Other issues in this category (35)
Monday, July 25, 2016
One type of computer crime involves the illegal access of legally protected computer information, if it results in the information being destroyed, blocked, modified, or copied; or a computer, computer system, or network being disrupted. This issue will describe how cybercriminals gain illegal access to computer systems.
Unauthorised access using Trojans
Usually these crimes are committed with the help of malicious programs: for example, intruders can gain unauthorised access to a computer by infecting it with a backdoor that can execute commands from a remote server. Such backdoors can transmit (back to the remote server) information that has been gathered from a victim’s computer, as well as any files the criminals involved want to obtain. Many backdoors for Android mobile phones and tablets can steal address book information, SMS messages, e-mails and other confidential information—and even mTAN codes used for online banking transactions!
Another way to connect to someone else’s device illegally is through sniffing—intruders filter information transmitted between hosts; for example, they sift through information transmitted via wireless devices, searching for logins and passwords. Attackers use this data to access other network devices illegally.
Often, cybercriminals crack their victim’s e-mail address to gain unauthorised access to various computer resources. Usually social networking, forum, and online store accounts are linked with e-mail addresses. There are known cases of cybercriminals even stealing license keys from various programs after hacking into e-mail accounts.
One common hacking method is phishing. For example, a cybercriminal can send their victim an e-mail, ostensibly on behalf of a company’s mail server administrator, advising the victim that an attempt has been made to hack into their mailbox. Usually such messages ask the recipient to change their password immediately. The link in the email will take the victim to a fake mail server page that looks exactly like the real one. Once a password is entered on this fraudulent page, it immediately falls into the hands of criminals.
In some cases, cybercriminals can hack a personal mailbox without even using malware and other technical devices. For example, a stranger can contact a potential victim saying that he/she may have been in the same class in school as the victim’s mother. To confirm that information, the stranger asks the victim to remind him/her of the victim’s mother’s maiden name. The victim shares this information enthusiastically, without realising that the answer to the “mother’s maiden name” security question is a control one used to facilitate a password change on a mail server. To figure out the name of a victim’s favourite pet, cybercriminals just need to look through social media profiles.
This method of acquiring information is called “social engineering”.
The Anti-virus Times recommends
- An anti-virus offers protection from backdoors. To make sure that Dr.Web is protecting your system in the most effective way possible, we recommend that you regularly:
- Install updates for the virus database, as well as the anti-virus modules;
- Scan your entire system at least once a month;
- Do not disable the Dr.Web proactive protection module and the resident monitor SpIDer Guard.
- You will be protected from phishing by the anti-spam, which blocks spam and phishing emails, and the Dr.Web SpIDer Gate HTTP monitor, which prohibits you from opening links in phishing emails and thus prevents you from visiting fraudulent websites.
- No matter how cybercriminals have infiltrated your computer, and no matter what information they’ve stolen from you, it’s a criminal offense. To get help from law enforcement agencies, you must report the illegal entry.
Samples of statements that can be made to the police have been published in the Dr.Web Legal section.