How you attack
So, about everything in order. There are several most common attack options:
1. Software level attacks
The introduction of malicious software into the user’s system or the use of vulnerabilities of existing software. This is still the most massive and effective way of hacking. The spread of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updating, increase of overall OS security slightly improves the situation, but can not 100% protect users from their ill-considered actions.
Millions of emails are sent daily with links to malware. Existing anti-spam solutions are quite effective, but none of them provides full protection.
2. Attacks on the traffic level
There are two types of such attacks – in the form of a sniffer of unprotected traffic and in the form of attacks on the protected traffic (man in the middle, MITM).
a. This method of hacking is more effective than the first, but more difficult in the technical implementation because it did not become so massive. First of all, because of the limited territorial – the attack should be directly on the incoming and outgoing connection, and for this, you need to physically have access to them.
This type of attack in most cases is not noticeable for the user. However, it is still effective, because many popular services still transmit user data, messages, and files in clear form. For example, VKontakte relatively recently began to protect its traffic – for many years the transfer of information was completely in the clear – all messages, files, likes, and passwords were available to anyone. Naturally, it’s about those cases when an intruder has physical access to the transmitting or receiving infrastructure.
b. The second way is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM is the attacked person in the middle). After the implementation of the “necessary” certificate, the compromised traffic is available to the hacker in decrypted form, which allows you to allocate and save credentials from it.
By the way, both these methods are used at the software level: when malware substitutes a certificate or the software sniffer locally works.
3. User-level attacks
Techniques of social engineering, in other words – deliberate deception of a user in order to obtain credentials. The victim is deceived when communicating through Internet channels or telephone, after which she herself sends the attacker everything they need. Despite the high labor costs, such an attack is very effective for obtaining a specific user account.
4. Server-level attack (service provider)
Extremely rare type of attack. Theoretically, it is possible, but in practice – a huge rarity. It is worth debunking the popular myth about “social network hacked”: in this situation, hacked not slots set, and devices of a specific user.And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Because of such a scenario as “hacked social network”, the user cannot be afraid, but it’s worth to be more attentive to one’s own actions.
How to understand that there was a hack?
Most often this becomes clear by the results of the attack when the goal of the attackers is achieved – the money is gone from the account, “spilled” with spam, someone changed the password from the account. It’s another matter when the attack was successfully carried out, but the criminals did not use it.In case of an attack under scenario 1, it is worth checking all the devices from which there is communication with high-quality antiviruses (they analyze not only software but also outgoing traffic). If the antivirus has not found a suspicious activity – it remains to be hoped that it is.
In addition to the antivirus, there are professional tools that are used by IB experts, but they are quite complex, expensive and without professional training – are useless.
- In the case of an attack using the traffic sniffer, unfortunately, it can not be determined after the fact.
- In the case of MITM, you need to closely monitor the certificates that are used to connect to sites. At least check the certificates of critical resources (for example, with online payment).
- In the case of social engineering, it remains to be vigilant and to stop suspicious contacts.
- For the fourth type of attack, there is no way to detect it – if it happened, then in the overwhelming majority of cases it is a leak from the inside, and not from the outside.
How to act legally competently? Will the police help?
Yes, this crime and punishment are prescribed by law. There are a lot of subtleties that can not be covered in one article. The main point is simply personal or personal data stolen, whether there is a financial component in the matter, and whether there was a fact of public disclosure of the information received.
A simple example: if an attacker received a series and a passport number, that is, personal data is a serious offense and is regulated by Federal Law 152. If a hacker has access to private correspondence, the situation is over, piquant, but such information is not personal data.
If you find your personal data in public access, then first of all contact the administration of the resource, where they were located. Refer to the law “On Personal Data”, which prohibits the use of data without permission of the subject of these data. Indicate that in case of refusal you apply to the court. To remove information from the search results, you need to contact the technical support of the search service and fill out a special form.
In addition to FZ 152, it is possible to prosecute intruders with the help of the Code of Administrative Offenses, the Criminal Code and the Labor Code. After all, depending on the specific situation, a crime can be qualified as unauthorized access to computer information, violation of privacy or violation of the statutory procedure for collecting, storing, using or disseminating information about citizens.
It is extremely important to collect the maximum possible evidence – screenshots, videos, description of your observations – the more details, the better. If it is obvious that a particular device was hacked, stop any activity on it, turn it off – most likely, it will have to be given for examination for a while.
As for passwords, security experts say that they must be complex, with numbers and generally not like words. And experts themselves can remember such passwords?
From the methods of attacks listed by me, the long password will not save.Complex passwords will only help against brute-force (brute force – attack with brute force). But in fact, such an attack does not always work and not for everything. But in any case, the password should be used long and complex, at least to protect against the same brute force. And of course, you need to regularly change all passwords.
(Cyberops, Cyberops Infosec, VAPT, Cyber Security, Ethical Hacking, Secured Application Development)