As our whole life is becoming online, the number of white hat and black-hat hackers are increasing. Many of you or someone you know, may have gotten their account hacked at one point in time.
There are multiple ways a hacker could hack you and one way to keep yourself secure is by knowing how hackers hack the passwords and the methods and software they generally use.
By knowing how hackers get into target accounts, you will be in a better situation to understand how you can possibly get hacked and how to increase your security.
How Do Hackers Get Your Passwords?
There are some common techniques that hackers use to hack your passwords.
One of them is phishing pages. A hacker will send a login page of Gmail or Facebook which looks exactly the same as the real Facebook or Gmail login page.
Most of the time they use social engineering skills where they send a message that says
“This person has posted your bad picture on Facebook, click here to check your photo”. Once you click on the link, you will be taken to the login page and as soon as you enter your password, it will be available to the hacker.
Most of the time, the victim doesn’t even realize that the password is gone.
Watch this video to learn more about the phishing attack:
Hackers hack accounts and passwords for various reasons. Some of them hack just to show their skills off while some get into hacking for profits.
Many of them will use your email account to send spam links to your contact list or use your Facebook account to send spam application links.
The major problem arises when hackers get hold of your private and sensitive data. Like I mentioned above, there are many other methods being used by hackers to hack passwords or email access.
This is one of the basic tools used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all your keystrokes.
A log is created and is then sent to the hacker. One of the most famous is the Ardamax Keylogger. It can be customized to not be shown in “Processes” (Windows Task Manager).
I suggest you to start using Online virtual Keyboard when typing passwords for sensitive sites like your bank account, email and Paypal account. You can also start using a password manager like Dashlane that auto-fills the login data and thus no key logs are made.
RAT stands for Remote Administration Tool. With RAT, a hacker can connect to your PC without your knowledge. The hacker can see your screen and also see the sites you surf. It also has the built-in functionality of keylogger.
Hackers can copy files from your hard disk to his/her computer – all this without your knowledge.
A good example of RAT is Poison Ivy. It can be customized to connect to your PC on a particular port number specified while creating the RAT.
3. Trojan Horses
These are the most common types of malware. Trojans spread through warez sites mostly.
When you download from warez sites, all the keygens and patches and even the original trial programs are infected with a trojan.
This means you will get the software for free, but your computer will be affected with a trojan horse.
When you run the patch/keygen, you’ll get the desired output, but in the background, your system gets infected with the trojan.
Turkojan is a famous Trojan horse. A trojan is much more superior compared to keyloggers or RATs. It provides much more functionality so that the hacker has greater access to your PC.
These days Android phones are most vulnerable to the trojan horse a.k.a backdoors. Hackers will persuade you to install an apk file which will then install a backdoor apk.
This is why you should never install .apk files from untrusted sources. We will talk more about how to safeguard yourself in future articles.
There are many other ways which a hacker uses, for example, if you are connected to the internet on a LAN, which uses the same router, a hacker can use any packet sniffer and base decoder to read all sensitive data being transmitted from your computer. Cain and Abel is one such sniffer, but there are many more.
That’s one reason why I always encourage secure browsing whenever possible. Most sites, like Facebook, give an option to use the https login, which encrypts your data. In such cases, even if the hacker uses the sniffer to capture your data, decoding passwords will not be easy.
Brute forcing is another common method, but with technology advancement, most email and web login forms come with features that can handle such attacks.
How to protect yourself from hacking:
- Install a good, licensed anti-virus. I suggest you go for Kaspersky. It’s the best anti-virus out there.
- Always have your Windows Firewall turned on.
- Encrypt your data.
- Start using a password manager like Dashlane or any other.
- Activate 2FA for all the services you use.
- If you are paranoid just like me, start using hardware-based security such as Yubikey.
- Never ever trust warez sites. There is a lot of malware flowing out there.
- Never auto-play a pen drive. The malware automatically gets installed on your PC.
- Don’t run attachments from emails unless you are certain about the source.
- If you want to run .exe files safely, run them sandboxed. A free application Sandboxie is available for this purpose.
- If you feel you’re infected, format your PC/Mobile phone immediately. No anti-virus can remove a Trojan horse from your PC. It’s very difficult to remove a trojan from an infected PC.
- Do a security audit every quarter or half yearly, depending on your need.
Well, to be safe, you have to take preventive methods and make sure you enable all security features offered by the web app you are using. I hope this article helps you to understand how hackers hack so that you can take all preventive measures to keep your passwords safe.
If you find this article useful, don’t forget to share it on Whatsapp and Facebook for more social awareness.