Every time you log online, you basically become a moving target for malicious software and black hat hackers, all of them working to steal your private information, penetrate your bank account, or just simply take full control over your device. Naturally, we assume that these sophisticated and coordinated attacks are done by highly-skilled professionals, those who dedicated their entire lives to hacking and probably spent some time in…uhm, virtual jails?
But actually, you’d be surprised at just how easy it has become for anyone with a basic knowledge of PC and the Web to become a rather slick and successful cyber-criminal in a matter of hours. Don’t believe me? Try these techniques for a size:
Even the most amateurish among cyber thieves are now able to establish a fake wireless access point (WAP) with ease. All you need is a wireless network card and a bit of software, and you too can advertise your PC as a legitimate WAP, which is subsequently (and actually) connected to the real access point established somewhere in that area.
Haven’t we all connected to those free W-Fi points at our local park, coffee shop or cinema? Well, it turns out that hackers tend to create a fake WAP with, say, that coffee shop’s name, and then go through all of your unprotected data and passwords once you’re connected. Those a bit more confident among amateur hackers will even ask you to create a new account in order to connect to their WAP, and will then (counting on the fact that you’re a bit lazy and have probably used that same password on other websites as well) try and use those credentials to connect to your Facebook, Twitter account and more.
On the other hand, cookies allow the browser to preserve our presence on a certain website, which is, for example, why we’re able to remain logged on Facebook, rather than having to enter our credentials every single time we use the network. Basically cookies are tiny files of text that the website sends to our PC, so it can track our activity through multiple visits. When a hacker intercepts our cookies, they can assume our identity on the site those cookies are from, meaning the log-in details are already provided for, allowing them to browse as our virtual selves.
Even though cookie theft is not a simple tactic per se, software such as Firesheep now make it easier than ever to sniff out unprotected cookies, once again allowing anyone with a basic knowledge of the Web to become You on a variety of poorly protected websites.