5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Virtual ArmourBreaches, Cybersecurity, Risk Mitigation & PreventionLeave a Comment

5 Old-School Hack Techniques That Still Work

Hacking, in the loosest sense of the term, was born in the 1950s when “phone phreakers” first figured out how to exploit the dial tone sounds produced by phones to make free long-distance calls. This form of hacking peaked in the 1960s and 1970s and has since fallen by the wayside.

The 1980s brought us the term “cyberspace,” and saw one of the earliest hacker groups (called the 414s) raided by the FBI and charged with 60 counts of “computer intrusion.”

Though the ability to manipulate dial tones isn’t particularly useful in the digital age, there are a few old-school hacking techniques that have endured the test of time. Here are 5 old-school hack techniques that still work and what you can do to safeguard your data.

Social Engineering

Social Engineering protection

Social engineering, which plays a prominent role in phishing scams, involves manipulating unsuspecting victims into revealing private information (such as usernames and passwords) by pretending to be someone else. While a phishing scam involves sending an email reportedly from a trusted source (such as your bank, your IT person, or your boss) and tricking you into handing over your username and password, social engineering can take several forms.

At its core, social engineering exploits human psychology to gain unauthorized access to private or restricted buildings, systems, or data. This form of hacking has technically been around since people first figured out that they could pretend to be other people for ill-reputed gain.

How to Protect Yourself

If you get an unprompted phone call or email asking for personal information, you should always approach the situation with a healthy dose of skepticism. Don’t reveal anything and report the situation to your supervisor, cybersecurity team, or MSSP right away. If possible, forward the email or get a copy of the call log.

To check if the person on the other end of the exchange is who they say they are, you should reach out to them independently. If you get a suspicious email from your “boss,” pick up the phone or forward the email to them to verify that they sent it. If your “IT company” has called you unprompted to help you fix a problem with your machine (that you supposedly reported), hang up and call your IT company directly to verify the situation.

Identity Theft

Identity Theft Protection

 

Identity theft isn’t strictly a cybersecurity issue, but it can be used to gain unauthorized access to digital systems. If a cybercriminal is able to gain access to sensitive information (such as your SIN, full name, address, username, password, etc.), they can use that information to commit fraud or other illegal activities. 

How to Protect Yourself

Check your credit card statements and credit report regularly and report any suspicious activity right away. You should also change your password if you suspect it’s been compromised, and never use the same password for more than one account. You may also want to consider setting up multi factor authentication on all accounts that allow it.

To select a secure password, consider following the NIST password guidelines. You may also want to consider using a secure and reputable password manager, which will help you avoid using duplicate passwords and can generate random strings of characters (and store them safely) so that it’s more difficult for criminals to guess your passwords.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks are performed by either large groups of hackers or a hacker with a large number of bot computers under their control. All players then hammer the targeted organization’s servers with requests, causing the server to crash and business to grind to a halt. This coordinated attack prevents legitimate users (such as customers) from accessing the targeted website or server. 

How to Protect Yourself

There are a few steps you can take to inoculate your systems against DDoS attacks. To begin, you should make sure your network infrastructure is secure by keeping your firewalls up to dates, using spam filters, and implementing load balancing measures.

You can mitigate or even avoid damage by migrating critical infrastructure to the cloud (whose distributed model means that if one server goes down, others are available to step in).

As with any potential cybersecurity incident, you should also have a robust, detailed, and flexible plan in place for dealing with DDoS attacks effectively, minimizing disruptions, and getting to the root of the problem before too much damage can be done.

Online Scams

The Nigerian prince scam is the first example many people think of when they think about cybercrime. It involves a scammer contacting you via email, text message, or online messaging program and regaling you with an elaborate story about how the majority of their vast fortune is trapped because of a civil war, coup, or other disruptive events. The scammer then offers the victim a large sum of money in exchange for helping them transfer their fortune out of their country. Though this style of scam originated in Nigeria, they are now launched all over the world.

To complete the transfer, the scammer explains, they need your bank login details. They may also ask for a small amount of money to cover taxes or fees. Of course, the entire story is a lie designed to get you to hand over your bank details and increasingly large sums of money.

How to Protect Yourself

Most obvious scam emails are probably flagged and filtered out by your email company’s built-in spam filter, but text messages and online messaging apps may not have this feature. Any unsolicited request (even if it appears to be someone you know) that spins a tale of woe and asks for money or bank account details is likely fraudulent. 

If the message comes from someone you know or care about (say, your daughter who is currently backpacking through Europe) and you think it could be a legitimate call for assistance, do not reply to the message. Instead, contact your loved one through another medium (such as by phone) to verify the story. 

A common form of this scam involves criminals claiming that the victim owes taxes or some other form of payment to the government, and may ask for payment in gift cards, bank transfer, pre-loaded bank card, or a cryptocurrency such as bitcoin. If you receive a request like this, do not respond. Instead, reach out to the governmental body in question or call your local police department’s nonemergency line to find out if this request is legitimate or a scam.

Exploit Kits

Exploit kits are automated cybersecurity threats that take advantage of weaknesses in compromised websites to divert traffic, run malware, or capture private user data (including usernames and passwords).

These small programs are particularly insidious because they don’t require a lot of technical expertise to install, and they can easily be deployed across several compromised websites at once. Exploit kits can easily be purchased or rented on underground criminal markets (including on the dark web).

How to Protect Yourself

Since exploit kits depend on vulnerable websites, the most important thing you can do is take basic precautions. These include keeping your software up to date so that your website can take advantage of any new security patches that have been released and keeping an eye out for suspicious website activities.

Old school hacking techniques have stuck around because they’re still effective. To help safeguard your digital assets, you need to create robust yet adaptable playbooks to follow, train your employees to detect suspicious activity, and stay up to date on all the latest cybersecurity research. 

This may sound like a lot, and for a small or medium-sized business, it may not be feasible to handle on your own. A Managed Security Services Provider (MSSP) can help you put measures in place to safeguard your digital assets, offer employee cybersecurity training, monitor your systems 24/7/365 for suspicious activities, and help you minimize or avoid damage should an incident occur. 

Leave a Reply

Your email address will not be published. Required fields are marked *