The Simple Hack That Gets Everyone

In my studies of cybersecurity and hacking, I have seen numerous cybercriminals used some of the most sophisticated attacks to infiltrate highly secure databases and infrastructures. The like of which could be a "Mr. Robot" episode. However, those exceptional individuals run few and far between in most cases of hacking and cyberattacks. What is more commonly used are simple hacking techniques alongside social engineering strategies that many people can mimic themselves. I will show you one of the most common and timeless hacks that have been used since the inception of the internet as we know it today.

In 2016 research conducted by the Lancaster University’s School of Computing and Communications and the School of Mathematics and Computer Science, Fujian Normal University revealed in a recent Yahoo database leak that over 83% of users had easy to guess passwords for their accounts [1]. Some of these passwords included.

• Personal information (Name, address, hobbies, favorite sports team)
• Easy words/phrases(Ex: 12345, password, admin)
• Reused password from another account

As a result, any hacker would be able to easily guess your password using a simple program known as a password cracker. Password crackers are programs designed to guess a user account's password. The program will reference a "dictionary", which is a text file with a number of passwords/words/phrases that the hacker may believe you have used as a password. It will reference its variation of the word/phrase until it has found the correct match. This is why when we use personal information as a password such as your family member's name, your favorite sports team, or easy words, it easily be cracked by knowing a little bit of information about you. That information can easily be gathered from your social media posts describing your life.

The best way to prevent yourself from these attacks is to use a secure and unique password for each account you have. The best part about this is just like the hack itself, these passwords can be fairly simple as well. A relatively easy phrase is a great option for a password.

An example can be a lyric from one of your favorite songs: "Wewillrockyou"

Now replace each letter you can with a number: "W3w1llr0cky0u"

and to ensure the best security add an alphanumeric symbol at the end such as a question mark: "W3w1llr0cky0u?"

Now you have a super-secure password that is easy for you to remember and will be harder to guess. Even if a hacker knows that is your favorite song they will not know that you used a lyric from that song as most people use the title of the song instead. In addition, with all the numbers and symbols mixed in, it makes it harder for the password cracker to match up your password as it now has to go through more characters to match the password.

References

[1] Wang, D., Zhang, Z., Wang, P., Yan, J., & Huang, H. (2016, November 8). Online password guessing threat underestimated. Lancaster University’s School of Computing and Communications. https://www.lancaster.ac.uk/scc/about-us/news-archive/2016/nov/online-password-guessing-threat-underestimated/.