Monday, 15 April 2013

Hackers & how they exploit 'the seven deadly sins'

By Julian Arias Beltran

Prof Alan Woodward of University of Surrey (Department of Computing) wrote an interesting intake into the world of hacking and how regular people fall victims through the ‘seven deadly sins’.

He outlines how hackers take advantage of the basic human instincts to catch their victims. The seven deadly sins are Apathy, Curiosity, Gullibility, Courtesy, Greed, Diffidence and Thoughtlessness. So how do hackers take advantage of all our guilty sins?


Our lack of interest, enthusiasm, or concern. How? Many of us believe that others have secured our internet or computer which leads to a lack of awareness. Alan Woodward shows an excellent example of this with Hotel room safes. We often keep our more valuable possessions there entrusting the security of the Hotel. But what most of us do not realise is that almost all safes have manufacturer override codes. Next time you’re in a Hotel check to see if the override code is 0000 or 1234… it nearly always is.


Curiosity is a common value we all share. It’s what pushes us forward, but it can also be what pushes us back. Criminals are known to take advantage of this trait and the same goes for hackers. Just like we act when we see a door open and feel the need to know where it leads; the same goes for links in the online world. Hackers use persuasive and interesting messaging to make you want to open a link.


We often make fun of those who are gullible, but we all know we suffer from this sin. “Put a uniform on someone and we assume they have authority” as Alan Woodward said, which couldn’t be more true. He goes on to add that giving an email an official appearance with the correct logos and the correct email address, people instinctually assume it’s real. I saw this example a few months ago almost fell for it myself. I was selling a DSLR camera on Gumtree and I received an email from paypal saying that a person from Africa purchased the item and even paid an extra £60 for the postage. I was convinced… even the email said But I was not prepared to send the camera to Africa, so I contacted Paypal and they had no idea what I was talking about.


Just because someone is being polite does not mean you should believe them. And this is especially true in the online world. We've all heard it… scammers calling our phones saying they are the bank and that they require further information of our details. Even if they sound legitimate, remember that you can always call back to double check.


This is one of those deadly sins and as much as we all don’t want to admit it, we all go through moments of even a little greed. As hundreds before me put it, nothing in life is free. Although a lot of what is in the internet looks like an open and free resource, almost everything you download comes with something extra, whether that’s cookies, trackers or viruses. As Alex rightly says, “if you're not the paying customer, you're very likely to be the product.”


Asking for ID is not something we ever feel comfortable with. But it has become even more important now with the online world. This is because it is now easier than ever to disguise yourself as someone else. If someone calls or emails you asking for sensitive information, ensure they prove their identity. One of the big scams mentioned in the article is someone calling around the company asking if anyone is in need of IT assistance. Once a target is found, they call from ‘IT support’ asking for their password in order to fix the supposed problem.


The internet has become such a simple source that we often find ourselves mindlessly clicking through links. But one thing many do not realise is that links in HTML coding can easily mask their true face. While it could say it links to an official site, behind the masking and HTML coding it could lead to something more sinister. Next time you see a link, try hovering over it. At the bottom left of your browser on your cursor you’ll be able to see the real location that link will take you, including all the tracking information it could take from you.

To read the full article, follow this link:

One key certification which has consistently been among the top IT security certs available offers a key insight into the world of security. CISM is a globally recognised achievement in security and demonstrates that none of the seven deadly sins are evoked within the company. For further information about the CISM certification by ISACA, click here

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.