The Anti-virus Times

Monday, July 25, 2016

One type of computer crime involves the illegal access of legally protected computer information, if it results in the information being destroyed, blocked, modified, or copied; or a computer, computer system, or network being disrupted. This issue will describe how cybercriminals gain illegal access to computer systems.

Unauthorised access using Trojans

Usually these crimes are committed with the help of malicious programs: for example, intruders can gain unauthorised access to a computer by infecting it with a backdoor that can execute commands from a remote server. Such backdoors can transmit (back to the remote server) information that has been gathered from a victim’s computer, as well as any files the criminals involved want to obtain. Many backdoors for Android mobile phones and tablets can steal address book information, SMS messages, e-mails and other confidential information—and even mTAN codes used for online banking transactions!

Sniffing

Another way to connect to someone else’s device illegally is through sniffing—intruders filter information transmitted between hosts; for example, they sift through information transmitted via wireless devices, searching for logins and passwords. Attackers use this data to access other network devices illegally.

Breaches

Often, cybercriminals crack their victim’s e-mail address to gain unauthorised access to various computer resources. Usually social networking, forum, and online store accounts are linked with e-mail addresses. There are known cases of cybercriminals even stealing license keys from various programs after hacking into e-mail accounts.

One common hacking method is phishing. For example, a cybercriminal can send their victim an e-mail, ostensibly on behalf of a company’s mail server administrator, advising the victim that an attempt has been made to hack into their mailbox. Usually such messages ask the recipient to change their password immediately. The link in the email will take the victim to a fake mail server page that looks exactly like the real one. Once a password is entered on this fraudulent page, it immediately falls into the hands of criminals.

In some cases, cybercriminals can hack a personal mailbox without even using malware and other technical devices. For example, a stranger can contact a potential victim saying that he/she may have been in the same class in school as the victim’s mother. To confirm that information, the stranger asks the victim to remind him/her of the victim’s mother’s maiden name. The victim shares this information enthusiastically, without realising that the answer to the “mother’s maiden name” security question is a control one used to facilitate a password change on a mail server. To figure out the name of a victim’s favourite pet, cybercriminals just need to look through social media profiles.

This method of acquiring information is called “social engineering”.