Saturday, August 9, 2014

Russian Gang steals 1.2 billion Logins and Passwords - Defense Against the Dark Arts on How to protect yourself against Hacking and Phishing

{12:28}  But if I cast out devils by the Spirit of God, then the kingdom of God is come unto you.
{12:29} Or else how can one enter into  a  strong  man’s  house,  and  spoil  his  goods,  except  he first bind the strong man? and then he will spoil his house.
{12:30}  He  that  is  not  with  me  is  against  me;  and  he  that gathereth not with me scattereth abroad.

Excerpt from Matthew 12 vs 28 – 30 in the King James Version of the Bible

By now you must have heard of the famous hack by a Russian Gang that stole some 1.2 billion Logins and passwords from 420,000 websites over a year long period as reported in the article “Hackers nab 1.2B passwords in colossal breach, says security firm”, published August 5, 2014 6:10 PM PDT by Dara Kerr, CNET News

According to the article “Russian Hackers Amass Over a Billion Internet Passwords”, published AUG. 5, 2014 By NICOLE PERLROTH and DAVID GELLES, The New York Times once they’ve amassed enough information, they’d assess the level of security of the website.

They basically used common Website and Network analysis tools to do what’s often referred to as scraping i.e. combing the websites for html (Hyper Text Markup Language), CSS (Cascading Style Sheet), PHP and Java Script Errors using special Network and Website Analysis Tools.

                                                               
1.      Micro System Tools A1 Sitemap Generator to create sitemaps of Websites
2.      HTTrack to download the entire website for analysis and deconstruction
3.      Atomic Email Hunter and to scan websites for email
4.      Atomic Email Sender to send anonymous spam email to perform phishing attacks

There are more advanced tools that these, but for the sheer sake of NOT creating wannabe hackers, these are the only one I’ll list sans hyperlinks to them; you’ll have to Google that yourself!

If it has enough exploitable vulnerabilities, they then set up the usual Botnet Network to forcibly brute force lists of passwords to gain access to Admin Level Access within that Website as described in my blog article entitled “How Scammers and Hackers are on the Rebound Laundering Money - Minister of National Security Peter Bunting misguided on Scammers”.

How to protect yourself from being Hacked – Defense Against the Dark Arts of Hacking and Phishing

As the title says, this portion of my article focuses on protecting yourself from being hacked, as right now, with 1.2 billion Websites Login and Passwords, no security company can protect you from something that’s NOT a virus. I’ve already dispensed advice on how to reduce your chances of being hacked in my previous blog articles as listed above.

But as this is a unique and unprecedented hack, the largest in history that I know of, my sage advice distilled in those previous articles is worth re-bottling and repeating ad nauseum: Make sure to use a Secure password. As the Bible verse at the top of my article implies, for someone to break into your house, they have to defeat the system (the strong man) before they can break into your house.

So here are a few Tips distilled from the articles “The guide to password (and why you should care)”, published May 10, 2012 12:55 AM PDT by Sharon Profis, CNET News and “You've been hacked! Here's what to do”, published August 6, 2014: 12:55 PM ET By James O'Toole and Jose Pagliery, CNNTech News to help you secure your Login in case you’re in that Russian Hackers List of Login and Passwords:

1.      Use a strong password, preferably made up of a mixture of alphanumeric characters i.e. Capital and common letter and numbers in no particular order. 16 to 20 such characters should suffice.
2.      Don’t use the same password for every account you have online, even if the password is secure. Have separate passwords for every account you have
3.      Do not store passwords in documents in your computer. That’s like keeping a key under your flowerpot. If the hacker finds those keys, he’s got access to everything
4.      Change your password every 30 days or more often to create adequate password rotation and thus baffle hackers
5.      If you online accounts have two step verification i.e. password and a code sent to your cellphone via SMS, then enable it as a means of preventing hackers from gaining access to you account
6.      Disconnect your computer from the Internet when not in use. Hackers take advantage of the fact that many homeowners and companies operate in an always-on environment, giving them time to hack accounts and then computers
7.      If you use your passwords in a cybercafé or Internet Café, be careful of persons lurking around and installed keyloggers as explained in my blog article entitled “Professor Marco Gercke warns of Scammers using Keyloggers for Spear Phishing - How to use Keyloggers and how to Protect yourself from Scammer's American Hustle for Fast Cash”.
8.      Don’t respond to emails from unknown sources or click on Links in these emails. That’s all the hackers needs to set up a phishing attack. Just mark them as Spam and delete them.

That’s basically it.                     

If you having problems creating and rotating passwords, you can automate that process.

Download Random Password Generator, a program that can randomly create passwords for you to use online. If you can’t remember all your passwords, use LastPass or 1Password as third-party options to handle your passwords for your various Applications and accounts. Finally, use How Secure is my Password as a means of testing the security level of your password.

Using Secure Passwords for each of your services that you rotate often and not responding to suspicious emails and links is the best Defense Against the Dark Arts of Hacking and Phishing.

And chase those Devils out of your Computer! Here’s the link:

No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.