The case for learning how to hack
Learn how to hack, not so that you can hack others, but so that you can protect yourself from being hacked. I watch series such as Black Mirror and Mr. Robot (not what it sounds like), and I listen to a podcast called Darknet Diaries, they have made me paranoid about being hacked. But, beyond paranoia, being hacked is an actual concern that you should have. It comes in many different shapes and sizes, and in some cases it might even cost you your money, possibly a lot of it.
Before we get into it, let me elaborate on what I mean by “being hacked.” The textbook definition of hacking is “an act or instance of gaining or attempting to gain illegal access to a computer or computer system with malicious intent.” In this article article, I’m extending this definition to include illegal access to physical locations such as your workplace, and illegal access to proprietary information, such as the trade secrets of your company.
Ways to get hacked and how to prevent them
There are a number of ways you can get hacked, and when you know how to hack, you can spot them from a mile away. There’s literally an entire industry of professionals who teach companies how to protect themselves from getting hacked. You don’t need to be a professional, but you do need to know the basics. Let’s get into the ways you can get hacked:
1. Social Engineering
Social engineering is practically using deception to fool someone into doing something unknowingly, or to giving confidential information. The weakest part of any computer or computer is it’s user, you. As people, we are very
prone to being tricked. Hackers can use methods like phishing, where they send you an email that looks like it’s
from a safe place like your bank or social media platform, to get you to click a link that will download a virus onto your computer. This is part of social engineering. Another example of social engineering is scam calls. During a scam call, the caller identifies themselves as a person of some authority, and then ask you for personal
details that you wouldn’t otherwise give to anyone. Please be reminded and keep in mind that your bank would NEVER ask for your password or One-Time-Pin over the phone.
You can protect yourself from social engineering attacks by always questioning things. Firstly, avoid clicking links that you get in the browser, particularly if it’s not from a source that you subscribed for. Secondly,
if you want to access your bank’s website, rather type out the URL or search for it on google – don’t click on the link in an email.
Thirdly, if the email or person is giving time pressure, then be extra careful. This goes for things like “Your account will be deactivated if you don’t do this right now!” Be extra careful. Lastly, always check if the URL of the website you are trying to use looks proper. For example, you might click on a link from an email that looks like it comes from twitter, but when you check the URL, it’s twittter.com instead of twitter.com. This is most likely a fake login page that will steal your username and password after you enter them.
2. Malicious Websites
Have you ever been browsing the internet, then when you get into a certain website there’s a pop-up telling you that your computer is infected and that you should download this or that to protect yourself? The website itself was probably malicious, and what you would have downloaded would have had viruses in it, or have been a virus itself. A malicious website is a website that is designed and built to host malware or to phish for sensitive information. They phish by doing the same thing that malicious email links do, giving you a convincing but fake login page. Malicious websites generally have these characteristics:
- The website automatically launches a download window when you visit it.
- It asks you to download software, save a file, or run a program.
- You are asked to download a receipt or an invoice or something similar which is in PDF form, or an executable file of some sort, or other files.
- Malicious websites sometimes also tell you:
- That your computer is infected with malware and that you need to download
antivirus from that website.
- That your plug-ins or browser are out of date and that you need to download new
ones from that website.
- That you won a competition or free prize draw. They may also be offer you free
money or vouchers that need you to enter your credit card or banking information
Do not fall for any of these tricks. If something is too good to be true, it most likely isn’t
- That your computer is infected with malware and that you need to download
3. Malicious USB stick
Imagine this: you get to work. You see a USB stick on the ground in the parking lot and you don’t know whose car its next to. Being the good person you are, you would like to give it to the rightful owner. But the question is, how do you know who the owner is? You left your laptop at home, but your workplace has computers that you can use. What do you do?
Most of us would simply take the USB and plug it into the computer at work so that we can try and figure out who it belongs to. But, this is not the action to take. You could get the workplace computers infected with malware if the USB stick has been preloaded with malware. It’s also possible that the previous owner was not aware that their USB stick had malware, and you mistakenly infect your computer by plugging in a randomly found USB. Even other accessories such as a mouse or a keyboard can infect your computer.
Protect yourself by having trustworthy Antivirus software on your computer. Windows 10 comes preinstalled with Windows Defender, so make the most of that if you don’t have the funds to pay for other Antivirus software. Free antivirus software either expires, or doesn’t give you full protection against the latest malware.
4. Weak and/or recycled passwords
A simple google search tells me that the average human is composed of 32.7 trillion cells. Yet, a paper cut can land you in the hospital if it gets infected. Similarly, the most sophisticated security systems are futile if the administrators of those systems have weak passwords, or they recycle passwords across the system. A weak password can be guessed. There are tools that hackers can use to either guess, or to sift through a list of common passwords until a match is found. Passwords like “password” or “12345” are common, and they are easily hackable. And if you recycle passwords, then someone who has your Facebook login details can
also access your twitter, your Instagram, and maybe even your online banking.
Do not reuse passwords, have a different password for each account. You can also use password managers so that you do not forget your passwords. Instead of a long password that you will most likely forget, try using what I call a “pass-sentence.” This is a sentence that is easy to remember for you, but difficult to guess for someone else. For example, you can use “I am not a Tweep 2!” as your twitter password (obviously, don’t use this one). This sentence has small caps letters, large caps letters, a number and a special character. It’s most definitely not on a list of common passwords, and it’s easy to remember.
These are just some ways you can get hacked. There are a lot more ways for you to get hacked. You can read this article to find out more about malware, ransomware, adware, and many other hacking related things: . Where can you learn hacking.
My go-to for learning things is Udemy. I like it because for almost everything, there is a free course. Hacking is included.
Kali Linux is an operating system (what Windows is) that is built for hacking. Kali has a hacking course on https://kali.training/. You can also get certified by Kali if you are considering going into hacking as a profession.
YouTube is one of, if not THE most valuable source of information for almost any topic under the sun. There are a multitude of YouTube tutorials on hacking and on protecting yourself from hacking. There are even tutorials on where to find the best hacking courses.
Keep learning, and keep yourself protected. Stay safe.