The image of the modern hacker is not an easy one to form. For a long time, people had this stereotype of the basement dwelling, antisocial, unscrupulous hacker, like Wayne Knight’s character Neuman in Jurassic Park.

However, this is 2012, and today’s hackers learn young. Many are not old enough to drive or drink alcohol, but left to their own devices and given free reign over the internet, they can creat chaos. Today’s hackers work in groups, and often depend on elaborate online social support systems to learn new skills and adapt.

They’re more than caricatures too. Many hackers are very much social, if you consider social networks and online chat over video game sessions social (and really, you should). Many, if not all, also share an activist mindset. Their DDoS attacks are not always well-intentioned or effective, but they are a force to be reckoned with.

So, perhaps, hackers nowadays are more like Lisbeth Salander? Maybe they more closely resemble Plague, her hacker friend? Wired featured an article with Cosmo, a prominent figure in the hacking community, and notably only sixteen years old at the time of this arrest. Notably, Cosmo’s greatest weapons were not in making disruptive code, or guessing passwords. Interestingly, it’s a new weapon that’s come to the forefront of another recent notable hack.

Social engineering is defined in the JargonFile as

“cracking techniques that rely on weaknesses in wetware (sic: people) rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system’s security.”

As Cosmo demonstrated time and again, social engineering was a reliable way to get past security systems, in some ways more efficient than bypassing passwords and firewalls. By accessing personal accounts, people could instigate personal attacks. It was no longer necessary to compromise a larger pool of people when you could go after one or a few people.

Cosmo’s personal story is interesting. Many times he isn’t even too sure why he’s doing certain hacks. In many cases, he participates in group efforts, particularly with his hacker team UGNazi. This may surprise some of you, but even when many of these hackers don’t know each other personally or have never met face to face, they have formed social bonds online over common interests. I won’t go into more detail here, as you can read his story at length above.

The rise of social engineering demonstrates a reframe on cybersecurity from a decade ago: you can be hacked via personal communication. It is not that hard to impersonate you, given access to your personal information, some understanding of human psychology, and just being plain clever. This is not something to be feared as it is something that needs to be better understood so that we can improve our own personal security. These techniques are not so sophisticated at their core: it utilizes the same human tendency to trust people first that makes gag shows.

The hacking of WirededitorMattHonan demonstrated the power of social engineering had. In the span of a day, he lost control over his accounts from Apple, Google and Twitter, along the way losing all his digital data in all his Apple devices.

The most important thing one needs to know about the Matt Honan case is that his hacking was entirely avoidable. Much like with Cosmo’s hack on Matthew Prince, Honan’s hacker wanted to communicate to his target the ways his account was hacked, to demonstrate security vulnerabilities. Remember: those are the hackers freely admitting that they would not have been succesful in accomplishing their hacks if they took certain precautions.

These are the big learnings we need to take in regards to cybersecurity and social engineering:

Use two-factor authentication

Two-factor authentication is a relatively old security practice. Even now, Yahoo will give you a secondary question to verify your identity aside from your password. Google’s process is particularly well thought out, and easy to implement. You provide a mobile phone number and it will provide you a code you can enter to verify you are who you say you are. In case other people have access to your mobile, Google provides workarounds as well. Google even provides individual authentications per app. You can find out more about Google’s two-factor authentication processes hereand here.

Be more discriminating with personal information

Some things you want strangers to know, and others that they don’t have to. You don’t have to make your full birthdate public, for example. You don’t have to check in to your home to let people know you are home either. Give hackers less weapons to use against you. It does not mean people cannot ask you for your bithday or address or whatever. Just do not make it so easy to acquire.

Reconsider making unified accounts

I know some people will not like to read this, but it’s worth thinking about. Google, Twitter and Facebook allow you to freely log on to many apps and services. It is convenient: if you are already logged in you would have access to everything near instantly. Services from Apple and Google Chrome go even further, sharing this information across devices.

Am I saying that you avoid these services completely? Not at all. However, where you can avoid using unified logins, you might be better off. There’s no law that says you should only have one email, or email provider for that matter. Be discriminating on which services and apps you use with which accounts.

Back up your data

Thankfully, social networks have been getting around to this. Twitter does not provide us a way to back up our data yet, but Google and Facebook too. Where you can, make backups of data valuable to you, whether they’re personal or for business. I personally still use compact disc backups for much of my data. In comparison to flash drives, they won’t degrade in time, and so are potentially more secure in the long term. Some people still also make good use of their old Iomega zip drives for their backups. Of course, mileage varies per person, so consider your own personal circumstances.

How do you feel about social engineering and cybersecurity? What security measures would you suggest people use in this new cybercrime environment?

Image source: From respective movies Jurassic Park and Girl with Dragon Tattoo

Author: Ryan Parreno