How to protect yourself from hackers

How to protect yourself from hackers

Being hacked through social media or having sensitive information publicly leaked can become extremely painful, especially for celebrities often on hacker hit lists.

Two information technology specialists, Dr Jonathan Crelin and Dr Nguyen Ngoc Thanh from RMIT University’s School of Science & Technology give their advice on how to avoid becoming a victim of cybercrime, and how to protect yourself from hackers.

news-2-how-to-protect-yourself-from-hackers RMIT Senior Lecturer Dr Jonathan Crelin is a specialist in security and digital forensics.

Social networks and smartphones bring undisputed benefits, but also cause many problems. What is your view on this?

Dr Crelin: Yes, ever since our appearance on this earth, a basic need of mankind is to survive. And in order to survive, they have to ‘connect’ with each other.

Communication is the most basic and fundamental activity to bring people together. Connecting is now easier and more convenient than ever, through modern means like social networking, messaging, and smartphones. People use these channels to buy, sell, make friends, and even find lovers.

However unlike before, everything you say and hear can be circulated in many other environments through wifi, network cables etc. and then stored in more than one archive, like on a device or on a cloud backup, which is how sensitive information and money can get stolen. 

How do hackers hack an account?

Dr Crelin: This is a rather tough question. In fact, there is not a single and absolute answer. It depends on a lot of factors, and in many cases the victim does not make their story public, so we can only guess.

Online service providers have increased security on their platforms, so traditional techniques such as SQL Injection, Cross Site Scripting and Cross Request Forgery are very difficult for hackers to use to attack online accounts. As a result, many criminals now use a technique called Social Engineering (roughly: fraud through social communication rather than through technology). Most of the successful attacks in Vietnam have used this technique.

The technique is simple. A criminal may send you a website that promises to contain interesting information, like more details on how to win an all-expenses paid trip to Europe, but you have to log in to enter the competition, or claim the prize. The login page is actually a fake page, and when you log in your password will fly straight to the email or message inbox of the hacker. 

Current techniques such as Single Sign On via OAuth2 on Google and Facebook can help strengthen the belief that victims are logged in, making the victims not suspicious.

This technique is also used a lot in other areas such as making a phone call to notify the winner or pretending to be an agency investigating a money laundering case.

Women are most often attacked after forming friendships – a gift gets delivered but stuck in customs, and the receiver is asked to pay money to customs to have the gift released. 

news-3-how-to-protect-yourself-from-hackers RMIT Lecturer Dr Nguyen Ngoc Thanh is an expert in cloud computing and large scale and complex systems.

Assuming that celebrities are on high alert and not easily fooled by social attack techniques, what else could a hacker use?

Dr Nguyen: We only have a little time every day to think about security and privacy, while cyber criminals have 24 hours a day to do it. When going to a hotel, restaurant or cafe, a series of security cameras can be used by criminals to steal your phone's PIN to open your phone.

As an athlete or actor for example, when practicing, competing or acting, they may not have their phone with them. Instead, they may leave it in their bag, locker room, or with an assistant. This is an opportunity for attacks.

You also become vulnerable sending your phone to get repaired or have software installed. There have been many cases of sensitive photos and videos being leaked out using these services.

It is a bit extreme, but perhaps high-value targets should consider buying a new phone instead of taking an old one to be repaired. Of course, important phone information such as contacts should be backed up periodically, and old phones should be reset or completely deactivated.

Dr Nguyen, if these people always keep their phones with them and do not give them to anyone, can attacks happen?

This is still possible. Reusing passwords between different websites is quite common, and the fact that you create accounts on different websites and use the same password is a major weakness. The account you created five or even ten years ago could be available online now through the dark web market.

It is possible for hackers to look for this data and search through celebrity emails or passwords, and then log into their accounts.

Assuming a person has excluded all of the cases mentioned above, are they likely to be attacked?

Dr Crelin: My answer is yes. Remember the Social Engineering case I just mentioned? Have you ever been on Facebook and tried searching for your account name and discovered many fake accounts, using your real name and photos? 

Hackers can create fake accounts of famous people and make friends with other celebrities. For a while, the two may exchange intimate and sensitive messages until the fake account gets exposed. The cyber criminal can then use these chats to blackmail the victim: comply or be publicly exposed online.

What can people do to protect themselves online?

Dr Nguyen: The more convenience we enjoy, the less security we get so people should always weigh those two against each other. For example, using a simple password or reusing an old one can make it easier for a hacker to access an account. The risk is higher than if you were to use different and challenging passwords. As cyber-crime is actively aggressive, there is no way to completely immunise against cyber attacks, but using multi-factor logins or one time passwords for important services such as banking can largely reduce the risk.

About the experts

Dr Jonathan Crellin is a Senior Lecturer from RMIT University’s School of Science & Technology. He teaches a variety of subjects, in computing and information technology, including computer and information security. He has managed Masters programs at the University of Portsmouth in UK, and worked with the UK Police High Tech Crime Unit in Hampshire. His first degree was in Psychology, and his PhD is in the applications of human factors to information systems. He is a member of the British Computer Society and its Cyber Forensics Specialist group, and a certified Computer Forensic Investigation Analyst, and Macintosh Forensics Specialist.

Dr Nguyen Ngoc Thanh is a Lecturer from RMIT University’s School of Science & Technology, where he teaches various programming courses in the Software Engineering and IT programs. His research interests include information infrastructure, large scale and complex systems, cloud computing and security. Prior to lecturing at RMIT, he was the Chairman of Health Information Systems Program in Vietnam, and Director of Technology at eMED Joint Stock Company. He got his PhD and Master Degree from the Department of Informatics, the University of Oslo in Norway.

Story: Thuy Le

 

  • Blockchain
  • Engineering
  • Community

Related news