Perhaps your Internet searches are being redirected to sites unrelated to what you want to find. Maybe your antivirus software has inexplicably been disabled, or the speed of your computer has slowed to a crawl. These and other symptoms could mean you’ve been hacked. Worse than just a pesky virus, an attack on your system directed by a hacker can be far more damaging and costly.
Many users believe they are too small a target to be attacked by hackers. Previously, cybercriminals may have agreed with that assessment, but that is quickly changing. Today, hackers see an individual’s data as low-hanging fruit. Without the need to get past sophisticated corporate firewalls, or bypass complex security protocols, the idea of penetrating your personal computer’s almost nonexistent defenses becomes very attractive.
Once hackers gain access to your system, a number of frightening scenarios can take place. Using sophisticated and well-planned methods, they have been known to hold data hostage, engage in identity theft, and even use your computer to launch attacks on other networks. The best way to combat these cybercriminals is to understand how they carry out their attacks.
How Hackers Gain Access
You’ve likely heard about phishing scams and other forms of social engineering utilized by hackers. Basic computer security awareness and a bit of common sense in your day-to-day online activities is generally enough to avoid becoming victims. However, these deceptions are not the only tricks of modern-day hackers.
Here are several other high-tech ways your computer can be exposed:
A Trojan is malware disguised as harmless software, named after the wooden horse the ancient Greeks used to trick their way into the city of Troy. The intent of the hacker is to get you to install it by making you believe it’s safe. Once installed on your computer, a Trojan can do anything from logging your keystrokes, to opening a backdoor and giving the hacker access to your system.
There are several ways in which a Trojan can infect your personal computer. The most common infection vector hackers use is to trick you into clicking on a file or email attachment. Often, these attachments can come to you by way of a friend whose account has already been compromised, making you believe the contents are from a trustworthy source. Other times the hacker may try to scare you into opening the attachment, making it seem like it is an official notice from the IRS, FBI, or your bank.
Email may be a popular delivery vehicle for Trojans, but it’s not the only one. Clicking on a malicious link on Facebook or other social media sites can allow a hacker to inject a Trojan into your personal computer. Even though these sites take security seriously and are as vigilant as possible, there have been instances when Trojans have infected users this way.
2. Drive-By Downloads
In a drive-by download attack, you don’t have to click on anything to initiate the download and installation of malware – just visiting a website that has been compromised is enough to get your computer infected. A rather dated but good example of this was the infected site known as LyricsDomain.com. According to Spyware Warrior, in 2004, Internet users who visited LyricsDomain.com had unwanted software installed on their systems – a collection of eight advertising programs that, in addition to causing other problems, hijacked the users’ homepage and search bar, and placed advertisements in the users’ “Favorites” folder.
A drive-by download exploits exposed security flaws in your web browser, operating system, or other software that has not been recently updated or patched. Unfortunately, the download and installation of the malware is invisible to the victim. Also, there is no way to tell whether a website is infected just by looking at it.
If you suspect that a site poses a possible threat to your computer, check a blacklist of malicious websites before navigating to the homepage. BlackListAlert.org is a free service that can alert you as to which sites have been placed on a blacklist.
The stealth and effectiveness of a drive-by download makes it one of the best methods in a hacker’s arsenal today. As a result, this form of attack has been on the rise and will only continue to get worse unless computer users take the proper precautions. Updating your software and using the latest version of your favorite web browser is a good start since it will close any newly discovered security holes these infected sites can exploit.
A rootkit is not exactly malware like a virus or Trojan. It is something much more insidious: a malicious segment of code injected into your computer system, designed to hide any unauthorized activity taking place. Since rootkits grant administrative control to the attacker, your computer can be used without restrictions and without your knowledge.
A rootkit can attack and replace important operating system files, allowing it to hide or disguise itself and other malware. Once a rootkit has buried itself deep within your system, it can cover an intruder’s tracks (by altering system logs), cover up evidence of malicious processes running in the background, hide files of all types, and open a port to create a backdoor.
Some rootkits are designed to infect a computer’s BIOS (basic input/output system), which is a type of firmware that initializes the hardware when your computer is powered on. When rootkits invade this part of your system, it makes even operating system reinstallation or disk replacement an ineffective strategy to neutralize the rootkit infection.
Many of the worst, most destructive kinds of malware use rootkit technology. Since rootkits can infect different areas and different files, it is very difficult for even moderately experienced users to deal with them. Unfortunately, you will not even know whether you have this type of malware since it is designed to hide itself so effectively. That is why avoiding questionable sites, diligently updating your antivirus software, avoiding dubious email attachments, and generally protecting your system is a good way to make sure you never fall victim to this type of ingeniously malicious infection.
What Hackers Do Once Access to Your Computer Is Gained
The techniques and technologies outlined above are some of the most effective tools modern hackers have at their disposal. However, today’s security-conscious computer user would benefit by noting one additional piece of information: the hacker’s mindset.
Even the untalented, semi-technical hacker is not just trying to be a nuisance. The vast majority are criminals with one goal in mind: making a profit. Here are a few things the hacker may do upon gaining access to your computer.
Transform Your Computer Into a Zombie
A zombie, or “bot,” is a computer under the control of a hacker without the knowledge of the computer user. The infecting malware is called a bot program, and a variety of combinations and techniques can be used to get it onto the target system. Quite often, it is delivered as a Trojan, activated by clicking a malicious email attachment or link, and remains hidden from the user because it has built-in rootkit technology. The main objective of the hacker in this sort of attack is to make the compromised computer part of a robot network or botnet.
A hacker in charge of a botnet is sometimes referred to as a “bot herder.” The newly installed bot program opens a backdoor to the system and reports back to the bot herder. This is done through command-and-control (C&C) servers. Using these C&C servers, the bot herder controls the entire botnet, having all the zombie computers acting as one unit. Botnets have a tremendous amount of processing power with sometimes up to hundreds of thousands of zombies worldwide.
Trap Your Computer in a Botnet
Once your computer becomes part of a botnet, the bot herder can use it in a number of ways. It can be used to send spam and viruses, steal your personal data, or it can be used in click fraud scams to fraudulently boost web traffic. Some bot herders even rent out the processing power of their botnets to other hackers.
This type of cybercrime is a big problem in many parts of the world. However, the authorities have been fighting back as best as they can. In 2014, the takedown of an enormous botnet called Gameover Zeus slowed the spread of a sophisticated form of ransomware known as CryptoLocker.
Perform Extortion Through Encryption
Imagine if hackers could hold your personal computer hostage and extort a cash payment from you. Unfortunately, this scenario is quite possible and has been playing out very successfully for quite a few years now. The security threat is classified as ransomware, and it is an extremely profitable endeavor for cybercriminals.
Injecting itself into your system by way of a drive-by download or similar method, ransomware usually does one of two things: it either locks your computer, or encrypts all your personal files. In both cases it displays a message stating that you must pay a ransom or you will never have access to your files again. As reported by PCWorld, the ransom for a malicious program such as CryptoLocker can range from $300 to $2,000. Unfortunately, according to Microsoft’s Malware Protection Center, there is no guarantee that paying ransom will give access to your PC or files again.
Here are some of the most notorious examples of malware infection, demonstrating the methods and techniques hackers use to penetrate systems. These security breaches have cost computer users inestimable amounts of time, frustration, and money.
An anagram of Facebook, Koobface was a hybrid, or blended threat, malware. It used the trickery aspect of a Trojan and the autonomously replicating nature of a computer worm – a type of standalone virus that does not need to attach itself to another program to spread the infection. Koobface penetrated systems of unsuspecting Facebook users by tricking them into believing they were clicking on a video. As in other scams, hackers used the compromised account of a Facebook friend by sending a private message through the Facebook platform.
The user, believing that it was a genuine message from an acquaintance, would take the bait and click on the video. This would cause users to be redirected to a site claiming they needed to upgrade their Adobe Flash Player software. The bogus site would then provide them with a link to download the update. The download was actually Koobface, and once it was installed it gave an attacker complete access to the victim’s personal data, including passwords and banking information.
Since the Koobface virus was neutralized just a few years after it first came out in 2008, it is difficult to estimate the full extent of damage it caused. According to Kaspersky Lab, as cited by Reuters, the Koobface virus “afflicted between 400,000 and 800,000 computers during its heyday in 2010.”
Mac Flashback attacks almost always occurred without the victim’s knowledge, as Apple Mac users found out in the early part of 2012. Mac Flashback was a drive-by download attack ingeniously engineered and executed by installing a downloader onto the victim’s computer. Once this downloader was fully installed, it began downloading and installing other types of malware on the target system.
The original method of infection began by hackers passing around a fake plug-in advertised as a handy toolkit for WordPress bloggers. Thousands of bloggers incorporated it into the creation of their blogs, thus creating almost 100,000 infected blog sites. If Mac users visited any one of these sites, their computers would immediately be infected. At that point, anything from browser hijacking malware to password logging software could be downloaded and installed on the victim’s computer.
A fix for the infection came rather quickly. Within months, Apple released an update for the Mac that fixed the security problem and eliminated the threat of Mac Flashback. However, this did not come in time to help the Mac users who had already been infected, whose numbers exceeded 600,000 according to CNET.
The ZeroAccess rootkit made its first appearance in 2011, infecting more than 9 million computer systems worldwide, according to Naked Security. The main purpose of ZeroAccess was to turn an infected computer into a remotely controlled zombie. Since it was developed as a rootkit able to disguise itself and cover a hacker’s tracks, many victims did not know their systems had been infected until it was too late.
Once the hacker had control, the zombie would be incorporated into a botnet. Of all the infected computer systems, approximately 20% were successfully assimilated into the malicious network. That put the estimated size of the botnet ZeroAccess was responsible for creating at 1.9 million computers as of August 2013, according to Symantec.
The massive processing power of a botnet is used by cybercriminals to engage in illegal activities such as a distributed denial-of-service attack. This is when multiple computers, under the control of a hacker, are directed to flood a network with traffic in order to overwhelm it and put it out of service. In 2013, a group led by Microsoft tried to shut down the botnet created by ZeroAccess, but was not completely successful. Some of the botnet’s components, including a few command-and-control servers, were left operational.
One of the most successful examples of ransomware is the notorious Trojan called CryptoLocker. Appearing on the scene in September 2013, CryptoLocker infected tens of thousands of computers worldwide, and made millions for cybercriminals in just the first few months. This extremely successful strain of ransomware uses public-key encryption to make personal files unreadable, and encrypts everything from picture files in a digital photo album to spreadsheets and documents used for work.
The truly remarkable thing about this type of cybercrime is the number of victims that end up paying the ransom. A survey published by the University of Kent’s Research Center for Cyber Security revealed that 40% of CryptoLocker victims chose to pay the ransom to have their files restored.
Today, CryptoLocker is not the threat it once was. When law enforcement agencies in the U.S. and Europe neutralized the gargantuan botnet called Gameover Zeus, it severely crippled the spread of CryptoLocker. The cybercriminals controlling Zeus had programmed it to plant CryptoLocker on every system it came in contact with.
Also, numerous cyber security firms, many of whom can be found via the directory created by Cybersecurity Ventures, offer victims a service to decrypt their files, undoing the damage CryptoLocker caused. However, there are still other variants and types of ransomware still out there, such as Cryptowall, that are just as dangerous and have not yet been contained.
Determining Whether You’ve Been Hacked
It can be difficult to determine, but the more you educate yourself, the more likely you are to detect tampering with your system. Following is a short list of signs that could mean your system has been penetrated:
- Antivirus Software Disabled. If your antivirus software is disabled and you didn’t turn it off – or if it can’t be turned back on – then you may have a problem. Other programs to check for the same symptoms are the Windows Task Manager and Registry Editor.
- Unfamiliar Software Has Been Installed. Beware of unfamiliar toolbars, plugins, or any other kind of software that has recently appeared.
- Random Pop-Ups. If they persist even after you have ended your web browsing session, you may have a problem. Fake antivirus messages are the most dangerous. Never click on these.
- Internet Searches Are Redirected. Say you search for an apple pie recipe and your browser displays an ad for a hair restoration clinic – the culprit may be an innocent-looking toolbar a hacker may have placed on your system.
- Passwords Have Been Changed. If you have been locked out of your social media or email accounts, you may also find that your friends are being bombarded by spam emails and messages that seem like they are coming from you.
- Mouse Moves By Itself. Usually when this happens it is a minor or temporary glitch in your computer. However, when it moves in a non-random fashion by opening folders and starting applications, a hacker is controlling your system remotely.
If your personal computer has displayed any of these symptoms, you need to put a stop to the intrusion. IT security professionals are expensive, but fortunately there are a number of good resources on the web, such as BleepingComputer.com, that can help you deal with the problem yourself. Better yet is avoiding it altogether by protecting yourself before you become a hacker’s next victim.
How to Protect Yourself
There is no way to make your personal computer completely impenetrable to a cyberattack. Even a corporate enterprise system with a full-time computer security team cannot guarantee this. Luckily, the harder you make it for hackers to break into your system, the less likely they are to devote the time and effort to try. The list below is composed of steps you can take, and should keep your system safe from almost all security threats.
- Install or Update Antivirus Software. If it has capabilities to let you surf the web safely or protect your identity online, turn these options on. Norton and McAfee products are fine, but if you want freeware, check out Avast and Malwarebytes.
- Secure Your Home Network. Make sure it is password-protected and be certain to set up a firewall to keep out intruders. Many routers come with pre-installed firewalls.
- Update Your Software. This fixes known security holes. Your operating system and web browser should be updated as often as possible.
- Download Only From Trusted Sources. Even if the site administrator is trustworthy, without proper security measures in place the site might be compromised.
- Be Vigilant With Email Attachments. These are a favorite with hackers. Be careful what you click on, even if the email says it’s from the government or your bank.
- Never Visit Questionable Sites. If you’re not sure whether a website is secure, verify it first with online site checking services such as Norton Safe Web.
- Maintain Your Passwords. Create passwords that are difficult to guess, change them regularly, and never use the same one for multiple sites. LastPass and 1Password are popular password management systems you can use.
- Try Not to Use Free WiFi. When using a WiFi connection at your local café, always assume someone is eavesdropping on your connection and take the appropriate measures.
- Turn Off Your Computer. When not in use for long periods of time, turn off your computer. This is a surefire way to protect your system against any intrusion.
The single best thing you can do to keep the bad guys out of your computer system is to educate yourself, understand the security setting of the software and operating system you use, and exercise caution when online. A healthy dose of mistrust when surfing the uncharted waters of the web can’t hurt either.
As cybercriminals get more sophisticated in their attacks, perhaps the best way to fight back is to let the authorities know as soon as someone targets your computer system. When law enforcement agencies like the FBI have access to this kind of information, their job in tracking and stopping the perpetrator becomes much easier.
Have you been a victim of cybercrime? If so, what symptoms did your computer display?