You've been hacked!

Posted 1 week ago by -kyle@appstakk

Ever been the target of a hack attack? Please Share! Let's Strengthen our herd immunity.........

 

You have just been hacked! Scary right? How much of your info did they get? Did they get ur Facebook profile? All of your social media? Bank account numbers? Social security number? Our society is now so digital, that with enough info about someone you can actually become that person! Well sorta..

definitions:

Here are a few definitions of terms you probably don't want to know but, we may talk about in this post.

  1. malware: software that is intended to damage or disable computers and computer systems.

  2. virus: a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

  3. hacker: a person who uses computers to gain unauthorized access to data. (being a hacker can also be a good thing, but for the sake of this post we will continue to think of only the negative.)

  4. adware: software that automatically displays or downloads advertising material (often unwanted) when a user is online.

  5. two-factor (2FA) or multi-factor authentication (MFA): is an additional security layer for your business/life – helping to address the vulnerabilities of a standard password-only approach.

  6. anti-virus: software designed to detect and destroy computer viruses.

  7. spyware: software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

  8. interwebz: a global computer network providing a variety of information and communication facilities, consisting of interconnected networks using standardized communication protocols.(AKA internet)

  9. API: Application Programming Interface.(It makes life easier for a developer)

  10. taco: a Mexican dish consisting of a fried tortilla, typically folded, filled with various mixtures, such as seasoned meat, beans, lettuce, and tomatoes.

  11. pwned: (especially in video gaming) utterly defeat (an opponent or rival); completely get the better of.

  12. hacktivist: a computer hacker whose activity is aimed at promoting a social or political cause.

  13. VPN: is a technology that creates a safe and encrypted connection over a less secure network, such as the internet.

  14. ISP: is a company that provides customers with Internet access. Data may be transmitted using several technologies, including dial-up, DSL, cable modem, wireless or dedicated high-speed interconnects.

..first some background..

My goal for this post is not to express to you my favorite brand of antivirus software, although I may reference a few brand names throughout the post. My goal is simply to inform people of my methods in staying safe on the web. I and/or AppStakk LLC is in no way trying to shoulder the burden of web safety for you, and we do not take any responsibility for your web safety. That being said, I personally believe that if you follow the methods listed below you will be less likely to get hacked.

So why is this something I want to talk about? Well, it actually occurred to me early this year that my accounts may have a pending issue, when I discovered a website called: haveibeenpwned.com. I keep an email address solely for what I call "junk" mail and account making, I've done this for years. This keeps my important mail and "junk" mail separate. Anyway, I plugged my "junk" email account into the search box and hit go, and to my surprise I had 2 discrepancies. Essentially, this website goes out and queries the entered email account against released lists of compromised usernames for different companies out there. A good rule of thumb here is the more you put yourself out there, the more chances you have of getting "pwned". My advice is to do as I do and have an email account just for this kind of thing. For your social media, and random signups, use one account, and for online banking use another (banks make you do this anyway). Finding the issues with this "junk" account prompted me to take action! It forced me to rethink the way I am handling passwords and account authentication, especially now that certain accounts were tied to my new business. I'll get into this fully a bit later in this post.

One thing I always suggest when on this topic, is to place a filter between you and wherever you are on the web. So, here is a scenario to maybe help put some of this in perspective. Say you are just strolling down internet lane looking for a certain special toy for your 2 year old, that apparently she can't live without because the last one has been lost for like two months and she has literally asked for it every night since.(breathe) Now, let's just say that you can't find that toy at the toy store you purchased it from the first time, because well, it's shut down... *cough* Toys"R"Us *cough* ..So what do you do? You can't find the toy on amazon because apparently it's a very special toy that only exists in the darkest of realms of the internet, the dreaded unknown stretches of discountschoolsupply.com. I don't know this website- I really don't care to know it either, so I'm not taking any chances here! Nope, I'm way too paranoid for that, but lo and behold they accept PayPal. Look- I understand how purchasing APIs work and how to implement them, on a web page. They are specifically designed so that your information never actually touches a server for the host domain you are visiting, so currently "discountschoolsupply.com". Data goes straight to a third party API for your bank and everything is encrypted before it is all sent, so it's actually pretty safe, but that doesn't help ease my trust issues. So long story short, I pay using PayPal- PayPal initiates the buy from their accounts, my card is used by PayPal to make the purchase, none of my card info ever touches their server or is ever entered into their page. So in essence I win! This is what I mean by using a filter. PayPal is free to use, when buying! Use PayPal!!

 

..let's look at the statistics..

I'm pulling a bit of info from here, here, and here.

So by now you are probably saying to yourself, "Hey, I thought this was suppose to be a helpful post? Where are the meat and potatoes? I want to learn!" It's coming! Bear with me a bit longer, remember knowledge is power and everything I'm trying to express I feel will help you out in some way in the future. The more you know...

OK, so you have probably heard of the hacktivist group Anonymous by now. They may be the most well known(at the time of this writing) hacktivist group out there. Here is a timeline of their known hackings. These events include multi-billion dollar companies like Sony Corp and political figures such as Sarah Palin. If you remember it was the Anonymous group that shut Sony's PlayStation network down for 23 days back in 2011. 23 days is a good chunk of time, and for a gamer it's pretty much an eternity! I had to find a new hobby, and talk to people... ;) It was the worst!

According to some sources I found on the web:

  • There is a hack attack every 39 seconds, that affects one in three Americans each year.

  • Only 38 percent of global organizations claim they are prepared to handle a sophisticated cyber attack.

  • 95 percent of breached records came from three industries in 2016: Government, retail, and technology.

  • 43 percent of cyber attacks target small business. 64% of companies have experienced web-based attacks.  62% experienced phishing & social engineering attacks. 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks.

  • Over 75% of health care industry has been infected with malware over last year.

  • Google says hackers steal almost 250,000 web logins each week.

  • You have probably been hacked in some way, already.

While gearing up for this topic, in my research I found that it is believed that social media is a favored flavor by hackers. This shouldn't come as a total shocker to anyone, we've all gotten those weird messages on Facebook from our "friends", trying to get us to click on links. Do not click on ANYTHING in messenger from someone you don't talk to regularly! Don't do it! Be Paranoid.

 

so what do you do?

You defend yourself while out in the open wilds of the net, of course! I mean you wouldn't go out on safari without a guide and/or a gun, right? Ever seen The Ghost in the Darkness? OK, I'm not just saying get some free antivirus and keep it up to date religiously (I'm not saying don't do that btw, definitely do that too!), but your going to want to really watch where you login and what you consent to doing while you are out gallivanting on the web. Self-defense while on the interwebz can be a little trickier than just having freebie antivirus installed. Also, I'll just go ahead and throw it out there if you are downloading pirated software and music, then you shouldn't even be reading this cause nothing I am saying is going to help you anyway... Don't waste your time here.. Secondly, porn sites are also a really good place to contract lots of viruses and adware, so keep that in mind next time you.....

As far as installing software to help your chances, you can get plenty of super helpful software packages for personal use at no cost to you. Check out AVG and AVAST for all of your antiviral needs on your PC/MAC and Android Device. iOS devices actually do a pretty damn good job of protecting you from yourself, so you won't find antiviral solutions for iOS (here is a link talking about that). Either of these solutions will give you nice protection for free and offer an even more protected pay-for solution. Up next we have malware protection, this is huge protection against attackers! My choice in malware protection is MalwareBytes of course. They offer the same free and paid packages as their antivirus counterparts, and have a plethora of plans to choose from. Lastly and this is kind of a relic of the past that has been left behind, as the first solutions cover spyware as well, but Spybot - S&D is great free barrier against spyware and adware. Using this in conjunction with the above free products will surely fortify your web surfing experience. I'm sure you can find a few "what's the best...." lists on the internet with a quick Google of the subject (which I encourage you to do more research), but you can be confident in my opinion on this matter as I've used these software packages for over a decade and have been somewhat successful in thwarting off evil. Back in the day you would want to have an antivirus, spyware, and malware protection solution on your computer, but these days you could probably get by with just selecting one or the other. Even Spybot S&D offers antivirus now!

Turn windows Firewall on... If you have windows firewall turned off, there needs to be a good reason, otherwise turn it on. This is a pretty simple fix for windows and I googled a "how-to" on how to do it so I could link to it here. No reason to reinvent the wheel!

One last thing before we move on. VPN (virtual private network).. If you want to protect yourself from the evils of the internet this is the single most effective way to do it. Think of your VPN as a side street that only you know about. It will take you to the same place as the main street you usually take, but taking the side street is safer and very untraceable. It may be a little slower because of the reliance of an extra server array that gets mixed in, but in most cases you won't even notice. VPN will fully encrypt your data before it ever even gets to your ISP(internet service provider). Here is a great explanation, on what a VPN actually does for you. Plus, here is a link to a list of available VPN service providers, the list also includes some more information at the bottom. So check those links out if you are interested. Having a VPN is definitely not necessary, but if you want ultimate privacy this is what you use. I personally do not use one as of today, but I have been thinking about picking up a VPN service in the future.

DON'T use the same password..

If I could have double underscored the word "Don't" in the above subheading I would have, but it wasn't available. ;)

What I mean is don't use the same password for every account out there that you own. The idea behind this is very simple, not every website you login to uses the same security technology. Hell some websites may not be using any or your super-strong password could just be a non-hashed entry of characters into a database. You really need to think, "Do I trust these guys enough to give them my info?" Because, if they get hacked you just got hacked! Any hacker worth his/her salt can take info from a database and weed through the usable parts with an algorithm- in less than a minute. These attacks are usually automated and A.I. controlled. Your information can be stolen, sold to the highest bidder, and bought in a few milliseconds . Let that sink in before you put in your usual "pa$$w0rd#1".. Sure it may be considered strong, but if you use it everywhere... You're bound to get screwed sooner or later!

So now let's learn how we should live and die on the internet...

..time for some kung fu..

Welcome to Kyle's internet kung fu kick ass crash course on how to not suck!

Today we will be learning how to use 2FA with our Google account and totally encrypt every password we use. Follow the steps below, I link to the various walk-thrus that are already available.

  1. If you don't have a Gmail(Google) account you need to make one, do that here or sign in here. (for the remainder of this tutorial I will assume you have a Google account.)

  2. Also, if you are not using Google chrome you should definitely download it and start! Go here! Remember to set Google Chrome as your default Browser. Some of the next steps will only work for Google chrome.

  3. Make sure Google sync is enabled on all of your devices. Computer, phone, tablet, etc. Link is here.

  4. Next Go here and setup 2FA, (it will ask you to login again) for your account, it's pretty easy to setup, here is how it works to protect you.

  5. Step 5 after your 2FA is all setup I would highly suggest changing your Google password to something you have never used before. This should be a variety of letters, numbers, and symbols somewhere between 10 and 20 characters. I know the password length is unorthodox but, remember we are going to be locking every password down under this one password. Also remember to write down this one and only password until you can remember it. Don't save it in a file! If you need to keep a copy of this password on your phone take a picture of it written down on a piece of paper and keep that picture on your phone.

  6. Now that you have a new super-strong password and 2FA setup, you are ready for the lengthy part. Are you ready? You must go through all of your accounts and generate new hard passwords for everything. I would start with the important stuff first, and get the other accounts as you think of them. The latest Google chrome has this awesome feature that will auto-generate strong randomized passwords for you and will save it in your Google chrome password list for you. Here is how to use it.

To expand a little on step 6, any place where you enter your password into Chrome will now have this sweet little option in the context menu (right-click menu) called "Generate Password". Select that and you will then be prompted to allow Chrome to save passwords. This option will sometimes make it self available without having to perform the right click, and that's OK to. So if you don't see Chrome prompting you that it can generate a password for you. Try the right click "generate password" technique and that should get you there.

Also, when you go to the various profile pages to make the update to your current password, it's worth noting that the password change option is found in your account/profile settings, usually under Sign-In settings or security. They are all kinda different in how their security settings flow, but they are similar enough that you should be able to get the hang of it after two or three account updates.

If you want to see your set passwords you can always take a look at them by clicking on your chrome profile picture(top-right of browser window next to menu dots) and selecting "passwords" you can see them on your phone to from the chrome browser. To view the passwords in the password list you will be asked for your Google account password. So just keep in mind that you will need to at least memorize that password.

This not only locks down all of your passwords with Google encryption, but you get the conveniences of easily logging in to any of your accounts, and having different randomized tough passwords for everything you sign up for!

in closing..

My goal for this post is not to express to you my favorite brand of antivirus software, although I may reference a few brand names throughout the post. My goal is simply to inform people of my methods in staying safe on the web. I and/or AppStakk LLC is in no way trying to shoulder the burden of web safety for you, and we do not take any responsibility for your web safety. That being said, I personally believe that if you follow the methods listed above you will be less likely to get hacked.

If you enjoyed this post, be sure to follow us on Facebook as there will be more to come!

Questions? Shoot me an email or a message on Facebook or Twitter, and I'll do my best to help you out!

All of our social media and email links are at the bottom of this blog post, in the page footer.