Hackers have a particular set of skills, but it’s not like The Matrix

I got a panicked call from my mother this week. She'd been hacked. Her hackers sent her an email with the subject line "High level of danger. Account was under attack".

The email proceeded to inform my mum that they've stolen her password, and have been keeping tabs on her online activities.

Worse still, the hackers alleged that my dear old mum has been looking at some rather dodgy websites. They claim to have screenshots and photos from her webcam to prove it.

And unless she deposits $500 worth of Bitcoin into their digital wallets, they're going to publish these images online, for everyone to see.

READ MORE:
* Whatsapp discovers spyware that infected with a missed call alone
* 'Password123' used by over 1000 Australian government officials
* Number of phones infected by Dendroid spying app remains unknown

Well, that last bit made me laugh out loud. The thought of my mother, back in rural Devon in England, trying to figure out how to buy and transfer Bitcoins is almost as far fetched as her knowing where to find dodgy websites.

Amazingly, this wasn't the first time I've been consulted with this exact problem. My mother-in-law, equally hilarious with her application of new technology, received the same email back in December.

The mind-blowing thing for both Patricia (mum) and Pippa (in-law) was that the hackers somehow managed to get their genuine passwords.

HOW DO HACKERS HACK?

Good question.

We've all seen Hollywood's version of what hacking entails. Bespectacled computer geniuses sit down at a mechanical keyboard and pound the keys until a Matrix-style program appears on the screen. A few seconds later, almost always within a minute, whatever they're hacking is hacked. And they're in.

The reality is a lot less flash. And can be broken down into three main areas.

1. Brute-force attacks

The simplest way some hackers operate isn't sophisticated at all. This is a time-consuming method where hackers go to websites or standard network ports and simply try to guess passwords.

"Username: Admin - Password: Admin" is a lot more common than you might think for networks. As is "123456789" or "Hometown2019" for passwords.

​2. Phishing

This is when you get an email that's been designed to look like it's from a credible source, Dropbox or iCloud for example, but the hyperlink directs you to a fake website.

The fake website will then try to trick a user into entering personal information such as usernames, passwords, and credit card information. Alternatively, the site will encourage an individual to download a piece of software - which will be a virus.

The virus can then be used to log keystrokes, or infect a computer, or spy on emails and other messaging platforms.

3. Malware Toolkits

Toolkits are usually free programs created by companies, like Apple and Google, to aid developers when they're building new iPhone or Android apps.

But there are also toolkits that help hackers create malware that can get into a computer to steal data.

In fact, most malware toolkits are actually professional-grade tools. They were originally designed to test a computer or network for security flaws.

In a professional environment, these toolkits can be used to flaws - so they can be patched. In a hacking environment, they're equally effective at finding flaws - the only difference is that hackers can use these flaws to force entry.

The free and open-source program, Metasploit is probably the most famous of these kits.

3. Data breaches and the dark web

Data breaches happen all the time. They're either the result of a sophisticated hack or are the direct result of an employee who's gone rogue. Sometimes, of course, they're just accidents - like the one Facebook had last month that affected 1.5m users.

The scary thing is, these breaches are a lot more frequent than you think. Thousands happen each year and the number is rising. They happen to big and small companies alike, and there's no much we, as users, can do about them.

Annoyingly, it's also common practice for this stolen data to be sold on the Dark Web to the highest bidder.

This, I suspect, is probably how the hackers obtained my mother and mother-in-law's passwords.

Tip: I use a Chrome extension called Password Checkup that informs me if the website I am visiting has had a recent third-party data breach.

Comments are closed.