Jump to content
  • entries
    3
  • comments
    7
  • views
    1,195

The Anatomy of a Hacking


Dr Sleepwell

1,274 views

            

Sleepwellpanama.com

 

 

The Tide of Cybercrime is Rising Fast

 

While physical crime against expats here in Panama is diminishing, cybercrime is rising world wide. Losses from cybercrime may already be greater than physical robbery. It is one of the fastest growing businesses in the world.

 

Cybercriminals are targeting Seniors

 

Anyone over 60 did not grow up with computers or the Internet from day one. Many of us openly admit to computer illiteracy. Cybercriminals are specifically targeting this group, especially relatively rich North Americans and Europeans. The criminals include enterprising ten year olds cracking your passwords and selling you out to sophisticated multi-national mafia-like businesses.

 

How to Protect Yourself From Cybercrime

 

A good friend of mine in California, Larry Magid, is a top computer journalist who has made his career mission protecting children and now seniors from cybercrime. Download his free Seniors Guide to Online Safety. Yes, it is safe to download :)

 

In the rest of this article, we will take apart a recent incident and show the dangers of being hacked, which hopefully will inspire you to take steps to protect yourself.

 

The Anatomy of a Hacking

 

In the last week many of us became aware that a member of our community was hacked and as a result all of the people in his address book were exposed to Internet scams themselves. 

 

We’ll Call Him Bob

 

Many of you reading this already know the identity of the person who was hacked and that’s fine. He is not shy about what happened. If you don’t know already, it isn’t important to our story. 

 

It all started with an upgrade of several computers to Windows 10. 

 

While the upgrade want fine, a short time later Microsoft pushed an Outlook update to all his computers. While most of them were protected by a commercial anti-virus program, one was only protected by the Microsoft-provided Defender program and this computer became infected. Although we will never know for sure, apparently the attackers were ready for this Outlook update and may even have previously installed malware in his computer waiting for it to happen.

 

Lesson #1 - Some computers are safer than others

 

People have personal preferences for Windows PCs vs. Apple Macs and that is fine. However it is a simple fact of life that 99.99% of computer viruses and malware infect PCs, not Macs. There are technical reasons why this is true having to do with the fundamental design of the Apple OS X operating system, which like Linux and others, is based on the fundamentally secure UNIX operating system, the oldest and most widely used for secure computing platforms. 

 

The awful moment of realization

 

After the update, Bob turned on his computer and noticed very strange behavior as his file folders first showed up as empty and then slowly came back to “normal.” When Bob went to his email he made the startling discovery that his entire email contact list, dating back to the early 90s, was simply gone. It was also gone on all his other computers, which had “synchronized” with the master list kept online, which had been deleted by the hackers.

 

Attempts to recover his contact list from computers backed up with previous versions of Windows failed. 

 

 

Lesson #2 - Bob’s was using a “free” email account. Free email accounts are not secure or private

 

You may wonder why Google, AOL, Yahoo, Microsoft, etc. are so magnanimous as to offer you free email accounts. It is because you are their product. Every email you send is read for salable information, every person in your contact list is sold to the highest bidder for advertising or whatever (IRS, NSA, front businesses for hackers, etc.). They own your contact list and as Bob found out, once deleted, it is gone forever. If you use a free email account, make sure you have a backup of your computer and an exported version of your contact list at all times.

 

There are excellent, secure and private email services available from Godaddy and others, but they are not free. They never store your contact list, which lives on your own computer. In my view, they are well worth the extra money. 

 

Bob is now manually recreating his contact list by going through every email since 1995 and recovering the email addresses. Of course, phone numbers and physical addresses are just lost. 

 

This is what happened to Bob

 

Once they owned his email account and armed with all of his emails, they learned about his bank accounts, which boards he sat on and much more. 

 

The hackers emailed his personal banker in the US and asked to set up a wire transfer for something in excess of $17,000. Bob’s personal banker (at the bank he used to work for and who knew him personally) replied that Bob would need to confirm the transfer by phone. Promptly she received a phone call (from Indonesia as it happened) that Bob couldn’t come to the phone because he was in a board meeting, naming the organization precisely. Fortunately the banker knew Bob and insisted that the “real” Bob call personally. When “real” Bob called with a foreign accent, she hung up and immediately called the real Bob and the scam was stopped. But is was very close. 

 

Meanwhile the scammers undertook to send scam emails to everyone in Bob’s contact list. Some claimed to be Bob who was stranded in an foreign city and needed money. Others, which many of us saw personally, were legitimate looking Dropbox documents with a secure PDF file that needed to be “signed for” with your email address and PASSWORD

 

Since the scammers owned Bob’s email account, when people replied asking if this was for real, the scammers pretended to be Bob and assured them that it was a legitimate email. If you fell for it, they then owned your email account and you would likely meet the same fate as Bob. Very quickly, Bob deactivated his email account, but it was too late.

 

How not to become Bob

 

    1.    If you are on the Windows platform you have to be super-vigilant about virus and malware protection, since Windows is the primary target of hackers. 

    2.    Internet and email scams affect every computer user whether Windows or Mac or Linux. Phishing, the practice of conning you into providing passwords to fake web sites, is very common. For example, if you get an email from Paypal asking you to verify your password, take a look at the actual email address of the sender - you will find it has nothing to do with Paypal.  The same goes for websites - take a look at the URL at the top of your browser - If it is not something like http://Paypal.com, you are being phished. 

    3.    Email addresses and passwords are regularly stolen from companies large and small. The only real protection is to eliminate the risk by using long, uncrackable passwords that are unique for every website you log into. Let’s face it, no one can remember all those passwords, so you need a commercial password manager to help out. This topic will be the subject of a detailed article to follow shortly. 

    4.    If you think your computer has been hacked IMMEDIATELY if not sooner, disconnect it from the Internet - pull the plug if you have to. As you are sitting there gawking, the hackers may be downloading all your email or other files, preparing to wipe your computer completely or hold it hostage for a ransom. 

    5.    MAKE SURE YOUR COMPUTER IS BACKED UP - ALWAYS. Make sure the backup system actually works.

 

Next Up - Learning to Love Passwords

 

Having an easy and effective password strategy is the single most important thing you can do to protect yourself online. In the next article, I will talk about how to do that without pain and show an entirely new approach to generating and remembering passwords. 

 

About the Author

 

Dr. Sleepwell, AKA Mark Heyer, has been involved in the computer industry since the 1960s. He has designed and built computer systems, written hundreds of programs, owned a computer support company for professionals working at home in the Silicon Valley and served as executive director of customer service and tech support for a national Internet provider. 

 

 

  • Upvote 2

6 Comments


Recommended Comments

Anybody besides me have any trouble with the sign-in for the MailBox Etc package/mail delivery notification site  ?   Sudden;y I get a notice that my password is incorrect.  Any attempt to reactivate fails.  I deleted the entire site from my computer.

Link to comment

After I went through the re-establishement of a new passowrd several timeswith MBE I gave up....then I get an email from a friend that a bogus email from william brundage with a "click here" in the brief message body was sent to her.   She new it was a phishing and let me know...     I still have no clue on the matter.  

Link to comment
23 hours ago, Bonnie said:

I had problems with the MBE website this morning. I just figured it was on their end.

Bonnie the above message was for you...sorry a cyber slip

Edited by Brundageba
Link to comment

I've gotten several of these emails from people I know. I've deleted them immediately. According to the Rodny Direct newsletter, there were any number of ways our addresses could have been compromised.

Link to comment
Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...