"I don't worry about hackers attacking my computer, because I have nothing they would want…"
Although I hate to further soil the word hacker, which was originally a term used to describe someone who is fluent in working with, and configuring electronic equipment, we'll use it for lack of a better term. To understand why anyone with an active internet connection is susceptible to becoming hacker prey, you first have to understand what reasons people do these things for. People "Hack" for a myriad of reasons including; To gain access to post political views, to maliciously ruin data, to access private information such as addresses and phone numbers which can be sold to spammers, credit card and social security information which can either be used to procure things they want, or to be sold to other malicious entities, for personal glory—they just want to see if they can do it, to plant malicious code on ANY remote computer (including yours or mine) that will allow them to attack other systems through yours, or simply because they just read an article or downloaded a utility that makes it easy for them. Now that we understand a little more about whom these "hackers" are and what they want, the next step in understanding how to combat these threats is to understand how "hackers" may try to target you. Again, keep in mind that we are completely misusing the term hacker by generically labeling attackers as hackers.
The first targeting method that we can look at is Phishing. Phishing is a fancy word for a scam basically, and relies heavily on social engineering. Phishing got its name in the mid 90's because malicious users would send mass instant messages, or emails to hundreds of users at a time, stating that they were employees in the security department of whatever medium they are using to send the messages, they would then go on to state that due to a database error, or power outage, or hack attempt that their password was compromised and that they should reply immediately with their password to ensure that their account remains safe. Another common tactic of phishing involves a hacker who creates a website that looks for instance, just like the Facebook log-in page. The "hacker" will then send out links via email to that page with some sort of incentive for you to click the link such as; "Please log into your Facebook to collect your prize", or anything similar. Thwarting a phishing attack is actually simple, don't give your password, or any other sensitive data such as credit card numbers or social security numbers to any one online, for any purpose. Trust only websites which you can verify, before .com, .org, .net or whatever the extension might be, should be the name of the site. For example
Acceptable domains (examples only, not working)
http://www.ghettohacker.org/security This link shows a sub folder on the ghettohacker website. http://security.ghettohacker.com This link shows a sub domain on the ghettohacker
Not acceptable domain names:
http://www.Security.com/ghettohacker This may fool some users because it has "ghettohacker" in the address, but the actual site is Security.com http://www.ghettohacker.safeclick.com May also fool some users, as the actual website would be "safeclick.com"
Another tactic of maliciousness is Scareware. Scareware is often distributed as a fake antivirus or anti malware program. I'm sure you've all been surfing the web when a site pops up and starts scanning your computer for viruses. Of course, it finds tons of them, even if your computer is brand new and has never been on the internet before. The site will then tell you that the only way to eradicate these viruses is to download their antivirus software. Once you have their antivirus software installed, you will start really seeing the effects of the fake viruses that it wants you to believe you have, and the program will constantly try to get you to pay for their software so that you can remove the viruses. It can render your computer almost unusable, causing errors with everything you try to do. NEVER purchase their software. While some Scareware is just a ploy to make a quick $20 when you pay for the software, some of it may be trying to steal your credit card number. If you think you have been infected with Scareware, the best approach is to start your computer in Safe Mode with Networking, and navigate to malwarebytes.org, download and install their free anti malware solution and let it scan your computer. Malwarebytes is an excellent program for eradicating this type of threat.
Other ways that let hackers in include vulnerable software on your system. Companies aren't just offering regular updates because they have a fetish for slowing down your pogo game, updates are important because as new ways are found to exploit software and gain access to a system companies must be quick to offer fixes for these types of things or else they risk losing their status in the software market. You should not ignore updates; make sure you install them religiously, and if a program doesn't offer auto-updating, you should check for updates for them at least monthly. A great way to find out how secure the software on your system is would be to install Secunia Personal Software Inspector. It may not be easy for some users to keep everything up to date on their own even with the use of Secunia's software, this opens up another great and free tool; Zone Alarm Free Firewall. A good firewall should be an essential part of every computer environment that has internet access. Zone Alarm has been around for years, and is the most respected name in personal computer firewall software.
Password security is an area where a lot of user security fails. A strong password in today's computing environments is considered a string of over 8 characters, including upper case and lower case letters, at least one number, and at least one special character such as !@#$%^&*. "Hackers" want you to have weak passwords, not only do they want you to have weak passwords but they want you to use the same one for multiple accounts. Imagine this scenario; a hacker has guessed your less than complex Facebook password. Once inside of your Facebook account, he can start trying to scam people on your friend lists saying he needs money fast by western union, he can ask a friend to let him borrow his account to check something out, or he can look in your account settings, and find your email address. Once this hacker has your email address, he will attempt to use the same password he used to get into your Facebook account. If this password is the same and the email account is the primary address for your bank account, eBay account, PayPal account, or other e-commerce account then the hacker has hit gold. Stopping this is easy, use hard to guess passwords such as nothing found in a dictionary, make sure your password is between 8 and 12 characters, use upper and lowercase letters as well as at least one number and one special character, and finally don't use the same password for any two accounts.
What else do "hackers" want? Your computer. Some "Hackers" use a technique called DDoS (Distributed Denial of Service) attacks. In this type of attack the typical medium is to use a Botnet. A Botnet is just like it sounds; a Robot network. When a "hacker" has a network of bots at their disposal they are able to launch large scale attacks with thousands of computers which are capable of shutting massive networks such as Google, or eBay. Ok, so what do they want your computer for? They would want to infect you with their script that they can remotely control so that your computer can become part of their zombie army. How to stop them? Firstly don't download things from un-trusted sources, like Limewire, or Torrents. For some users, this isn't an option hence the need for a good antivirus. There are a lot of good free solutions around the web if you don't have a lot of money to spend. One such free solution is AVG Free 2011.
Are you paranoid yet? Good. Maintaining a secure computer system and protecting your private data requires constant vigilance that a paranoid position can really help with. You can find links to all of the free tools discussed in this article here. However we suggest a good security suite that can protect against all of these threats such as Kaspersky Internet Security 2011, or Zone Alarm Extreme Security.
{ 0 comments... Views All / Send Comment! }
Post a Comment