I am truly a personal fan of any James Bond movie but for me Skyfall was one of the best films ever made in the franchise. The dark environment where it is developed shows a complete asymmetry between the classic enemy and our lovely agent 007, because since the beginning of the story, he seems to be in a clear disadvantage from an opponent that is a mastermind in hacking and technology of all kinds.
Particularly there is one scene that caught my attention and it’s the reason for this text. In this scene, a hacker breaks into the MI6 computer network and causes an explosion that destroys M's office. The scene begins as M is being driven to MI6 headquarters with her assistant. The assistant receives a phone call informing him that someone is trying to decrypt a stolen hard drive containing the names of undercover agents. Then he opens up his laptop and attempts to trace the source of the decryption activity. He localizes the source of the decryption signal as emanating from M's personal computer within MI6.
Just as he starts to remotely shut down M's computer, his own laptop is compromised. A very scary animation with M’s face with an evil laugh plays on his screen that ends with the threatening message "Think on your sins". Shortly thereafter an explosion erupts from her office.
While this scene can be real, certainly there a number of challenges that need to be accomplished first and considering we are talking about the MI6, the challenge would have been really difficult to address. However, what about “destroying” a normal person?
Are you owned?
Firstly, we need to remember that people, not computers (still, but that can change very very soon) create computer threats. Cybercriminals victimize others for their own gain. The more time you spend connected to the Internet your risks increase exponentially. Cybercriminal’s clever tactics and deep technical knowledge go beyond any kind of antivirus defense or protection paid. And they can not directly aim to you: Through many canvassing campaigns it is possible to target a massive number of users and steal, change or destroy information in large scale. So, anyone who uses a computer connected to the Web is susceptible to the threats that computer hackers and online predators pose. In any case, they will be able to:
- Ruin your credit
- Steal your money and open credit card and bank accounts in your name
- Use and abuse your Social Security number
- Sell your information to other parties who will use it for illicit or illegal purposes
- Hijack your usernames and passwords
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
- Make purchases
These Cybercriminals or experienced malicious hackers are sometimes called “Black Hat” hackers or just “Black Hats” and they are coming from diverse perspectives: they tend to be either a Script Kiddy graduating from the underground cyber-gangs, or a network security professional or other administrator turning to the “dark side”— like in the pure Star Wars style, or a combination of both. In fact, it is common to call law-abiding security professionals “White Hats,” with some morally challenged but generally good-intentioned people termed “Grey Hats.” The clear delineation here is intent: Black Hats are in it for malicious reasons, often those of profit.
Black Hats will slowly and patiently troll through networks, looking for vulnerabilities. Generally, they will have done their homework very thoroughly and will have a good idea of the general layout and systems present before ever sending a single packet directly against you; their preparation is meticulous. A surprising amount of data can be gleaned from simple tools like the Who Is database and Google or other Web search engines for free. Mail lists and newsgroups when data-mined for domains from a target can reveal many important details about what systems and servers are used simply by monitoring network and system admins, as they ask questions about how to solve server problems or configure devices for their networks. A wealth of information can be gleaned this way regarding social engineering as well. Names, titles, phone numbers, and addresses. Also, social engineering in particular is a favored choice. The core reason for this is because it is one of the most straightforward hacking techniques. For instance, trying to convince someone to give you their password in a threatening or underhand way is far less time consuming than attempting to physically hack their account.
In that case, a major part of personal security is being aware of who to trust and remain vigilant always.
Decreasing chances of a catastrophe
Boosting your security really implies very basic stuff; turn on two-factor authentication, use a VPN, don’t click on suspicious links, change your passwords every few months. If you want to be more proactive and a little bit more technical you can use an app to monitor your outgoing network traffic, that will be alerting you if a program you are running is contacting an unrecognized server. Additionally:
- Continually check the integrity of personal accounts and deal with any discrepancies right away
- Use extreme caution when entering chat rooms or posting personal Web pages
- Limit the personal information you post online
- Carefully monitor requests by online “friends” or acquaintances for predatory behavior
- Keep personal and financial information out of online media
- Use extreme caution when agreeing to meet an online “friend” or acquaintance in person
The goal of these things isn’t to make yourself hack-proof; absolutely nothing can do that. But using good security practices can discourage hackers, or at least convince them to move on to an easier target; you can’t make yourself the most secure person in the world, however, you can make yourself more secure than others.
Unfortunately, in this brave new digital world as the saying goes: “You don’t have to run faster than the tiger to get away. You just have to run faster than the guy next to you.”