I am hacked, so what ?

Often I hear people say they don’t really bother with security on their computers or smartphones. Very often those people use arguments as “I don’t have important information” or “I know what I do, I don’t need protection”.

Now, what truly bothers me is the fact that people don’t look beyond their own interest. They don’t know that once one of your accounts is hacked, your friends are vulnerable for cyber crimes too. Since the uprising of social networks, a certain hack is widely used and has always been the most exploited, it’s called social engineering.

Proof of concept : Imagine your Facebook account gets hacked. The attacker controls your login and can use your entire account. At this point, if you got no personal information on your account because you’re just using it to browse Facebook, you’re lucky. But the chances of that being true is, well let’s face it, very small. Everybody that has a Facebook account puts certain private information online, for (hopefully if you used the correct settings) all of your friends to see.

The cracker has now enough information to take over your identity, combined with other information coming from search engines. He monitors your Facebook account and sees your friend updating his status “Excited, just bought a new laptop online”. Chances are the attacker will sent your friend an e-mail, impersonating the staff of PayPal or some creditcard company. A lot of people are fooled to give up their CC info by this method called ‘phishing’. In particular your friend is vulnerable as he as just bought something online, so for him it’s easy to assume something went wrong with his payment, and hence answers the mail.

The attacker goes on and sends something to your friend. ‘Hi man, check out this photo from you, took it last night at the party.’ Chances are your friend is now infected with a trojan horse or a keylogger.

Hope the bigger picture becomes clear, once an account of yours gets compromised, you don’t only risk your own identity and safety but also the ones you’re connected to. As the attacker has now the ability to use your trusted reputation to perform his attacks.

Some tips :

– Never, ever, ever, …. , surf to unencrypted sites when using a public AP. Always use the https:// prefix when supported. This gives some protection against sniffing your passwords.
– Never, ever, ever, …. , give up CC info in mails. Company’s will never ask you that. The same holds for login credentials.
– Never, ever, ever, …. , follow a link without checking the URL. A link like http://fcebook.com is probably a trap.
– Always use a firewall. Experience crackers can circumvent this, but at least you’re protected against script kiddies.
– Always use anti-virus in the unfortunate event you’re bound to use a Windows system ( :p ).

Maybe a more technical post is coming in the future that explains how crackers can circumvent your firewalls and anti-virus systems.

Cheers,

H4

Advertisements

One comment

  1. I don’t think you really adresssed the dangers of “getting hacked”, This post is more about what happens when somebody get acces to one of your online passwords. Which, lets face it, usually happens when some major website makes a database or security error.

    This is a post about the dangers of social engineering (and these people don’t even need access to your facebook or passwords to do these kind of attacks)

    It doesn’t explain as to why you’d need al malware sniffer or a decent anti virus.

    Misleading title imo,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s