Welcome everyone. I hope all the information on this blog intrigues and informs all those out there trying to stay on top of our fast moving field of computing. One of the things i have been trying to stay on top of is what the latest is out in the hacker community. Good admins cannot be complacent and think their networks are secure and out of harms way. Hackers today are some of the most intelligent and innovative thinkers out there. They will find a way into anyones network if they desire to. Our job is to be up on the latest exploits so that we can readily identify a breach if and when it happens, and by doing this you mitigate your risk and exposure.
One of the new trends out there that i have talked about before is social engineering. The art of exploiting and convincing someone to do something that allows an attacker to have access to your PC or network. Now i know growing up i always thought hackers were socially inept people who stayed in their mothers basements, punching out code and playing video games. However i have been proven wrong, today some of the easiest ways into a system is by using the person who owns it. By preying on the ignorance of the owner of the PC or network, hackers can gain access and have a field day at your expense.
We all would like to think that we are smarter then just opening a door and letting a stranger in, but fact is a lot of us do just that. Obviously we would not just let someone in that calls up or emails and asks for access, but what if that call or email looked official or put a scare into you where you reacted quickly without thinking. This is what social engineering is about. Have you ever received an email from what looked like your bank, saying that your account will be closed down unless you click on the link and verify your information?. Many of us have received them and many of us have read it and gotten so scared that it would happen so you just clicked on the link and gave all your information away on how to get into your bank account. That is scary in and of itself. Now I have read these emails before and stepped back and laughed thinking “who would fall for this?”. Well believe me, many people do.
The latest out there now is starting to happen in Columbia where people are receiving emails from what claims to be the transportation authority. The email claims that the person has committed infractions and provides links for the user to click on. So it builds up the fear in the person to make an otherwise irrational decision and click on the links provided in the email in order to “view” the details of the infraction. In reality what they are clicking on are files that are attached, that once they are clicked on they will install themselves onto your PC then connect back to a botnet and provide information to the hacker. See the link provided here by ISC a leader in security on the web. https://secure.dshield.org/diary.html?storyid=13309
Gone are the days of the standard brute force attacks or attempting to get in to a system from the outside. Why do all that hard work when you can just get the person to open a door for you and let you in?. This is certainly a much easier thing to do sometimes. Especially when people do not know about these scams. Please protect yourselves, ask questions, get involved in the communities out there and educate yourselves. The information is free and extremely valuable. It could save you and your information.
MJDDesign Concepts LLC. 