Next week is Black Hat -- perhaps the world's most significant and influential annual hacking conference. It's an event that draws in the best and brightest (and sometimes, the borderline legal) hackers from around the world to show off the latest threats to our phones, laptops, PCs, Macs, tablets -- and literally anything else with a digital heartbeat.
While it may not be as well-known as other 'geek' cons like CES or Comic-Con, what happens at Black Hat will eventually impact every consumer, business executive and government official in the U.S. In the last few years, the potential risks from hackers have reached epic proportions -- from doomsday 'worms' that can physically destruct nuclear plants to 'botnets' that enslave millions of home PCs each year, leading to millions of dollars in credit card theft and other financial identity crimes.
Back in 1997, when Black Hat was founded, the average person could be excused for not paying attention to what was happening in the hacker underground. But today, when all of us depend on the Internet and technology devices to bank, buy, work and live, and the groups attacking us have evolved dramatically (Russian cyber crime gangs, Anonymous and other hacktivists, Chinese government sponsored hackers, etc.), there is simply no excuse to remain uninformed.
It's time for everyone to learn about hacking threats.
But one of the first hurdles most people face is the language. What's 'smishing?' or '0-days?' or 'clickjacking?'
The first step is to learn how to speak hacker -- then the concepts really aren't that hard to understand, and it's possible to keep up with the latest threats and protect yourself.
Here is a simple hacker-decoder:
Virus, Worm, Trojan, Malware -- What's the Difference?
When news reports come out about a new computer threat, they often call it a 'virus.' But much of the time, that isn't correct. In fact, most of the computer infections we see today aren't viruses at all -- viruses are somewhat 'old school' in the hacking world. It's important to understand that there are several different types of infections that can target you -- knowing the difference between them can better help you to stay safe.
A 'virus' is the oldest type of computer infection. It is a malicious computer program that is often hidden inside a seemingly legitimate email attachment. The good thing about a virus is that it can't work unless the victim interacts with the file it's in -- either by clicking or downloading it. Once inside a computer, it will try to reproduce itself and infect other parts of the computer or network.
A 'worm' is different than a virus: it doesn't require user interaction, so even if you don't click on an infected file, the worm can still infect your computer. Worms are designed to spread, and spread fast -- once they're in, they typically try to install a 'backdoor' in the computer or cause it to shut down.
A 'Trojan' is another infection that was named after the Trojan horse in the Odyssey. It looks like something you want, but conceals an attack. Trojans are often hidden in file attachments, like Word docs, Excel, PDF, even a computer game. Once a computer is infected, a Trojan gives the hacker remote access to your computer -- this lets him spy on your online activities, capture email and account passwords.
And 'malware' refers to it all -- viruses, worms, Trojans, and other nasty things like adware, spyware and rootkits. So if you want to use a general term for a computer infection, malware is technically correct instead of virus.
Types of Hackers
There are three types of hackers: the 'white hat,' 'black hat,' and 'gray hat.'
The white hat is the good guy -- he or she is a professional in the security field who hacks products, services and companies, with their permission, in order to figure out how to better protect them. White hats are also called 'ethical hackers,' 'penetration testers' or 'offensive security' professionals. A black hat is someone who breaks into a computer network with malicious intent. A gray hat is one who bounces between good and evil in his or her hacking prowess -- think of him as Luke from Star Wars: he wants to be with the force, but Darth Vader keeps calling him to the dark side.
So how do hackers get all this bad stuff onto our computers? Here are the most common types of attacks they use to infect us with viruses, worms, Trojans and other malware:
Ever get a fake email claiming to be from a bank or a Nigerian prince? This is phishing. It's a fake email that often appears to be from a legitimate source, like the IRS, a bank, a former employer, friend, etc. The goal of the email is to get you to click or download something that will infect your computer; or trick you into giving up information, like your Social Security Number. When a phishing email appears to come from a real email (like IRS.gov, or the actual email of an old friend), that's called 'spoofing.' Phishing isn't only done via email -- today, it's also sent via text message ('smishing') and social networks like Facebook. Most of the time, phishers send out these fake emails to hundreds or thousands of people, and they're easy to spot -- but sometimes, they go after one person in particular and use personal information gathered from Facebook or other social networks to make it seem like they know you. This is called 'spear-phishing.'
This is the old-fashioned con game. It refers to a criminal who's able to trick or persuade a person to do something they shouldn't -- like give a network password to a person claiming to be from the IT department; or granting a person supposedly from 'Microsoft's security team' permission to remote access a computer they claim is infected. Social engineering is often done in a phone call, but it can also be done in person, via email or social networks.
Most people tend to think that they won't get infected unless they open a virus-laden attachment in an email. But the truth is, you can get infected just by going on Facebook or visiting the New York Times website. Hackers today can target people directly through the Internet browser (Internet Explorer, Firefox, Chrome, Safari), even if the browser is fully patched and up to date. How does it work? Hackers write special programs which they insert into websites -- it could be a sketchy website, legitimate website, social network site, blog, forum, comment feed, etc. On some of these sites, the website itself is infected -- think of a blog or questionable website, such as pornography. Once you visit the website, it hits you with a 'cross-site scripting' (or XSS) attack which will then try to steal any cookies or passwords saved in your browser. This allows the hacker to gain access to your accounts. Another attack that is similar to XSS is 'clickjacking.' The difference, however, is that the website itself isn't infected -- instead the hack attack is hidden inside something such as a 'Like' button in a Facebook message chain or the play button on a movie. When the user clicks on that button, she is 'clickjacked,' because the hidden program is what is actually activated. Another trick hackers use is the 'drive-by download.' These are most common with pop-up ads, anti-virus warnings or even an email. The computer is infected when you click to cancel the pop-up or click 'accept' or 'deny' on the anti-virus ads. With emails, a drive-by download can happen just by viewing the message. Sometimes legitimate-looking ads on legitimate websites can launch a drive-by attack. When this happens, it's called 'malvertising.'
In the majority of cases, when you log on to a public Wi-Fi hotspot -- at Starbucks, the airport, hotel or even a municipal hotspot -- your computer is at risk of a 'man-in-the-middle' attack (or 'MITM'). This is an attack in which the hacker sits between you and the Internet, essentially. Because the network is open to anyone, he can use special tools to find other people who are using the same network -- and then intercept their computer's signal. This allows him to see everything you do, in real time. He can steal passwords and even force your computer to go to a bad site without your knowledge.
Everyone should know what a 'botnet' is, because there's a one in four chance your home PC is already part of one. A botnet is a collection of 'zombie computers' -- these are computers that have been infected with worms or Trojans and allow a hacker to remotely control them. They're called zombies because they're now a slave to this hacker. When a hacker controls a lot of zombies, i.e., a botnet, he can then sell them to other cyber criminals who want to steal personal identities, or he can rent them out to hackers who want to attack another computer network -- like Anonymous' attacks on the CIA, Visa and others. When hackers use botnets to shutdown another computer, it's called a 'denial-of-service' (DoS) or 'distributed-denial-of-service' (DDoS) attack. A DoS or DDoS basically involves using all of these computers -- typically in the thousands -- to flood another computer with so many data requests that the computer network crashes. The FBI is now targeting botnets and will shut them down -- which can disable your Internet access if it's part of one.
Hackers favor a few different types of computer tools in order to launch their attacks. It's helpful to know what they are:
'Zero-day,' or '0-day'
This is a flaw in a software program or an actual device that doesn't yet have a fix. In many cases, the company (like Microsoft, Apple, Firefox, etc.) doesn't even know the flaw exists. Events like Black Hat are a great way to make companies aware that they have flaws. For consumers, there's nothing you can to avoid a 0-day attack -- except to not use the product, pray, or both.
Hacking is a multi-billion dollar industry these days, and it's grown so sophisticated that skilled hackers will actually sell hacking programs to other criminals. This is called crimeware -- any type of malicious program that is sold on the black market. A good example is phishing email -- those fake IRS emails that look like they really came from the IRS? Yep, that's crimeware.
Hackers also go to special underground forums known as 'carding' sites to swap, sell and buy other people's credit card information. Most of these credit cards were previously stolen through Trojans and keyloggers.
This is a popular program that lets you become anonymous on the Web. Ever see a crime movie where the FBI can't trace the call? TOR is like that for the Web -- it hides your IP address (think of this as a computer's phone number) so no one can tell who is visiting a certain website or launching an attack. It's like calling from someone else's phone, a hundred times over.
A tool hackers use to 'sniff' or intercept Internet or Web traffic, for instance, on a public Wi-Fi hotspot. One of the most notorious 'sniffers' is Firesheep.
'Fuzzing' is a tactic hackers use to figure out where a Web application is vulnerable. The fuzzer will bombard the computer program with bizarre or random computer requests that will eventually cause the program or computer to make a mistake or crash -- and that tips off the hacker as to where it is weak.
It also helps to know some of the derogatory terms that are often used online.
'Noob,' or 'n00b'
A newbie, someone who's an amateur or uninformed. If you're reading this article, you're a n00b.
If you're a 'script kiddie,' you're a poser, essentially. A script kiddie is someone who isn't very skilled at hacking, but thinks they are - or tries to pretend they are. It's a step above a n00b.
Getting owned or 'pwned' (pronounced: pOWNed) basically means getting hacked. It can also refer to having your computer 'backdoored' by a Trojan or worm, or simply losing an argument in an online forum.
You definitely don't want to get 'doxed.' This is what hacktivist groups like Anonymous made famous in 2010, 2011. Doxing is when you gather sensitive, personally revealing information about someone -- it could be there true identity, where they live, family, personal emails, etc. What can follow doxing is a 'dump.' That's when all that sensitive or embarrassing information is posted online, such as Pastebin.com.
Computer technology and hacking isn't as complicated as many think. By understanding the basics, you can learn how to protect yourself online.
For those interested in knowing more about hacking, here are a few good industry blogs to check out: nakedsecurity.sophos.com, threatpost.com and krebsonsecurity.com.