How can I prepare for hacking

What to do if you've been hacked 5 steps.

It can be the most normal day in the world, and it can happen. Suddenly you can no longer access the Instagram account.

All of a sudden, Viagra advertisements are sent via your own e-mail.

The computer where the (of course not secured) master's thesis is stored is suddenly encrypted and you are blackmailed.

That may sound like a truism, but:

It could be everyone.

And saying “Well, wouldn't you have clicked the link” doesn't help anyone.

So here's a guide to what to do if you've been hacked.

This guide is roughly based on the phases of a so-called incident response in companies, but is adapted to the needs of private individuals. So:

Follow the white rabbit.

Content:

Phase 2: How do you even know you've been hacked?

If you ask security researchers whether hackers are already sitting undetected in our power grid, the answer is almost unanimous:

"Probably."

They just haven't been discovered yet.

As private individuals, it is easier for us here - accounts are (mostly) not hacked here for long-term geopolitical actions, but rather for short-term exploitation of the accounts.

But how do we notice an (attempted) hack?

Mostly passive:

  • The bank is calling about suspicious credit card payments
  • The friends complain why people are sending stupid links around in Messenger
  • The email account is blocked because it is sending spam.
  • You can no longer get into your own Instagram account
  • An account does things that don't come from you.
  • Or your computer is doing weird, suspicious things

How do you know a computer is doing suspicious things?

That depends entirely on the pest. When it comes to spying on data, you often don't notice anything. But when it comes to money (e.g. with ransomware) you will receive a message that your PC has been encrypted.

Suspicious behavior can also be that you are redirected to websites that might look similar to your e-banking, but are not the original.

This is a difficult subject because, of course, we often have no idea whether what the computer is doing is normal behavior or not.

Phase 3: What Really Happened?

2 things are important here: as much information as possible, as quickly as possible.

First:

What exactly was attacked?

There are two options here:

  • Someone is on your physical machine
  • An account in the cloud is compromised

The backgrounds

  • Where did it all come from? Did I click the wrong link or visit the wrong website? Have I entered or passed on data somewhere?
  • Do you use the same password anywhere (I hope reallythat you can answer this question with no)?
  • What is the goal of it all? Is it about money? Is it about my data?

The risk of spread

Can the situation affect other accounts or computers?

Here it is important to find out whether you are using the same password for other accounts, or whether it is a “High Risk Account”, such as the email.

Here is an example of how hackers do it:

In 2012, 6.5 million accounts were stolen from LinkedIn. The passwords of the users were in principle secured, but one day later there were already login-ready users including the passwords for download.

A LinkedIn account is of little use to a hacker. Therefore, the entire leak was searched for Gmail addresses, which were then hacked with email + the well-known LinkedIn password.

Why?

Because an e-mail account is the key to almost all accounts that have been registered with this e-mail. The Amazon account is only 1 password reset away if I have your mail account.

risk assessment

After this step, you should have an idea of ​​how critical this hack is. But no matter how critical, the situation should be resolved as soon as possible.

It is often really small details that are gateways for further attacks. Of course, you don't really care about your MySpace account anymore. But maybe there you will find details that allow further attacks (e.g. the last 4 digits of your credit card, or a date of birth)

Admittedly, someone must have something against you personally. Most of the attacks that you see as a private person are automated. If you are a journalist or some other, possibly politically active person, that changes very quickly.

Nevertheless: better safe than sorry.

Phase 4: crisis management

Now there is a fire on the roof. Cancel your plans for the day. You have to do this here and now. And that takes hours.

Step 1: prevent spread

If there's one thing we've learned from bad zombie movies, it's: prevent spread at all costs.

In the case of ransomware or a computer hack, good old-fashioned always helps Switch off and disconnect from the network.

This computer is to be regarded as infected. Any hard drive that was attached, and possibly all computers in your own network, could also be infected.

Here you have to be extremely careful that your data is not completely lost. In a panic reaction, plugging in the external hard drive with the family photos is not a good idea.

Unfortunately, if one of your accounts has been hacked, you cannot take it off the internet. Everything is in the cloud. So what to do

Go through each platform you are registered on and change the password. And secure passwords.

The platforms where you use the same email or maybe even the same password have priority here.

Step 2: warn

For example, if your Facebook or email account has been hacked, it is often used to Infect other people under your name. Sure, you are a trustworthy person, why shouldn't someone click on the link that is obviously yours?

If you still have access to your account, you can (provided the hackers have not deleted it) in the outgoing messages to check who has been contacted.

Write to these people. On a different channel.

Your ego has no place in this step. Obviously it's embarrassing to be hacked. But that happens to the best. It's just part of our lives today.

Step 3: ongoing observation

If you caught your attention early enough, the hacker could still be active now. Look out for:

  • suspicious account activity
  • Warning emails from services (“new login from Russia”)

Always read this carefully: it is a question of one actual, or one tried Log in? I regularly receive emails that someone in Russia is trying to get into my Google account. As long as it doesn't work, there is no need to panic here.

When the worst is over, it's time to clean up.

Phase 5: cleanup

The aim here is to get back to normal. This phase can be very, very tedious.

For ransomware and physical computer hacks

In such a case, I would use the pc turned off handed over to an expert. Malicious software has a tendency to lodge itself very deeply in the system. As much as you like your nephew, who is really good at computers, the chances are that this is a level too high for him.

Depending on what is on the computer, I personally consider a direct reinstallation. If all important data is backed up elsewhere (because you are of course well prepared), this is a relatively good way of taking the wind out of the sails.

Even the expert will most likely be able to restore the most important data - if at all.

For individual accounts with a low risk of spreading

A hacker can switch from a Twitter or Instagram account to other accounts less effectively than is the case with other services.

Means: Here it is often done with a letter to the support. There is a chance that you will get your account back.

The only question is: in what state.

100% make sure that not somewhere, maybe a suspicious phone number or email address is stored in the options. This would be the next gateway, all work so far would be in vain.

For high-risk accounts: email, Apple, Google

I'll say it as it is: it'll be work to clean up this account. But after you have already changed all the passwords for your accounts in phase 4, the worst is over. This is about covering two important things:

Secure the account yourself

You can quickly become aware of the practical jokes that are possible with such an account:

  • reset Password in every service for which this e-mail was used. Including subsequent infection of all accounts.
  • Your cell phone, and maybe even your Mac delete remotely
  • Perfect supervision of your activities. What you surf, whether you are at home.
  • Impersonation: it is very easy to impersonate you. Just one email can be destructive.

This account should be secured as a bombproof first. Means: Activate 2-factor authentication, secure password, the full program.

The “Follow” accounts

There is a term in IT security Persistence, the long-term infection of a system. Briefly entering an account is good, but if you can hold it for the long term, completely new business models will open up.

Classic persistence measures for hacked cloud accounts are

  • Change email or phone number
  • Change password reset questions
  • Create a new user who is controlled by the attacker.

For you that means specifically: everyone these follow-up accounts (or, ideally, every account in general) should be searched for these things.

Phase 1: preparation

Perhaps you have noticed: phase 1 above is completely absent. For good reason: we as private individuals are usually too lazy to really take precautions - nothing will happen.

A hack often hits us completely by surprise. And that's exactly why this phase can be found here at the end of the article: Because we as humans only learn something like this when something happens.

So how do you prepare for a hack?

Know where your points of attack are.

There are few accounts that you should protect like the apple of your eye.

These are the accounts that allow extensive access to your devices or other accounts.

Have you activated iCloud so that you can erase your cell phone and laptop over the Internet? Great, then you are halfway protected against physical theft.

But if someone gets access to your iCloud, they can erase your life with the push of a button.

Think like an attacker here.

Passwords

I have already written about this elsewhere. The classics still count:

  • On every platform use different passwords
  • Get you now a password manager (e.g. I use LastPass, 1Password has also been recommended to me)
  • Set a secure PIN on your devices.

2 factor authentication

With the really important accounts you can activate that you have to enter an extra code in order to be logged in.

An attacker must have access to your cell phone so that he can log into your email account. All major services offer this possibility. This works e.g. via the Google Authenticator.

Danger: if your cell phone doesn't have a PIN, that doesn't help.

Healthy paranoia

If you notice a word in a message from your colleagues that they would never use, it is better to question the message several times.

If the From-Address does not match the From-Name in emails, be careful.

When a message too strong targeting your emotions ("OMG I found this video of you. HOW EMBLEMING") - take a moment and question.

Backups

If you follow the rules of the backups (1 backup in the place where you use your computer and another in a different location), ransomware can no longer really harm you.

The same applies to accounts in the cloud: Don't necessarily leave your family photos just lying around in Google Photos.

Conclusion

I find it difficult to draw a conclusion here. It seems to me more and more like a fight against windmills.

Nevertheless, it is important that we all become aware of this issue. Even if it's not floating around in our head every day.

So take 5 minutes of your time and consider what it would do to you if you were hacked.

I honestly think I would struggle with existential fear.