If you own a computer or other similar device and use it privately or professionally, then you run the risk of hackers or other virus programmers gaining access to the computer or it being infected with all kinds of malware and, in the worst case, used for criminal acts. Although computer viruses have always existed. However, unlike in the past, when you could "merely" log on to a computer or other similar device, this is no longer the case If you were annoyed by the fact that your system had to be reinstalled because of a virus attack, the potential danger from viruses, malware, Trojans or other malicious software has taken on a whole new dimension.
Technical advances in hardware and software, as well as the use of the Internet with devices, have created new possibilities for users that certainly simplify life, but which in turn have created new potential dangers.
Again and again it is reported that passwords and credit card data have been stolen and misused, that whole networks of large companies have been hacked and private data of customers have been stolen, that money has been debited from bank accounts or even transfers have been made that cannot be easily reversed and some other things more. The methods are becoming more and more sophisticated and the dangers must at least be minimized with the appropriate means.
Types of misuse of technology
IT, computer and mobile technology now present an opportunity for abuse in many areas, and the potential for abuse is increasing rather than decreasing as technology continues to evolve. Yet many people underestimate the dangers. One weighs z.B. in safety, just because you have installed an antivirus program. An antivirus program is certainly useful and necessary. But this alone can no longer be relied upon. Rather, one must both take technical precautions throughout the technology chain and behave personally in a way that minimizes the dangers. Above all, one must become aware of what technology can be misused for. Some examples:
- Spying out the PIN of a bank card: Even if you don’t own a computer, smartphone or other device, you’re not protected from having your bank card PIN detected. Examples have already been shown of how a simple smartphone, which had an integrated thermal imaging camera, could be used to spy out PIN’s when paying with a bank card. Due to the transfer of finger heat to the used keys, they showed clear color differences on the thermal imaging camera compared to the unused keys. Since the transferred heat evaporated after a few seconds and the colors gradually returned to normal, it was even possible to track the sequence of key use. Someone could easily record the process with a camera. In the future, this would not even require a smartphone, but rather a pair of data glasses (smart glass) and the PIN could be spied out quite easily by strangers. Only the bank card would be missing.
- Using the email account to spam: The spammers have the problem that their e-mail accounts are known rather quickly and are automatically blocked by many servers. Therefore, they try to gain access to other people’s e-mail accounts in order to be able to send spam e-mails from there. Especially if you host a website and z.B. If you have set up an e-mail address, you should pay more attention to this point. Access to a single email address is enough for spammers to send hundreds of thousands of emails in a short period of time.
- Using the email account for other purposes: On the Internet, communication with many providers is done via e-mails. In case someone has obtained the password for the email account, this person can commit fraud in many ways, z.B. reset other passwords at online services and banks and misuse them, offer goods in auction houses or order them in online stores, sell illegal products and much more.
- Redirecting to a fake website: A very lucrative and therefore popular trick. Visitors become z.B. redirected to a deceptively genuine-looking, but fake website of an online bank in order to obtain sensitive data such as PIN and TAN. Such websites are often called phishing sites. On the fake website, unsuspecting visitors enter their PIN to log in and are then redirected to another fake website. Finally, they need a TAN with which a transfer can be made. A message is often displayed to the effect that a TAN must be entered for some reason, e.g.B. "Your account is locked for security reasons, please enter a valid TAN to unlock it". If you are not careful now and actually enter a valid TAN, you might end up with e.g.B. with a message of the type "Your account has been successfully activated. Please log in again." redirected to the bank’s real website to maintain the appearance of normality. You can then successfully log in there and it appears that nothing special has happened. In reality, however, strangers have just obtained the PIN and a TAN with which a transfer can be made.
- Compromising websites and online stores: Also very popular is compromising websites and online stores. Are z.B. If a spammer gets hold of the FTP access data of a website, he can use the server’s own e-mail service to send spam e-mails. They can use .htaccess file redirects all visitors to a contaminated website and thus spreads its malicious software further. A very mean trick is often used with hacked online stores. They leave the online store as it is and change almost nothing, except for the payment page, where the customer’s input is read in order to get the account and credit card data of the visitors. The store operators do not notice anything at first, because the online store itself does not show any abnormalities. Not until late, when z.B. If you do not receive any orders for several days, you will notice that something is wrong.
These are just a few examples, and the list could be continued indefinitely. Creativity knows no bounds and new gaps, methods and approaches are constantly being made public. It is also important to remember that the vulnerability does not necessarily have to be on one’s own computer, but can also be within the IT environment of providers whose hardware, software or other services one uses on the Internet or offline.
Causes for the misuse of technical systems
With such mischief that can be caused, users often wonder how something like this can actually happen. There is a wide range of possibilities, which can be categorized primarily into the following three areas. These are:
- Social hacking (human factor)
- Malware (malicious software)
- Exploits (exploitation of technical gaps)
Social hacking is about exploiting ignorance, trustworthiness, psyche, behavior, etc. by people or. to certain methods, so that people are persuaded to certain actions. As a result, certain individuals could get z.B. gain unauthorized access to their computers in a simple way. For example, easy to guess passwords, careless disclosure of sensitive data, rash and hasty actions in supposed emergency situations, etc. fall into this category. into the area of social hacking.
In many cases, hackers use so-called malicious software, also called malware. This includes various types of programs that are programmed and distributed specifically for the purpose of causing all kinds of mischief on other people’s systems.B. Reading passwords, destroying systems, etc.
Even ordinary programs contain security vulnerabilities that can be exploited by knowledgeable people. The exploitation of such technical vulnerabilities is also called exploits. These are usually at least not publicly known, otherwise the manufacturers of the programs would normally close them as quickly as possible and provide updates for the programs. However, if a vulnerability has only been discovered by a hacker, the hacker can easily exploit the hole without the user or. the manufacturer notices something.
Measures to minimize the risk of misuse
There is no 100% protection against misuse. Nevertheless, you can do a lot to at least minimize the dangers. This includes the following things in particular:
- Pay attention to computer security
- Inform yourself in the field of computer security
- Plan and implement security measures
- Follow the developments
- Behave in a safety-conscious manner
First of all, it is important to pay attention to the area of computer security. Only if you are aware that hazards exist in many areas and you are sensitized to them, you can also actively work on measures to reduce the hazard potential.
A very important point is to inform yourself as much as possible in the field of computer security. This concerns both knowledge of how hackers work and knowledge of how and what defensive measures to take. The more knowledge you have, the better you are able to recognize and close security gaps.
Once you have learned as much as possible about dangers and security measures, the actual planning and implementation comes, in order to secure the systems used as much as possible. Here, one should proceed very thoroughly and pay attention to the entire chain of systems in use. Because, a chain is only as strong as the weakest link. Pay attention to z.B. not doing one point, it can already make the rest of the measures ineffective.
If all systems are secured as far as possible, it is still necessary to continue monitoring developments. For example, new vulnerabilities in programs or operating systems are constantly announced, for which there are usually updates that need to be applied.
Otherwise, it is important to be security-conscious in order to avoid becoming a victim of social hacking. All of these points help to significantly increase security on deployed systems. It requires some effort, but it is worth it. In case of damage, the effort and the costs would possibly be much higher.