(Video) Why is a hacker targeting me – I have nothing worth stealing?

Today I’d like to talk about why hackers are targeting me, or you, or us.

We often hear, “I have nothing worth stealing.” And in a number of cases, you might be correct. But 99.9999% of the population in the world who are in the digital world have something worth stealing.

It’s not what you haven’t done that makes you a target of hackers. But there are a couple of things that will amplify the reason why you’ve been attacked.

  • One of them is you have no antivirus, or you’ve got a very not useful antivirus that is not doing its job. Might be a free one, out of date, anything you can think of. But you haven’t got an antivirus that is working.
  • You’ve not been updating. Updating is a really important part of making sure that you don’t get a virus, don’t get infected with malware.
  • You’ve been visiting the wrong websites. Now the wrong websites can be anything, any site that you want to visit. But if that site is infected, then it’s definitely the wrong site that you’re going to.
  • And you might have opened an email that you shouldn’t have. And the bad guys, or the hackers are very good at making sure that we open up emails that they have sent us. But that’s just a few of the ways how they infect us.
  • For normal users, the internet, you are a target because you’re a normal user of the internet.

So why are you a target?

For one, you have a number of things that they want. They want your personal identification information. So this is your tax file number, or your social security number, or your driver’s license number. Because once they have that information they can do a lot of damage.

They also are after your cash because what they consider really important is not only your cash, but your access to money as well. But one of the things that people don’t realize that they’re after is they’re after your technology. They’re after your laptop. They’re after your iPhone. They’re after your tablet. And once they have access to that, they can do a lot of damage.

So how are you a target?

Well, in a number of ways. The sophisticated hacker is very, very intelligent. They’re no longer the snotty nosed kid that used to hard in the dark and only think in computer talk.

They are sophisticated to a level where they can carry on a conversation over email or Facebook. So there’s a lot of building of trust so that you, not really understanding what they’re doing, are going to trust them and do things that you would not normally do.

They might send you an email through LinkedIn with an attachment. Now, it’s something that you would not expect. But because you’ve been talking to them on LinkedIn, Facebook, or Twitter, you’ve built up that trust.

It’s only human nature to trust people. That way, we give people the benefit of the doubt before we take that next step.

We’ve been conditioned over the last 20 years to click on things. If I put my grandson and my mother in the same room, and they’re both looking at a computer, grandson 6, mother is 86, and they’re using the computer, and they go somewhere that comes up with a warning, 6-year old will quite happily go straight through. But so will the 86 year old. Because we’ve been conditioned to click on links.

And we’re quite happy to ignore all of the warnings, because those computers come from a computer, and I’m not going to take warnings from a computer. Computer doesn’t know what it’s talking about, does it?

Those are some of the attitudes that mean we’re going to get infected. And because we are quite happy to click on everything in sight, that allows them to gain access and be targeted.

So what do we do about it? How do they affect you? This is a really good important point. How do the bad guys get you to do things that you would never do in normal life? Well, one is their old favorite, they have a main delivery system called email.

Now most of us have an email account if we’ve got a smart device or a laptop or a computer. It’s probably what we do the most. And that will quite happily deliver to us through phishing an email that will say you’ve won the lottery. You have a password at the local post office.

He may want your information. On top of that we go to the next level. A spear phishing email is an email that is specifically targeted to you. And if they specifically target it to you then they already have all the information about you and what might make you click, and what might make you tick. In such a way that they will quite happily say you’re the SQL administrator. We’ve got an SQL conference coming up. And we want you to talk. But to talk, you need to click on this link and fill in the information. Bam! Gotcha.

They can install a Trojan, or a remote access Trojan. Now a remote access Trojan allows them access to your computer. And again, going back to having that key logger on your system. Quite happily accesses all the information that you type on the keyboard.

They are quite happy if you get a worm, which is also delivered via spam. But it’s more delivered across networks, so they infect applications on a network.

You can get an infection from adware. Now adware is when you got a website, and it says do you want to change your browser to where we are, or what we are looking at now? Well the moment you do that, every time you open your browser it shows you all this crap that you have nothing in common with.

And the last one is ransom ware. Now ransom ware is where recently it was because the information that people were emailing around, they were quite happy to go you have a parcel, that parcel post, we’re quite happy to tell you where it is and what it’s doing.

Click on that link. Yes, I will agree to install this, whatever application it is. And Bang! Everything on your computer is now encrypted.

But the other way you can get infected is through websites. And infected through websites is not as hard as people think. You can go to an infected website, and it happens through Facebook, LinkedIn, and Twitter. This is something you need to look at. So you go there, and it comes up and goes, oh look. You can’t see the video.

But if this video is really important to you, then you need to install this. People install it. Bingo, gotcha.

And the last one they use is via USB, CDs, and DVDs. There was a ploy a couple of years ago in Las Vegas where cybercriminals wanted to get into casinos. So they threw lots and lots of infected USBs around car parks, in the streets shopping centers, all that sort of stuff, thinking that eventually one would get onto a computer.

They probably sent out 1000s of these things. They only needed 1 to be installed in the right place at the right time.

Going back to the websites, Google and Bing and Yahoo are scanning websites all the time for malware. And they will remove them from search. The reason why they do that is they don’t want you to go to those sites because it creates lots of trouble for them.

But if you’ve been told to go directly to a website, or you click on a link that goes directly to a website, then the fact that it’s not on Google, Bing, or Yahoo is not going to save you.

So what do you do? How do you protect yourself? For one, install an antivirus on all systems. Any sort of antivirus as long as it is reputable. Reputable means that you may need to pay money for it, or if not, why don’t you install like [indiscernible 0:11:08].

You need to patch, update, and upgrade everything that you use, your technology, all the time, when it asks you to upgrade. When Microsoft comes up and says, update Wednesday, and you have 92 updates, click the install, walk away, make a cup of coffee, and you can be finished when you need to.

One of the things that people don’t realize, and if you get infected by a virus, you’re going to lose a lot of information. So you need to do a regular back up. That regular back up is really critical. Doesn’t matter whether you back up your tablet and you drop it and it’s now broken, you may not be able to get the information off there.

But if you’ve got a backup that’s plugged into something, on a USB stick or anything, you have a good chance of being able to get all that information back, especially if you take photos or have your contacts or your email.

One other thing that we really harp on about is being paranoid. Paranoia is really good for you. Because on the internet everybody is after you, so you’re not really paranoid. You’re just being very, very careful.

The last one that we also recommend is to use common sense. If it’s free, it’s not. It’s going to do something you don’t want. If it’s pirated, it could be infected. If it’s infected, it’s going to infect your computer.

All of that information is something that you really need to put in the front of your brain when you’re using the digital world.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.