Hacking popularized: What does it means?
How could my insert online service account be hacked? We are here discussing the key principles of hacking so that it doesn't happen to you.
Like most times, attacks on information technology are classified in two categories: low-skill attacks, attacks that can be performed by anyone with little training in computer science; and high-skill attacks, attacks that require a background in computer science and development.
Both of those attacks have one goal: gain access to your computer. We classify those accesses in different grades:
- Process access: allows the attacker to read or write data into a process that is running, for example a web browser, and exfiltrate that data.
- User level access: allows the attacker to create and stop processes that belong to the user, to use the network and periphericals like any user of the computer can.
- Root, or administration access: this allows the attacker to do almost anything with the computer, including potentially destroying it.
A low-skill attacks aims at the target; you; giving to the attacker the access they need. It generally involves giving remote access to the attacker or running an executable from the attacker on your computer.
A very common technique is called phishing. This includes fake websites, fake companies as well as fake software. It generally comes in two flavours:
- Working on fear
- Working on trust
In the first case, the attacker will use the fear of having your computer compromised to actually compromise it. A classic is fake technical support. They would setup an alarming webpage with a count down that looks like that of a major company, and through manipulation will get access to your computer.
In the second case, the attacker will try to offer something to you: free software, a free service, or they will try to impersonate a form of authority to gain access to your computer.
The targets of a low-skill attacker are:
- Credit card data
- Computing power
- The ability to encrypt your data for a ransom
Low-skill attackers work as groups that to the outside may look like companies.
While a low skill attacker favours attacking lots of easy prey, a high-skill attacker will have strong skills and will use very technical flaws of computer systems to access data.
A high-skill attacker will focus on a target. It is very hard to defend against a very strong attacker. They will try to exfiltrate data or large sums of money. They also work in teams. Some work for money, some for the glory of it, and some for government and armies. The only way to reliably defend against those is a combination of physical security measures: protecting your computer hardware from physical tampering; as well as technical measures: update your hardware often, don't visit uncertified websites, don't use uncertified hardware, don't input any data to a third party you do not trust and protect your cryptographic keys.
With all of that done, the only way to steal the keys from you will be to coerce you into giving them. It is, however, a work of every moment.
Estimate the worth of the data you want to protect. How much is it worth for you? How much is it worth to others? In the end it is your personal choice how much you are willing to pay to protect your data.
If your hardware is secure and you trust that no one can access it, encrypted cloud storage like ours may well be for you as it is an inexpensive way of carrying data between trusted computers accross the internet, or to save it to prevent its loss in case of catastrophic disasters.
Knowing where the vulnerabilities of a system stand is critical to protecting vital data. Encrypted cloud storage is but a tool aimed at using data in several place in a safe way, for example medical or legal information shared across an office or a clinic.
Please take note that the term "hacker" didn't have the same connotation in the 80s than it does have now. Hackers was the term used by all of the technological tinkerers to refer to their crafts. It now derived to mean the bad guys, but there is a term that is actually meant to describe those: we call them black hats for the nefarious pirates, white hats for the pirates that dedicate to the protection of the law, and gray hats when they stand in between. ↩︎