2014년 8월 31일 일요일

[발췌] Hacking: Sometimes it’s easier to hack your brain than your computer.


※ 발췌 (excerpts):

Hacking a computer and stealing information is not as easy as it looks in the movices. The major security breaches reported in the news over the last several months make information theft seem easy, but there is still a high level of skill and commitment required to pull off a hack. Cracking a truly secure password is still extremely difficult, and a properly secured computer looks like a fortified  castle armed with hundreds of guards and surrounded bt a moat.

You, however─you are the gatekeeper. You're walking around with keys like passwords, access rights, and knowledge. Malicious people want these keys, and they will use your own fear of security breaches to get them.

“Hello, my name is David from Windows Technical Department,” says the voice on the phone. “We are getting some kind of error and warning signals from your computer that indicate that an online hacker has gotten inside your computer and is using your computer without your knowledge.” At this point the voice directs you to the alleged proof and even warns you not to click anything because you will make it worse. Everything looks very authentic and seems believable. After all, computers get infected every day. You think that it is not outside the realm of possibility that yours has been infected and is sending out your private data all over the Internet. So what are you going to do? The voice at the other end of the line then throws you a lifeline. He asks you to go to a website, install his cleaner software and he will get you all fixed up. Listen to the whole phone call below.

This is a classic example of social engineering. In this context, social engineering (also known as social hacking) refers to the manipulation of people to get them to divulge information they otherwise would not. Put another way, hackers are hacking you, not your computer. Con artists are nothing new and identity theft is one of the fastest growing crimes, affecting 11.5 million U.S. victims annually (U.S. Department of Justice). Social engineering is often the easiest way to steal that information.

Social engineering hacks come in many forms. The scam above is a common hack known as a fake tech support call. Other forms of social hacking include malicious emails claiming something drastic will happen if you don’t call a phone number to clear something up or copycat websites that will steal your username and password when you try to log in. Many of these techniques seem obvious when pointed out, but they are often so well done that even somebody with technical skills may not recognize them right away.

How do you protect yourself? Follow these steps to keep your information private.