Before the practice of exploiting software and electronic systems unlawfully got out of hand, hackers were once known as people who are intelligently curious, a tireless explorer of computer systems, if you will.
But when more and more hackers misuse their talents for their own personal gain, the term “hacking” took on a new meaning, and now, people generally know hackers as one who break into systems with evil purposes.
However, all is not lost – there are still good hackers out there who use their skills to detect system vulnerability and work hard to fix the issue, thus preventing further attacks by malicious hackers.
1. Dead-Easy-to-Guess Passwords
Passing guessing is one of the fastest techniques to hack any account. According to a survey by Sophos 33% of the people use the same passwords. What this means that if a hacker can get inside a person’s Facebook account, he can also get inside his/her other account using the same password.
The infamous Gawker hack in 2010 showed just how thoughtless some people can be when setting their passwords. Check to see if your password is as common as those that were revealed below:
- “123456”: There’s no excuse for this: plain laziness can cause one’s website or account to be hacked.
- “password”: I once watched a Leslie Nielsen movie called “Wrongfully Accused” (a spoof of “The Fugitive”) and laughed when he successfully guessed the villain’s password. The password? You guessed it right – it’s “password’. While it’s amusing to see it on screen, it’s definitely NOT so funny if it were to happen to you. Try avoiding this setting this “password” at all costs.
- “qwerty”: Yet another popular easily-guessable password. Did creativity just upped and died?
- “trustno1”: I actually laughed when I discovered that this was in the top 10 list of most commonly used password during the Gawker breach. A healthy dose of conspiracy theory dished out by Mulder and Scully, anyone?
- “iloveyou”: Yes, so does the hacker that did this to you.
- “f***you”: Expletives will get you nowhere, evidently.
- “blahblah”: If you can’t be bothered to create a strong password, then blah to you too.
Other passwords guessed correctly by hackers in the Gawker breach include “lifehack”, “11111″, “letmein”, “superman”, “batman”, “sunshine”, “starwars”, “whatever”, “computer”, “killer”, “welcome”, “internet”, and “master”.
2. Easy Availability of Password-Guessing Software
A lot of unscrupulous albeit amateur hackers are taking advantage of password-guessing software. A myriad of password-cracking software are easily available online, allowing malicious individuals to leverage on the software capability to run up to an astounding 8 million guesses per second! There is no way to take these software off the market, so the only thing a user could do is to change passwords often and enforce best practices when setting hard-to-guess passwords.
3. Vulnerability to Social Engineering
Social engineering is considered the art of manipulating people or computers, and this is usually employed by crooked hackers to gain access to what’s not rightfully theirs.
Here’s a good example we particularly like: earlier this year in August, comedian Erik Stolhanske’s Twitter account was hacked by a cybersecurity expert using merely his name. Earlier, the two individuals came to an agreement for the expert to try hacking his Twitter account, and Stolhanske was surprised that this was swiftly and easily achieved.
What happened was, the expert did a search and obtained Stolhanske’s personal information from Spokeo.com. Using Stolhanske’s email, he gained access to Stolhanske’s Amazon wishlist. After a few phone calls were made, he was able to pass Amazon.com’s scrutiny and gained access to his account. Long story made short, he used information such as the last four digits of Stolhanske’s credit card numbers to access his email accounts, which he then took over in order to reset his Twitter password.
Amazing, isn’t it? This was achieved by social engineering alone, not hi-tech hacking wizardry.
4. Easy-to-Breach Webhosting Security
Major webhosting companies usually spend top dollar in ensuring the best security measures are put in place, but cunning hackers are still finding ways to target these companies’ shared hosting servers and VPS accounts. The bigger the webhosting company, the more tempting it is to hack into them due to the size of their hosting servers and use it to attack other servers.
The good news is, webhosting companies can protect against breaches of securities by carefully screening user accounts and putting up a reliable firewall. There exists software that can detect and prevent DDoS attacks easily so there’s no reason why every webhosting company shouldn’t install it to ensure proper protection of their security and data.
5. PHP Vulnerability
One of the easiest hacking attacks done see hackers performing remote code execution, and this usually happens to ANY website that accepts files from its users, usually one that is PHP-based. Malicious file execution follows, resulting in stolen records from database and compromised user data such as name, address, and credit card numbers. The PHP Vulnerability Hunter should be able to weed out vulnerabilities effortlessly.
6. SQL Injection Vulnerability
SQL injection is a type of hacking attack that penetrates a website’s weak defenses, thus compromising the database. In simple terms, the attacker runs commands (almost as if “hypnotizing” it) on a database by communicating with the server through MySQL and gets it to do what he wants by having it execute his commands after “injecting” the desired code.
The fact that SQL injection attacks can be performed even by a novice hacker makes it all the more dangerous. Fortunately, you can defend against these attacks using automated tools to determine if your systems, databases or applications are prone to be exposed to possible SQL injection risks. Besides that, secure coding best practices will also protect against such threats.
You can also locate the SQL Injection Prevention Cheat Sheet offered by the Open Web Application Security Project which allows you to learn a myriad of defenses against this type of hacking.
7. Bad Encryption System
Recently in early October, Adobe’s systems were compromised as a massive 150 million Adobe user accounts were compromised, allowing hackers to cart away users’ email address, password, credit card details and other vital information. While there were some users who used easily-guessable common passwords, this constitutes only 3% of the entire 150 million accounts stolen. The rest of the blame may be placed on Adobe’s decision to choose symmetric key encryption over hashing, but they are opting to stay mum by not revealing if it’s bad encryption practice on their part.
8. WordPress Installation Vulnerability
Lots of online marketers use WordPress for content marketing purposes but many fail to realize that certain vulnerabilities can AND will expose their sites to hacking risks. Once this happens, it’s only a matter of time before hackers launch Distributed Denial of Service (DDOS) attacks. Hackers amass an army of attack traffic by infecting servers in hosting environments. A good example of this scenario was revealed by IT professional Steven Veldkamp, citing a previous incident where a 26-second DDOS attack launched against one of his sites was discovered to be powered by 569 individual WordPress blogs.
The solution? Keep your WordPress software updated. It was discovered that 7 out of 10 WordPress site owners did not perform the necessary update and are exposed to high instances of hacking, so try to update often and you can get rid of known vulnerabilities. A great security tool you can benefit from include the easy-to-use Online WordPress Scan.
9. Joomla Security Vulnerability
Joomla is a great Content Management System (CMS) that’s pretty popular and user-friendly, but that does not prevent users from being exposed to various vulnerabilities. Owners with compromised sites were found to be:
- careless in setting up their site.
- forgetful when it comes to updating their sites to the current Joomla version.
- using vulnerable third-party extensions or using obsolete versions.
Several steps can be taken to prevent hacking attacks, including changing the default database prefix when you begin installing your Joomla website. Some hackers also target certain Joomla extensions, and you can make their hacking job tougher by removing the version number so that only the name of the extension is showing. Perhaps the easiest way to locate vulnerabilities in your Joomla site is by running the Joomla Security Scanner.
10. Humans are Inherently Curious, Gullible, and Greedy
People may argue that hackers are getting more skillful in leveraging on hi-tech wizardry to hack into websites, but let’s take a look at the mirror and see how we may be responsible for our own downfall. Failure to update your WordPress software will lead to exposing your site’s vulnerability to hackers everywhere. That, ladies and gentlemen, is apathy. Malicious malware usually depended on curious users to click on a link or attachment, and most of the time, they are successfully in manipulating people this way.
We could go on and on about human weaknesses but if you are determined not to be “hacked”, you can practice the following due diligence:
- Assume nothing
- Believe no one
- Check everything
Recent Famous Hacks
This site has been riddled with troubles since day one, and while no hacking attacks have been reported as yet, you’ll never know when this situation could change. A software tester based in Arizona recently discovered major loopholes in the site that can be likened to an “invitation” for hackers to wreak havoc. He discovered and revealed that it is possible for hackers to take advantage of the website’s many weaknesses and gain access to users’ details.
2. Singapore Prime Minister’s Website:
The website was recently compromised in early November. The cyber-attack may be a direct result of the Prime Minister’s warning to hackers. Earlier, a group of cyber criminals announced that they are planning to hack into government portals.
3. Gawker Media Inc Hacked:
Gawker’s user database was hacked in 2010, sparking outcry from millions of people who have registered accounts on their sites (Kotaku, Lifehacker, Gizmodo, etc.). Interesting tidbit: Forbes reported that 15 Gawker staff were not wise enough to exclude common words in their password, with one of them merely creating a password that consists of his name with the number ‘1’ after it. Pretty “wise”, won’t you say?
Easy Ways to Prevent Hacking Attacks
1. Get rid of ridiculous password habits
That said you should also change your passwords regularly, as often as every month but at least once in six months.
You may also want to choose a password that doesn’t contain a readable word while taking great care to mix in upper and lower cases. Using numbers and symbols is a good practice, but only if you insert it in the middle of your chosen word, not the end.
Tip: don’t include your birth date or other obvious numbers, instead think about a word or phrase that means a lot to you and your loved ones (pet names like “loveyhoneyboo” is a good example), but cannot be easily guessed by strangers).
2. Get someone to hack it first
There are hackers that side with the good guys out there, so if you run an important business online, you may want to hire them to hack into your site and see what can be done to prevent further security breaches.
3. Update your software OFTEN
Attackers constantly find ways to exploit software loopholes, so updating server operating system or any other software utilized in your site will allow the latest security patches to prevent your site from being hacked.