Hacker group 31337 Hackers has declared war on security experts. As part of Operation #LeakTheAnalyst, hackers are going to break into and reveal the personal data of security researchers. They recently fell victim to Adi Peretz, senior analyst at Mandiant Security, a cybersecurity arm of FireEye.
The attackers hacked into the researcher's accounts on Hotmail, OneDrive and LinkedIn and posted his personal data and working documents on the Pastebin portal.
If security professionals are not immune to account hacking, ordinary users are even more vulnerable to intruders. Therefore, you need to know how to protect yourself. Let's try to understand the issue together with Alexei Parfentiev, a leading analyst at SearchInform.
How you get attacked
So, first things first. There are some of the most common attack options:
1. Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
Hacker group 31337 Hackers has declared war on security experts. As part of Operation #LeakTheAnalyst, hackers are going to break into and reveal the personal data of security researchers. They recently fell victim to Adi Peretz, senior analyst at Mandiant Security, a cybersecurity arm of FireEye.
The attackers hacked into the researcher's accounts on Hotmail, OneDrive and LinkedIn and posted his personal data and working documents on the Pastebin portal.
If security professionals are not immune to account hacking, ordinary users are even more vulnerable to intruders. Therefore, you need to know how to protect yourself. Let's try to understand the issue together with Alexei Parfentiev, a leading analyst at SearchInform.
How you get attacked
So, first things first. There are some of the most common attack options:
1. Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
Users still regularly download the "cracked" software with the "treatment" included. As a result, they get malicious code that is introduced into the connection (traffic level) or into the process (through known vulnerabilities) and steals personal account data.
Millions of emails are sent daily with links to malware. The existing antispam solutions are quite effective, but none of them provide complete protection.
2. Attacks at the traffic level
There are two types of such attacks - in the form of a sniffer of unprotected traffic and in the form of attacks on protected traffic (man in the middle, MITM).
This method of hacking is more effective than the first one, but it is more difficult in technical implementation, therefore it has not become so widespread. First of all, due to the limited territoriality - the attack must be carried out directly on the incoming and outgoing connections, and for this you need to physically have access to them.
The essence of the sniffer is very simple: all traffic passing through it is scanned for the presence of unencrypted credentials, the found accounts are saved and subsequently used by cybercriminals.
In most cases, this type of attack is invisible to the user. However, it is still effective, because many popular services still transmit user data, messages and files in clear text. For example, Facebook relatively recently began to protect its traffic - before that, for many years, information was transmitted completely in the open form - all messages, files, likes and passwords were available to anyone. Naturally, we are talking about those cases when the attacker has physical access to the transmitting or receiving infrastructure.
2. The second method is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM - man-in-the-middle attack). After the "necessary" certificate is deployed, the compromised traffic is available to the hacker in decrypted form, which allows him to extract and save credentials from it.
By the way, both of these methods are used at the software level: when malware replaces the certificate or a software sniffer is running locally.
3. User-level attacks
Social engineering techniques, in other words, deliberately deceiving a user in order to obtain credentials. The victim is misled when communicating via Internet channels or the phone, after which she herself transfers everything necessary to the attacker. Despite the high labor costs, such an attack is very effective in obtaining the account of a specific user.
4. Attack at the server (service provider) level
An extremely rare type of attack. It is theoretically possible, but in practice it is extremely rare. Here it is worth debunking the popular myth about “the social network was hacked”: in such a situation, it was not the social network that was hacked, but the devices of a particular user. And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Therefore, such a scenario as "hacked social networks", the user need not be afraid, but should be more attentive to their own actions.
How to understand that a hack has been committed?
Most often, this becomes clear from the results of the attack, when the attackers' goal has been achieved - money disappeared from the account, "fell asleep" with spam, someone changed the password for the account. Another thing is when the attack was successfully carried out, but the criminals have not used it in any way. In the case of an attack according to scenario 1, it is worth checking all devices from which communication is carried out with high-quality antiviruses (they analyze not only software, but also outgoing traffic). If the antivirus has not found any suspicious activity, we can only hope that it is.
If the antivirus detects a threat, it will, of course, neutralize it, but it will not answer whether it has sent the credentials in time or not yet. By the way, I recommend that when an antivirus detects threats, do not be too lazy to look for its description and figure out what it threatens - many developers give a detailed description of each "trigger".
In addition to antivirus, there are professional tools that are used by information security experts, but they are rather complicated, expensive and, without professional training, are useless.
How to act legally when hacking? Will the police help?
Yes, this crime and punishment is prescribed by law. There are tons of subtleties that cannot be covered in one article. The main point is that simply personal data or personal data were stolen, is there a financial component in the case, and whether there was a fact of public disclosure of the information received.
The fact is that personal data is often confused with personal data, however, they are determined by federal law.
A simple example: if an attacker received a passport series and number, that is, personal data is a serious offense and is regulated by Federal Law. If a hacker gained access to private correspondence, the situation is, of course, piquant, but such information is not personal data.
If you find your personal data in the public domain, then first of all contact the administration of the resource where they were posted. Refer to the Law on Personal Data, which prohibits the use of personal data without the permission of the data subject. Indicate that if you refuse, you will go to court. To remove information from the search results, you need to contact the technical support of the search service and fill out a special form.
If you cannot determine the source of the dissemination of information or cannot contact him directly, you can contact the Federal Service for Supervision of Communications, Information Technology and Mass Media or the prosecutor's office.
In addition to Federal Law 152, it is possible to prosecute criminals using the Code of Administrative Offenses, the Criminal Code and the Labor Code. Indeed, depending on the specific situation, a crime can be classified as illegal access to computer information, violation of privacy or violation of the procedure for collecting, storing, using or disseminating information about citizens established by law.
It is imperative to collect as much evidence as possible - screenshots, videos, descriptions of your observations - the more detail, the better. If it is obvious that a specific device has been jailbroken, stop any activity on it, turn it off - most likely, it will have to be given for examination for a while.
When it comes to passwords, security experts say they need to be complex, numeric, and not like words at all. Can the experts themselves remember such passwords?
A long password will not save you from the methods of attacks I have listed. Strong passwords will only help against brute force (brute force attack). But in reality, such an attack does not always work and not for everything. But in any case, the password should be used long and complex, at least to protect against the same brute force. And of course, you need to regularly change all passwords.
The attackers hacked into the researcher's accounts on Hotmail, OneDrive and LinkedIn and posted his personal data and working documents on the Pastebin portal.
If security professionals are not immune to account hacking, ordinary users are even more vulnerable to intruders. Therefore, you need to know how to protect yourself. Let's try to understand the issue together with Alexei Parfentiev, a leading analyst at SearchInform.
How you get attacked
So, first things first. There are some of the most common attack options:
1. Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
Hacker group 31337 Hackers has declared war on security experts. As part of Operation #LeakTheAnalyst, hackers are going to break into and reveal the personal data of security researchers. They recently fell victim to Adi Peretz, senior analyst at Mandiant Security, a cybersecurity arm of FireEye.
The attackers hacked into the researcher's accounts on Hotmail, OneDrive and LinkedIn and posted his personal data and working documents on the Pastebin portal.
If security professionals are not immune to account hacking, ordinary users are even more vulnerable to intruders. Therefore, you need to know how to protect yourself. Let's try to understand the issue together with Alexei Parfentiev, a leading analyst at SearchInform.
How you get attacked
So, first things first. There are some of the most common attack options:
1. Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
Users still regularly download the "cracked" software with the "treatment" included. As a result, they get malicious code that is introduced into the connection (traffic level) or into the process (through known vulnerabilities) and steals personal account data.
Millions of emails are sent daily with links to malware. The existing antispam solutions are quite effective, but none of them provide complete protection.
2. Attacks at the traffic level
There are two types of such attacks - in the form of a sniffer of unprotected traffic and in the form of attacks on protected traffic (man in the middle, MITM).
This method of hacking is more effective than the first one, but it is more difficult in technical implementation, therefore it has not become so widespread. First of all, due to the limited territoriality - the attack must be carried out directly on the incoming and outgoing connections, and for this you need to physically have access to them.
The essence of the sniffer is very simple: all traffic passing through it is scanned for the presence of unencrypted credentials, the found accounts are saved and subsequently used by cybercriminals.
In most cases, this type of attack is invisible to the user. However, it is still effective, because many popular services still transmit user data, messages and files in clear text. For example, Facebook relatively recently began to protect its traffic - before that, for many years, information was transmitted completely in the open form - all messages, files, likes and passwords were available to anyone. Naturally, we are talking about those cases when the attacker has physical access to the transmitting or receiving infrastructure.
2. The second method is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM - man-in-the-middle attack). After the "necessary" certificate is deployed, the compromised traffic is available to the hacker in decrypted form, which allows him to extract and save credentials from it.
By the way, both of these methods are used at the software level: when malware replaces the certificate or a software sniffer is running locally.
3. User-level attacks
Social engineering techniques, in other words, deliberately deceiving a user in order to obtain credentials. The victim is misled when communicating via Internet channels or the phone, after which she herself transfers everything necessary to the attacker. Despite the high labor costs, such an attack is very effective in obtaining the account of a specific user.
4. Attack at the server (service provider) level
An extremely rare type of attack. It is theoretically possible, but in practice it is extremely rare. Here it is worth debunking the popular myth about “the social network was hacked”: in such a situation, it was not the social network that was hacked, but the devices of a particular user. And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Therefore, such a scenario as "hacked social networks", the user need not be afraid, but should be more attentive to their own actions.
How to understand that a hack has been committed?
Most often, this becomes clear from the results of the attack, when the attackers' goal has been achieved - money disappeared from the account, "fell asleep" with spam, someone changed the password for the account. Another thing is when the attack was successfully carried out, but the criminals have not used it in any way. In the case of an attack according to scenario 1, it is worth checking all devices from which communication is carried out with high-quality antiviruses (they analyze not only software, but also outgoing traffic). If the antivirus has not found any suspicious activity, we can only hope that it is.
If the antivirus detects a threat, it will, of course, neutralize it, but it will not answer whether it has sent the credentials in time or not yet. By the way, I recommend that when an antivirus detects threats, do not be too lazy to look for its description and figure out what it threatens - many developers give a detailed description of each "trigger".
In addition to antivirus, there are professional tools that are used by information security experts, but they are rather complicated, expensive and, without professional training, are useless.
- In the case of an attack using a traffic sniffer, unfortunately, it cannot be determined after the fact.
- In the case of MITM, you need to carefully monitor the certificates that are used to connect to sites. At the very least, check the certificates of critical resources (for example, when paying online).
- In the case of social engineering, it remains to be vigilant and stop suspicious contact.
- For the fourth type of attack, there are no ways to detect it - if it happened, then in the overwhelming majority of cases it is a leak from the inside, and not a hack from the outside.
How to act legally when hacking? Will the police help?
Yes, this crime and punishment is prescribed by law. There are tons of subtleties that cannot be covered in one article. The main point is that simply personal data or personal data were stolen, is there a financial component in the case, and whether there was a fact of public disclosure of the information received.
The fact is that personal data is often confused with personal data, however, they are determined by federal law.
A simple example: if an attacker received a passport series and number, that is, personal data is a serious offense and is regulated by Federal Law. If a hacker gained access to private correspondence, the situation is, of course, piquant, but such information is not personal data.
If you find your personal data in the public domain, then first of all contact the administration of the resource where they were posted. Refer to the Law on Personal Data, which prohibits the use of personal data without the permission of the data subject. Indicate that if you refuse, you will go to court. To remove information from the search results, you need to contact the technical support of the search service and fill out a special form.
If you cannot determine the source of the dissemination of information or cannot contact him directly, you can contact the Federal Service for Supervision of Communications, Information Technology and Mass Media or the prosecutor's office.
In addition to Federal Law 152, it is possible to prosecute criminals using the Code of Administrative Offenses, the Criminal Code and the Labor Code. Indeed, depending on the specific situation, a crime can be classified as illegal access to computer information, violation of privacy or violation of the procedure for collecting, storing, using or disseminating information about citizens established by law.
It is imperative to collect as much evidence as possible - screenshots, videos, descriptions of your observations - the more detail, the better. If it is obvious that a specific device has been jailbroken, stop any activity on it, turn it off - most likely, it will have to be given for examination for a while.
When it comes to passwords, security experts say they need to be complex, numeric, and not like words at all. Can the experts themselves remember such passwords?
A long password will not save you from the methods of attacks I have listed. Strong passwords will only help against brute force (brute force attack). But in reality, such an attack does not always work and not for everything. But in any case, the password should be used long and complex, at least to protect against the same brute force. And of course, you need to regularly change all passwords.
