How to protect social networks and know if they have been ‘hacked’
Cybersecurity expert Lamax Muthiya alerted Instagram last July that when a person requested a new password from the social network, the account was unprotected. The system sent a numerical password to the account owner, but this code could be hacked easily.
“The password is blocked after several attempts when different combinations are tested from a specific IP. However, it is possible to check thousands of combinations until you find the right one from different computers, ”explains Eusebio Nieva, technical director of Checkpoint in Spain and Portugal. The story ended well for the expert, the company and the users: Muthiya alerted Facebook (owner of Instagram) and rewarded him with $ 30,000. But what if the discoverer of this vulnerability had used it to the detriment of customers?
Web-based social networks support many standard attacks . One of the most common attacks is known as man in the middle : “it means interposing between user communications and the social network and intercepting all communication,” explains Nieva. “It is easier in the application than in the web because it is nothing more than a web interface modified by the owner of the network,” he adds.
It is also common to attack updates in web environments or in the same app. Normally, malicious code is injected and users are tricked into installing it as if it were a new version of the application.
The expert ensures that the problem is not the ease or difficulty of hacking the networks but finding the vulnerability of each one. There are more malicious people than researchers like Muthiya trying to gain control of the networks. The good news is that as social networks are maturing, more security controls are passing and tend to be less vulnerable and the bad news is that as they are constantly including news, it is easier for an attack to occur.
The newer, the more room for maneuver cyber criminals have. Extortion, data theft, insertion of malicious links (with viruses) are the main problems of a hacked app .
There are ways to cause damage at the individual level and thousands of people with the same attack. In March a malware campaign was detected on Facebook. Cybercriminals were posing as a senior Libyan army that had thousands of followers. The page, which was of course false, was full of links of malicious content and at the same time they extorted the account owner (which had nothing to do with the page), thousands of followers clicked on insecure websites.
There is only one way to know if your account has been targeted by a hacker : observe the input history If you find log in (entries) with modifications that you have not made, inform the owners of the social network. “In addition, it is advisable to change credentials with double factor authentication,” says Nieva. It means that in addition to the network requesting your username and password, ask that they send a code to the mobile prior to accessing the account. “Combining something you know, that is, your password, something you have, the code to your mobile phone and something that is: the fingerprint restricts the risk of having your account stolen,” adds the expert.
All experts agree that passwords should be easy to remember. A page of a book, mixed with the first letter of a phrase or a saying is a good idea. Adding a symbol is important for more security. In addition, you should never reuse passwords for different services . If you have trouble remembering several, you can use a password manager. “I use Keebass. It works for the mobile phone, for Windows and several other operating systems, ”says Nieva. “There are other web-based apps but since they are on the network you do not own the entire storage,” he adds.
Despite taking many precautions, one must be aware that any social network is susceptible to theft. “If you do not want to be robbed of compromised photos or sensitive information, do not upload it to your networks. Any device can be hacked , therefore, if it has such data at least, it is as short as possible. Having a safer cloud or more security measures are other options, ”concludes Nieva.