Hackers know your passwords

Do you think your password is safe?

We live in an ever growing and evolving digital world with more and more essential services and non-essential services (like my kettle) being wired up and interconnected. All of your online services, devices and applications are protected by a password.

Hackers have more and more tricks up their sleeves to steal your passwords and to infiltrate your digital world to vandalise, deface websites, take your money or to monetise your devices.

Hackers and Scammers have become sophisticated and targeted in their attacks and as a result password theft has increased by 1000% since 2012.

A lot of people think that they are not a target because they are not a “Big Fish” or don’t have anything for hackers to take, this is not true, everyone is a target. It doesn’t matter what you have, how big or small your digital world is hackers will target you, take what they want and utilise your assets, whatever you have.

5 ways hackers have your passwords

1. Wi-Fi Man in the middle attacks
   Connecting to a public Wi-Fi network is a common thing to do right? Well you may have just given away all of the passwords to your social media accounts, email accounts and even online banking. Hackers commonly use traffic monitoring on public Wi-Fi networks. They utilise easily downloadable free applications to watch traffic on the network. Once you enter a username and password this software lets the hacker know and the hacker intercepts the communication. They now have your username and passwords. They can also just leave a device connected to the Wi-Fi network to collect all information transmitted through the public network, this way they can sift through all data transmitted at their leisure and collect all kinds of information from your browsing habits, social media access and anything else that you do on the internet whilst connected to the network.

2. Applications for Mass Theft
   The majority of people use the same username and password combination for all of the accounts that they have. Hackers can use this generic account information using a mass theft technique. The hacker will leave an application running which cycles through various websites entering lists of stolen account information (these can be purchased easily on the Dark Web), once a combination of website, username and password is successful they now have access to your account and If you use the same username and password on multiple sites they now have access a host of your accounts.

3. Brute force / Vanilla Hacking
   If you are like me at some point in the past you have used a password such as ‘word123456 ‘ as a matter of fact 123456 is still the most used password and has remained so since 2013! Hackers use applications and tools that run through a list of dictionary words or lists of commonly used passwords. These tools are easily downloaded and free to use. In a short amount of time a hacker can crack a basic password with ease and little effort.

4. Key Logging
   Key logging can happen if your computer is infected with spyware, spyware can get into your computer in numerous ways, the most common being in an email attachment however some have been transmitted through malvertising (an act where a legitimate website displays infected advertising sources). Once infected with this form of spyware everything you type will be transmitted to the hacker and every website you visit will be sent along with it and the hacker now knows the websites you visit and what usernames and passwords you use for them.

5. Standard Phishing
   Standard Phishing has gotten more sophisticated, when it first became prevalent phishing was simple, you would get a mail or alert with a link to a dodgy looking website that asked for your credentials. Today hackers are savvy, they register or piggy back off of real domains, spoof email addresses, generate legitimate looking emails and websites to take your security information as soon as you submit them. These phishing attacks can also be combined with key logging attacks for a dual attack vector, so even if you don’t enter your user credentials on the fake website. You will eventually give them to the hacker by another method.

Hackers are no longer teens or university students in darkened rooms with the faint glow of a cathode ray tube for light, they are now mass organised crime syndicates funding everything from drugs to terrorism.

A lot of hackers using your passwords to break into your accounts and steal money, data and even your identity.