An Arkansas Representative recently falsely accused the Arkansas Times of “hacking” (some people merely made comments critical of her on her public Facebook page) so we thought we’d take this opportunity to educate and inform. The term gets thrown around a lot, but what exactly is it?
Hacking is the breaking-and-entering of the digital world. Your digital “home” may be your bank, your social profile, or your email account. The techniques hackers use are sometimes basic and sometimes astoundingly complex, but understanding either side of it requires some basic knowledge of the internet in general.
One of the most fundamental aspects of the internet is the humble IP address. They typically look something like “192.145.422.12” and act just like your home address. This number is the physical address of your computer. Search Google for, “what’s my IP?” and you’ll immediately be able to see yours.
IP addresses often change, though, and aren’t always a reliable way of accessing another server or computer. We needed a system which would allow us to remember friendly names like “Facebook.com” instead of a long series of numbers. These friendly names are called domain names.
Domain names are what we typically type into the address bar. Google.com, Facebook.com, Youtube.com – all domain names. The end result, however, needs to be an IP address because that’s the actual, physical address of the computer or server you’re trying to access.
The Domain Name System (DNS) provides the solution. When you type and submit a domain name, it gets sent to your local DNS server where it’s used to look up the correct and corresponding IP address. “ArkTimes.com” is much easier to remember than “22.214.171.124.”
Your browser is the piece of software you’re using at the moment to read this article. Internet Explorer, Firefox, Chrome, and Safari are all browsers made by different companies, but they all do the same thing: connect to an IP address, download files, and display them.
Types of hacking
This one’s simple. Think of brute force hacking like someone going shoulder-first into your front door over and over until it gives. Using computers, hackers are able to automate the guessing of passwords and simple ones can be solved in minutes. The longer your password, the harder it is for a computer to “crack” it. A good password will read more like a sentence, which is why the term “passphrase” is becoming more common. An example: Several100%FloatingBoats – it would take a computer trying 1000 times per second over 500 years to crack that passphrase.
Avoid brute force attacks by changing your password often and keeping your passphrase long and complicated. Using passwords that read more like sentences will help you remember them.
Distributed Denial of Service
Also known as DDOS, these attacks are typically run against large-scale organizations or platforms. Imagine two people having a pleasant conversation…now imagine hundreds of very loud and obnoxious strangers running up and yelling in their faces. There’s no way a conversation could take place. This is what happens during a DDOS attack. A hacker (or group of hackers) targets a service like Xbox Live or Netflix and sends an immense flood of web traffic to their servers, which slows down and often cripples the platform. The Rio Olympics site sustained months of DDOS attacks last year.
The term botnet refers to a network of hacked computers that are able to be called into action by their hacker masters. If you’re on Windows XP and don’t run anti-virus software, your computer is probably part of a botnet. Hackers use these botnets in DDOS attacks so be sure and keep your computer free from malware and viruses.
As the name implies, hackers are baiting hooks and casting wide nets in hopes of getting bank account info or even social accounts. The scam typically starts with the hackers creating a fake login page for a popular service. They’ll make this login page look identical to the original. Since the hacker doesn’t have access to put their fake login page on the actual domain name, they must get creative. In 2010, hackers targeted MySpace by using the domain name rnyspace.com – note that in lowercase it looks correct, but in all caps it is RNYspace.com. They are counting on people not being able to tell the difference.
Phishing emails will typically ask for info that no real company would ask for via email. You’ll see attempts at urgency (“your account will close in 24 hours if you don’t do this!”) and confusion (“$5,000 was just withdrawn from your bank account”). These are attempts to shake your rationality and wits so you give the hackers your username and password voluntarily.
It’s always advised to use a separate password per account. This way, if you do get phished, the hackers will only have access to that one service and can’t simply use your one password across other accounts.
If you know enough about someone and have some charisma, it’s a frustratingly simple process to navigate their various accounts. Hackers using social engineering will learn as much as possible about you via your public information and then simply call your bank claiming to be you. By guessing some security questions and being nice to the customer service rep, they’re able to gain access to your accounts without even touching a computer.
Due diligence on the web
Here are some tips to help keep your digital life secure:
- Use longer passphrases.
- Modify your passphrase for each service you use (never have the same password).
- Consider a password keeper like DashLane or 1Password.
- Keep your PC free from viruses and malware.
- Never click a link from an email unless you’re 100 percent clear on where it will take you.
- Look at your address bar and make sure the domain matches what you’re viewing.
- Don’t give your personal info to customer service reps making in-bound calls.
- If it’s too good to be true, it’s probably not real.
- Ignore offers of money via email.
- Use two-factor authentication.
Online security starts with knowledge and education. We’ve all heard someone say, “well I’m not good with computers,” but these days that’s like saying you can’t read and write.
Computers and the internet are now an integral part of our society and protecting your identity online is more important than ever. Change your passwords, stay vigilant and sprinkle a healthy dose of distrust on anyone wanting access to your accounts.