Internet ? Hackers ? Just tell them I am secure.

Drona By Drona, 8th May 2013 | Follow this author | RSS Feed | Short URL http://nut.bz/3re5jf71/
Posted in Wikinut>Guides>Technology>Computer Software

Everyday people get hacked, account information is compromised, usernames and passwords are stolen.How to protect yourself?

What happened?

One of my friend’s facebook accounts got hacked recently. He was very much worried about the compromised account that if the attacker may post some abused content from that account causing damage to his social reputation. As he is from a non technical side, he came to me asking for advice. I decided to find out how this compromise happened. I made him recall his doings of previous week, and found that his account was compromised using a social engineering tactic called phishing. He was unaware about these kind of attacks. This made me think, and I decided to write upon this.

With the advent of technology and widespread use of internet, the world came into fingertips . Robbery and other social evils are now in a better and safer playground called the internet. Like the world came into the fingertips, the thieves around the world also came closer. So near in front of us, in the computer through the internet.

Let me explain!!!

I am not explaining about the internet here, because, if you read this , you obviously know what internet is. But let me explain what a hacker is.

In simple words the hacker is the bad guy, Villain in the internet. These so called hackers or crackers, they try to steal information from us for various purposes. May be profit making, may be to destroy social reputation, sometimes stalking end even for fun.

Hackers approach you in many ways, trick you to do something that looks innocent or funny, but in fact may pass the key of your door to the attacker.

But how?

An answer cannot be told in a word or a sentence. There are lot of ways to do this. I don't know every possible ways, but I can explain to you some, which I know.

1. Social Engineering

This type of attack is limitless. The creativity and efficiency of an attacker is the key to the extent to which social engineering attacks can go. The most common social engineering attack is the phishing attack.

Lets call our victim James.

This may involve , the James receiving a mail saying that, his email account may need some kind of verification. There will be a link saying in the email. The James is advised to click the link and login using his account details. Without a second thought, the James will click the link , and take his step into danger. The page he gets may look alike the login page of his mail provider. He simply login and the login fail saying some kind of error occurred.

What really happened? Neither the email or the website that James tried to login was not genuine. They were forged version of the original site. The credentials that were entered were sent to the attacker in some method like email. The attack sites thus created will have the same look and feel as the original sites. The user won't be able to recognize between an original site and an attack site easily.

Social engineering attacks does not end with phishing. There are a lot number of ways. As I told it is practically limitless.

2. Visiting attack sites

Once a victim visits an attack site, then his computer may be compromised. The compromised computer can be used for many malicious purposes. The site may install a virus or malicious program into the users computer without his knowledge. Even sometimes with the knowledge of user.

You may wonder how one can install a malicious program with the victims knowledge. The fact is, the victim may not be knowing that he is installing a virus.

Eg: Tia visited a forum which answer beauty related questions. She found a link that said,

Install this toolbar and get frequent beauty updates

Tia thinks, “that will be nice. No need to search for this site even again.

She clicks the link and an application is downloaded into her computer, which in turn she install on her computer. The application start giving her update about beauty and of course, she will get beautiful.

Over? No not over... The application Tia installed was not a “beauty alert” app, but a malicious application that give Tia tips, and give control of her computer to a hacker in the background.

I am not telling that every application that is installed over the internet is a malicious application, but there are many of them which cause trouble to the users.

3. LAN level attacks

This is another category that needs bigger explanation. But , I can tell you that, the LAN that you use may not be safe as you think. The scope of LAN includes even an internet cafe, a WiFi that you use in a mall or a public place.

Attackers can see the traffic that passes through the LAN sitting at certain privileged positions. The attacker can see data if the applications that you are using is not secure. That is they do not use https for requests.

Attackers can use thus stole data to recreate and impersonate you causing troubles.

4. Keylogging

Simply , keylogger records each and every key that you press. The attacker can install a keylogger in your computer in either one of the ways mentioned above and can see what all you type on your computer. This is a much more dangerous thing, because the attacker can even read your chat conversations or your credit card numbers passwords and anything you type on the keyboard.

5. Unsafe configurations and weak antivirus

Attackers do not need any kind of attacks, if you don't have proper defence.
For example if your computer have remote connection open , and do not have a strong password, an attacker can simply guess your password and connect into your system. He can operate your computer as if you are using it.

A weak antivirus can be another reason for a successful attack. If you have a strong antivirus, that means, most of the attacks will be notified to you. The more your antivirus is weak, the more you are vulnerable to attack.

What can we do to make sure we are safe?

1. In social engineering attacks, the first prevention is to understand attacks. When you receive a mail asking for credentials or any mail that you feel fishy, make sure you have them checked. But the question is, what to check? When you are navigated into a login page, check the address bar of the browser. Check if the address in the address bar is same as the address when you do normal logins. If you find this different, then there may be a chance that it may be an attack.

2. Mail providers like gmail, monitor mails for attacks. In most cases of attacks, gmail will issue a warning along with the email. Check if the email contains any such warning. If there is a warning, be very careful about what you do.

3. Try not to click on links that come along with emails. Instead, select them, copy them and paste them in a separate browser window. Not only emails, I suggest don't click any links that you are not sure about. Just copy them and paste it in browser windows.

4. Try and use incognito window (chrome, chromium) and in-private browsing (Firefox) while you are navigating into unknown sites. These kind of browser windows do not keep track of history of browsing, but they are better and safer than normal windows. (In google browsers, incognito window can be opened by using the combination of keys shift+ctrl+n )

5. Use strong Anti virus on your computers. There may be small cost for better version of antivirus. But trust me, they are worth it. (May be better than losing your credit card numbers and an anonymous using it for buying something , say a shotgun or dope)

6. Be sure about the network you are using. Try not to login into personal or sensitive accounts while you are not in a private network. Try not to use public wifi networks if you don't need them for sure.

7. Try not to install applications from online. Sometimes, you may find a .exe file getting downloaded when you are looking for a presentation. Try not to install such applications, because they may contain malicious content.

8. If you find that a site is not good or it looks fishy, just leave the site without further investigation. Modern attacks needs only you to peek into the site for a moment to make you compromised.

Stay safe :). Attention and care is the master of self protection. If you are careful, you can avoid getting attacked. Take care.

moderator Peter B. Giblett moderated this page.
If you have any complaints about this content, please let us know

Comments

author avatar Ptrikha
13th Aug 2014 (#)

Some very useful tips and tidbits of knowledge.

Reply to this comment

Add a comment
Username
Can't login?
Password