What is a hacker attack?
“One ought never to turn one’s back on a threatened danger and try to run away from it. If you do that, you will double the danger. But if you meet it promptly and without flinching, you will reduce the danger by half.” Winston Churchill
The hacker can be anyone if he/she has a basic knowledge, desire, motivation, and (sometimes) some money. In addition to these characteristics, the successful hacker must have a large dose of patience and planning workability. However, neither all hackers are all the same, nor all hackers have the same goals. [1] Hacker attack can be defined as illegal computer system penetration in order to manipulate the PC and all the associated systems. This goal is being reached with the help of special scripts or programs, that manipulate the processing of data received via a network connection to get an access to confidential information. Hacking techniques include the use of viruses, worms, Trojans, cryptographers, browser hijackers, rootkits and DoS attacks.
Sources of hacker attacks
Preconfigured hacker scripts are available for download online for everyone, including novice users. In fact, any person who is patient and determined enough can learn how to hack computer systems, and people who are interested in stealing data for their own petty aims can easily learn how to do that. However, these people are not the main source of problems connected with hacker’s attacks. The biggest problems cause professional hackers who modify scripts and develop new hacking techniques, as they are the most serious threat to data and system security. [2]
How to recognize a hacker attack?
The fact that your computer got hacked is obvious if your friends, colleagues and other people from your contact list receive phishing emails from your email address or if your computer is blocked by a coder. There can be also a different, less obvious situation, when your browser is being hijacked, In that case, when a user is trying to get to his online banking, hacked browser opens fake pages of online banking and collects all the data a user enters. This hacking becomes apparent only when funds disappear from a bank account, or when a third party starts to use your online personality. Quantifying losses caused by the cyber-attacks is very difficult and unprecise. Losses consist not only of the direct cost of lost money, but of the costs of cleaning up and the investigation, as well. In addition, every day improving protection costs money. The year 2011 was called “The Year of the Hack” [3]
I use only Facebook and I am not a secret agent, why someone should be interested in hacking me?
Such a neglect of one’s own security on the Web leads to massive hacking attacks and infection of devices with lots of viruses. Most of hacker attacks are aimed for a commercial gain. If there is no information regarding bank cards or accounts, or any of state or commercial secrets, such an information can be found on an account connected to the current one (friends, relatives, colleagues, etc.). This makes easier to get into computers or systems related to the victim’s system or simply ask for help using the victim’s personality and ask for some bank details or passport data,
No one can hack my password
Such passwords as 123456", “123456789”, “qwerty”, “12345678” and “111111” have become the most common for people who were hacked. Password management software program named Keeper has figured out 25 most used passwords, and these passwords are used by 50% of all the web users. [4] That said, it is enough to enter one of the passwords offered by one of the similar systems to get into someone’s mailbox, online banking security system or a cloud storage. Such kind of programs can pick the correct 5-digit password by brute-force attack method within several seconds. A password should consist of at least 10 digits and contain letters, digits and punctuation marks; letters part should have both uppercase and lowercase to increase security. Symbols of a password should not form any words or set phrases (even in transliteration). You should not use the same password for different web pages and use such secret questions, such as “your first pet’s name” or “your mother’s maiden name”, etc. It is difficult to memorize several complicated passwords, that is why there are password managers that help to generate, remember and store such passwords safely.
I have the most complicated password, am I safe now?
A complicated password is not enough to guarantee full security from hacker attacks. That is the reason why most services now use two-factor authentication. Using this method, a system recognizes its user by two different signs. On the first stage it is usually something that user knows, like password or pin code. The second stage requires a usage of something that belongs to a user, such as smartphone. A user can receive an SMS notification with one-time use password or push notification which helps to confirm the input. One more possible factor is using of biometric information. This can be a fingerprint or a face recognition system. It is not safe to use only one of the methods listed above. Even a fingerprint can be “removed” from the screen of a smartphone or restored from a photo, as the hacker Starbug did, forging the fingerprints of German Defense Minister Ursula von der Leyen. [5]
Nothing bad can happen if I follow the link sent by my friend, even if we do not keep in touch for a while
Most likely, this friend was hacked. And they are trying to hack you too. This is called “phishing” — a hacker is trying to override user’s vigilance with an allegedly important message, using the following headings: “invoice”, “contract” or “see what video I found with you” that easily catch attention and make a user qurious. When a user launches the received attachment, the malware that looks like a common text file is being downloaded to a user’s device. But if you click on the properties of the “contract”, you can see that this file has the extension exe instead of txt. Or a user follows the link and gets to a starting page of a social network or mail service. Thinking that he was just accidentally logged out of the system, the user can re-enter his login and password. However, the “start” page is only a fake, and user data gets in the hands of intruders. The similar situation happened with one of the members of the US Democratic Party. As a result of following the wrong link he filled out a form on the website which supposed to be a mailbox. However, it was not a mailbox, and this is how attackers got an access to inbox of Hillary Clinton’s party member and got email addresses of the rest of the members. In case if you identify a similar email, you need to mark it as spam. And yes, don’t open it as well. [6]
How can I recognize that a website is not fake?
If you clicked on a link in a letter that forwards you to a popular website, double check its URL. For example, a fake Google email site can contain “hmail.com” in URL address instead of “gmail.com”. The difference is not obviously recognizable, but really efficient. Also pay attention to the security protocol of the site (these are the very first letters that are in front of the address body). Fake sites rarely use the https protocol because it uses encryption. By the way, it’s better to use https protocol than http. It does not mean that those websites are harder to crack, but if hackers intrude into the transfer of information between the site and the user, then they will understand nothing in it.
I have antivirus, even two! Am I safe now?
Antivirus can be useful, but only if we are talking about viruses that have been already recognized and added to its library. If the virus is completely new, then the antivirus will not recognize the malware.
What else can I do to be safe?
Recently, attacks of extortionists have become more and more frequent. For example, hackers can encrypt data on a victim’s computer. They are not interested in the contents of the hard disk of the computer, but in bitcoins, which they ask for decryption. It is important not to pay the blackmailers, as there are no guarantees that they will keep their promise and decrypt the data or keep it confidential. There was a so-called WannaCry virus attack spring of the last year. It showed the importance of updating the operating system on time and how it is dangerous to use cracked pirate software. The WannaCry virus used a bug in Windows operating system that was further corrected in next versions of OS. Those who used the cracked version of software or did not have time to update Windows became victims of cyber attacks. [7]
Please also remember to create a backup of your systems (PC, your smartphone, etc.) to be able to restore all the necessary data in case of a hacker attack. By the way, most encryption viruses activate after a reboot, so if you realize that you got a virus, do not rush to turn off the computer. Try to get rid of it during the working session with the help of antivirus or computer backup.
P.S. oh, almost forgot. If you have kids who already surf internet, you should scan your computer with antivirus software frequently. You should also turn on Parental Control soft that cuts off the access to pornographic sites or sites with questionable reputation.
Illustrated by Ellen Bloom
References
[1] Hacking, Protection And The Consequences Of Hacking. [online]. [accessed: 2019–01–19]. Available: https://eds.a.ebscohost.com/eds/pdfviewer/pdfviewer?vid=0&sid=3d6a2d95-1acc-4725-9e88-edfe1b39c7ad%40sessionmgr4007
[2] Eli the Computer Guy. Introduction to Hacking [online]. Available: https://www.youtube.com/watch?v=yGIHjTmTFfA [accessed: 2019–01–19].
[3] STANESCU, B.: Top 5: Corporate Losses Due to Hacking [online]. [accessed: 2019–01–21]. Available: https://hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html
[4] Keeper Password Manager & Digital Vault [online]. [accessed: 2019–01–22]. Available: https://www.pcmag.com/article2/0,2817,2462559,00.asp
[5] Hacker Fakes German Minister’s Fingerprints Using Photos Of Her Hands [online]. [accessed: 2019–01–22].
[6] How the Russians hacked the Hillary Clinton campaign and passed its e-mails to WikiLeaks [online]. [accessed: 2019–01–22]. Available: https://www.straitstimes.com/world/united-states/how-the-russians-hacked-the-democratic-national-convention-and-passed-its-emails
[7] What is WannaCry ransomware, how does it infect, and who was responsible? [online]. [accessed: 2019–01–25]. Available: https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html
