BNMC Blog
It’s Easier Than You Think to Steal a Password
Did you know that it is remarkably easy to steal a password, provided you have enough time and resources at your disposal? Today we want to explore the process that even the most amateur of hackers can use to gain access to your account, despite your best efforts to keep it secure.
Even Amateur Hackers Can Pull Off This Trick
It’s really not that hard to steal a password, and you can do it with just a little bit of extra cash and an inkling for stirring up trouble. We won’t show you the exact steps necessary, but we think this process will illustrate just why you need to be careful.
Do Your Research
For this, let’s invent a fictional person, and name him Homer J. Simpson. Ironically, there was an actual Homer J. Simpson, born in 1914, but that name has not appeared in the United States census since. This individual might be real, but the rest of this information is absolutely fake and is being made up for the purpose of proving our point.
Let’s say Mr. Simpson is a fitness buff and was a user of the MyFitnessPal app when it suffered a data breach back in 2018. This breach exposed 144 million accounts to the world, resulting in emails and passwords being stolen. These types of breaches are fairly common, with big names like Sony, Wendy’s, and DoorDash also being among high-profile victims.
During this breach, Simpson’s password was stolen and sold on the dark web. Anyone on the dark web can purchase it and gain access to his name, email, and password.
It doesn’t matter if he has changed the password since. We now know what he tends to go for when he makes a new account. If he has changed the password, though, we can get some more information from his social media accounts, like his date of birth, the town he grew up in, or his mother’s maiden name—all common security questions. We can also find out where he works from his LinkedIn profile and learn who he associates with at the professional and social level. In as little as 15 minutes, anyone can learn about his kids, his dog, his wife, or his address, all of which could be helpful when cracking a password.
It’s easier for people to remember passwords when they contain sensitive information like this. We always recommend that you avoid using any of this information in your passwords, as it’s easy for hackers to learn this information and use it against you.
Time to Crack the Password
Here comes the fun part—software can be used to crack the password, and it can be found readily available on the dark web. If the user’s password is less complex—about 9 or 10 characters long with no special characters or upper-case letters—it could take as little as a couple minutes to crack, or a day or two at most. Truly random passwords, however, will make these programs take longer, yet even these are not impervious to password-cracking software.
Or Have the User Give It to You
For the greatest odds of success, a hacker might just try to convince you to give up your password willingly. The latest security tools are so powerful that hackers will often use phishing attacks as a way to circumvent traditional brute-force attacks. In fact, around 95 percent of modern cyberattacks are initiated by a phishing attack. With such a high level of success, there’s no reason not to give it a shot.
Phishing attacks are easy, too. All the hacker has to do is send an email claiming to be from the victim’s bank. The hacker can make up some bogus story about how there are fraudulent charges that need to be reviewed, a lie that plays on the victim’s strong response to their finances being threatened. If the problem is sensitive enough to elicit immediate action, then the hacker just has to sit back and wait for the victim to make a mistake.
In this case, the victim might click on a link to a fake website that looks like their bank. They then offer their credentials of their own free will, making the hacking much easier. It might seem outlandish, but it happens all the time.
Remain Ever Vigilant to Phishing and Cyberattacks
These kinds of threats need to be taken seriously, as it’s far too easy for businesses and individuals to fall victim to phishing attacks like this. To learn more about how you can keep your company safe, reach out to us at (978) 482-2020.
Comments