The global manhunt for the hackers behind the ‘unprecedented’ worldwide cyber-attack is continuing as experts warned of more damage to come.

We visited hackers in the Ivory Coast – a new hub for cybercrime - who claimed they could breach computers running older Windows XP software at will to steal passwords and personal data – or hold the whole machine to ransom.

Many UK public authorities, including the NHS and police, continue to run computers on Windows XP even though Microsoft stopped updating the software in 2014.

Research suggests that as many as one in ten of the UK’s 50 million desktop and laptop PCs could still be running the 15-year-old software – exposing millions of British people and thousands of firms at risk from online ransom demands.

NCho Yao, boss of Insecurity Days, said this offered rich pickings to shadowy cyber criminal gangs who last year cost the UK £11 billion.

NCho says there are rich pickings for gangs (
Image:
Philip Coburn/Daily Mirror)

He agreed to meet the Mirror at his ramshackle office in downtown Abidjan and said: “If you are still running Windows XP, then we can get inside your computer. It is like leaving your front door open.

“You would not believe how many people and companies – even big companies in rich countries like Britain – are still using XP.

“Once you are inside these computers you can steal what you want – passwords, bank details, email log-in.”

Nearly one in 20 NHS computers use Windows XP and as recently as last September 21,000 police computers used the same obsolete software.

Hackers targeted the NHS (
Image:
Philip Coburn/Daily Mirror)

There are nearly 55m PCs in the UK and research carried out last year showed that Window XP remained the third most popular operating system, used on around one in ten machines.

Mr Yao ordered one of his operatives to show us on a projector screen, how simple it is to hack a computer using XP.

He clicked around the folders on the hard-drive of one computer which he claimed belonged to a firm they had hacked in the USA.

Mr Yao has trained dozens of local youths in the dark arts of hacking but insisted his team were “ethical hackers” and added: “We are not going to do anything wrong here. We will tell the company what we have done and offer to help them fix the problem.

Dozens of country's were affected by the attack (
Image:
Philip Coburn/Daily Mirror)

“But hacking is a growing problem in Ivory Coast and lots of people are learning how to do it.”

The “brouteurs” - local slang for cybercriminals – can earn thousands of pounds every month in a country where half of the population struggle below the poverty line.

Mr Yao showed the Mirror how it was possible to infect computers using a “phishing” attack – fooling a victim into thinking they were visiting a genuine website, like a bank.

First, he demonstrated how hackers can put up fake websites containing malicious code using free hosting companies.

Then he showed how they use an email “spoofing” service to fool victims into thinking they are getting an email from someone they trust – like a bank – when it is actually sent by criminals.

Nick Sommerlad with Ivorian Internet and Security expert N'Cho Yao (
Image:
Philip Coburn/Daily Mirror)

The free “spoofing” service he used is based in the Czech republic, has nearly 4,000 “likes” on Facebook and was first exposed by the Mirror in 2013.

The Czech website, which we are not naming, states: “This service does not violate the EU law. We are not obliged to keep any logs.”

Finally, Mr Yao showed how a “remote administration tool”, or RAT, can be used to control an infected computer from anywhere in the world.

But Gavin Millard, technical director at IT security firm Tenable, said: “That’s an abuse of the term ethical hacker. There is nothing ethical there.

“What people like this are doing it a polite extortion on organisations. I am sure he thought he was doing the right thing, but if he did it to a UK company then he would be breaking the law here.”

Video Loading

Mr Millard said the hack which brought the NHS to a halt on Friday could have come from anywhere in the world and that attacks are worryingly easy to mount.

He said: “When you look at things like ransomware, a lot of the hacking that takes place is not that advanced.

“The exploits that they are using are known already. They have been disclosed by whoever makes the software.

"They release patches for these vulnerabilities, a fix that can then be taken advantage of.

“Unfortunately, a lot of organisations are not keeping up to date with their patches. These huge flaws lurk in blindspots in their networks.”

The NHS was targeted in Friday's attack (
Image:
PA)

The latest attack using malicious software nicknamed WannaCry was two months in the making and takes advantage of Microsoft vulnerability first identified by the US National Security Agency.

Mr Millard explained: “The vulnerabilities in this latest hack have existed for two months. Microsoft released the vulnerability on March 14.

“When these really big vulnerabilities are announced, they are easy to exploit.

"The hackers have code analysing tools and they look at the patch and work backwards to figure out what the vulnerability was. If you know the vulnerability, you can work out how to exploit it.

“If a firm like Microsoft releases and important patch and you don’t install in on your machine, you are even more vulnerable than you were before.”

Oliver Gower, of the UK’s National Crime Agency, added: “Cyber criminals may believe they are anonymous, but we will use all the tools at our disposal to bring them to justice.”

Hospitals were thrown into chaos (
Image:
PA)

But Mr Millard predicted it would be hard to find the culprits. He said: “One of the core tools of the people who write this stuff is subversion – making it look like they are from somewhere else.

“They can hide their footprints by littering the code with false clues. They might add Russian words to make it look like the hackers were from Russia.

It is very hard to hold these people to account.”

Official figures showed that British victims lost £11bn to cybercriminals and fraudsters last year.

But the true figure could be even higher as more than a third of victims don’t report it.

The average British cybercrime victim loses £523 – more than the average weekly earnings of £505.

The Mirror revealed in March how two young British men had taken their lives after being tricked into online sex acts and then blackmailed by “sextortion” gangs based in the Ivory Coast.

Last year 3% of Brit reported they had been a victim of ransomware, which Action Fraud described as a “fast-growing means of online extortion”.

Nearly one in five people do not bother to update their software at all – and the average was to do it every eight-and-a-half months.