Читать книгу Stupid Ways People are Being Hacked! - Pasha Naserabadi - Страница 4
ОглавлениеCHAPTER 1 – How It Happens?
How does a cyber attack happen?
A Cyber Attack may happen for different reasons, such as bugs, administrative mistakes and user’s faults.
Bugs!
A bug, is an unknown vulnerability made during software development, which had not been discovered before releasing software.
Some bugs can really be dangerous and allow hackers break into computers’ security systems and access resources easily.
Hackers look for these bugs – and sometimes they succeed.
If you use an application on your computer and there is a bug in that version of the application that hackers could find, it means that you and everybody using that application are potentially at risk.
When the application developer finds the vulnerability, they will publish an upgrade for fixing that bug.
Therefore, the best way to be wary of bugs in software is to keep it up-to-date.
Administration mistakes!
Administrators are one step behind hackers!
On one hand, hackers are generating new methods and tools for penetrating networks, and on the other hand, administrators try to block these, daily.
During network implementation, administrators are able to prevent unauthorized access to network resources. If they ignore some of the details and aren’t thorough in their configurations, they can leave the door open for hackers to access internal resources.
These kinds of mistakes are mostly common for enterprise networks, which are attractive for a hacker to get inside.
Users’ fault!
This is the only one we can personally prevent!
This is the most common mistake threatening end-users and can be prevented by training and awareness.
To give a simple example, there is no chance of your organization being protected with expensive hardware and software while an employee writes their password on a piece of paper and tags it on the computer!
On the other hand, we are using computers, internet, tablets, smart phones and banking accounts and it means we need to know how to keep safe in the 21st Century.
Here, we focus on the ways that can help us to reduce the users’ mistakes, which is the only option an end-user has!
Just imagine, you have been hacked!
Imagine your email account has been hacked and you have no control over it. What is going on?
If someone has access to your email, it is possible for them to gain access to a lot of personal, commercial, professional, and family information.
Many people believe that the information stored in their is personal and not valuable to others. Consequently, they do not pay much attention to keeping their password a secret.
It might be interesting to know that if you do not pay enough attention, your email can easily be hacked and if this happens, unimaginable problems can occur.
If you are using email to exchange personal or family information, other people’s access to your email could result in your private information being exposed to the public.
If you are using your email for commercial or business activities, the existing address book in your email is enough to reveal your kind of relations with other people and companies and the prices you sell or buy the products, which can be a secret in the competitive market.
If you are a student, having access to your email means access to your research projects and even somebody else achieving victory over you unfairly.
If you are a famous person and somebody gains access to your email, it is even possible for him or her to abuse your social reputation, political status and financial credit.
This abuse could include asking your relatives for money at your expense, or even doing propaganda for a political candidate of their choice rather than yours!
Having access to your email can also be equal to having access to your information on other sites and applications that you are using too. I’m talking about sites and applications such as Skype or Facebook.
The question is “how is this possible?”
The answer to this question is very easy. At the time of signing up, you have to introduce an email address, which will be used for password recovery in future.
In fact, if you forget your password, you can ask the site or application to email it to you. Now, if a person presenting your email pretends that they have forgotten their password, they will receive a new password in your email!
If you are managing a website and someone has access to your email, it is possible for them to send an email to the company providing your domain and hosting services and ask them to give him or her a new password.
These are just some of the dangers that may threaten us in cyberspace.
How to fight back?
Although there are tools to fight against some of these dangers, even having the most powerful and the most updated security software cannot stop hackers.
We can say that it is almost possible for anyone to get hurt by cyber-attack. Therefore, everybody should be aware of methods that might put them at risk of cyber-attack.
How can hackers find your password?
Frankly, it depends on the hackers’ conditions and capabilities.
When we talk about conditions, we are talking about the hackers’ geographical situation and their type of relations with us. In addition, if they have physical access to our computer or know about our activities and hobbies, they will have more chance to be successful.
Even if they have no access to our computers, it is still possible for hackers to access our information and we will discuss the details in the following chapters.
Different methods for different conditions
In order to clarify the subject, it is necessary to describe the different conditions of how hackers can get access to victims’ computers and all the methods they use for any of these conditions:
1- The hacker can have physical access to the victim’s computer. A good example is computers at internet cafes, and others that have more than one user.
2- The victims’ computer and the hackers’ computer are located in the same network (LAN). Like the computers located in an organizational network.
3- The victim’s computer is geographically located in another location or even another country, which means, “it is physically impossible to get access to it”.
Finding out which of the aforementioned conditions is true for the hacker can help us to determine how the hacking will be done.
In the coming chapters, we talk about each condition separately.
