Advice from a Real Hacker: How to Protect Yourself from Being Hacked
Each day, we read about another security breach somewhere in our digital world. It has become so commonplace that we hardly react anymore. Target, J.P. Morgan, iCloud, Home Depot, and the list goes on and on.
Those are just the big ones that get reported in the news. Millions take place every year that are not reported. Despite that, the public is suffering from "security breach fatigue." No one seems to care anymore. As the public becomes "dulled" to the importance of these breaches, they are more likely to ignore some basic measures to protect their systems.
As someone responsible for my share of "breaches," I would like to offer you some simple ways that you prevent yourself from becoming a victim of these types of hacks. Keep in mind that nothing will protect you 100% from all attacks. The only way to assure that is to take your machine offline, and no one wants to do that.
There so many ways to attack an online computer that if someone is determined to hack you, and they have the knowledge and skills, they are likely to get in. What you can do, though, is make it as difficult as possible for the random fly-by hacker to get into your system and instead target their efforts to someone who is much easier to victimize.
One of the first things you need to understand is that hackers are constantly scanning the world for vulnerable systems. They simply write a little program or script to scan every IP address on the planet looking for a particular known vulnerability or two. When they find that your system has that vulnerability, then they begin the attack. If your system doesn't come up on their radar, they will simply pass you by and look at the next online computer.
Here are few common sense measures to keep yourself from being hacked. I've tried to arrange them from the most basic to the more advanced. Obviously, the more of these measures your implement, the less the chance that you will be hacked.
Note: I use the term "malware" here to indicate any type of bad (malicious) software. This includes viruses, trojans, worms, adware, rootkits, etc. Rather than trying to make distinctions between each of these types of software, I prefer the all-encompassing term malware.
Password are your first line of defense in this digital war between hackers and the potential victims. If I can get your password, the rest is easy. Most people use simple-to-crack passwords that anyone of my ilk could decipher in minutes or hours at most. Rather than go into great lengths here about how to protect your password, I direct your attention to my recently posted article on creating stronger passwords.
Nearly all computers and all systems (home security systems, car lock, garage door opener, iCloud, etc.) require a username and password to authenticate. To authenticate means to prove who you are. More secure systems are now using two-factor authentication, the first factor being your password.
Authentication factors are generally broken down into three categories;
- What you know (passwords)
- What you have
- What you are (biometrics)
By requiring a second authentication factor, you can make it MUCH harder for me to hack your system. Cracking passwords, no matter how complex, can ALWAYS be cracked given enough time and resources. By requiring a second factor such as your fingerprint, though, it makes it much more difficult for hackers. Impersonating your fingerprint is not impossible, but far more difficult than cracking your password.
Other potential two-factor authentication systems that many companies and military organizations are using is some type of token (something I have). This is usually some smart card that identifies the user. Although neither method is perfect, the combination makes you much safer from hackers like me.
I hope this is superfluous information, but NEVER click on a link sent to you in an email. I don't care if it came from what appears to be trusted source, such as your bank or friend, NEVER click on a link in your email. It is so easy for me to embed malware in that innocuous looking link that it is child's play.
In addition, if I hack your friends email account because they had a weak password, I can then send you emails from his/her account with malicious links that will give me control of your computer.
Once I have control of your computer, I can steal whatever info is on your computer including your passwords to other accounts (bank, brokerage, other email accounts), social security number, and your identity. Then, I can sell each of those on the black market.
Hopefully, this only applies to a few of you. Do NOT do use peer-to-peer file sharing sites. For the uninitiated, peer-to-peer (or P2P) file sharing is the uploading and downloading of music, videos, TV shows, movies, documents, and more from one computer to another without using a centralized server.
This is the preferred method of sharing pirated content. Billions of files are shared this way every year. In fact, the HBO show Game of Thrones was shared this way illegally almost 6 million times alone last year. This makes HBO very unhappy, despite their lax password-sharing rules.
Music, movies, documents, and other files are really easy to embed malware in. This means that when you download files from P2P networks, you are giving me easy access to your system. In reality, nearly all of these files have malware in them. I can guarantee you that if you have downloaded at least one file from P2P, that your machine is infected with malware, probably irretrievably.
New security vulnerabilities (holes) are being discovered daily in your operating system (Windows 7 or 8, Linux, Mac OS X) and your applications (Word, Excel, Flash, IE8, Adobe Reader, etc.). When these vulnerabilities are found, hackers like me then develop a way to exploit that vulnerability.
Soon these "exploits" are passed around to other hackers and everyone is trying to use them against you. This then allows us to install our software on your system to control it and steal your resources and information
When the software developers such as Adobe, Microsoft, and Apple learn of these vulnerabilities, they then develop "patches" to close these security holes. They release these patches in the updates they offer you, sometimes daily. You must update to be secure!
We hackers love when people refuse to update because that means that even old tried-and-true exploits will work with their systems. If you update, I have to be more creative in developing my own new hack.
Updating all of the software on your system is critical, not just your operating system. Hackers love the Adobe products that we find on nearly every system. These includes Flash Player and Adobe Reader. They are such fertile grounds for us hackers as they are so BAD from a security perspective. We find a new security hole almost daily in these poorly-designed products.
Once again, I hope this piece of advice is superfluous. Everyone should have some form of antivirus software on their system. AV software is not perfect, but it is certainly better than nothing.
Even the best AV software is effective on about 95% of KNOWN malware (AV software is totally ineffective against unknown or zero-day malware). That means that one in 20 pieces of malware will be missed. Some of the lower quality AV software will miss 1 in 2 pieces of malware. In addition, AV software is only effective if its activated and updated, so make certain to update its signatures daily.
AV software can't protect you from foolishness. If you click on that link sent to you by a friend or download a file from a P2P site, you are essentially inviting my hacker friends in to take over your system. In many cases, a well-designed malware can embed itself into the Windows system files and your AV software can neither detect it or remove it. In some cases, it can even disable your AV software before it's found out.
Adobe's Flash Player is on nearly every computer and even Android devices that install it manually. It enables us to run those interesting Russian dashcam videos as well YouTube, animations, etc. Without it, when you go a website with video or animations, you get that ominous looking message that you need to install Flash Player and a blank screen.
A few years back, Apple and Steve Jobs made a controversial decision to ban Flash player from their iOS. It has been reported that Jobs made this decision out of vindictiveness toward some personalities at Adobe. Instead, I suggest, that Jobs made this decision because Flash Player is such a poorly designed and coded piece of software that he wanted to protect his mobile operating system from it.
Flash Player is among my favorite pieces of code to hack. Nearly everyone has it and it is SO flawed. I know this is radical step, but if you really want to make certain that your system is "bullet" proof, remove Flash Player from your computer, tablet, and smartphone. Even with updates, new vulnerabilities come out daily for this "hackers best friend."
Although Microsoft ships a rudimentary firewall with its operating system, I strongly suggest that you install a third-party firewall for better protection.
There are many third-party software firewalls out there, some better than others, but I want to suggest Zone Alarm's Free Firewall. As the name says, it is free and very effective. Not only does it block outsiders from getting in, but it also stops malware from accessing resources on your computer and talking out (hackers need to control the malware, so the malware must be able to communicate OUT to be effective).
I'm hoping that those who are reading this will take this basic measures to protect your system and data and make it far more difficult for us hackers to exploit your system. Don't worry about us, we know that most people won't take these measures, leaving plenty of easy pickings for us.