In the first part of our series we met our target – Yane – who could be any one of us. We saw why Yane was a good target, even though he was just an average person. In this section, we will talk about the ways hackers will attack us.
Many attack methods, but all of them are “helped” by the target itself
The physical distance of the attacker and the target implies that the attacker is never in full control of the attack. A hacking attack always relies on the help from the target in order to be successful. This implies carelessness, naivety, irregular software updates, comfort or lack of discipline that will be used against the target.
Yane’s bad habits that help the hackers
Our average person – Yane – has a few bad habits when in the digital world.
Yane has no will to deal with the technological specifics of the equipment and services used. He believes that the hardware and software manufacturers must protect him from such attacks.
When browsing the Internets, social networks and electronic transactions, he uses a total of three
or four easy-to-remember passwords. He hasn’t changed the passwords for many years and enters them even on sites he visited only once.
Yane is an active user of digital communications and regularly checks and reads the messages he receives. He participates in promotions to get free items by completing online surveys and lotteries.
How is Yane attacked via message?
The most common method of hacking is a variation of the e-mail scam known as phishing, when Yane receives a message in his e-mail inbox or on the social networks. The message sent to Yane has a content which can convince him to act immediately in order to receive a reward, an opportunity to earn or prevent loss of money. Maybe even some young and beautiful woman will message him telling she would like to meet him.
The message contains instructions for one of the following:
- To volunteer his password for a website in a message with a link for “confirming” access
to electronic banking, social network or another important website.
- To download and install or run a program to chat with a girl, in order to prevent the spread of a virus or perhaps to check an unpaid bill.
- To enter his card details for a small commission before the reward or before the delivery of an expected package.
- To enter all the contact details to continue chatting with the young beautiful girl, or to win a prize.
In fact, Yane is persuaded to volunteer his password to a criminal website, to install a virus or blackmail program that will encrypt his disk, to give the credit card and personal details to criminal sites and criminals.
Guessing an insufficiently complex password
The second most common method of hacking is preemptive, asYane is using the same easy passwords for all websites and never changes them. All the sites in the world have been hacked, or will be hacked, and during that hacking on the black market of digital crime, usernames and passwords from those sites will appear.
Among those names and passwords will be Yane’s passwords that the criminals will then try through a simple program on countless other social networks, electronic banking sites, e-mail systems and anything else that Yane uses.
Because Yane uses the same passwords on many sites, the hackers will find the used sites and gain access to Yane’s digital life.
Exploiting a vulnerability in outdated software
The last easiest way to hack, similar to the previous, is already done when Yane did not update
the operating system and software of this devices. When such devices are connected to the Internet – usually all the time – they are the target of constant automatic scan by attacker programs that check if they are vulnerable to any known attack.
The average time between the first connection of a device to the Internet and its detection from attacking programs is about a hour. Once detected, checks by such programs are constant. Some of them are active, some are embedded in websites that Yane visits.
Every software has a security vulnerability that is well documented and there is a way to abuse it. By abusing the exploit, the hacker gains remote access to Yane’s devices, and he will be able to install his own viruses or other programs to either blackmail or further sell access to Yane’s computer to other criminals for their own needs.
In this text we have considered how hackers attack each of us. The attacks are cheap and easy to execute because they do not require constant human involvement. Most of the time, these attacks are completely automated to the very end, until the hacker receives confirmation that Jane provided his data, installed a virus, has outdated software, or found a new site with Yane’s old password.
As we went through the ways in which Jane will be attacked, consider how vulnerable are you to those attacks.
In the following text we will discuss what can you do to reduce the risk of an attack.
Author: Bozidar Spirovski, online security expert.
This text was produced as part of the project “Good Governance in Cybersecurity on the Westen Balkans”, implemented by DCAF – Geneva Centre for Security Sector Governance, funded by Foreign, Commonwealth and Development Office of the Government of the United Kingdom. The contents of the text is the sole responsibility of the author and the Metamorphosis Foundation and may not reflect the positions of DCAF and the donor.