HOW HACKERS CASH IN
50 million Facebook users’ accounts were hacked recently
FACEBOOK is having a tough year.
Earlier this year, there were the reports that they were selling private user data to third parties without consent. Now, not six months later, the company is facing an even bigger storm. Facebook was hacked, and 50 million people’s accounts were compromised.
Among the hacked accounts were no less than Mark Zuckerberg’s own account. No one knows who was behind the incident, and worse still, no one knows what the damage was.
All we know about the incident is the scale of the attack, but other vital questions remain unanswered.
What was the motive? What did they take? Did they find any valuable information?
No one knows yet, but there are some theories. Some believe the hackers trolled Facebook user activities for sensitive data like private messages, to use for blackmail.
Others claim the culprits were Russian hackers who gathered information that could be used to rig the 2020 American election.
What gives impetus to the Russian hacker theory is the scale and sophistication of this operation. To hack into a company like Facebook and take control of 50 million accounts would probably require a large, highly-skilled, well-funded team.
But the same could have been said about the occasion when Apple was hacked, and nearly a terabyte of valuable data was stolen from their servers.
This too seemed like the work of a team of seasoned hackers, but the perpetrator turned out to be a lone 16-year-old kid from Melbourne, who stored his hacking instructions in a folder on his computer called “hacky hack hack”.
Regardless of who is behind it, cybercrime has been labelled a “pandemic” due to the frequency and severity of the incidents.
The annual global cost of cybercrime is currently estimated at about $600 billion (about R8.76 trillion), and it affects everyone: corporates, small businesses and individuals.
Statistics like this are naturally a cause for alarm, and people generally want to know how to be safe.
I regularly come across people who have been victims of cybercrime in some way or the other, people who’ve had their bank accounts cleaned out.
Or, in one of the most disturbing cases I’ve ever encountered, a businessman who was quite literally locked out of his own business by hackers who locked down his server and demanded a huge ransom.
The poor guy was in a desperate situation. His company’s point-of-sale system, back-office accounting software and emails all ran on the same server. Without access to these, they had no option but to shut the doors.
My advice to them was to pay the ransom. There were no backups, and the hackers warned that if they tried to unlock the server, then the entire system would be blanked.
Even if there was a possibility that the system could be unlocked, it was too risky without backups.
They stood to lose everything. They subsequently paid the ransom and got their server back, but the cost was huge: nearly a million rand, including the ransom money, lost sales and down time.
When we hear about hacking, we generally think about people with computers running powerful password-cracking software to get into sites or bank accounts. This method, known as a “brute force attack”, accounts for only a small percent of cases.
Most often, attackers use social engineering, which is to use deception, manipulation and influence to convince a person who has access to a computer system, to give away access.
In other words, they use plain, old-fashioned con-artistry.
Kevin Mitnick, world-renowned ex-hacker and author of the book Ghost in the Wire, warns that, “companies spend millions of dollars on firewalls, encryption and secure access devices and it’s money wasted because none of these measures addresses the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information”.
The businessman I mentioned learnt this the hard way.
Upon investigation, it was discovered that one of the admin clerks opened a suspicious email attachment, which installed malicious software – called malware – that took control of her computer; and since her computer was linked to the main server, it was easy to gain access to the server.
The clerk was a victim of “phishing”, which is the practice of tricking someone into opening a malicious email or attachment by disguising it as a legitimate email from a bank or other organisation or person. Another strategy used by attackers is to run fake piracy websites offering free downloads of copyrighted content.
All too often, people using these sites think they are downloading free music, movies and software, but what they are actually getting is malware which compromises their computers.
Most cases of cybercrime are due to human error, negligence, or classic foolhardiness.
Usually all it takes is a little education to avoid becoming a victim.
● For more information about the topic, go to: https://www.youtube.com/watch?v=YWqi3CoDsY8
● Bilal blogs at www.bilalkat.com
Most cases of cybercrime are due to human error, negligence, or classic foolhardiness. All it takes is a little education to avoid becoming a victim of cybercrime