Hacking users’ personal passwords is a very common phenomenon. You never know when you will fall victim to scammers and hackers who want to get to your data by cracking passwords from social networks, email, online banking, and even Wi-Fi. In most cases, this is because PC and WAN users in particular do not follow basic security rules when creating, storing and subsequently using their account and personal cabinet access codes. Although negligence of passwords is not the only reason why they are cracked and fall into the hands of unscrupulous people.
This article focuses on the topic of stealing passwords and how to avoid such unpleasant actions. We will look at the methods used to steal user ciphers and the reasons why they are vulnerable and very attractive to hacking attacks.
What Methods are Used To Crack Passwords
In fact, there aren’t many ways and techniques to crack people’s security codes that are set up on personal accounts of different sites and social networks. Many of them you might have heard and known in other ways, without knowing that your passwords were stolen in this way. The following hacking techniques help attackers to break into users’ confidential information when a password is compromised, and they can be implemented in a complex way – multiple methods at the same time. Let’s look at the most common methods.
A phishing attack is the most well-known and widely used method for stealing private passwords through email services and social networks. A large percentage of Internet users are victims of such attacks, and do not suspect that at this point their information is already being read and appropriated for the atrocities.
The essence of phishing is that you go to the site, which exactly corresponds to the one you often visit – Gmail, social network VKontakte, the site of the magazine Cosmopolitan, and so on, and then you are asked to enter your login and password, allegedly to confirm your account or to check security. When you enter your data, it immediately falls into the wrong hands of a hacker who manipulates your actions.
The phishing attack is as follows: you receive an email from the support team, which is actually a hacker and just pretending to be a hacker, asking you to log in to your account via the link indicated. You go to it, because you are already panicking and worried about what happened to your page, and do not suspect that this is an attack on your data. The link for the transition will be 99% similar to the original, you will not even notice the difference, still your thoughts will be about something else. On this site you enter your username and password, thus on a silver platter providing the attacker with the fastest hacking of mail. Or the alternative is that while you’re following the link, your computer gets harmful software that will steal personal data, including passwords, from your computer.
If your computer is hacked by password crackers, they can change the system settings, and the user, when he wants to log in to a social network account or email, will be taken to a hacker’s link copy, thus revealing his secret ciphers.
The most common victims of phishing attacks are inattentive users who panic and rush to visit the site before they have time to read the email and follow the recommendations sent by the attacker.
In no case, do not follow suspicious links, especially those that come from unknown senders to the mail. Adhere to such recommendations:
- if you received a letter to the post office, which says that you should login to your account on any site to which a link is also sent, be careful and look at this link. The address may be similar, but not 100% identical to the original. For example, instead of firstname.lastname@example.org it may be email@example.com Also, look at the sender of the email at your address. Avoid clicking on dubious and strange links. If you’re worried about your account, log in the way you’re used to – manually enter the site;
- do not enter your password for the first link you find. Look carefully what is written in the address bar – there should be an address of the site in the original form. But if there is a risk of penetration of the dangerous program on your personal computer, these actions will not be enough. Pay attention to the encryption of the connection – https protocol should be used instead of http, and in the right part of the search line should glow the lock symbol. If you click on it, you will be able to understand what’s on the real, not fraudulent, web resource. All modern sites use such encryption to protect them from intruders and provide security for users and to avoid compromised passwords.
It is important to understand that phishing attacks and password brute-force attacks are not accompanied by the painstaking work of a single hacker. That is, you don’t have to sit around for long hours and try all the possible combinations of security code, because special programs do it, and the hacker just gets a report on the process and its results. Such programs are secretly introduced into users’ computer devices and work in a hidden mode, so all your passwords are easily cracked and stolen.
A collection of access codes refers to brute force attacks, or the Brute Force method. This is a common practice among cybercriminals. Until recently, these attacks were presented as a search for all possible combinations of a particular character set used to generate passwords of a given size. Nowadays, it is much easier for hackers to crack user security ciphers using password recovery software.
According to the data analyzed over the past few years, most passwords are not unique. And what is more remarkable, the percentage of sites visited by inexperienced users is very small.
How to understand this situation? The point is that cybercriminals do not have to look at millions of combinations when they have their own database of 10-15 million passwords. If you substitute options from it, they will be able to crack up to 50 percent of the accounts on each site.
If the attack is targeted at a specific account, then you need to use both the database and the password to the mail simultaneously. In addition, if the hacker uses special software for this purpose, the procedure is simplified and accelerated in time. For example, an 8-digit password can be cracked in a few days, and if the password is a date, or date + time, then the code opens in a few minutes.
Remember that if you use one password on several sites, then hacking of this code on one of the web resources will lead to hacking of all other accounts attached to it. For example, malware, once it gets to the password, will try to tamper with other resources that the user visits to make sure and find those with the same password.
Cracking Sites and Getting Password Hashes
Many sites do not store user passwords as the account owner enters them to login. But the information base of the web resource will store the hash, which is the result of applying an irreversible function to the password. When you get to the site again, the hash is calculated again – if it coincides with the one already stored in the database, it means that you really are the account owner and can access it.
The hash is stored in order to secure and protect the user’s account from unauthorized access by unauthorized persons. If a hacker wants to hack into the site and steal passwords from it, he will only be able to see the hashed data on them.
But still there is a risk that the intruder will get to your password, and here he has such opportunities to hack into the database of the site:
- to calculate the hash, you need a certain algorithm, and such programs are common enough that many could use them;
- in a multi-million dollar password database, a hacker has access to password hashes that are calculated using available algorithms;
- if you match information from the database to hashes, you can quickly find out how to find a password to a user account that the hacker is interested in, or to crack a password in contact with the hacker’s page. With the help of search tools it is convenient to find out short unique security codes.
Thus, you can not be sure of 100% protection of your data as a user, because hackers will still get to the information they need.
SpyWare is a category of spyware that is installed hidden from the user on his or her personal computer and performs various malicious operations to collect maximum information and pass it on to hackers.
SpyWare includes such programs as keyloggers (keyloggers), i.e. keyloggers, and hidden traffic analyzers, which are used to lure security ciphers.
Social Engineering and Password Recovery Issues
Social engineering is a special way to get information using psychological peculiarities of a person. To a certain extent, it also includes phishing. There are many examples of how to get someone else’s password online through social engineering, which is directed at specific people or in the masses, in order to lure them to information that is valuable to attackers.
How do I know if the password was cracked
You can use these checklists to determine if your password from a particular account or mailbox has been compromised by hackers:
If you have found your accounts in the lists marked “we have found some of your data in the public domain”, it is time to come up with a new secure password and check your computer for viruses.
Informed, warned, armed. A chain of such simple actions is sometimes very useful and necessary to have at least a basic understanding of the threats of hackers and that they are always with us. Use important resources to create strong and complex passwords so that intruders can’t easily get to your information and you don’t get “have i been pwned” status. Also, never be tempted to click on questionable links and read strange emails from unknown senders in your mail.
If you’ve been hacked and your password has been stolen, then come up with a new one, or create another email to escape hackers. There’s nothing wrong with that, but it’s important to understand how to proceed in such a situation.