Hacking is the general term for computer system intrusions or subversion, perpetrated with expert knowledge. The person behind the act is called a hacker. That sounds pretty intimidating, right? Well, it turns out that the majority of hacks use hacking methods that are pretty well known. They keep using them for one principle reason – they work!
As a non-hacking denizen of the internet, you have no reason to be a victim of these common hacking methods. All you need is to be forewarned with the right knowledge. If you are wise to incoming threats, they have a smaller chance of hurting you. So what are these tried-and-trusted hacking methods? Get ready for some salient info!
“Phishing” is more or less what it sounds like. It’s a hacking method where the target is fooled into giving up their security or personal information. Usually, phishing is perpetrated through emails. You’ll receive an email that appears to be from a legitimate source. Banks are a common example, but you can also find an example of fake work email messages and the like. The general idea is that you are enticed into logging into your “account”. The real sender of the message then has your credentials and can use it to log in.
The link’s provided in the phishing email usually lead to a fake version of the real site. Often badly copied and with a slightly different URL than the real site. This is why you should always type in URLs manually and never follow links from unsolicited emails. Most people aren’t fooled by phishing emails, but that doesn’t matter to the hacker in question. After all, when you go fishing, you aren’t trying to catch every fish in the ocean. You’re looking for the one fish gullible enough to take the bait. Don’t be that fish.
Why spend your time manually hacking into a system when you can write a computer program to do it for you? Even before there was a global internet accessed by the general public, there were computer viruses. Since then the menagerie of malicious software has grown. Now we have adware, trojan horses and internet worms. As we speak hackers are inventing new types of malicious software.
Viruses are spread as email file attachments or via removable storage, such as flash drives. Internet worms spread themselves across networks. Trojans are hidden in seemingly legitimate software. There are plenty more varieties and variations when it comes to malware. For example, ransomware has recently become popular. It’s a type of malware that uses encryption against the victim. After infection, the user’s files are encrypted in the background. Afterward, a message displaying a request for payment is displayed. The hacker promises to unlock the files after getting the ransom money. Although there is no guarantee that they will do so.
The ways to defend against malware varies by the type of malware. Having good anti-malware software is a necessary step. Operating systems like Windows 10 now come with antivirus software as standard. Worms can be blocked by firewalls, another thing already included in modern operating systems. You should also avoid opening attachments from unknown emails and don’t just install any old software you find on the net.
If you had to guess which part of a computer security system was typically the weakest point, which would it be? It turns out that the answer usually has nothing to do with technology at all. Invariably it’s the people who form part of that security system who are the easiest to attack.
Hackers might phone someone at a company they are targeting, pretending to be someone in authority. They might make a fake uniform and gain physical access to a target organization as a cleaner or technician. Whatever the method, the point is to use weaknesses in human psychology to get information and access that would otherwise be denied to them.
Social engineering is one of those hacking methods that are particularly hard to defend against. Simply because no one can be perfectly attentive all the time. If you’re used to seeing computer technicians around all the time, why would a new one raise suspicion? If the person on the phone sounds earnest and seems to know what they should be given their claimed identity, why question it? Unfortunately, you need to trust your gut and have a healthy amount of skepticism and paranoia. The only way to beat social engineering attacks is by having multiple people check on each other and never getting completely comfortable with the routine.
Distributed Denial of Service Attacks
One of the simplest, and therefore most popular attacks is the DDoS – Distributed denial of service attack.
Understanding how it works requires a little insight as to how the internet works as a whole. The internet is simply a network of computer connected to each other. When you visit a website, the content has to be delivered to you by another computer known as the “server”. That server can only provide information to so many people at once. Either because there’s limited bandwidth or limited processing power. A DDoS attack floods a specific server with so many requests for service that it becomes unusably slow or completely inaccessible.
Simple enough, right? However, the hacker needs an army of computers to pull off a DDoS attack. This is usually achieved using computers infected with malware. Once enough machines are infected, the hacker directs these “zombie” computers to target the server in question.
DDoS attacks are designed to target the actual network infrastructure that provides access to the target server, but hackers can also launch a denial of service attack from a single computer. The single computer uses a special script to flood the target machine with requests, saturating it’s processing hardware and memory. DDoS attacks are generally more effective since it’s harder to block them. Which is why it seems they have been more popular over the last few years.
Individual users don’t really have to worry about these attacks since they aren’t the target. Although it can be annoying if the site you want to access is down thanks to DDoS attacks.
The Water Hole Method
If you’ve ever watched any wildlife documentary (or just the Lion King for that mattering) you’ll know that the watering hole is the one place all the other animals gather. Which means predators also like to hang out there, letting their prey come to them.
Likewise, a hacker uses this strategy to get at their targets indirectly. They will infect a website or software source known to be popular with their true target. When the true target gets infected in turn, the hacker can systematically take over the true target systems. The strength of this approach is that the hacker does not have to deal with the presumably strong security.
Fake WiFi Hotspots
In most parts of the world, you can’t go anywhere without some sort of free internet access being offered. Restaurants, airports and other busy public places all generally have some way for you to get online without using your expensive mobile data. That’s convenient and frugal, but it can also be incredibly dangerous. At the best of times, you can have your security compromised by simply sharing a public WiFi network with other people. Which is why we always recommend using a VPN to use public WiFi.
Hackers have gone beyond passively monitoring other people who don’t protect their devices while on public WiFi. In something that sounds like a real-world implementation of the water hole method, hackers set up fake WiFi hot spots. They’ll name them something similar to the real thing. Something like “Hotel WiFi” or “Airport Lounge”. When someone connects to the network, the hacker has full control of the packets. They can’t break the encryption of websites that use technology like HTTPS. However, any unencrypted network traffic can be intercepted and there’s a variety of tricks that can be used to infect your machine with malware or otherwise infiltrate it when connected to the compromised WiFi hot spot.
Clickjacking is a nasty trick that hackers can pull on web users while browsing. Basically, it’s a strategy that fools you into clicking on something other than what you think you’ve clicked on. For example, you may think you are clicking on a video to watch it, but hackers have put an invisible layer over the website you’re accessing that send’s your click somewhere else. Perhaps a button that automatically makes a credit card payment or one that activates an Amazon purchase which they can use to farm affiliate money. What the hacker uses your hijacked click for is ultimately up to them. However, the method is generally the same.
Dictionary Password Attacks
Your password is the key to the account that stands behind it. Can you imagine if someone got their hands on your email password? What about your bank account?
On paper, this isn’t a huge issue, since most sites only allow a scant few attempts before locking up. Guessing a typical password or trying every possible combination of letters, numbers, and symbols would take years. Assuming that the combination is truly random.
When data breaches occur, where hackers can copy entire password databases, they have unlimited tries at guessing the right one. That doesn’t solve the problem of the massive number of possibilities though. Luckily for hackers, most people don’t have true random passwords. We tend to make passwords that are easy to remember and so consist of the known word combination. A “dictionary” attack starts off with common words and common password combinations. All the passwords that do in fact make use of common words and combinations will then be cracked quickly.
Obviously, this means you should not have any passwords that are vulnerable to dictionary attacks in the first place. Check out our article on strong passwords for info on how to do that. Also, two-factor authentication is a great way to make password cracking irrelevant. So strongly consider activating two-factor authentication for any service that allows for it.
Man-in-the-Middle Hacking Methods
When you send messages to another person, how do you know you’re the only two people in the conversation? Imagine you and another person corresponded via mail. You put a seal on the envelope and send it off. A few weeks later you get a letter back from your friend, also sealed. So you know a hacker hasn’t tampered with the message. Except, there’s an expert at forging seals intercepting your letters. He receives your message, opens it and reads it. Then reseals it with his own seal and sends it to your true recipient. The same thing happens in reverse. Each person thinks they are having a secure, private conversation with the other. In truth, the man-in-the-middle can see everything that’s being said.
That’s effectively what a man-in-the-middle hack is. The hacker intercepts information passing between two nodes on a network and either simply watch to gather information or modifies the data to his own ends. If you’re on an unencrypted WiFi network, these tech-savvy rogues will find such an attack trivial.
Modern securely encrypted network protocols have specific protections built in to mitigate man-in-the-middle attacks. That doesn’t make them impossible, but it does make it very hard to successfully orchestrate this strategy where authenticated encryption has been implemented.
The Hacking Methods Arms Race
Hackers are, by their nature, people who are constantly looking for holes in systems. For exploits and weaknesses that will let them in. Some only do this out of curiosity. Others are trying to make the web a more secure place. The most infamous do it in order to make money or simply sow chaos.
As internet communication and computer technologies become more integral to our lives, vulnerabilities become more critical. Unfortunately, as these technologies become more sophisticated, it also becomes harder to make them secure. No system designed by humans will ever be perfect. So we will always have new hacks exposed by hackers with varying ethical standpoints. Once you bring smart software using machine learning and other adaptive methods into the mix, things might get really wild. The best we can hope for is that the arms race between the cybersecurity industry and hacking movement stays essentially balanced. If not, who knows what sort of world that will turn out to be.
Which important hacking methods have we left out? Let us know in the comments. Lastly, we’d like to ask you to share this article online. And don’t forget that you can follow TechNadu on Facebook and Twitter. Thanks!