I am writing a blog post on a topic that has been very pervasive to society. More and more I have people coming to me that believe they have been targeted by “hackers”. In part, this wholesale notion that “hackers” are waiting in the wings for us, is due to media glamorization of the skilled “hacker” that is just combing through anyone’s computer that they want to at will. Hopefully, this series will give you a more realistic view as to the likelihood that you have been “hacked”. Hopefully this series will also help you to secure your computer and/or network.
We hear it every day; “I think someone hacked my account”. It is our first suspicion whenever something does not work exactly as we believe it should on our computer. Whenever we find out that people know things that we believe they shouldn’t, we immediately think “someone hacked one of my social network accounts”! The paranoia about being “hacked” has become so pervasive in our society that we bypass the most logical options and believe we have been “hacked” if we cannot explain a leakage of information or if our computers don’t respond the way they always do. Don’t get me wrong, a REAL danger of being compromised in our digital world through malicious targeting DOES in fact exist, and we should certainly be cautious about it, but there is a difference between being cautious and being paranoid.
First of all, not everyone is a “hacker”. Contrary to popular myth, it takes a little more to be a “hacker” than to just sit down in front of a computer. I have been in the circles of what one might call some REAL hackers, one of my close associates has two books and a movie out about his exploits as a “hacker”, and now owns a successful computer security company. I have another friend that is a “white hat hacker” that has worked for some of the largest international banks in the world strengthening their security, and a friend of mine that sub-contracted work from me for a while is one of the best computer security expert’s that I have ever meant and who’s skills have saved people lots of money and even saved a few people from going to jail on false charges, and one of my best friends is in charge of IT at a very popular and well to do hotel. I have also dabbled in the “hacking arena” myself, and am known in certain circles for some pretty notorious exploits. I can tell you this, the people that have the capability to “crack” passwords, “hack” networks, and remotely access a specifically targeted machine are not in great abundance. Being able to successfully complete the tasks that I just mentioned takes REAL skill, it takes a lot of knowledge, and it takes years of practice. I am not talking about attacking any random machine that is exploitable, I am talking about successfully penetrating a specifically targeted machine. Anyone can use tools downloaded from the Internet to scan hundreds of machines for weaknesses and then attempt to penetrate the weak machines, but not anyone can be assigned a target machine and penetrate that machine based on the skill set required to do so. In summary, very few people have the skill set to target and penetrate a specific machine or “hack” a specific target. With regards to digital phones, this is actually called “phreaking”, not “hacking”; but these same principles still apply.
Second, what was “hackable” 15 years ago may not be so “hackable” today. There was a time when “hacking” machines and networks on the Internet was less difficult than it is today. But we as a society have learned a little about this world of “hackers”. Security experts have always known about the ‘black hat hacker”, but one of the things that we did not recognize until lately is just how devastating a “digital attack” can be. Then we saw things like children exploiting social network sites to bully their peers and the people getting bullied harming their selves or worse, we saw companies being shut down over “digital attacks”, large sums of money stolen with “digital attacks”, and we realized that this is a real problem with real consequences. This realization lead to greater security, such as greater emphasis on secure coding standards, greater security on network connection protocols, tighter software inspections for “bugs”, more secure computer languages, and more. So a lot of these “technical hacks” became less likely to implement, and the only weakness left was the “human weakness” in which social engineering became the new “hacker’s tool”, Don’t get me wrong, there were still people out there with the ability to conduct “technical hacks”, but the skill set for doing so became rare. The new tool, “social engineering” was much easier to implement because all it required was a good “confidence game” or a good con. No longer was it about hours and hours and days and days of enumerating a machine for an exploit, and then having to know how to manipulate that exploit, now it is about convincing the user to give you access; this is “social engineering”. So, now any 14 year old kid or 60 year old creep that could tell a convincing lie, or put together a convincing email can get into your machine; if you believe the lie. That has been the latest danger in our digital world. That email that you just got that says you just won a free trip to the Bahamas, the email where you have to download that document to claim your prize, that email may have a lot more than a trip to the Bahamas in it; THAT is social engineering! In summary, we have done a fairly good job of hardening our hardware and software against exploits, but we will always have that human weakness, the need to trust!
Third, who are you? In other words, do you really believe that you, the “average Joe, factory worker”, or stay at home mom has been targeted by some “hacker”? Don’t misinterpret that, I am not saying that you’re not important, of course you are, you have a family you support, you have people that depend on you, but are you holding some national security secret, or some proprietary corporate secret, or do you have access to a 10 million dollar bank account? Ask yourself WHY would a “hacker” target you? Exactly what would be the purpose of spending hours and hours and days and days of time trying to get the password to your Facebook Account? When you put these questions into the proper context, you begin to see that the likelihood that you were actually “hacked” as a specific target is actually very minimal. There are others possibilities that are greater, like someone you have trusted with information has disseminated that information contrary to their promise to you to keep that information confidential, or you left something out on your desk at work that someone saw and told someone else about. These common possibilities should probably be considered before you start thinking that some skilled “hacker” specifically targeted you and spent days crafting a method to get your Facebook password, or email passwords. In summary, try to look at your situation from a logical point of view; this will help you to narrow down what is really occurring in regards to the possibility that you have been “hacked”.
A good Private Investigator that specializes in privacy issues will know to rule out the more common possibilities before entertaining the possibility that their client has been “hacked”. A good Private Investigator will know to rule out the more likely scenarios first and move towards the less likely scenarios as the more likely ones are ruled out. A good Private Investigator will not try to use fear to get a potential client to hire them, they will use logic and sound reasoning with a solid investigative process to assist their client in eliminating threats. When a client comes to a Private Investigator with a privacy issue, the Private Investigator’s first response will not be to entertain the client with paranoid suspicions, it will be to keep an eye towards what is practical. I am not saying that people don’t get “hacked”, it CERTAINLY happens; but it is not happening with the frequency that most people believe it is. Is there software out there that can monitor your phone or computer and send back information remotely to someone that is interested in your personal life? ABSOLUTELY! But what most people don’t understand is that it is actually fairly difficult to install that software on a target device. The “hacker” either has to have physical access to the device or has to social engineer the target into downloading code onto their device in almost all cases. The Private Investigator that works privacy issue cases will understand all of this, and due to this understanding will have a much greater chance of assisting their client’s with combating such privacy issues EFFECTIVELY.
Below, I’d like to share some basic security tips that may help you to stay secure:
BASIC SECURITY TIPS:
(1) Get a virus scanner! All you need is one (1), having more than one (1) virus scanner may actually be worse than having no virus scanner. Pick one (1) virus scanner that you trust, install it, and keep it up to date. I recommend Vipre Internet Security.
(2) If you don’t know someone, don’t accept anything from them! If you receive a communication from someone you don’t know asking you to download a file on your computer, be safe instead of sorry and do not download the file. Think of it as accepting candy from strangers, it is a no-no! Only download files from trusted sources; friends you personally know and family.
(3) Make sure that your computer is your computer! Only use your computer and don’t let other people use your computer! This way nobody can install something on your computer or look at your accounts, and you won’t being giving out sensitive information on someone else’s computer that may be capturing that information.
(4) Don’t loan out your phone! Don’t let anyone else your your cell phone. All I need is 2 minutes with your phone and I own you! Trust me, I am not the only one. With some of the products that are being marketed today, almost anyone can install malware on your phone in less than 10 minutes. You should NEVER let anyone use your phone!
(5) Watch the language! Have you ever befriended someone on Facebook who has a profile that says they live in the same area as you, is a U.S. citizen, has been in the U.S all their life, has pictures that indicate they live in America and live the American style of life, but you have chatted with them and their sentence structure seems a little off? This could very well be a foreigner with a fake Facebook page using a translator to communicate with you. Be mindful and watch the sentence structure.
(6) If you are using your computer in public, be mindful of your surroundings! Look for “shoulder surfers” and strangers that seem to be taking an unusual interest in what you are doing. Be aware of who is watching you. If you are uncomfortable, shut down your computer and leave. Be safe instead of sorry.
(7) Secure your network! Nowadays a good wireless network is very common, almost everyone has one. Make sure that it requires a password and you are not sharing open access to your wireless network to anyone that can pull up in front of your house. If you don’t know how to secure your wireless network, call your Internet Service Provider, they will be happy to assist you.
(8) Be careful what you say on the Internet! Saying things like “My network is completely secure”, bragging about your security, and such might be an invitation to a “hacker” to show you that you are not so secure. So, don’t brag, don’t make yourself a target!
(9) Install software updates! The vast majority of “hacks” are actually automated scans, performed by computers all over the world – looking for common problems with programs (or weak passwords – see next bullet point). Simply running Windows Update (or the Mac equivalent) can help keep you safe at the expense of having your PC reboot from time to time.
(10) Don’t keep the default password (or even username, if you’re worried). A remarkable number of computers ship as “Owner-PC” without a password; you should set one, and you might want to consider changing your account name to your name rather than Owner. That way, an automated attempt to connect as “Owner/password” will fail at the first hurdle of “there is no Owner” – without even trying to guess your password. There are a LOT fewer computers with the username “John” than “Owner”. This is especially true for routers, firewalls and similar – even the shiny new wifi router you bring home from Best Buy. It’ll ask you to set a password – do so! When you get it setup, don’t stick to the default passwordsOne computer security company that i have been dealing with for over 10 years see’s over 200,000 bot-net scans on port 22 (SSH) every day across their network. None of them do anything because this company has changed the logins (and in some cases blocked the scans altogether), but a default password can get your device compromised (and pulled into a botnet, rather than strictly hacked) pretty fast.
(11) If you genuinely do have something important to protect, seek advice on how to do it. There are plenty of guides out there to help protect credit card numbers, customer details, and other information that you may well need for your business. Simply by not being an easy target, you can often avoid attention; the marketplaces that sell personal information are typically volume based (buy 100,000 credit card numbers of $xx), rather than quality based (I got details from a small firm in Missouri!) – so the people who “harvest” this data for mass distribution typically don’t go beyond the really easy route. On the other hand, if the NSA, CIA, FSB (formerly KGB) or Chinese government are after your data – then simple protections aren’t enough (and neither are complicated ones, most likely…)
I hope these tips help you and overall I hope this article is helpful to you. I also hope that if you do feel like you have a privacy issue, you’ll call RMRI, LLC. where we won’t exploit your fears, we’ll give you some practical FREE advice, and if we feel like you have an issue that needs to be investigated we will, but we will not take advantage of you and if we feel like your issue is easily resolved we will help you do that at no charge.