November 29, 2007

How Hackers Get Your Data: (Part 1 of 3)

It seems like every other day we are hearing about how a large company has lost their customers data, or how they are investigating a breach in their security. You would think that in this day and age it would be almost impossible for a company to just "lose" 100,000 customers names, social security numbers, and credit card info. So how does it happen? How are people still able to sneak in and steal hundred of thousands of records from private corporate records.

Here is how:

  1. Password Theft: if you have read this blog, you will see that I mention passwords being vital to security over and over again. Passwords are like the keys to your house, if someone else gets them, then they are as good as in. Stealing or cracking a persons password is without a doubt the most common way hackers are able to bypass a companies security and get at the data they crave. As computers become more and more powerful, it becomes easier for hackers to use software to crack a password. A password really is just a string of letters, numbers and special characters, and because there are a finite amount of choices, a computer can eventually crack any password you try, the stronger the password, the longer it takes, and the longer it takes for a hacker to crack a password, the greater the risk of them getting caught. So as computers get faster and are able to try more password combinations in a shorter amount of time, the faster passwords will get cracked. So when choosing a password your goal should be to keep it as strong as possible and as long as possible but not to the point where you need to write it down. Also, try not to use things like your name, birthday, address, or other things so easily associated with you, or if you do, make them more complex. For instance, if your Wifes name is Amber, you could make the password @Mb3r!. Notice the combination of Uppercase and lowercase letters, numbers and special characters. Because of this combination it will take a computer significantly longer to crack the password than just using Amber. Remember, the goal of security isn't to make things uncrackable (that is impossible) it is abut making them harder to crack than they are worth.

    In addition to that, people who use the same password for every site they visit cause a problem as well, because if one site has a security flaw and a hacker gets your password, they now have access to your accounts everywhere. Also, as tempting and convenient as it is, do not write down your password. writing your password on a post it and sticking in under your keyboard is like hiding a copy of your house key under your doormat. So please, don't do it.

  2. Viruses, Worms, and Trojan Horses: Have you ever gotten an email from someone you never new with the subject line of "Really cool picture!!!" and the attachment was named Awesome_Picture.jpg.exe or something similar? Of course you have, we all have. That my friends, is a virus. Viruses come in all sorts of shapes and sizes and have many purposes. Some are written to simply delete your files, while others are written to just send out spam. Some of the worst how ever are written to collect information from the computer they get installed on, and these are called Trojan Horses. A Trojan Horse will typically install it self and run silently in the background, if it is a good one, you wont even notice that it is there. It will simply sit and silently collect data about everything you are doing, logging information like your user name and password for websites that you go to, credit card numbers and bank information. Then, it sends that information off to its creator. Without even noticing it, someone may have just stolen your identity.

    So how do we protect against things like this? The best way is to just use common sense. When going through your email, pay attention to what you are opening. If you aren't friends with a guy named John Doe, then you probably don't care about his vacation, so why open a picture from him? Just delete it and move on. When surfing the web, if something is big and bright and flashy, don't click on it, the old saying "if it seems to good to be true, it probably isn't" has never been truer than when surfing on internet. Also, if you see a pop up that says "you have a virus" then tries to sell you something, it's a lie.

    In addition to being careful, you can use technology to help you! Using anti-virus and anti-spyware software is a great way to not only keep your computer running smooth, but to keep you identity safe. This software is made to search of viruses not only on your computer, but in the emails your receive as well. There are a number of titles to choose from like Symantec Anti Virus and my personal favorite Kaspesrky Anti Virus, both sell for around $40, or you can go with a free option like AVG by Grisoft. The paid versions have a few more options, and typically have better support, but AVG is a great product as well.

See Part Two

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google