In this first article in our Cyber 101 series, Viasat cybersecurity expert Lee Chieffalo outlines the threats and defenses
The word “hack” has become interwoven into our modern-day technological life. Originally an old English word that meant simply “to cut” – albeit in a somewhat reckless fashion – today’s “hack” is more commonly defined as using a computer to gain unauthorized access to data in a system.
The electronic version hasn’t strayed far from its original definition. Most hackers are on a mission to sever information from its rightful owner – and to do it quickly to avoid detection.
Because hackers can become quite skilled at their malicious mission, anyone who spends time online should know the basics of hacking, and what you can do to keep your information safe from hackers.
Exploiting a system
Viasat Technical Director Lee Chieffalo, who specializes in cybersecurity for the company’s government sector, defines hacking as exploiting a system to do something it wasn’t designed to – and typically to provide information. Hackers are on a relentless search for vulnerabilities.
A hacking attack occurs every 39 seconds, according to a University of Maryland study. And most of those attacks are indiscriminate, deployed in the form of automated scripts assailing thousands of computers simultaneously. Typically unsophisticated, most of these scripts use common usernames and passwords to search for access.
Such openings are shockingly easy to find.
“Most of it is publicly accessible information that people freely give,” Chieffalo said. “Hackers are able to use that freely provided information to understand their target, figure out how to act like their target, and get what they want.”
A hacker’s end goal isn’t always about money. Some thrive on the challenge, enjoying not only the risk, but the opportunity to outmaneuver an individual’s or an organization’s security systems.
Many cybercriminals, however, are financially driven.
In some cases, they target individuals, aiming to secure personal data to take out loans and make purchases, or sell it to others for them to use.
But more sophisticated hackers employ botnets to conduct large-scale operations.
A bot – short for robot – is a software application or script that performs automated tasks. They can be used to take remote control of an affected computer, all without the user’s awareness. The user can still operate their computer, often noticing nothing more than an occasional slowdown.
Hackers can then form a botnet – a collection of compromised computers with autonomous software that a hacker manipulates remotely.
Botnets can be used to steal identities and access a user’s credit. But criminals may also use them to flood a company’s network with a massive volume of traffic — enough to overwhelm the network and shut it down. They can use this as an opportunity to demand ransom to restore a network.
Hackers may even lease their botnets to other cybercriminals, who in turn conduct their own phishing operations, identity thefts and network attacks.
How to help stop the cycle?
Beef up your computer’s security.
“Cybersecurity operates the same way as physical security,” Chieffalo said. “If you’re going to rob a store, and you have two stores in front of you – one is empty with an open door and a teenager who’s looking at their phone, and the other has a couple of cameras, a dude standing out front in a security guard uniform, a clerk who’s attentive and people in the aisles – which one are you going to rob?
“Security is about just doing some very simple things in your day-to-day online life.”
Some tips to keep hackers at bay:
- Use different and unique passwords. Don’t use the same password for every account, and use a combination of upper- and lower-case letters, numbers and symbols when you compose a password. (A password manager can really help here.)
- Don’t give obvious answers to security questions. A determined hacker can find your social media accounts and easily learn the name of your high school mascot. So when you’re asked for the mascot, instead use some other random, tougher-to-guess piece of personal information.
- Don’t include too much personal information in your email address. Using your first and last name and date of birth provides a potential hacker with information that could be used to gain access.
- Limit the personal information that’s publicly viewable on your social media accounts. Hackers can use your hobbies, birthdate, pet’s names and other information to guess your passwords, so keep this info out of the public eye.
Making such changes won’t take you off a bot’s or hacker’s road map, but it likely will be enough to keep them moving, in search of easier targets.
“You’re never going to make yourself immune,” Chieffalo said. “But their systems are targeting millions of people in an hour. You’re trying to make it more expensive for the attacker to get your information; if the attacker has to dedicate more resources to getting what they want, it no longer becomes viable to do it.”