The Weak Link in Computer Security: Us
Most of us make it easy to be a target.
Hackers are people. Not nice people, but they are human beings. They manipulate technology, sure, but there's always someone behind a plot or cyberattack.
And although they use their brand of hardware and software to infiltrate computer systems, they often rely on other humans to help them reach their target.
These people aren't insiders...they are your friends, your coworkers...and you.
And every day, experts say, we are making it easier for hackers to use us, and our computers, to do their deeds.
Think of it like this: You can have the best alarm system in your home and the best locks on every door and window. However, if you forget to set the alarm, or leave a window open or simply open the door to anyone who knocks, then you've lessened the power of your security system.
Movies and real life?
Did you ever see the movie The Sting? In it, in the 1930s a con man named Henry Gondorff, played by the late Paul Newman, cons a rich banker out of $500,000...with the help of a crew of con artists.
Even today, with any scam or con there is one primary element that makes it work: the "mark." The mark is a person who gets fooled into falling for the scam or con. If there weren't a person/mark to trick or scam, there could be no scam.
In our online world, hackers still use marks to do their deeds. And often we don't even know it. As Henry Gondorff tells an associate in The Sting, "You gotta keep his con even after you take his money. He can't know you took him."
Too much information.
A recent Wall Street Journal (WSJ) article (January 2016) reported that all computer systems that help to run our lives have a "critical weakness" that can't be fixed with a software fix or "patch." That weakness link is us. It is you.
You're a mark and don't even know it.
The WSJ article featured the opinions of an ex-hacker, who also happens to be a neuroscientist, who felt strongly that we are simply making too many "mistakes" with our online lives—the kind that hackers are taking advantage of.
They are mistakes only in the sense that they can lead to an invasion of our privacy. Internet experts say the information that con artists use to trick us is more "readily available" than ever before.
There is a new kind of hacking, called social engineering, where online stalkers use information they've gleaned from the Internet to put together profiles on people and trick them into opening emails or giving up information.
And that's where many people have inadvertently made it easier for con artists to trick them. Here are a couple of ways we've made it easier for con artists:
1. Accepting almost all "friend requests" and new "connections" through social media.
Have you accepted a friend request on Facebook from someone you didn't know? Many times we simply accept the friend request, even when we're not 100 percent sure we know the requestor.
Hackers put up their own fake Facebook accounts, and then infiltrate user accounts to make new friends. They can use special computer formulas/programs to sift information about political tastes, music preferences, favorite foods, vacation spots and more.
They'll generate those fake friend requests and send one to you. You are always looking for new friends (and they must know you, right?), so you accept. But you aren't the ultimate target of this special kind of hacker, who's almost a stalker of sorts. He'll use you to find his way to his real target: someone you know who works for a company or agency he wants to hack.
2. Creating your Amazon wish lists.
If a hacker (or even just a snoopy person) views your wish list, they'll know what kind of music you like, what kind of movies you prefer and the kind of clothes you wear.
The same goes for your eBay bidding history: It reveals the types of items you're interested in, and a con artist could get you to open an email by targeting you with an offer on products, music or vacation spots that interest you.
Information defines us.
The more inside information someone knows about you, the more likely you are to let your guard down, and that's all that a hacker needs—just a crack in your line of defense.
Remember—all it takes for a hacker to get into a network and infect it is for someone to open up an email that contains a virus. That's easy for you to do, inadvertently, if you trust the person who sends you an email, based simply on a reference they make about you.
If that happens, a hacker can travel electronically from a low-level employee's computer to the inner workings of the corporate network. It happens all the time. And it starts when we give up information about ourselves.
If you're an active user of Facebook, LinkedIn, Twitter, etc., it would be hard to suddenly change your ways and unplug. Beside, chances are you probably feel safe because, as far as you know, nothing bad has happened to you...yet.
Remember the key point: There's so much information about you online that a trickster could win your confidence with a few friendly words...to win you over and have you put your defenses down.
The best thing to do is to be wise about what you post, and remember that not everyone online is a friend:
- Don't accept friend requests unless you know the person and you truly want to be friends. Remember—they may have friends you wouldn't really want to know.
- Beware of emails from strangers that intrigue you simply because they are about something that interests you. It could be a targeted scam.
- Beware of emails from acquaintances or people you know who ask you for information about a coworker's email or phone number or ask you to forward sensitive information about someone you know. If you get such a request, double-check the email of the sender, or even call your coworker to find out more.