Each day, we read about another security breach somewhere in our digital world. It has become so commonplace that we hardly react anymore. Target, J.P. Morgan, iCloud, Home Depot, and the list goes on and on.
Those are just the big ones that get reported in the news. Millions take place every year that are not reported. Despite that, the public is suffering from "security breach fatigue." No one seems to care anymore. As the public becomes "dulled" to the importance of these breaches, they are more likely to ignore some basic measures to protect their systems.
As someone responsible for my share of "breaches," I would like to offer you some simple ways that you prevent yourself from becoming a victim of these types of hacks. Keep in mind that nothing will protect you 100% from all attacks. The only way to assure that is to take your machine offline, and no one wants to do that.
There so many ways to attack an online computer that if someone is determined to hack you, and they have the knowledge and skills, they are likely to get in. What you can do, though, is make it as difficult as possible for the random fly-by hacker to get into your system and instead target their efforts to someone who is much easier to victimize.
One of the first things you need to understand is that hackers are constantly scanning the world for vulnerable systems. They simply write a little program or script to scan every IP address on the planet looking for a particular known vulnerability or two. When they find that your system has that vulnerability, then they begin the attack. If your system doesn't come up on their radar, they will simply pass you by and look at the next online computer.
Here are few common sense measures to keep yourself from being hacked. I've tried to arrange them from the most basic to the more advanced. Obviously, the more of these measures your implement, the less the chance that you will be hacked.
Note: I use the term "malware" here to indicate any type of bad (malicious) software. This includes viruses, trojans, worms, adware, rootkits, etc. Rather than trying to make distinctions between each of these types of software, I prefer the all-encompassing term malware.
Step 1: Use Stronger Passwords
Password are your first line of defense in this digital war between hackers and the potential victims. If I can get your password, the rest is easy. Most people use simple-to-crack passwords that anyone of my ilk could decipher in minutes or hours at most. Rather than go into great lengths here about how to protect your password, I direct your attention to my recently posted article on creating stronger passwords.
Step 2: Use Two-Factor Authentication
Nearly all computers and all systems (home security systems, car lock, garage door opener, iCloud, etc.) require a username and password to authenticate. To authenticate means to prove who you are. More secure systems are now using two-factor authentication, the first factor being your password.
Authentication factors are generally broken down into three categories;
- What you know (passwords)
- What you have
- What you are (biometrics)
By requiring a second authentication factor, you can make it MUCH harder for me to hack your system. Cracking passwords, no matter how complex, can ALWAYS be cracked given enough time and resources. By requiring a second factor such as your fingerprint, though, it makes it much more difficult for hackers. Impersonating your fingerprint is not impossible, but far more difficult than cracking your password.
Other potential two-factor authentication systems that many companies and military organizations are using is some type of token (something I have). This is usually some smart card that identifies the user. Although neither method is perfect, the combination makes you much safer from hackers like me.
Step 3: Never, Ever Click on a Suspicious Link
I hope this is superfluous information, but NEVER click on a link sent to you in an email. I don't care if it came from what appears to be trusted source, such as your bank or friend, NEVER click on a link in your email. It is so easy for me to embed malware in that innocuous looking link that it is child's play.
In addition, if I hack your friends email account because they had a weak password, I can then send you emails from his/her account with malicious links that will give me control of your computer.
Once I have control of your computer, I can steal whatever info is on your computer including your passwords to other accounts (bank, brokerage, other email accounts), social security number, and your identity. Then, I can sell each of those on the black market.
Step 4: Do Not Use P2P File Sharing Networks
Hopefully, this only applies to a few of you. Do NOT do use peer-to-peer file sharing sites. For the uninitiated, peer-to-peer (or P2P) file sharing is the uploading and downloading of music, videos, TV shows, movies, documents, and more from one computer to another without using a centralized server.
This is the preferred method of sharing pirated content. Billions of files are shared this way every year. In fact, the HBO show Game of Thrones was shared this way illegally almost 6 million times alone last year. This makes HBO very unhappy, despite their lax password-sharing rules.
Music, movies, documents, and other files are really easy to embed malware in. This means that when you download files from P2P networks, you are giving me easy access to your system. In reality, nearly all of these files have malware in them. I can guarantee you that if you have downloaded at least one file from P2P, that your machine is infected with malware, probably irretrievably.
Step 5: Keep Your System & Apps Updated
New security vulnerabilities (holes) are being discovered daily in your operating system (Windows 7 or 8, Linux, Mac OS X) and your applications (Word, Excel, Flash, IE8, Adobe Reader, etc.). When these vulnerabilities are found, hackers like me then develop a way to exploit that vulnerability.
Soon these "exploits" are passed around to other hackers and everyone is trying to use them against you. This then allows us to install our software on your system to control it and steal your resources and information
When the software developers such as Adobe, Microsoft, and Apple learn of these vulnerabilities, they then develop "patches" to close these security holes. They release these patches in the updates they offer you, sometimes daily. You must update to be secure!
We hackers love when people refuse to update because that means that even old tried-and-true exploits will work with their systems. If you update, I have to be more creative in developing my own new hack.
Updating all of the software on your system is critical, not just your operating system. Hackers love the Adobe products that we find on nearly every system. These includes Flash Player and Adobe Reader. They are such fertile grounds for us hackers as they are so BAD from a security perspective. We find a new security hole almost daily in these poorly-designed products.
Step 6: Use Antivirus Products & Keep Them Up to Date
Once again, I hope this piece of advice is superfluous. Everyone should have some form of antivirus software on their system. AV software is not perfect, but it is certainly better than nothing.
Even the best AV software is effective on about 95% of KNOWN malware (AV software is totally ineffective against unknown or zero-day malware). That means that one in 20 pieces of malware will be missed. Some of the lower quality AV software will miss 1 in 2 pieces of malware. In addition, AV software is only effective if its activated and updated, so make certain to update its signatures daily.
AV software can't protect you from foolishness. If you click on that link sent to you by a friend or download a file from a P2P site, you are essentially inviting my hacker friends in to take over your system. In many cases, a well-designed malware can embed itself into the Windows system files and your AV software can neither detect it or remove it. In some cases, it can even disable your AV software before it's found out.
Step 7: Do Not Use Adobe Flash
Adobe's Flash Player is on nearly every computer and even Android devices that install it manually. It enables us to run those interesting Russian dashcam videos as well YouTube, animations, etc. Without it, when you go a website with video or animations, you get that ominous looking message that you need to install Flash Player and a blank screen.
A few years back, Apple and Steve Jobs made a controversial decision to ban Flash player from their iOS. It has been reported that Jobs made this decision out of vindictiveness toward some personalities at Adobe. Instead, I suggest, that Jobs made this decision because Flash Player is such a poorly designed and coded piece of software that he wanted to protect his mobile operating system from it.
Flash Player is among my favorite pieces of code to hack. Nearly everyone has it and it is SO flawed. I know this is radical step, but if you really want to make certain that your system is "bullet" proof, remove Flash Player from your computer, tablet, and smartphone. Even with updates, new vulnerabilities come out daily for this "hackers best friend."
Step 8: Use a Really Good Firewall
Although Microsoft ships a rudimentary firewall with its operating system, I strongly suggest that you install a third-party firewall for better protection.
There are many third-party software firewalls out there, some better than others, but I want to suggest Zone Alarm's Free Firewall. As the name says, it is free and very effective. Not only does it block outsiders from getting in, but it also stops malware from accessing resources on your computer and talking out (hackers need to control the malware, so the malware must be able to communicate OUT to be effective).
I'm hoping that those who are reading this will take this basic measures to protect your system and data and make it far more difficult for us hackers to exploit your system. Don't worry about us, we know that most people won't take these measures, leaving plenty of easy pickings for us.
For more insider tips on protecting yourself, stay tuned to this Advice from a Real Hacker series here on Null Byte.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
19 Comments
another good one, simple but good.
That's OTW for you :)
As you have mentioned, you install a Firewall to protect against Malware talking back to the outside world, but would a Firewall on your Router be enough protection for this? or having a software firewall and a Router firewall together be required? or is this over the top? I would guess having both firewalls secures you from the outside world and also you local network.
Possible explanation video if allowed I am interested in this idea and I want to set up a laboratory for the experiment penetration
what about browsers that already have flash built in? is it dangerous for my machine?
Yes
OTW, what do you about Malwarebytes Anti-Malware active protection modules?
What would you like to know?
If it is good working and can save my connections.
Well , I like it because it has a couple of scanning option that work good.. It was the only scanner to find a buried RAT I installed over 10 yrs ago.
OTW, Is there an alternative to Adobe Flash Player?
And what if it's Windows thats running in a vbox, on a linux host?
Can malware from vbox affect linux host (browser)? Also "if" linux host uses an external HD to store info and plugged out when using Windows Vbox and plugged in only when using linux host will that be a little safer?
Thanks again for another work of art......
OTW,so i live in a paying guest(hostel) and got cyber wars here everyday.
:3
so i found a file project1.exe and found out it could well be a spyware so i think i am fucked up.Can you tell me what project1.exe is and what exactly can it do so that i can backtrack my actions
Submit it to virus total and see what they think about it. If you must.
Point 4 makes me uneasy, I download pretty much everything via torrent (music, movies, books). Is there an alternative to it? or a way to make it safer? all I can think of is tunneling its traffic through I2P :(
Good guide! I don't think I'm going to remove Flash Player.. too many video games I gotta play! However I may get Zone Alarm's Free Firewall. Sounds very good! Hopefully it will port through easily enough for some of my games to work. Is there an article anywhere about Linux (Kali) security? I shouldn't have to worry about lasting malware on it, since I run it in non-persistant mode on a USB, but still would be interesting to know. When I get a stronger USB stick, I may run in Persistant mode.
I am a journalist for Slant. Do you mind if I use this as a source for an article I'm writing. If you would like I will give you credit for any information I use from this article.
Bradley:
If you use me and WHT as a reference, you can use it.
If you would like to interview me, I would be happy to respond to your questions as long as we get credit.
OTW
Thanks. I think this How To is enough for the article I am writing. If it's not, I will let you know so we can set up an interview.
hey i m new to hacking , and i found it intereseting 2 learn here some basics but i wanna learnhow these scripts can be done ?? and in another tutorial i scanned for those online computers as 2 test but can't do anything furthermore ?? if someone could assist i ll be hopefully thanks ,,
Share Your Thoughts