The internet is so huge; no one will attack my computer. This is a common belief. And it’s a myth. Most hacking targets are vulnerable, unpatched computers that can be hijacked and used to launch a thousand attacks and more. Find out why it’s not personal but you’re just as much as a target as the big bank on the corner.
It’s not surprising when mega hacks hit the headlines, millions of credit card details scooped in searing hack, millions of addresses and ID details lost to lax security, millions of email details, dates of birth and social security numbers swiped in audacious attack.
It’s embarrassing for the companies involved not to mention the serious dent in their reputation. But often as a result we as individuals make unconscious assumptions that we are safe. The hackers are only going after the big fat boys, the ones with the wedge, the ones who can absorb the blows. This attitude is a mistake.
Most hacks are based on sweeping and indiscriminate probes of all computers connected to the internet. Every computer is a target. These probes will detect if a computer is not protected and the information will be picked up by the hacker.
Unprotected computers can be valuable for hackers because of their computing power and internet connections. A hacker can simply add it a botnet or use it as a zombie computer to send out spam and emails containing viruses and other malware, spread illicit materials or take part in hacking campaigns against other computer networks.
Hackers can use your computer in a number of ways some of which are listed below:
- Install a keylogger and capture every username and password typed on the keyboard. A hacker can then use your computer to log into your bank accounts, carry out transactions and basically steal your money.
- Send malicious emails to all the contacts in your email folders in order to spread viruses, malware and spyware.
- Use your computer as part of larger network of hijacked computers to direct attacks against targets such as banks and governments.
- Carry out click fraud. This is a type of fraud in which a person, automated script or computer program imitates a legitimate web user by clicking on an ad, to generate a charge per click.
- Sniff out and copy traffic on your network, which could include traffic from credit card or other data processing servers.
- Use your computer to send or exchange illicit, illegal or stolen materials. In fact your computer can be used as a proxy to hide the true origin of content and communications or as a message board for shady activities.
As you can see if a hacker gets a foothold in your computer they can expand to every computer on your network using different techniques. To expand on the points above your computer could be used for any of the points below:
8 Common ways through which hackers access a personal computer
- Emails containing viruses and malware - This is one of the most popular methods of spreading malware hidden in an attachment in the email. Once the attachment is opened, the malicious software executes and/or downloads onto the computer that receives it.
- Emails with links to malicious websites - Often referred to as phishing these emails attempt to emulate legitimate emails from well-known organisations that the receiver would tend to trust such as a bank. The html links lead to fake websites which try and trick the user entering sensitive information such as passwords and banking details. Sometimes these websites also attempt to install malware, viruses or spyware on the recipient’s computer.
- Probing for weaknesses - Sometimes hackers send out mass emails in an attempt to compromise firewalls, intrusion detection systems and intrusion prevention systems to gain access to computer systems behind these defences. It’s a numbers game with millions of emails going out to identify malfunctioning, misconfigured or un-patched equipment.
- Social networking pages - People tend to let down their guard and be less wary on social networking sites. With this method, a fake profile entices real users into following links to malicious websites or giving up sensitive personal information.
- Inserting malicious packets - This relies on access to a swathe of zombie computers to send out large quantities of data packets to a large number of recipients targeting a specific port. The aim is to identify a router or firewall with the specific port open and gain access to the computers behind the firewalls
- Hijacking ads - Cybercriminals often place ads containing malicious code on legitimate websites. They do this either by purchasing ads directly, hijacking the ad server or hacking someone else’s ad account.
- Malware sold as legitimate software - Fake antivirus programs have infected millions of computers. Software is offered as free, available through the internet that includes malware designed to infect computers.
- Advanced Persistent Threats (APTs) - APT means a sustained multi-pronged attempt to break into a specific organization’s or institution’s data networks. With APTs, hackers use many methods from sending fake promotional material to network attacks. The aim is to breach the network and steal information. APTs are different from other forms of attack because generally take place over the long term and can last months and years.
So as you can see, your humble computer is a big attraction for hackers. Automatic probes initiated by hackers are a common tool. You could see the scale and frequency of these probes if you have an intrusion detection system on your computer. And you’d be surprised at the frequency at which your firewall is probed. The probes are simply trying to detect vulnerabilities for which they have been programmed to identify.
If you’re still not convinced check out these myth-busting statements from Stanford University’s tech department, one of the most pre-eminent educational IT security institutes on the planet.
BONUS : Computer Security myths
Myth: The internet is so huge; no one will attack my computer.
Fact: Hackers use automated tools that continually probe computers to find attack vectors. A new, unprotected computer installed on the internet will be generally be compromised within seven minutes.
Myth: My computer contains no valuable information.
Fact: Anyone who uses their computer often probably has relatively valuable data stored in many places. Online services often have their passwords cached on your computer, in addition to credit card numbers, usernames, and passwords for various sites.
Myth: I'll worry about security once someone finally tries to attack me.
Fact: Attacks are ongoing, day and night. Your system must have good anti-virus software (to keep out bad/dangerous files) and have up-to-date system software in order to close newly-discovered security holes.
Yes, your humble computer could be a very valuable prize for a hacker. It’s a means to break into computer networks and steal intellectual property, customer information, personally-identifiable information, credit card details, medical and health insurance records, personnel records, tax records, strategic business plans and any other potentially valuable or exploitable data that can be used in identity theft or sold on for others to exploit.
Everyone is a target. Stay safe. Stay secure.