Do we really have just two weeks before we're hit by a powerful computer attack?
According to Britain's National Crime Agency (NCA), Internet users have a fortnight before the world’s nastiest cybercriminals will be ready to strike back after suffering a major setback this week.
On Monday, it was announced that the good guys in security had disrupted and disabled a global botnet and a ransomware scheme that the bad guys had been using to steal billions from businesses and consumers worldwide.
The international operation knocked out the servers used by hackers to control financial botnet GameOver Zeus and ransomware scheme Cryptolocker. Meanwhile, Russian hacker Evgeniy Bogachev has been acccused of being the main ringleader behind the cybercrime operation and a warrant has been issued for his arrest.
Following the news, the NCA issued the advice that there is a "unique two-week opportunity" for the UK public to get their machines safe and secure from a powerful computer attack, but failed to explain exactly why.
What will happen in two weeks? Is the clock ticking down from 336 hours to a moment when all our computers will do something crazy?
I spoke to the NCA to find out more and a spokesman explained: "The operation has taken out one of the key botnets used by criminals and disrupted their time. The two week guide is based on the likely time frame before they find their way around it."
So basically, we have two weeks where the criminals are scurrying around getting their houses back in order, in which time we can do things to our computers to make them safe without any potential interference.
More than 15,000 machines in the UK are believed to have been infected by GameOverZeus so it is of course important that they get rid of any infection and prevent themselves from future attacks. But I can’t help feeling that the NCA has caused a bit of a panic with its 'two-week' warning.
Yes, it is useful to be regularly reminded to update anti-virus software, keep operating systems up to date, and use a secure firewall, but following on from eBay’s password change and the recent Heartbleed bug, essentially telling the UK public that it is two weeks away from a cyber-attack seems a strange approach.
It’s not just me that thinks this, either. According to security expert Graham Cluley, he’d rather the NCA was a bit clearer with its advice.
"What's odd about the NCA's 'two week' advice is that they don't appear to have explained WHY people only have two weeks to take action", says Cluley. "Notably, there is no reference to the two week deadline in any of the US's pronouncements about GameOver Zeus, so there is a question mark over why the next 14 days are so essential for UK victims, but not apparently the rest of the world."
"My guess is that the malware looks for new control servers every few weeks, and that although the authorities have disrupted some of the criminal infrastructure there will be an opportunity for the bad guys to send infected PCs new commands in the near future. I'd really like it if the message was a little clearer, if only to quash those of us who are fatigued by multiple cybersecurity warnings in the past."
Good security practices should be followed at all times, but there’s the danger with sensational headlines that we may become ambivalent to future warnings.