HW AH

Hacking prevention using mobile and network passwords

1.0. Introduction

Technological advancements in the areas of cyberspace has created new possibilities and opportunities that are transforming the world in extraordinary ways. Almost all areas of our lives are surrounded by technology which in essence has become an integral part of human life. Despite the many advantages of technology, there is also a growing negative trend in which people are using technology to carryout illegal and harmful activities. This trend is being aided my increasing level of knowledge about information and communication systems as well as increased interconnectivity of components in the cyberspace. The threat of people illegally accessing other people’s computers and devices in order to carry out malicious intentions has become a global concern. In the recent past companies, government entities as well as individuals have reported instances of unauthorized access to their computers and systems where malicious actions were undertaken leading to loss of sensitive information such as credit card details, bank account details, or other personal identification information. In some instances, such attacks have caused slowing of computer operations or total breakdown of systems. When such attacks succeed, the results include loss of data, monetary losses and most importantly damages on organization reputation. As these cases continue to proliferate, there has been a growing need to create systems with adequate defenses to prevent access by unauthorized persons. One of the most basic measures that people and companies emphasize is use of access passwords on computers and devices as a primary preventive measure. In the recent past, attackers are using different methods of getting access passwords for use in hacking systems and devices for the purpose of carrying out cybercrime. This paper explores the different ways that attackers are using to hack passwords in networks and mobile devices. The paper also discusses some the preventive measures and the most appropriate responses to such attacks.

2.0. What is a Password?

The term password is used to refer to “a string of characters used to verify the identity of a user during the authentication process” (Kruger, 2010). Passwords are important as they provide a primary protective measure for computers and mobile devices. Passwords help in verification of the users to avert illegitimate access. In this regard, a password protected device is only accessible to a user who knows the password. According to Margret, R (2018) passwords have therefore been used in controlling data access within devices and in various communication networks. Almost all modern IT devices are constructed with password protection features which is considered to be the first line of cyber security. But despite this measure, it seems that use of passwords does not provide the ultimate solution to cyber security. Attackers are looking for innovative ways of hunting passwords in order or to gain access to systems and devices. Improver use of passwords have and poor password management can therefore create vulnerabilities that attackers can use in order to launch attacks.

As mentioned before, despite the importance of passwords as a protective measure, their use is also associated with a number of challenges. These changes range from use of a password for a prolonged period and memorability of passwords. This brings about the need to practice good password management both as an individual and also at the organizational level. In most environments, password strength matters in the likely hood of any case of hacking. This rages to the number of characters to the obviousness of the character used in creation of the passwords Patrick (2018). Apart from this, there are also other ingenious and innovative ways that hackers are using to access passwords. This has led to the concerns of social engineering which is the aspect of using technology-based mechanisms to deceive or manipulate a person into providing sensitive confidential information that can be used to commit fraud (Fan, Lwakatare & Rong, 2017). There is also the aspect of hacking which is a process of breaching the security of any data or information by accessing it illegally in a case of a password guarded data (Gavin, 2017) this has been one of the most advancing technology vice that is molting day by day. Among the most common hacking types include, phishing, brute force, social engineering, use of rainbow table, malware or key logger, and spidering among other techniques

3.0. Password Hacking Techniques

i) Brute Force

Brute force involves a constant trial of guessing a password with the aim of bumping to the correct one. It can also involve using of key derivative faction to copy or manipulate the key that is generally made by the password in the process of unlocking the network (Bezzi, et al. 2011). This is generally referred to as exhaustive key search because it entails looking at all possibilities that will lead to success. One approach of executing a brute force password hacking is use of password dictionary which contains millions of password that the attacker tries with the hope of inserting the correct one. In a typical case, an attacker makes trials of combination of letter and numbers to create a password. Today, there are many tools that attackers use to hack passwords. Many of these tools are password crackers that are mostly available online for free. Some of the available password cracking software include John the Ripper, Aircrack-ng, Ophcrack, and Hashcat among others. One of the ways of preventing brute force attacks is creating strong passwords as well as regularly changing passwords.

ii) Social Engineering

In information technology social engineering aims at explaining various subversive tricks of online attackers with intentions to access user private credentials and information (Fan et al. 2017). Social engineering can be practiced through the following means. Phishing, vishing, smashing and some more.

iii) Phishing

Phishing refers to unwarranted access of sensitive user details by use of varied schemes to trick the user to exposing his username details, credit card information or even passwords. According to David (2016), more than half of companies that run most of their accounts online, have experienced a phishing attack. This illuminates the fact that there is agency in which cyber security needs to be ensured. There are six common phishing techniques that phishers use in the process of implementing their ill ordeal. They include spear phishing, deceptive phishing, pharming, dropbox phishing, CEO fraud and Google docks phishing.

· Spear phishing - involves a narrow target where the attacker aims at an email or a website. It can target one organization or selected teams within an organization environment. When it aims at key players like managers CEOs and other influential business masters it referred to as Whaling.

· Deceptive phishing - involves impersonation of known companies by the attackers. This goes further to creation of websites that are similar to the original known webs or making look-like emails that are sent to users with the aim of tricking them to a specific trap web Ramzan, Zulfikar (2010). This calls for consistency in which network users should always verify any email or various links that surpass their way. These cases have for decades now thrived into luring online user and remedy to these misfortunes will always leave scars.

· Pharming- is a frequent cyber-attack that is executed by redirecting website traffic to a malicious site. This can be done by compromising the DNS server or exploitation of vulnerability of the user data (Messmer, 2008). A successful pharming attack allows attackers to access data that is then by the attacker to commit fraud. Pharming is in most cases referred to as online identity theft. Pharming has been a bother in cryptocurrency world, social spheres and political fields. An example of a pharming attack is the attack of the Mexican bank where an email was resembling the email of the bank was deployed and used to redirect users to a wrong link which saw their details stolen and thereafter used in subsequent logging by the hacker to the right user account. This led to enormous theft of user’s money from the Mexican Bank.

· Dropbox phishing- this is a special software that allows users to store manage and pass information. This has been among the most celebrated software’s universally due to the fact that users are solely depending on digital information storage which is both less tedious and very accessible at users need. This is due to the fact that information can be shared by just a click of the button. This has however made an attractive ground for phishers who are constantly hunting for user information (Jones, 2018). In 2016, it was reported that information of about 70 million users was discovered online and is believed to have been accessed through Dropbox phishing technique (McGoogan, 2016). As his trend continues, companies are looking at different ways of protecting theft of customer data including using anti-drop box phishing software.

· A rainbow- A rainbow table works to reverse cryptographic factions. This includes password recovery and also cracking of passwords. This however depends on the number of characters in a specific password. This works on the fact that every computer that operates a specific password has primary password data which can be in form of Plain text or hash. This makes it dangerous since the password can be broken any time.

· CEO Fraud / Business Email Compromise (BEC) - CEO Fraud is a type of cybercrime that involves criminals pretending to be an executive of a specific company and demand for password related to the company. This can in most cases be done through a phone calls, spoofed Email or a phone text message. This mainly target organization officials like secretaries and clerks who keep the details of the organization accounts (Ramzan, 2010)

According to Jaeger (2018), both criminal hackers and the legal hackers have the same qualities in that they use the same techniques. The only feature for classification depends on the intention of the hacking process. Hacking generally is hard in that hackers encounter some websites and networks that they cannot crack the passwords used. This is always made possible by constant trials that take some time depending on the complexity of security measures in place and the experience or rather the hackers’ knowledge.

4.0. Prevention

There are many ways that companies are using to protect themselves from password hacking. This includes account loco-out policies, challenge response capture, and anti-phishing policies and encryption among other measures. Account lock out policy can be induced to always lock the account in case of several repeated trials causing more delays until it is unlocked by the administrator. This effectively cups brute force attack. A challenge response capture always stops any automatic login. This involves use of a simple sum or a simple ward match. It has recently gained attention to most of the websites since it is only a human can math or sums the automated math problem. Phishing attacks can be prevented by proper verifying of emails before engaging any of them, avoiding links that request one to verify his/her personal information such as passwords and financial accounts, not opening any unscreened links from unknown senders and always avoiding recurrent emailing of private credentials. Users are also advised to always ensure quality passwords with strong characters that are also easy to remember. This is because an attack can originate in the process of resetting the account password. A password is said to be strong when it is long and varied featured in that it does not only involve numerals but a mixture of numeral and alphabet. Another measure to prevent phishing attacks is to use anti-phishing software that help in tracking malicious sites and warn users from opening any suspicious sites (James, 2018).

Another most effective way of dealing with hacking is data encryption. This entails having all data in the storage as well as data in network traffic converted into cipher text form that is not readable. In this case, data is only accessible a person after it has be decrypted into a readable plaintext form. It means that even when attackers succeed in their hacking mission, the type of data they are able to access cannot be useful to them unless it is concerted into the readable form. Other than this, encryption is also a good method of ensuring that data is transferred in its original form meaning that is it possible to authenticate the source of the user of that data by requiring users to have a secret key that will that can be used in order to gain access (Kaspersky Lab, 2018).

5.0. Response

Swift response is always required in order to mitigate the possible damages that may arise after a password attack. The first response after discovering a password attack is to report to report to the relevant authority and in case of Hacking of mobile device, respond by resetting the old password and use a strong password. The other immediate response that should follow is to disable network access to the mobile device. This is to prevent users from continuing to access the network through one’s own account. The other step should be to look for the root cause of the attack and the possible risks that such hacking could present. This includes checking the extend of the damages caused such as checking bank balances, as well as the type of data that could have been compromised. This way one is able to understand the type of vulnerabilities they are exposed to. Consequently, it is possible to now look at ways of addressing those vulnerabilities. At the organizational level, a person is requiring to report to the authorities for the necessary steps to be taken based on the security breach response protocol (Ramzan, 2010). As part of the response, an organization should also formulate an elaborate training program for all the employees on cyber security issues and how to avoid them as well as mitigation measures.

References