With growing cyber-crime, keeping digital devices secure is becoming increasing important. But users don't appear to be taking their cyber hygiene seriously.
Numerous surveys reveal that hackers take advantage of a number of common vulnerabilities in digital devices to attack and gain access to data and personal information. Many of these vulnerabilities are the result of lack of awareness or knowledge of owners as to what they can do to increase their security and how hackers work.
Users forget to set passwords or pin (personal identification numbers) to authenticate users to that hackers can gain direct entry to the device.
It's also quite common for users to keep to the default passwords that come with the device. If it's a password its often 'password' or 'admin'. Default pin numbers are often left at 1234 or 0000.
Users sometimes use obvious passwords, their pet's names, favourite football team, the name of someone in their family etc. These can be easy to guess, especially if you are known by a hacker
Allowing yourself to be overlooked when entering passwords or pin numbers, what they call 'shoulder surfing', is perhaps the easiest way for hackers to gain access to data and personal information.
Leaving passwords written down close to devices is another common way of compromising security. Sometimes on a sticky note stuck to the computer monitor. Or on the inside of a drawer or shelf.
Authentication is the procedure by which users log into devices to prove to the device that they are, who they say they are. Mostly authentication involves users entering a user-name or email address. These two separate pieces of information are compared to a database and if they match, then the user is authenticated and allowed access.
This type of authentication is vulnerable to brute force attacks and eavesdropping. Two factor authentication offers a much higher level of security, especially in the exchange of financial or sensitive information. Two factor authentication requires an additional step to the typical user-name/password combination. Users might be asked to verify themselves through an additional email, respond by entering a separate pin or code number which is sent to you by text message or asked to enter specific letters from a secret phrase.
The key feature in the two factor authentication process is that its dynamic. It's different each time you log in to authenticate yourself.
Failing to encrypt wireless networks or leaving modem/router passwords with their default passwords creates a major gap in security. All data transmitted over an 'open' network can be intercepted.
Open networks are often detected by 'war-driving' or war walking around areas with scanners to pick up open networks. Maps of network connections can be made, revealing their network names, whether they are secure, their IP addresses and the type of security used
Users rarely update their operating system missing out on all the security patches and updates that are regularly released.
Operating systems, the program which make digital devices useful are incredibly complicated pieces of software. People are always finding bugs and loopholes in operating systems, especially as new hacking software and techniques develop to exploit these gaps in security.
Older software frequently contain loopholes in security which haven't been blocked through updates or security patches. They can also send information across networks without the user being aware of it.
Users either fail to activate or install security software because they are unaware of the risks or because it slows their device down or shortens their battery life.
Computer devices connect to other devices and the internet through communications ports. Without control of these ports through the use of a 'firewall' gateways are left for possible intruders.
Users make unauthorised changes to their devices perhaps to user different carriers, adapt the operating system or to permit the installation of 'cheaper' software.
No matter what software or hardware controls are in place, no system can be 100% secure. Because at the heart of it, is the user and all users make mistakes, get tired, forget things, mislay passwords, get fed-up, get angry: all the usual emotions that make us human and vulnerable to exploitation
Exploiting users or psychologically manipulating users to let hackers gain entry is called social engineering. Specific methods of social engineering are covered in the following page but nearly all appeal to the following categories described by the acronym MICE.
Coincidentally by using methods that fall into one or more the following categories, is the same approach used to recruit hacktivists to a cause or to persuade someone to be a spy.
One way of gaining entry is to try 'words' from a list as a possible passwords. The longer the list of words, the more likely the correct password is likely to lie in the list. This kind of attack is called a dictionary or brute force attack, where a hacking program just continue to work through a list of words until the correct password is found.
Believe or not people go around building up word-lists for password hacker programs. Some even make lists of word-lists. These lists can be off different sizes. Shorter lists take less time to work through than long ones and hackers will often use shorter ones first
We are going to get ready for doing some hacking later by grabbing some word lists.
There are larger lists Crack Station has a password list containing almost 1.5 Billion words. It's a 15Gb file so it's not something you want to download on a whim.
How can you not like a subject that includes descriptive actions like Wardriving?
Wardriving reveals Wifi routers in a neighbourhood, like the one opposite. It shows the WiFi service set identifier (SSID) - the WiFi network name. It is possible to drill down to discover the security protocols used, channels and the number of clients: all useful information in hacking the network.
If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.