Life Online Makes Hacking a Real Threat to Private Information
In today's online and vastly interconnected world, your risk of getting hacked increases with each keystroke.
While commuting to campus today, the man seated beside me suddenly asked, "Are you in college?" and after confirming that I was, went on to say that he'd noticed the enormous books I had with me. He then asked what program I'm taking, and when I told him I'm an IT major, he proceeded to say, "I hear you IT guys are very dangerous and can withdraw money from banks." In my mind, I must have pointed out at least 5 things wrong with that statement, but simply laughed and said that that's the m.o. of hackers (and I mean black hats or crackers). This conversation should have gone on, but because I'm not really wired for small talk, I decided I would continue the conversation here instead.
So who exactly is a hacker? And what is this goblin known as hacking that gives everyone the heebie-jeebies? A hacker is merely a person who gains unauthorized access to your information assets using a computer system. The act, i.e., hacking, involves a combination of tools and techniques to illegally gain access to another person's or organization's information. The motivating factors for hacking vary immensely, and financial motivation (which the gentleman next to me was insinuating) is merely a tip of the iceberg. The next thing you need to understand is that there are 2 kinds of hackers, that is, black hats – the bad guys, and white hats – the good guys, widely known as ethical hackers. We'll focus on the black hat hackers, so let's see some of the ways you can get hacked, and how you can protect yourself.
You've probably seen the spam messages that your mailbox has filtered for you, and you've seen the weird looking links in them; that's one avenue for phishing scams. Phishing will usually involve fake websites, emails and phone calls (key word: FAKE) which are designed to steal your personal information, and are usually financially motivated. Microsoft goes into a bit more detail on how to recognize a phishing scam. You should make sure to carefully inspect the emails sent to you; check the sender, their email address, subject, and the message body, and don't click on any link that looks phishy (pun intended). Phishing scams will usually stick out like a sore thumb, but other times they will be engineered to near perfection so it might take a keen eye to spot.
This technique is used to break into a password-protected system (such as a computer or a website) by exhausting all the possible words in the dictionary (hence the name) to obtain your password. You might be thinking "Who uses a dictionary word as a password?", but the truth would shock your jaw to the floor. Most people don't like to have too many passwords to remember, and certainly not complex ones. It's human nature. The result; simple, easy-to-guess passwords which are a recipe for sloppy information security, which consequently leaves you exposed to hacking. Mitigate the risk by employing best security practices such as; using complex passwords and passphrases, combining uppercase and lowercase letters (and throwing in some special characters and numbers) in your passwords, frequently changing and rotating your passwords, not writing them down, and using different passwords on different websites, among others.
As the name suggests, this involves a hacker sitting in between you and the server or machine you're communicating with and secretly listening in on your "conversation" using a tool that captures data packets (the data that is sent over a network) such as Wireshark. There's pretty much only one sure way to beat the hacker who uses this technique; encryption. What that does is to make it difficult for an unauthorized person to see the information you're transmitting over a network by turning it into a block of code that does not make sense. If you visit a website requiring you to enter sensitive information such as login credentials and credit card details, ensure that the website's link starts with https://, which shows that the session is encrypted. And while it is possible for a hacker to bypass encryption, it offers reasonable assurance that the information they steal will no longer be useful by the time get it.
This is perhaps one of the most common yet overlooked ways to get hacked, especially in Kenya, where users are tricked into revealing their confidential information which may be used for malicious activities. If you've never imagined that a person's brain could get hacked, you may be exposed. In the age of mobile and internet banking, there have been numerous cases reported about fraudulent and unauthorized transactions because users told a "representative" their PIN or password on a phone call. Security Education, Training and Awareness (SETA) programs are one way to combat social engineering; people need to stay informed on how to protect their privacy in an online world.
From the name, malware simply means malicious software and is deliberately planted in a computer system by hackers using a number of techniques, from the more passive phishing scams, to the more active methods that see you knowingly download software but unknowingly install malware bundled with it. It's important to understand that malware takes many forms, but we won't delve into the details. All you need to know is that they're bad... really bad! Their intent may vary from the simple annoyance – such as opening popup ads in your browser, to secretly stealing your personal information – by logging what you type on your keyboard and transmitting to the hacker. The risk can be mitigated through a number of ways, from simply installing an antivirus program and keeping its signatures up to date, to downloading software only from trusted sources such as the vendor's websites.
Although there’s always more to discuss on information security, this information should help you stay one step ahead in securing your private information as you stay connected in today’s online world. I encourage everyone to read more on the concepts I've discussed here, as this information is not only for tech savvy individuals. Don't wait until you're a victim of hacking. Feel free to ask questions or share your experiences in the comments.
- Whitman, M. E., & Mattford, H. J. (2012). Principles of Information Security (4th ed.). Boston: Course Technology.
- Microsoft Safety & Security Center. (n.d.). How to recognize phishing email messages, links, or phone calls. Retrieved November 15, 2016, from https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
- Techopedia. (n.d.). Dictionary Attack. Retrieved from Techopedia Inc.: https://www.techopedia.com/definition/1774/dictionary-attack
- Lee, M. (2015, March 26). Passphrases That You Can Memorize — But That Even the NSA Can’t Guess. Retrieved from The Intercept: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
- Wireshark Foundation. (n.d.). About Wireshark. Retrieved November 15, 2016, from https://www.wireshark.org/