WHAT’S HACKING REALLY LIKE?
Not like it is in the movies and on TV. Despite what the movie makers would have you believe, most hackers don’t use lots of fancy software which displays graphic depictions of the process with flashing Os and 1s and streaming vertical lines of text. And most companies and governments don’t even store sensitive information on databases that exist outside of the agency or company intranet anyway. Other than the few attackers that are quite sophisticated (like Anonymous (see Hacker Hall of Fame), using DDoS [Denial of Service] attacks), most serious hacks (like the SS7 hack) use a few simple methods.
You know in your heart that, just like a computer never boots up instantly like it does for Tom Cruise in the Mission Impossible movies, computer hackers don’t really just immediately “guess” that the computer’s password is the name of a user’s pet, and you can’t erase someone’s data across different networks and operating systems with a single click. Hacking is a tedious, time consuming, long term effort, combining ability with perseverance and even expense in order to reach the goal of intruding on a network and/or individual computer. Therefore, most hackers just won’t waste their time attempting to break into your little home computer unless you’ve committed a crime or they think you’ve got banking passwords or proprietary data on your hard drive. So don’t flatter yourself, unless you’re a business or investor or have truly evil relatives. If you’re a home user, you’re more likely to have your identity and password hacked when someone breaks into the servers of a business where you shop (like Target in 2015), stealing account information, something you can’t do anything to prevent on your own computer. Any way, moving on:
First, consider that with the advent or hardened operating systems, anti-virus programs, anti-malware programs, firewalls and encryption programs available to everyone at a very low cost, the idea of hacking an individual computer is really quite futile. Hence, the move to Wi-Fi as the softest intrusion point.
Most common is “keystroke logging”. Hackers use a Trojan Horse (see Spyware) virus, readily available on the Internet, to infect your computer via things like e-mail, a .jpeg or MS Word macro and then track all of the entered keystrokes, looking for passwords and user names.
Next is “phishing”. Hackers develop sites and pages which look exactly the real thing but actually direct users to their own sites and pages, where they steal your login information.
Finally, there’s “packet sniffing”. In this exploit, hackers intercept transmissions between data transactions, where they steal private information. A hacker finds a location with free Wi-Fi, then identifies the SSID of that public signal, at which time he connects to that SSID while at the same time transmitting under the name of the SSID as well, usually with a stronger signal of his own. He then executes a program that “bumps” all public users from a target signal, relaying all traffic his computer, where he swipes the user names and passwords from those computers which have accessed that network before and have “trusted connections”.
More common these days, especially with IoT devices, is the hacking of Wi-Fi routers using any laptop and “pixie dust”. Because all wireless routers manufactured after 2007 have WPS (“Wi-Fi protected Setup”). this convenient system to pair your wireless devices to the router using a simple button creates a significant vulnerability. Because by default, only an 8-digit PIN is required (a mere 10 million combinations, trivial to a hacker) and, even worse, because it is actually broken into two 4-digit strings, the last of which is the checksum for the PIN, reducing the combinations to a mere 11,000! Any kid who downloads a free copy of Kali Linux can do this with “Pixie Dust,” which is bundled with the distro. Besides, most users never even change their router or cable modem password from the manufacturer’s default, usually “password” or “admin,” making the hacker’s job easy as pie. Click HERE for more about this.
By far, most hacking is done with social networking, even just “shoulder surfing,” through watching normal employee or personal patterns and jumping in when the (unusually patient) hacker has learned enough. Let’s face it: It’s far easier to get people to tell you their password than to try to guess it. Brute force and Rainbow Table attacks take much more time. Basically each computer user is the “bug” in the system.
What kind of damage can hackers do? If they obtain your personal information through your IDs and passwords, they can get access to your credit card accounts (even establish new ones), your bank account, your social security payments, make fraudulent charges to your credit cards, refinance your home and take the cash, file tax returns using your identity to steal fake refunds, file for bankruptcy and start all over again using your identity, collect your private or Government benefits, get an apartment, buy a house or buy a car in your name, empty your bank accounts, and even more creative ways they can think of to steal from you. If you’ve watched “60 Minutes,” you know that this is almost impossible to correct, so beware.
So what can you do to protect yourself from these hackers?
Immediately disable WPS. Change the default password on your router (hackers find the model number of your router, then search for the default password, hoping you didn’t change it, and you probably didn’t - See the discussion at Security). Use better passwords, even pass phrases, see more about this at Passwords . And don’t store them in a text file on your desktop. Use WPA2 encryption with 256 bit key, virtually impossible to crack. Use two-factor authentication, available on most browsers and apps (like MS Outlook) these days. This will help defend against hacker programs like Mimikatz, which basically lifts a domain user’s password right out of the memory of a Windows computer. And, in case it does, make sure that each server and workstation has different local administrator passwords, as well as preventing local accounts from authenticating to the network, making it very difficult to gain access to other parts of the network. Make sure that your e-mail system filters out MS documents with macros. Don’t accept disabled Word Macros unless they’re on documents you’ve personally created and have not shared. Don’t use the same passwords for everything. . Encrypt all documents stored on your computers (including external USB drives), so even if they are discovered, they probably can’t be decrypted, at least easily. Use a firewall or a business level security program if you’re a business. Don’t get caught by phishing attempts, at the least check for the lock symbol or the green https:// in the address box. And beware that cell phones are quite vulnerable to hacking, too (see, for example, the famous SS7 hack). And make sure that if you use DropBox or Google Drive to transfer files to your smart phone, or some other off-site cloud storage, encrypt them first if you want them to be secure. Just to name a few things...