All you need to know about ‘Hacking’

They can steal data without human action by using zero-click attacks

Hackers use social engineering skills to trick users into clicking on malicious content, thereby gaining access to personal data. Though many computer literates think they are not susceptible to social engineering or other cyber-attacks, truth is that majority of the intelligent are vulnerable.

There are three types of hackers (a) Black hat – Steals valuable information for malicious reasons. (b) White hat – They strive to improve the security of an organisation’s security systems. (c) Grey hat – Hacker sometimes violate laws ethical standards but does not have malicious intent.

---

Categories of hackers

* Bank robber – Sole purpose to steal money

* Nation/State – Creates malicious back doors for cyber warfare purposes

* Corporate spy – Stealing corporate intellectual property

* Professional hacking group for hire – Expert hackers develop malware to steal for a fee

* Rogue gamer – Specialised hackers for the gaming industry

* Crypto Jackers – For mining cryptocurrencies

* Hacktivists – Political or corporate propaganda

* Botnet masters – Create bots for command-and-control (C&C) servers

* Adware spammer – Redirecting your browser to an alternate site

* Thrill hacker – Sole Motive to break laws of the land.

* Accidental hacker – Has no intention to hack unethically, just do for testing.

Zero-click attack

Technology moved on from regular phishing to spear-phishing methods where scammers used to send text links or messages, leading to a malware installation in your gadgets, while a zero-click attack helps spyware/malware to gain control over a device without any human interaction. These attacks are hard to detect given their nature, they function only when the system is idle and it becomes more challenging because, in encrypted environments, there is zero visibility on the data packets used while sending or receiving.

Spot the unusual behaviour

* You get ransomware messages asking for bitcoins

* Unwanted toolbars on the browser

* Internet searches are redirected

* Phone turns on/off by itself.

* Phone/social media accounts get random popups

* Friends receive invitations/ recommendations that you didn’t send

* Unexpected software installations on your devices

* Task Manager, Anti-Virus Software or Registry Editor is disabled

* Money deducted from your account

* Online subscriptions made without your intervention

* You observe strange network/data traffic patterns

Take back control

* YouTube – https://support.google.com/youtube/answer/76187?hl=en

* Facebook – https://www.facebook.com/hacked

* Instagram – https://help.instagram.com/149494825257596

* Twitter – https://help.twitter.com/en/safety-and-security/twitter-account-hacked

* LinkedIn – https://www.linkedin.com/help/linkedin/answer/56363/reporting-a-compromised-account?lang=en

* Snapchat – https://support.snapchat.com/en-GB/a/hacked-howto

* Google – https://support.google.com/accounts/answer/6294825?hl=en

* Apple – https://support.apple.com/en-us/HT204145

* Android – https://www.android.com/intl/en_in/safety/

Secure everything

* Virtual Private Network – VPN keeps all data on your phone encrypted, private, and secure

* Browsers – Use Privacy Conscious Browsers as TOR, Firefox Focus or DuckDuckGo.

* Download apps only from legitimate sources i.e., App Store / Play Store. Never install programmes using APK and DMZ files

* Check app permissions

* Use PIN / Finger Scan

* Never click on short links or forms even if from known contacts

* Public/Free Wi-Fi – Stay away. They may not be secure.

* Two-factor authentication (2FA) – The first factor is password credentials and the 2nd is either a security token or an OTP

* Screen Notification – Disable lock screen notifications

* End-to-end encrypted Messengers – Information will be transmitted using a secret code rather than insecure plain text

* Child Protection – Enable Parental Control, Safe Search, and Play It Safe features on children’s gadgets

* Storage – Never use public storage for private information; use legitimate cloud locations

* Antivirus / Malware – Use Original antivirus/malware software

* Charging – Never charge your phones in public places; You can become victim to phishing/juice jacking

* QR Code – Never Scan QR Code, unless you are sure what it is meant for

Stay Tuned to Cyber Talk to know more on internet ethics and digital wellness brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org