There are a couple of hacker terms that you should know: "owning the desktop" and "root". These refer to the ability of a hacker to 'listen' to activity on another user's desktop PC. This is achieved by placing programs on your PC that can intercept data as you browse, or information that you type in. With this capability, the hacker can break your login details within two or three successful login attempts.
Using this information, a hacker targeting you then can call you pretending to be a representative of your bank. Having 'listened' and determined your login, and seen screenshots of your private account pages, he can discuss and 'confirm' information required for telephone banking.
The hacker can now act against your accounts by calling the bank and setting up transfers in your name. At this point they have combined the desktop attack with what is called "social engineering" (the direct phone call to you) to great effect. Our hacker now has a strategic hold on your bank account data and hasn't even broken a sweat.
But it's not just banks that are at risk. Think of those prominent sites that allow you to store your credit card details for convenience. If you use these and log in through a conventional login page, as above, the capture of those details will lead a hacker to your credit card, and allow unauthorized purchases to be made on your account.
This leads us nicely to another type of social engineering that has held media attention for some time: phishing. This term refers to hackers who send out waves of emails to thousands of online users purporting to be from banks, eBay, PayPal and other finance-related sites. Victims are redirected to very genuine looking but fake sites, and too many unsuspecting souls actually log in, disclosing their usernames, PINs and passwords to unsavory characters.
To get a handle on the full extent of phishing, look at this page from Fraud Watch. Keep in mind that each instance listed potentially represents a wave of many thousands of emails.
From Phishing To Pharming
The phishing epidemic is increasingly moving towards pharming, a superior hacking technique that requires technical expertise.
Pharmers redirect users from legitimate commercial websites to malicious ones. These bogus sites have the same look and feel as the sites they impersonate, but when users enter their login names and passwords, the information is captured by hackers.
There are several methods associated with pharming, but hackers commonly use trojans: stealthy programs that are created to perform illicit tasks on your computer. The following is a typical example of the procedure.
Hackers email viruses, such as the Banker Trojan, which rewrites the PC's local host file. This is a file that records and matches the common names (URLs) of Internet sites such as Google.com, with their associated numerical Internet addresses (like 18.104.22.168). By altering the Internet address linked to a bank website, the unsuspecting user is routed away from the proper site that they wish to visit, in favor of an illicit site that appears identical to the one intended. When you click on your browser favorites link to get to your bank's Internet login page you are actually rerouted to the hacker site without knowing it.
Domain Name Server (DNS) poisoning can cause a large group of users to be herded to bogus sites. DNS is similar to an Internet phone directory and is responsible for routing URLs (remember those common Internet site names like Google.com) to their destinations. When you disrupt DNS, you get Internet chaos; it is the equivalent of changing all the road signs to lead travelers in the wrong direction. As long as the journey still feels right, and the destination looks the same, the user has little suspicion that anything is wrong. After all, they clicked on their banking sites just yesterday and they were fine...
The Man In The Middle
Another problem is the man in the middle (MITM) attack, which is absolutely insidious - and incredibly effective. The attack occurs when an attacker places himself on the network by means of a physical device, or engages in a technique known as ARP Spoofing. We'll discuss this term in more detail in the next article, but by way of summary, ARP is used by computers to identify each other. ARP spoofing allows one computer to pretend to be another; the hacker identifies the two points on the network that are being targeted, usually individual computers. Freely downloadable programs are then used to reroute traffic to and from the target PCs, through the hackers PC.
The danger here is obvious - the hacker is sitting in the middle between the PCs and so can eavesdrop on all the traffic. As an example of how serious this threat is, imagine that you attempt to logout from the bank website. The MITM can provide a seemingly valid logout confirmation page to you, while actually suppressing your logout command and holding the connection to the bank open.