Last week, we looked at the origin of the word “hacker” and how most people have come to equate it with “computer criminal.” Even with that knowledge, though, they still don’t know what these bad-guy hackers actually do. How do hackers “hack” something? Do they use hatchets, swords, or what?
When you hear about a computer, or some company’s network, or a website being “hacked,” that generally refers to the behavior of a computer, or computers, being changed from what the owners originally intended into something they did not intend. For example, what was originally an online email sign-in page is “hacked” into being a sign-in page that also steals user IDs and passwords and sends them off to bad-guy headquarters.
Similarly, if you heard anything about the great Target hack of 2013, which occurred between Thanksgiving and Christmas of last year, you heard that millions of credit card accounts had been stolen by hackers. What was originally Target’s credit card processing system was hacked into one that also copied credit card information and sent it to the hackers, so they could steal money.
You may also recall that last week the Microsoft Office blog website and CNN’s Security Clearance websites were hacked by the Syrian Electronic Army, a Middle-east hacker group that has been active for about three years. In the past, the group has also hacked the Associated Press and the Washington Post, as well as messing with links posted to President Obama’s official Twitter account. In each case, the original messages displayed were hacked into something that suited the Syrian Electronic Army’s agenda.
How do hackers do their dirty deeds? How do they change something from its originally intended purpose into something else? It’s not done by magic, or by furiously typing endless lines of crazy-looking computer code faster and faster, like you see on TV shows and in the movies; nor is it typically done by people sporting multiple tattoos and piercings with dyed-black hair, wearing all-black Goth garb and army boots.
Usually, malicious hacking is done by trickery; either by tricking a computer into misbehaving, thereby giving the hacker access to previously inaccessible areas, or tricking a computer user into clicking on the wrong thing, thereby allowing the hacker access to password-protected accounts, and opening the door to installing viruses designed to secretly control computers from afar.
In the case of the great Target hack, evidence indicates that hackers managed to trick a Target-connected computer, or someone using a Target-connected computer, into giving up their user ID and password, which allowed the bad guys to sign in and access Target’s entire US-based private network. Once inside, they installed software designed to steal credit card information, facilitating the biggest theft of credit card information in world history.
The best way to keep your computer from being tricked is to make sure its operating system and programs are current and updated. Updates close the door on criminal hackers, and are not to be ignored. Top-quality antivirus programs are also essential to computer safety.
To keep yourself from being tricked by the Internet bad guys, you must learn the difference between the counterfeit and the genuine. Learning when to click, and when not to click, is vital to your overall Internet security posture. The idea, “Educate thyself,” has never been more critical.
To learn more about “hackers,” and how to avoid being tricked by them, call the Norman Public Library at (405)701-2697 and sign up for my free, one-night-only class called “Fight the Internet Bad Guys and Win.” If you are willing to invest 90 minutes of your time on Wednesday, February 12, at 6:30 pm, you will learn more about computer safety and Internet security than you have in your entire computing life.