Talk Talk, Experian and Ashley Madison are high profile victimsÂ of cyber crime but the hackers target individuals directly too. Â One majorÂ area of vulnerability isÂ the reliance for security on a simple collection of letters, numbers and symbols: the password.
Those in the know use the phrase “password cracking” to describe the penetration of a computer, network or system to unlock a resource that has been locked with a password. People using password cracking are sometimesÂ defined as being in one of two groups, hackers or attackers.
A hacker is any person with an inherent interest in computer technology. Hackers are not necessarily someone who wants to do harm, just someone who wants to â€˜beat a systemâ€™. Â They have been know to gain access to a website simply to post a picture of a cat but in gaining access they may damage an individual or organisation by, for instance, making confidential data visible.
Attackers , on the other hand, gain access toÂ cause damage. Motivations for Attackers can range from disgruntled employees trying to get revenge on a former company, a student simply trying to exploit large organisations with their computer systems, or simply a criminal attempt to gain financially by accessing confidential data or through blackmail.
Whether they are hackers or attackers the initial attention is on finding a vulnerability in the computer system they are targetting, corporate or domestic. And the most vulnerable point is the password.
There are many ways of attacking a networkÂ including:
1. Â Bin, (or dumpster), diving â€“ literally going through the rubbish to find possible information that could be a password.
2. Finding a Post-It note on a monitor or underneath a keyboard.
3. Looking at Social Media profiles for details like birth dates, schools, children’s names that are often used in log-in processes.
4. Contacting anÂ IT or customer service department, using relevant facts gained from the above, to fool staff in to providing extra details or password resets.
5. DirectÂ contact via email or phone asking people for details or getting them to log-on to a site (a dummy site) which means they expose their details.
6. A “dictionary attack” where a dictionary file of common words is loaded into a password cracking application, such as PRTK or LC4. The applications then attempt multiple logins at very high speed exploiting the fact thatÂ most common passwords are simplistic.
7. A “hybrid attack”combining the dictionary attack with the use of numbers to simulate common password set-up.
8. A “brute force attack”, which abandons the subtlety of the dictionary to target a massive number of short password.
1.Shred office paper waste and consider doing the same for official documents, receipts etc. at home.
2. Check that passwords or ancillary information is not displayed anywhere.
3. Change passwords frequently. Â At work change passwords when employees leave.
4. Use difficult to guess passwords – At least 8 characters including numbers, symbols, uppercase and lowercase characters.
5. Consider usingÂ free password generator software such as LastPass.
6. Don’t use the same password for more multiple accounts.
7. Enable two step verification where offered on websites.
8. BeÂ aware that there are people out there who wantÂ yourÂ passwords and never give details away to callers, email contacts or on social media sites…ever.
9. UseÂ dummy accounts rather than administrator accounts for computer systems and websites.
Disklabs has an experienced team of consultants who can advise you on improving your digital security. Â We also run one of the UK’s leading digital forensics laboratories that can help you track down the perpetrators of malicious password attacks and bring them to justice.
Call us today on +44(0)1827 50000 or use ourÂ contact formÂ to discuss your digital security requirements.
Disklabs -Â Experts in the extraction and analysis of mobile phone data