Hackers! We hate them. You hate them.
We have to change our passwords regularly and need to remember the millions of passwords now required, all because of them!
Why do hackers exist?
The prime reason hackers exist is to make money. They continuously devise new ideas on how to extract money from us. For example:
- Spam Mail: Sending spam email creates sales. People click the link and buy the goods. Viagra, Armani Watches and even Time Shares. The spammers job is to install as MANY anti-spam software packages as possible on their own computers and bypass them. When bypassed they then send the mail to everyone in their database knowing they’ll get through most spam filters. How do they get the database? A couple of ways… Firstly they write software that hunts the internet for email addresses left on websites (contact pages usually), social media and other such places. Secondly they buy the databases from each other and specialist marketing companies.
- Steal useful Information: They try to guess your passwords so they can access your files with the hope of finding information in the files. Common files they look for are ‘password list.xls’ or ‘private info.doc’. You don’t have any files with those names do you?!
- Steal your Identity: They pretend to be you so they can access your accounts. Not just bank accounts but also social media and even iTunes accounts. Bank accounts are obvious, they try to take money from your accounts. But iTunes? They hack iTunes accounts so that they can buy their own apps using your account, hence they get paid! Remember, it’s all about money.
How do Hackers work?
Usually hackers are employed by someone and it’s very rare that a hacker works alone. Usually a financier will provide the money required to buy all the complicated equipment needed to hack. A secure condo in a country that won’t extradite hackers is not cheap and neither is the high speed internet connection!
Once they have the secure location (from the law mostly), high speed internet connection and high tech servers it’s now time for the hacker to earn their keep. The hackers job is to THINK.
Think of innovative ways to make money illegally. A terrible hacker is one who does it the same way as other hackers. That’s a complete waste of time as anti-spam, firewalls and antivirus software will be on the lookout for those tricks.
Once the hacker has thought of a new idea, they then put all the protection they can think of on their own systems. Then they try to get their ‘hack’ through their own systems. If they succeed they know that it’s a new system and no-one is yet on the look out. That means a high probability of success.
An example of this is to write a program that connects to your server using your email address, first name, last name or a combination of those. Next the program will run through the dictionary starting at a and ending in z to see if anyone is silly enough to use a normal dictionary word. No? The program will now try again by adding 1, 123 or 12345 etc at the end. No? It will finally try an alphabet attack starting at a and ending in ZZZZZZZZZZZZZZZZZZZZ. The hacker will leave that program running 24/7 until the programs shouts SUCCESS!
How can we stop Hackers?
So now you know why, how and where hackers exist. How do you stop them? Well you probably already know the answer. Secure passwords and privacy.
Yep, it’s that old adage of secure passwords. Until now the rules on passwords have been complicated:
- Use a minimum of 8 characters.
- Use a mix of UPPERCASE & lowercase
- Use numbers as well
- Use other characters as well (like ! or @)
- Change your passwords AT LEAST every 90 days.
- DON’T use a password that relates the site (eg MyCompany1 as your work password)
- DON’T use a password that relates to your personal identity (eg Dave1979)
Also keep your usernames & email addresses private. Don’t put your main email address in a website that says ‘you can only see my stuff if you give me your email address’. Don’t put your email address on your website no matter how much you really want to. Don’t give away too much information about yourself on public websites either. Does your company really need to give away key information about the team?
Can I write it down?
Well that kind of defeats the object really. There is no point having passwords that are mega secure and then putting them on a post-it note on your screen! I know you THINK your office is secure, but how well do you really know the cleaner or electrician or decorator? So don’t write your passwords down anywhere, not even in the back of the book that is in the top drawer of your desk.
There must be an easier way?
We know how hard it is remembering all these passwords for all these different services. Trust us, as IT specialists we have 10 times more passwords than you do.
Edward Snowdon (former CIA employee) has suggested that instead of using complicated passwords that are difficult to remember we should be using passphrases. We think that’s a brilliant idea. It’s much easier to remember ‘I love to work at this 1 factory since 2070!’ (with spaces!) as a password than it is to remember ‘Jk1233!zx)1_gHRY^as!’, wouldn’t you agree? Look how much longer and more secure the phrase is, yet much easier to remember.
Should I tell everyone?
Yes and NO!
Yes, please tell everyone about this blog, share it on facebook and even print a copy out for the office canteen.
But DON’T tell anyone your passphrase. Don’t tell your colleagues, kids or even the dog. If they need to access something of yours then share it in the proper ways and without giving away your passwords / passphrases (call us, we can make it happen).
It’s time to get serious about security. Yes, it’s boring and it’s definitely a chore but you’ll be so glad you did. Trust us, we have to clean up the mess of poor passwords every week.