Hi all users, I know you've read a lot on how to secure your password, how to be safe online or how not to be hacked and I'm sure you find all those article helpful too, but in this article we are going to teach you the methods how a hacker hacks or compromises a system or victim in this post we will go to the first step in knowing how to keep your password secure is knowing how people will gain access to it. After you read how the methods work it will explain how to avoid them working on you. First of all we will start with the low-tech methods. So lets get started.
Social Engineering :
Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like:
Suzy would probably feel bad for Bob and let him know her password without any hesitation. BAM! She got social engineered. Now the hacker can do whatever he pleases with her account.
Shoulder Surfing :
Shoulder surfing is exactly what it sounds like. The hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself.
Guessing :
If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this is: date of birth, phone number, favourite pet, and other simple things like these.
Now thats the low-tech stuff out of the way
Ok now when a Hacker uses a program to get your passwords the methods he would try are:
A Dictionary Attack is when the hacker uses a text file that has commonly used passwords and/or every word in the dictionary as the password. Here is an example dictionary attack list but this is a tiny one.
Brute-force Attacks :
With time, brute-force attacks can crack any passwords. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password. The problem with Brute-forcing is that it could take over 100 years to crack a strong password. So most hackers will just use a 10G dictionary attack file.
Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like:
Bob- “Hello Suzy. My name is Bob and I’m from the IT department. We are currently attempting to install a new security update on your computer, but we can’t seem to connect to the user database and extract your user information. Would you mind helping me out and letting me know your password before my boss starts breathing down my neck? It’s one of those days, ya’ know?”
Suzy would probably feel bad for Bob and let him know her password without any hesitation. BAM! She got social engineered. Now the hacker can do whatever he pleases with her account.
Shoulder Surfing :
Shoulder surfing is exactly what it sounds like. The hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself.
Guessing :
If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this is: date of birth, phone number, favourite pet, and other simple things like these.
Now thats the low-tech stuff out of the way
Ok now when a Hacker uses a program to get your passwords the methods he would try are:
Dictionary Attacks
Brute-force Attacks
Dictionary Attacks
A Dictionary Attack is when the hacker uses a text file that has commonly used passwords and/or every word in the dictionary as the password. Here is an example dictionary attack list but this is a tiny one.
Brute-force Attacks :
With time, brute-force attacks can crack any passwords. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password. The problem with Brute-forcing is that it could take over 100 years to crack a strong password. So most hackers will just use a 10G dictionary attack file.
Countermeasures
So above method is for how hackers hacks or how any person get hacked by hackers, but now I will show you how to make sure that none of these methods work on you :D
Social Engineering :
To protect yourself from social engineering attacks like the one shown above you must learn to question the possible attacker. If you get a phone call from someone, and you think that there may be a chance that the person isn’t who he says he is, then ask him some questions that he should be able to answer to establish his legitimacy. Some professional social engineers study the company before attacking, so they might know all the answers. That’s why, if you still have some doubts, you should ask the head of whatever department the attacker is from to find out if he is legit. Better safe than sorry.
Shoulder Surfing :
When you type in your password make sure there is no one behind you attempting to peak. Also, make sure you don’t keep any sticky notes laying around that have your password or password hints on them. If you are bad at remembering passwords try and make it something personal to you but also not something that the hacker can find out about you very easily. So something like the name of the 1st house you have lived in.
Guessing :
To prevent this attack from happening, never use a password like your birth date, your mother’s maiden name, your pets name, your spouse’s name, or anything that someone may be able to guess.
Dictionary Attacks :
Dictionary attacks are very simple to prevent. Don’t use a password that is in the dictionary. Some people may think that if they use a word from the dictionary but replace most of the letters with a number, then they are safe. They are not. There are 1337 speak dictionary’s out there too. Basically what 1337 speak is, is changing a word like “animal” to 4n1m41. For a secure password, I would recommend using a phrase such as “doyoulikecheese?88”.
Brute-force Attacks :
Brute-force attacks may be prevented by creating a very long password and using many numbers and odd characters. The longer the password the longer it takes for the hacker to crack your password. If after a few days the hacker hasn’t been able to crack your password through a brute-force attack, then he is very likely to just give up. Like I said in the dictionary attacks, creating a phrase for your password is your best option for staying secure.
Enjoy.......
Would love to here from you...