Last year, Target’s credit card system was hacked, and 40 million customers’ credit card and debit accounts were compromised (1). More recently, Home Depot realized its software had been invaded, and their customers’ credit card numbers were sold online (2). Earlier this fall, hackers stole personal information and “touched more than 83 million households and businesses” from customers of JPMorgan Chase and up to nine other financial institutions (3). What is this hacking crime that alarms the FBI, huge corporations such as Target, Home Depot, and JPMorgan Chase, and individuals alike, and what precautions can be taken to thwart hackers?
What is Hacking?
To hack, according to Merriam-Webster Dictionary, is “to gain access to a computer illegally” (4). Because many victims of hacking are unaware that they have been hacked, it is impossible to accurately track hacking incidents. However, hackers target many types of systems from personal e-mail accounts to multi-billion dollar company’s software systems. According to Marc Scarborough, Rice IT’s security officer, “Accounts are hacked to access resources, like expensive journals, intellectual property, or financial information. They can be used to impersonate someone to email scam others, like phishing and ‘stolen passport’ scams. They can also be used as a springboard into stealing other, more valuable accounts based on their ultimate goal, like banking records or access to corporate secrets.” The intentions of hackers are never kind!
Who are the Victims?
Anyone that has an account on the Internet can be a victim of hacking. Several Rice students and employees who were able to catch account breaches shared their experiences and offered advice for how to prevent hacking from occurring. Emma Hurt, a Rice senior, said that her email account has been hacked twice despite her utilizing “unique” passwords. Another Rice student had his personal yahoo email hacked; he, too, used different passwords for every personal account. Even Jim Rannik, who works in Rice’s Applications and Database Services Department and spends eight hours daily on the Internet for his career, had his PayPal account hacked. Hurt had mostly heard about adult victims of hacking, but she realized this was not always the case when she, a college student, was hacked. This emphasizes that regardless of knowledge, age, and experience with Internet safety, anyone can fall victim to hacking.
How to know if you’re being hacked?
Fortunately for these observant individuals, they realized when their accounts were breached. Hurt discovered she had been hacked when friends that she had not intentionally emailed responded to emails from her account. Although there was no record of these emails in her sent box, Hurt said that people she contacted both frequently and infrequently received the strange emails from her account. Although a “pretty unique” password protected her email, Hurt had used that username for multiple sites. For another student, the hacking red flag waved when he was unable to login to his email on a tablet. In this situation, too, the password was exclusive to that email. In Rannik’s case, he had setup an email alert when his PayPal made purchases over a certain amount of money. This safety precaution informed him that he had allegedly bought a gold plated iPhone on Ebay. Although a gold iPhone might be an exciting possession, Rannik did not want to foot the bill. “The iPhone was being purchased by someone in China. Thankfully, I was able to work with PayPal and my bank, and, after about a week, PayPal acknowledged the fraud, and returned the money to my bank.” For Rannik, he had used both his the account username and password on other sites. While these hackers were caught before much damage was done, Scarborough warned, “Many [victims] do not know they have been hacked.”
How to win against the hackers?
“There is a rule of thumb that says a password should be as secure as whatever it’s protecting,” explains Scarborough. As Hurt and Rannik learned, re-using passwords for multiple sites is a dangerous risk to take. The reason, Scarborough offers, is that attackers are aware of the human tendency to use the same password for simplicity’s sake. Scarborough finishes, “Most attackers know that if they have one password they can probably access everything.”
After falling prey to attackers, Rannik implemented new safety practices to protect his privacy and his accounts. He created a personal “password diversity formula” for all of his accounts’ usernames and passwords, and this has prevented subsequent attacks. Rannik offered advice from his experience in IT to help beat hack attacks:
Rannik’s Anti-Hack Strategies
- Diversify your passwords. You can create your own method like Rannik, or Scarborough suggests password managers like KeePass, 1Password, or LastPass. (Scarborough explains, “Password managers support multifactor or multistep authentication that should be used for protection.”)
- Never email or text anyone passwords. Hackers have computers running 24/7 to monitor accounts. Do not help them out by providing passwords in writing!
- Never use public wifi for secure websites.
- For banking accounts, set-up meaningful alerts. Regularly check accounts (once per payday) for suspicious activity.
- For online shopping, use CREDIT, not DEBIT because credit cards have greater fraud protection.
- Immediately power off/disconnect the network connection if you are being hacked!
- Use an IOS, Incognito, or Private mode for secure website browsing.
- Do not allow web browsers to save website login information.
By taking these precautions, everyone, from college students to international corporations, can take steps to prevent hackers. As October, National Cybersecurity Awareness Month, comes to a close, be a good cyber citizen, take a stand against cybercrime, and exercise cybersafety! Go through and double-check that your passwords are safe.
1. http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/