Security Fundamentals

11. Individual & Organisational Response to Attacks

Now what do I do?

Knowing that you've hacked, is all very well, but it's only half the problem. The next step is knowing what to do to restore your system's security and recover any stolen money.

The next section looks at any legal protection you might have.

Question Mark
Unwanted Toolbars

1. Unwanted browser toolbars

Today's browsers provide options that allow users to choose which toolbars they want to make active, so when these unwanted toolbars appear:-

  • Remove it from within the 'plug-ins', 'extensions' options.
  • Uninstall unrecognised programs in the program list.
  • As a last resort, if all else fails, reset the browser back to its default settings. - not ideal, as all your plug-ins and extensions will have to be re-installed.

Minimise the chances of unwanted toolbars appearing by keeping the browser up to date and reading license agreements carefully before installing software.

2. Redirected internet searches

This can be unbelievably and disproportionately annoying, especially when you're expecting results from your favourite search engine. This often happens in conjunction with the appearance of unwanted toolbars, when the software hijacks your chosen search engine.

The solution is the same as getting rid of unwanted toolbars with the addition re-selecting your preferred search engine in the options/settings list.

Redirected Searches
Fake Warning

3. Fake virus warnings or security alerts

You need to know what legitimate warning from anti-virus program looks like, so you can recognise a 'fake' one when it appears. As soon as it does so:-

  1. Switch off the device as soon as possible.
  2. Start the device in Safe Mode, No Networking.
  3. Attempt to uninstall the software or restore the system to a previous unaffected state.
  4. Restart the device as normal and see that the fake anti-virus warnings are gone.
  5. Finally do a full virus scan to find and remove anything left behind.

4. Increased number of Random Pop-ups

Getting repeated pop-ups on sites that you don't normally get them is annoying and is generally accompanied by unwanted toolbars, redirected searches and the installation of unwanted software.

The first step involves removing the bogus toolbars, the redirected searches and the unwanted software. If this doesn't solve the problem, there a number of free adware removal programs available. But be careful and do your research. Installing free programs, is probably how the problem started in the first place and check your license agreement.

Random pop ups
Failed Log In

5. Online Passwords change without warning

This is a serious breach of security and can go undiscovered for a long period of time, especially if you don't use the affected services on a regular basis. Sometimes the breach goes unrecognised because the user assumes that its a case of forgotten password. But once discovered:-

  1. Notify all your contacts to limit the damage.
  2. Inform the online service of your compromised account. Experienced services can quickly restore control to your account. A few have even automated the system with 'My friend’s been hacked!' button which starts the process.
  3. If you've used the same password on other accounts changes those ASAP.
  4. Take extreme care clicking on links in emails. The only exception should be from sites where you've clicked on the 'forgot password' link.

Finally as a bit of extra security consider just using sites that offer two factor authentication.

6. Unexpected Software installs

A bit troublesome to track-down, but help is at hand. There are many free software programs available that will reveal all installed programs, where they are located, their associated dependencies and when they start.

These programs allows you to selectively and systematically disable them. By rebooting the device each time allows you to check if the problem is solved and you haven't suffered a loss of functionality. Then it's matter of repeating as necessary until the problem is solved.

Software Installs

7. Mouse moves independently

If your device comes alive and the mouse is observed flicking about do:-

  1. Take a moment to see what the hacker is interested in. Try to take some photo's as documentary evidence of hacker at work.
  2. Switch the device off and disconnect it from the network.
  3. Call experts in an effort to track back to the hacker who has remote control of your device.
  4. Use a known good computer to change all user-names and passwords.
  5. Notify banks and monitor your financial transactions.
  6. Notify the police which you will have to do, if you've suffered a financial loss in order to stand a chance of recovering lost money.
  7. A clean restore is the only solution at the end, but a copy of the system will have to be retained for forensic investigation.

8. Contact from suppliers concerning non-payment

The effects from this type of attack can have far reaching consequences that go far beyond the inconvenience of re-building your computer. It can affect your reputation with credit agencies and can prevent you from obtaining credit to buying cars to houses.

  1. Consider how your account was compromised and follow the recommended steps
  2. Change all user-names and passwords for all accounts, not just the responsible.
  3. Contact the police to begin an official investigation.
  4. Monitor your bank account and credit history very carefully.
  5. Follow all advice given by police, creditors and credit rating agencies.

9. Bank account missing money

The good news:If you've used a credit card, then most banks will replace the stolen money. Just make sure they are notified at the earliest opportunity, then they may be able to stop the current transaction and prevent any future ones.

The bad news: There's been some cases where courts have decided that its the owners responsibility to make sure that they are not hacked and so should bear the loss. In these situations its down to the goodwill of the financial institution whether they will replace the stolen money.

To reduce the risk:-

  1. In your account, turn on transaction alerts. These are automatically trigger text alerts to you when something unusual is happening.
  2. Set thresholds on transaction amounts. Then you'll get alerted if the threshold is exceeded or the money is transferred to a foreign country.

One problem exists though, when the hackers are in the account stealing all your money, they frequently reset the alerts and other settings. So make sure the bank or financial institution alerts you anytime your contact information or alerting choices are changed.

10. Vital security software is immobilised

An ideal solution is to perform a complete 'restore' of your system, to return it to the factory settings. This is because you don't know exactly happened and discovering what's been changed is like hunting for a needle in haystack.

This problem here, is that all your software needs to be re-installed and all your personal settings recreated: a major piece of work in itself.

A tempting alternative is to research possible causes on the internet and look for methods to restore your lost functionality and restarting your device in safe mode to investigate whether it has worked. This is a trial error approach that can take equally as long as a full restore, but you could be lucky and it might work on the first attempt. It's impossible to know in advance.

Placeholder image

Knowing how to respond is critical to minimising damage caused by doing the wrong thing.

  1. Create a new page in your notebook titled Responding to Attacks.
  2. Copy each of the following scenarios into your notebook and in each case describe what you would do.
    1. A bill from a supplier for goods you've never seen, lands on your doorstep. What do you think happened and what do you do?
    2. Your browser starts up with Cassiopeia search engine, instead of your expected start page. What happened and what do you do?
    3. You go online to your favourite record store, but you can't log in. What do you do?
    4. While searching for a pair of trainers, a window pops up and warns you, that your computer is infected with a virus and if you continue to use it, you would be breaking the law and your IP address will be passed to the police. You are advised to ring a telephone number to get a solution. What do you do?
    5. You've finished installing a program update. When you've restarted your browser, you find an extra toolbar has been added for a shopping site. What's happened?
    6. Going online to see your email, a notification window pops up telling you that your computer is no longer protected. What are you going to do?
    7. A friend tells you that when they go online, they get continually bombarded with pop ups. What do you advise them to do?
    8. You are out one night and your friend suddenly tells you after checking their account with the banking app on their phone, that they're missing some money. They're sure its a mistake and nothing to worry about. What do you say?
Wanna Cry

Time to add another case study to the Hacking Case Histories section. This time about the WannaCry malware

Create a page titled WannaCry Malware and use the internet to find out more.

  1. Under a a sub heading Victim, identify the main target(s) of the attack.
  2. Under a sub heading Motivation, describe what you think was purpose behind the attack.
  3. Under a sub heading Method, briefly describe how the attackers managed to install the malware.
  4. Under a sub heading Reasons for Success explain why the hackers were so successful.
  5. Under a sub heading Lessons Learned explain how the attack could have been prevented.
You should be able to:-
  • Recognise the signs of malware and suspected hack attacks.
  • Know how to respond in each case, and
  • Are able to advise others about what to do in suspected attacks.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee