“A Walk to Secure Future”- Part 2
“On our journey to a secure future, we must first understand the potential threats. We know that we need to be safe but safe from what?? A hacker can have countless approaches. There are almost a hundred techniques to hack someone, maybe his account, website etc. So in this post we will talk about the points of attack and some common basic methods of hacking which the non-potential threats might know about.
Let us think about how any connection occurs.
Starting with a simple example of a Facebook example.
Attack Points: (Personal Level)
- Right at the source:
- You know the password to your Facebook account. The password itself might get leaked at the source which is you. A number of possibilities, you told your password to your mom/dad (generally kids in India are supposed to so that the parents can check their activity :P)à She/he noted it down on some piece of paper and bad luck strikes, drops somewhere, gets into hands of someone. (Ignore the story try to see the point).
- Told the password to friends to play some scrap games, collect game energy points (happening a lot these days) and that friend comes up with some nasty idea.
- Highly improbable case but worth mentioning, some bully or mafia extracts it from you at gunpoint.
- Point of Input:
- Someone managed to plant a key logger into your system.
- You logged in from some friends pc and he saw your keys while you were entering your password. Or you somehow saved your password there and he later looked it in the browser auto fill settings.
- Transmission Way: (Technical Stuff) ( not a job of skids)
- If anyone tried to plant any physical receptor in your network router/ on your server (in case of shared connection) and he can look at the captured packets later on.
- Anyone got access to master logs of the server. (A lot of ways to do that and very imminent threat)
- Access into main server of provider/website. (We will talk about it in later posts)
These are some common points of attack. Some others are like:
- Scripted links
- Back linking
A hacker has to first target as to where she/he is going to strike. Is he somehow going to try extract it from you? Best possible way to get through anyone’s account. Let us elaborate it.
You don’t really think that he is going to ask you your password and you are going to say it straight away. Well that never happens (assuming the person is not totally dumb). He is trying to get your password some way or the other. How??? Phishing Technique is one most common answer. He will modify a login page which looks exactly like the original Facebook page with some tweaks on it. Means the details you enter there instead of going directly to the Facebook server is now in the hands of the hacker. This is a very wide-spread technique since it is easy to make such pages. Of course with coding knowledge. Second most commonly used way is “cookie-grabbing”. Let me explain this. Any website which allows you login needs to know that every query coming from your end is authorized. Now in some extremely important events, they directly ask you to enter your password to authorize it but in rest of the events, they don’t bother you with entering your password again and again. Instead they store a cookie on your system. A cookie is an authentication script which is attached with every query you send to a server which makes it understand that the coming query is authorized and should be given a progressing response. Now a hacker can code a script which can duplicate your cookies and send it to him wherever he wants and later he can use them. Now generally these cookies have a time limit after which they are useless but using that cookies and some tweaking he can keep using it forever or even change your password using it.
Moral of this is: “Never ever click on random links. Unless you are completely sure of it.”
There are a lot more ways to get your login credentials from you. Let us not focus on that for now. I will explain it in next parts.
There are various ways to hack into the transmission way and the point of input targets. I will explain many of them in my upcoming posts about ways to hack and to get secured. Working on it 😛
Ok. So back to topic about Recon on Hackers.
Reconnaissance is an art. It deals with identification of the target, getting all necessary details about the target which includes his IP address, username of the id targeted etc. Now this is something you cannot prevent. A smart hacker always knows his way around. He can later identify you easily, come in contact etc. Then comes the art of social engineering. He will scavenge through all your available pics, friends, identify trusted people, know your real interests etc. In this way he can somehow guess answer to your security question.
A quick tip: If your security question is you mother’s maiden name, put her cell no. instead of real name, or something like that. It will prevent anyone from guessing your answers.
Ok so, after he has gathered information about you, he might start talking to you, eventually slip out a link you might not be able to resist and eventually click it and there you are, one mistake and you are BUSTED!! Manage your information. Avoid sharing too much on websites which you cannot completely trust.
There are ways you can avoid getting scammed like that. The first step being identification of the threat. You should be able to identify people whom you do not trust but you know might come back on you when time permits. A person slipping in too many links and forcing you to see something is a threat. A very important thing is to keep managing your friend list, do not add people you don’t know and this will solve a lot of your problems. Identifying such people who pose a threat to you or others in some other way and you can take another step towards being safe.