Welcome to the second installment of Surf Securely, a multi-part security guide created by Canary. We developed this guide because when it comes to protecting yourself, it’s easier for most people to pinpoint physical risks than digital ones.
We’re happy to share our experience and insight about how best to keep yourself safe online and avoid some common digital pitfalls. The first step in protecting your accounts is to understand common techniques used by hackers and people who want to exploit your private information.
In our first installment, we shared our tips and tricks for safer passwords. Today, we’ll continue with how hackers can control your computer.
Why hackers want to control your computer
There are many different reasons a criminal might want to take control of your computer. Depending on who the hacker is and what their motivations are, these reasons may include:
- Theft of your banking (and other private) information.
- Profiting off of sending spam to people on your contact list.
- Digital extortion, a fast growing threat in which hackers take over your computer and offer to release control for a fee.
- Forcing your computer to visit a particular website repeatedly to increase that site’s advertising revenue.
- Using your computer to attack another computer/website. These are commonly called distributed denial of service (DDoS) attacks.
To keep hackers out, it’s important to understand some common methods they use to gain access to and control computers.
Malware: How hackers gain access
Malware (or malicious software) is software developed for the sole purpose of gaining unauthorized access to computer systems. While there are many different kinds of malware, these are three of the most prolific variations:
- A virus is a program that corrupts files, accesses private data, sends spam, or executes a variety of other fraudulent actions. Viruses are self-replicating, meaning that a single virus will insert copies of itself into other programs and files, enabling it to inflict more damage and spread to other computers when infected files are shared.
- A trojan horse is a program or app that seems to be safe, but secretly creates a backdoor to give hackers remote access to the compromised machine or account.
- A worm is similar to a virus except that it does not need to be attached to a program or file to spread to other computers. Viruses require human interaction to spread—i.e. installing a program or sharing it with others—but worms spread by exploiting vulnerabilities in operating systems and networks. A worm can harm a computer much like a virus can, and its ability to travel across networks can utilize enough bandwidth and system memory to slow down or even crash individual computers and servers.
How to protect yourself from malware
- Download responsibly: Computer viruses are most commonly spread through files downloaded by the user, so you should always think twice before clicking the “Download” button. Don’t download files from unfamiliar websites and don’t open email attachments that appear suspicious or were sent by a stranger. Before installing a new app or program, look up user reviews of the software to determine if it’s safe to download or not. Reviews may be listed on the site you’re downloading from, but you can usually find reviews easily by searching “[program name] review” on Google.
- Beware of peer-to-peer file sharing: File sharing services can act like virtual breeding grounds for malicious software. Many times, it’s impossible for a user to verify the authenticity of the file they’re downloading before opening it. In the early 2000s, peer-to-peer file sharing sites like Napster facilitated the spread of countless viruses, worms and trojans; today, torrents are the preferred file sharing method. Regardless of the legal issues surrounding file sharing, we recommend you exercise caution when downloading files from unauthorized sites that offer free versions of paid apps, media, or software. Obtaining a file through legitimate channels may take more work and cost more, but it’s typically less risky.
- Consider antivirus software: If you’ve had issues with viruses in the past, antivirus software can offer an added level of protection against malware. While PCs are sometimes said to be more susceptible to viruses than Macs, it is also important for Apple users to know that they’re not immune to malware. Regardless of your operating system, antivirus software can provide a good safety net.
Secretly tracking your activity
Hackers can also gain tons of information about you by tracking your online activity without your knowledge. A few of the ways they do this include:
- Keystroke logging: Keyloggers are a type of malware that secretly records every key pushed on a keyboard. Every password typed, email sent, and search query entered on the infected computer can be recorded and seen by the criminals.
- Packet sniffing: Data is transmitted between computers and servers in tiny little chunks, called packets. To put this in context, think of a conversation you’d have with a friend. The conversation is made up of sentences, which are made up of words, which are made up of individual syllables. You can think of each syllable as a packet. When all of these “packets” reach the ear of the listener, our brains convert these sounds into meaningful information. Similarly, when digital packets reach the end-user’s computer, they are then reassembled into a complete website, file, or string of text. Different types of hardware and software can be used to monitor the packets being transmitted on a network. By piecing together different unencrypted packets, a hacker could observe what a user is doing online, what passwords they’re submitting, what websites they’re visiting, and more. If the data that’s being transmitted is encrypted, it is much more difficult (if not impossible) to do this.
How to protect yourself from activity tracking
Keystroke loggers are typically distributed through a trojan horse or a virus. As with the malware recommendations mentioned earlier, you should only download files from reputable websites and consider installing antivirus software.
The best defense against packet sniffing is making packets unreadable through encryption. An easy way to do this is by using HTTPS whenever you can; it’s the secure version of the protocol used to transfer website info across the Internet. Packets sent through plain old HTTP can be pieced back together to reveal personal information you’ve submitted, like passwords or credit card numbers. HTTPS encrypts these packets, meaning your data stays safe and secure.
You can easily integrate this into your daily habits by adding HTTPS Everywhere to your browser. The free plugin for Firefox and Chrome automatically uses HTTPS on many major websites.
Bringing it all together
Hackers may try to install malware on your device to steal your money, exploit your data, or learn private information. By staying aware of threats, being skeptical about peer-to-peer sharing, using antivirus software (and HTTPS whenever possible), and downloading responsibly, you give yourself a much better chance of outwitting criminals who want to control your computer.
Have any tips for keeping your devices safe and under your control? Share them in the comments!