Hacking and Cybersecurity
Many people are familiar with computers, tablets, smartphones, and wireless Internet. It's quite possible that there will be around 50 billion or more Internet-connected devices by 2020. Not only that, the other “smart” devices like - televisions, home security cameras, and even refrigerators, will also connect to the Internet. More devices mean more chances of attacks, hacking, data loss, privacy compromise etc. But, how a hacker can attack your internet connected devices? Let's find them out by diving deep into Hacking and cybersecurity.
What is Hacking?
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. It's any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term hacking historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, hacking and hackers are most commonly associated with malicious programming attacks on networks and computers over the internet.
Anonymous is a group of hackers from around the world who meet on online message boards and social networking forums. They mainly focus their efforts on encouraging civil disobedience and/or unrest via denial-of-service attacks, publishing victims' personal information online, as well as defacing and defaming websites.
Jonathan James gained notoriety for hacking into multiple websites, including those of the U.S. Department of Defense and NASA, as well as for stealing software code when he was a teenager. In 2000, James became the first juvenile -- he was just 16 years old -- to be incarcerated for computer hacking. He committed suicide in 2008 when he was 25 years old.
Adrian Lamo hacked into the systems of several organizations, including The New York Times, Microsoft and Yahoo to exploit their security flaws. Lamo was arrested in 2003, convicted in 2004 and sentenced to six months of home detention at his parents' home, two years' probation and ordered to pay about $65,000 in restitution.
Kevin Mitnick was convicted of a number of criminal computer crimes after evading authorities for two and a half years. Once one of the FBI's Most Wanted for hacking into networks of 40 high-profile corporations, Mitnick was arrested in 1993 and served five years in a federal prison. After his release, Mitnick founded a cybersecurity firm to help organizations keep their networks safe.
What is cyber security?
Cybersecurity comprises technologies, processes, and controls that are designed to protect systems, networks, and data from cyber attacks. Effective cybersecurity reduces the risk of cyber attacks and protects organisations and individuals from the unauthorised exploitation of systems, networks, and technologies.
Types of cyber attacks -
Ransomware is a type of malware that involves an attacker locking the victim's computer system files - typically through encryption - and demanding a payment to decrypt and unlock them.
Malware is any file or program used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware.
Social engineering is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
Phishing is a form of fraud where fraudulent emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information.
Here, we are going to enlist best tips and practices that will keep you and your device safe across the Internet. Let's take a look -
Use secure devices
Only access online accounts from your personal computer, tablet, or smartphone while using a secured Internet connection. Try to limit accessing personal accounts from public computers that could be infected with spyware or malware, or may use an unsecured Internet connection. If you do use public computers, be sure to log out when you are finished. In general, it is more secure to use a smartphone’s cellular data network than a public or unsecured Internet connection.
Review your network and device names regularly
If you use your last name or other personally identifying information for cell phone or home network named than this could make your device more vulnerable to attack, since it connects the device to you and makes it easier for hackers to guess your password. You should change the name of your devices and network so hackers cannot identify you so easily.
Keep your device's software up-to-date
Update your OS and other software frequently, if not automatically. This keeps hackers from accessing your computer through vulnerabilities in outdated programs. In addition to performance upgrades, system updates often contain improvements to security.
Keep your security software is up-to-date
Devices’ operating systems and Internet-connected software (like email programs, web browsers, and music players) should be updated regularly. Your computer will typically notify you when a software update is available. If you do not have security software, install a firewall and antivirus software and keep them up-to-date. There are a variety of reputable products available for free or that have a free trial period. These programs help identify the latest threats and allow a user to remove malicious software from their device.
Immediately delete suspicious thing
It is best to delete spam or dubious-looking things without opening them. If you receive a questionable email from a friend or family member, it is best to contact that person and verify he or she sent it before opening the email or clicking on a link or attachment.
Always create a strong PIN or passcode
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts. As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run. Passwords should always be stored as encrypted values, preferably using a one-way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security, it is a good idea to salt the passwords, using a new salt per password.
Change your passwords often if possible
Create difficult passwords and change them frequently. In addition, never use the same passwords across multiple services. A hacker may also change your password, denying you access to the account. If you are unable to access your account, contact the website directly and it can assist you in restoring your account.
Use Encryption - the advanced security
To secure your data another vital step that you can cater to is the use of encryption. We have to make sure to use as much encryption as possible while saving user data in any local database. It is the simple process of translating the plaintext into cipher or unreadable text with the help of certain algorithm based keys. So to access the data the attacker must get hold of the decipher key first, thereby securing your confidential data.
Use Keychain - another secured process for protection
A keychain is a secured storage container to keep all the confidential data namely your password, username and other credentials for all the applications under one roof. It is a far better alternative for developers to leverage this particular feature as a part of the operating system for the purpose of data storage rather than using p-list and NSUserDefaults to store it. Making use of the keychain also ensures the user doesn’t have to log in each and every time the application is opened.
Sign up for account alerts
Many email providers and social media websites allow users to sign up for an email or text alert when your account is accessed from a new device or unusual location. These email or text alerts can quickly notify you when an unauthorized person accesses your account and can help minimize the amount of time an unauthorized user has access to your information. If you receive such an alert, login to your account immediately and change the password. But, before that check these emails closely, however, since malicious “phishing” emails often mimic these kinds of alerts.
Be careful about installation
When you install a smartphone app, you may be asked to grant it various permissions, including the ability to read your files, access your camera or listen in to your microphone. There are legitimate uses for these capabilities, but they’re potentially open to abuse: think before you approve the request. That applies especially to Android users, as Google’s app-vetting process isn’t as strict as Apple’s, and there have been reports of malicious apps spending months on the Play Store before being spotted and taken down.
Beware about open wifi
There’s always a risk involved in using an open wireless network. Anyone in the vicinity can snoop on what you’re doing online. This sort of attack demands specialist software and skills, so it’s unlikely to be a hazard in your local cafe, but it’s not a danger that can be ignored. If you’re at all doubtful about a wireless network, don’t connect - stick with your phone’s mobile internet connection. Or use a VPN tool such as CyberGhost or TunnelBear (both available free for Android and iOS). These tools route your traffic through a private encrypted channel, so even if someone is monitoring your traffic they won’t be able to see what you’re up to.
HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they're seeing in transit. If you have anything that your users might want private, it's highly advisable to use the only HTTPS to deliver it. That, of course, means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged-in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kinds of attacks, use HTTPS for your entire site.