The Complete Guide to Online Threats: Part I
By Natalie [email protected] iHLS
Wednesday, April 23rd, 2014 @ 10:39PM
A glimpse behind the scenes of virus creation, in a must-read article that could help you prevent digital mishaps and disasters. We won’t give any hacking tips, but we’ll hopefully help you understand the threats lurking in the dark corners of cyberspace.
We keep warning you against online security problems, how you leave digital footprints by using your personal information to access online services. Now we’ve decided to tell you about the real-world implications of using the net irresponsibly, and how disturbingly easy it is to hack your computers, steal credit card information, access bank accounts and even steal your very identity. We visited the Cyberhat company cyber labs on your behalf, bringing you information on the latest hacker trends. Cyberhat was established by Cyberia – the Israel Aerospace Industries cyber labs, in cooperation with Secoz.
The most basic trojan horse can be downloaded for free online. Some, like any other downloadable program, come with a user manual – they even include a user agreement you have to verify (hacker humor?). You can make the trojan look like any other innocent file. You don’t have to be a hacker to do all this, all that you need is the ability to download a file and some basic understanding of human nature.
A hacker’s goal is to create a sort of trap, using an irresistible bait that will cause even normally alert users to ignore all safety regulations and even their antivirus alerts.
“People are naive, and that method is very common,” this according to Cyberia CEO Guy Mizrahi. “In this case they send an e-mail with an attached file. Once you open it you can see its contents – but you’ve also been infected with a trojan horse. There are others ways, too. For example, while surfing you might click on a link and get a message asking you to update one of your programs. If you press “yes” you’re infected.” If you think only extremely naive users fall for these traps, you’re wrong. One of the most famous infiltration incidents was a cyber attack on foreign ministries, using files that ostensibly included “inappropriate” pictures of French singer Carla Bruni (men…); this happens in the best and most secure computer families.
Once the victim opens the file a connection is opened between the infected computer and the trojan-using hacker. Naivety leads to users being infected with their very own, private espionage network, who runs on their computer, collects data and even modifies the system. “Once it’s installed the trojan reaches out from the infected computer and connects to the attacker. Sometimes firewalls block incoming traffic – but it’s relatively easy to send outgoing communications. Once my trojan makes it in and calls me back – I’m in control of the infected computer. I can do whatever I want,” said Guy Mizrahi.
What kind of information are we talking about? Everything. Documents, applications installed on the computer – the hackers can even neutralize or bypass any element that might delay them, such as antivirus. They can also control the computer’s microphone and internet camera – literally spying on the user and watching everything they do. Attackers can access all the passwords that are stored on the computer, even those that aren’t stored: Sky’s the limit. So, for example, if you have an trojan running in the background and you’ve just accessed your bank account online – the attacker spying on you can collect information on the banking website you just used and find out your user name and password.
In the following parts we’ll tell you about more advanced methods used by hackers to access computers and smartphones, followed by a review of malicious software found on darknet – some even acquired by official state authorities.
* This article was originally published on iHLS (Israel Homeland Security).