Submitted by Evan Jaksha
How often has your computer been compromised, breached by a cyber-criminal hacker ruining your files simply because the hacker enjoyed the grief it caused you or a cybercriminal hacker was using ransomware to criminally make money from you? When such hacking occurs, most everyone screams at their computers using a plethora of very colorful words! Compromising your computer is an invasion into your world, your cyber-home.
Breaking into your cyber-home, much like breaking into your home, a criminal does not always have to overtly and kinetically pick a lock, kick in a door, break a window or scale the wall to your upstairs balcony sliding door. A criminal can simply and passively pose as a Mail Delivery person to see who’s home, your home’s lay-out, using a telephone call to access your voice pattern, using a device to read your garage door opener electronic codes, maybe using a credit card reader as they walk past you, or even at a coffee shop little do you know, the person across from you may be that criminal trying to access your WiFi connection.
Electronics are a modern day blessing but also a modern day bane when the criminal aspect takes advantage of the same. Like a home, there are many ways to breach, break into your personal computers, your cyber-home.
As with a criminal who breaks into our home, there are approaches that can be taken to protect our home. The same can be true when it comes to our computers. To understand how best to protect your computer, it is best to first understand how a cybercriminal can break in. There are several ways to break into your computer without you knowingly participating in the criminal act.
An essence of fishing is to trick a fish into biting into some bait or lure with a hidden hook. Once the fish bites, the hook catches the fish and soon the fish becomes a meal. Casting out that fishing lure, the fisherman is casting out “hope.” Hope that they are smarter than the fish, hope that the fish will bite, so the cyber-criminal does the same.
When the cyber-criminal casts their cyber-lure out into the computer community that everyone is participating in, they are in essence “fishing.” This cyber-fishing is known as Phishing, but ironically is also pronounced “fishing.” Typically, the cyber-criminal will phish with many types of lures just like a real-life fisherman. There can be the lures of money, marriage/sex, emergency help or “tag lines” making a user want to open an email or pop-up window.
The object of a cyber-criminal phishing scam is often to:
- Steal usernames and passwords.
- Use your personal information to get new accounts, Personal Identification Numbers (PINs) to request more credit cards making online purchases at your expense. Basically creating an alias as an authorized credit user.
- Steal your money while in your name opening additional credit cards or requesting cash advances.
- Abuse your Social Security identity.
- Sell your information to other cyber-criminals for additional criminal purposes.
In 2003 in one cyber-criminal scam, there was an eBay email claiming that a user’s account was about to be suspended. The cyber-criminal, sounding like eBay, told the user it was important that they click the provided link to update their credit card information. It was relatively simple to create this look-alike website link by mirroring the HTML code, where this cyber-criminal then tricked the user to update their account information, thereby passively giving up their account information to the cyber-criminal.
Your email address and other contact information, like your address, telephone number and other essential information, is readily available to the reputable business cyber-community where businesses can buy such information to promote their product or service. Unfortunately, such information is also available to the cyber-criminal; but the cyber-criminal does not want to sell to you, rather steal from you.
Once a cyber-criminal has your initial contact information, they become that fisherman. They cast their cyber-lures into your cyber-waters where they believe they will attract you to “bite.” Two very common cyber-lures to contact you are through your email address and pop-up windows. Email contacts make you feel “important” because someone took the time to contact “you,” so you open the email and they hope you act on it. A pop-up window is exactly as it states, it is a small window of information that “pops up” when you are working on something else. The window is attractively personalized to attract you to open it.
Email contact techniques use enticing “questioning tag lines” begging you to open them. Things like “Hi, sorry I missed your last email,” “Was that you or Cindy that emailed me?,” “Are you still interested in that money from Frank?”…the cyber-criminal options are endless. Below are several popular cyber-criminal emails to watch out for.
It is not uncommon to get an email from a foreign country telling you that they have millions of dollars tied up in a bank due to an unfortunate country/bank dispute where they simply need money so their attorney can secure the money back for them. With your kind investment help, usually thousands of dollars, they will reward you with a tenfold return on your “investment.” Unfortunately, if you send them money and/or give them access to a bank account for money transfer, you will lose everything, even your pride.
Another cyber-criminal scam is the approach of appealing to one of the most basic mankind lures of marriage/sex proposals. The cyber-criminal asks for money so they can afford to fly from their country to the user’s country. By sending them money, the user is proving their “love” so they can leave their country to be completely devoted to their new partner. Sending money delivers nothing more than additional sadness, loneliness and shame. The sad thing is that this phishing cyber-criminal is probably sitting in a nice over-seas home drinking a soda laughing all the way to their bank.
Then there is the “Emergency” email phishing technique that is often very successful appealing to those wanting to help anyone in trouble. It goes something like this….”Can you help? I am stuck in the XYZ country where my passport and money was recently stolen. I need some help to get just enough money to get a new passport at my embassy and enough for a plane trip home to my family. I’m scared. Anything you can help me with is really appreciated.” This email then tells you how to get your money to them.
Should any of the above not work, some cyber-criminals will phish using the “religious” appeal. Here, a religious computer user opens an email where the cyber-criminal is appealing for their church charity in their foreign country. The advice here is not to bite on this trap but rather give to your local church/charity where you know where your money is going.
Then there are the “pop-ups.” A professional pop-up window shows up in the middle of your screen. The fact that it is right there begs you to read it. Often it asks you to press the link so you can take advantage of a new company stock investment, an incredible product or again, an emotional appeal for help. You are a smart user so you do not open a suspicious pop-up, but rather X-out on the top corner of the pop-up window. After continual X-outs, it does not go away.
This is a problem because some cyber-criminals are getting smart enough to use this X-out as “permission” to access into your computer without you knowing it. Then there are the times the window does not go away when you X-out so in a frustration you open it to see where and how to get rid of it. Again, the cyber-criminal has probably started the process of accessing your computer. When pop-ups like this show up, it is often safer to re-boot your system.
Not surprisingly these cyber-criminal phishing techniques do not come from many different cyber-criminals but rather the same cyber-criminal. Much like a good fisherman who will often change bait/lures to attract different fish, the cybercriminal will change their cyber-bait, too. More often than not, thousands if not millions of these cyber-phishing emails and windows are sent out much like that fisherman casting many lines hoping a fish will bite.
There is a relatively new cyber-criminal “phishing” technique to get into your computer that leads to you sending money and/or opening your bank account to these cyber criminals. Remember, even though an initial money appeal will drive a cyber-criminal, they often will try to access your private, confidential information for larger financial gains.
Yes, getting access to your bank account is high on their criminal goal but following close behind are social security numbers, confidential/HIPAA protected medical information, addresses with family assets, and court/legal records also have great value. Upon accessing this information, a cyber-criminal will then sell your personal information on the criminal marketplace just like apples are sold at your grocery store. Before long, some cyber-criminals hold such information as “ransom” just like a kidnapping victim.
The cyber-criminal demands will be to pay the ransom and the kidnapper releases your personal information back to you. Often the ransom pay-off is in cyber-currency known as Bit coins that are hard to trace. Should the ransom not be paid, then your hard-to-replace personal information is not given back or it is released into the general computer community for all to see. It could be embarrassing information, or if this information is client/patient protecting information then there could be personal liability for not properly protecting their personal information. Often times, these ransom-scams are paid because the information held is less than the personal, legal or monetary consequences.
How do we protect ourselves from these cyber-criminals? Remember, cyber-criminals often mask themselves as legitimate companies making their messages appear genuine by making their sites look much like the real thing. It is often hard to see through the difference between a real site and a criminal site. Therefore, it is important to be aware and recognize potential cyber-criminal intent when the following is requested:
- Confidential information requests through an email or instant message.
- Emotional language scare tactics with urgent user requests.
- Lack of personal customized information within the email. A legitimate business email will often give partial account numbers, user names or passwords.
- URLs that are misspelled or the use of multiple sub-domains.
- Additional link requests within the initial email message.
Such information requests should quickly raise many cyber “red flags” of potential danger ahead saving you enormous money and information compromises.
All said, it is not uncommon for many to passively think about cyber security compromises only related to the military or large businesses, but doing so can often lead to your cyber-demise. Even though cyber-criminal compromises are what you read in the news, there is still plenty of room for smaller-scale cyber-criminal activity on your “individual” computer. The cyber-criminal military and large business activities are often very sophisticated using forgone government assets and systems. They are not as interested in the smaller “individual” accounts but rather huge systems. In an effort to combat cyber-criminal activities, countries with large financial and cyberfighting capabilities are actively involved in counter measures to slow cyber-criminals. Cyber-counter measure operations with like-minded countries use several techniques to slow or stop these cyber-criminal activities:
- Tracing a cyber-criminal activity for arrest and prosecution.
- Reverse cyber-warfare technology infiltrating the cyber- criminal’s computer system and then using the information gained for additional cyber-warfare.
- Stopping certain computer technologies from getting sold to cyber-criminals.
- Selling “contaminated” computer technology to known cyber-criminals so as to better infiltrate or stop their criminal activity.
- Lastly, seizing cyber-criminal monetary assets.
Regardless of the larger cyber-criminal activities, your individual computer account is still valuable and profitable to the smaller cyber-criminal element so you must be ever- vigilant. Do not be the ostrich with its head in the ground as if cyber-criminals will not affect you.
What is available to you, the personal “individual” computer user, to fight cybercriminals? This is difficult because should an inexperienced, but angry, individual user attempt their own cyber-counter, they may very well fall into a cyber-criminal trap because this is what the criminals do every day. Basically, like a venomous snake, a cybercriminal has a greater chance of biting you than you do in catching them on your personal computer level, so just stay away if you can.
In today’s terrorist world, you are told “Hear something, say something. See something, say something”… being personally vigilant is today’s physical and cyber “standard.” When we hear or see something suspicious, do something pro-active. When you see something suspicious in your cyber-world, again be pro-active. Everything from telling family and friends about what you have just experienced on your computer to sharing the same on known computer forums.
Someday there will probably be a smart, enterprising cyber-savvy business person who may see a cyber “opportunity.” Much like our homes can have alarm systems and private detectives can be hired in personal matters, new cyber-detective companies may open to be hired by private individuals to prosecute retaliatory cyber-warfare against cyber-criminals that continually attempt to compromise their personal systems.
Also, academically educating ourselves, our families, our children in cyber-technology and cyber-security will ensure the best response to the future cyber-criminals. This will help everyone to better avoid becoming a victim of a cyber crime. Remember, “Cyber” is a five-letter word so being cyber-aware will help keep everyone from turning it into a four-letter word.
Evan Jaksha
Senior, Cathedral Catholic High School
I am interested in Computer Technology hoping to do college degree studies in cybersecurity, cyber-warfare and cyber-counter measures. My father is in the Navy serving at the Naval Amphibious Base, Coronado.