got things like people’s email addresses, which were then posted to the internet.
Could hackers break into a person’s laptop or tablet and steal the email addresses of people who were visiting porn sites?
A: If a criminal has gained access to your device they may be able to see that you have been watching porn and they will likely have access to your email accounts. But as a way of gathering data about potential victims of scams and frauds this is not as practical as stealing account data en masse from the subscriber databases of adult sites.
Q: This interview will probably make users of adult websites wonder whether they can erase their viewing history simply by clearing the cache on their computer or mobile device. Can they?
A: You can clear your browser history. But I generally maintain that you cannot count on anonymity online. Even if you’ve cleared your browser, your internet service provider knows what you’ve been looking at.
Cybersecurity Playlist
Senator Elizabeth Warren (D-Mass.) slams Equifax
LA 90: Yahoo data breach worse than originally reported
California beer maker thrives in Germany
Cyberattacks on Hollywood
Hackers gain access to OneLogin
What is WannaCry?
Senate overturns privacy rules for Internet providers
Online pirates claim to hold Disney's latest 'Pirates of the Caribbean' movie hostage, demand ransom
Yahoo warns users of malicious activity
Twitter: @grobbins
gary.robbins@sduniontribune.com
