I am a Facebook (possibly MySpace, Twitter, etc.) user like much of the world today and I'm sure many of you are as well. I constantly see the "Sorry for all of the random posts, my account got hacked" posts and today is no different. That being said, most of the time GENERALLY speaking you have not been hacked. Most of the people experiencing what you're calling "hacking" is known as social engineering.
At any given moment I could probably get access to 1/2 of the friends on my Facebook account by knowing a few simple things about them, i.e. their birth date, their siblings names, their mother's maiden name, or something similar. Most of us while creating these online profiles feel that it is a hassle to make sure our information is secure, so we speed through the creation process and make it very easy for anyone using social engineering to gain access to our accounts. I can never stress enough the importance of making your security questions difficult. It needs to be information that can't easily be obtained by simply checking your profile and it's contents. So be careful when choosing and answering those questions. Another form of social engineering is called "phishing". Yes, just like girls fish for compliments. Your account information can be given away by someone simply phishing for information. For obvious reasons you shouldn't give out personal information to strangers but, even people you are friends with could want access to your account for malicious purposes. Stray away from talking about things that may be related to your security questions. If you are chatting with a friend on Facebook and they are asking you things that don't seem normal, you should not answer them. If one of your security questions was "What is your mother's maiden name?" and you give that information to someone you could potentially have given them the keys to your personal account. Be very weary of people trying to steer your conversation in a weird direction to obtain information because anyone that is smart enough will not just blatantly ask they will make a way for you to tell them the information without directly asking for it.
This does not ONLY entail to Social Media. This is also very important for email addresses, especially if your primary email is the one linked to your Social Media. If I were to gain access to your email first, then I have no problem getting into your Social Media accounts. All that needs to be done at that point is to access the Social Media website and use the Forgot My Password link, have an email sent and they are in and you are out. They are also known to change passwords in order to keep you locked out. There are ways to mitigate being locked out with such mail servers as Yahoo!, they offer a service that will text your phone if your password is changed and allow you to confirm that it was you by sending a confirmation number that you will need to enter.
There are obviously other methods that can be used to gain access to your accounts also. Brute-force password cracking will eventually come up with a solution to almost any password once it has gathered enough data and has the correct encryption. Simply adding a single number to your passwords will greatly reduce your risk of getting your password cracked. There are average time frames that it takes for Brute-force to be successful and I can tell you that if you have a password that is at least 9 characters long and includes a combination of upper-case letters, lower-case letters, numbers and symbols such as !%&^$ you will make your account secure enough that most people would simply skip over it and not bother. Some attackers would still go for it just for a show of force but, that is very rare. The normal attacker is going to just skip the accounts that are secured correctly and prey on the weak unsecured ones. I have a password that would take 2+ Millenia to crack. Of course, there is an extremely small chance that it can be cracked before that but, the likelihood is exponentially outweighed. That time frame could be lowered by having several computers involved but, that is a different subject at a different time. :)
I hope that some of these methods have helped you to keep your personal information more secure and quite possibly may have informed those of you that didn't realize the different ways that you can be attacked online. I am simply trying to raise awareness for the importance of security for the average user.
I will continue to post things that will be relevant to the average computer user and try to add a few more technical things in as we continue onward. If any need more elaboration on any of these methods feel free to comment and ask. I will then elaborate with a new post and bring more depth to those things that you all may want to know more about.
Thank you all for taking the time to read and hopefully it will save you from getting "hacked" one day. :)
Jeremy DeWitt
Security+, A+
No comments:
Post a Comment