Hacking Identity Theft 2: More Entry Points, More Tools, And More Prevention


In Hacking Identity Theft: Entry Points, Tool, and Prevention, we detailed the modern ways and means of having your digital persona stolen.  We wrote about some of the most common pathways and tools identity thieves use to work their way into your computer, and we went on to explain how these routes can be blocked and theft can be prevented by a combination of common sense and an effective Anti-Malware software, like Emsisoft Anti-Malware 8.

We also took a good a deal of time to compare modern day Identity Theft to Identity Theft of old.  We discussed how many of the tools have changed, but also how many of the deception-based approaches have remained the same.

In all, this article turned out to be quite popular among our readership.  Most likely, this is because when battling technical enemies like malware, knowledge is power.  With this in mind, Emsisoft presents part two of Hacking Identity Theft, an addendum designed to provide our readers with even more knowledge on entry points,  tools, and ultimately means of prevention.

More Entry Points, More Tools

10095935_sFalsifying Wireless Access Points (WAPs)

In part one, we briefly mentioned how hackers will sometimes create fake WiFi networks to lure unsuspecting victims onto their network, so they can steal information.  We kind of glossed over this, though, and we realize that many readers might be wondering how this works.

When you go to a place that offers free WiFi and you log on to the network, your computer is simply intercepting a radio signal and “tuning in”.  To steal your information, identity thieves need only create and broadcast their own radio signal and present it to you as if it were an innocuous free WiFi network.  Essentially any determined hacker with a wireless network card and the right software can pull this off.  What’s worse is that once the malicious network is created, hackers can name it anything they want.

This means that a Wireless Network named “Coffeehouse WiFi” might not actually be what it’s named.  If this wasn’t bad enough, some hackers will even take things a step further and set the fake WiFi up so it can only be accessed once users create a username and a password — and as we learned in part one of this article, most users tend to recycle such credentials.  This means that even once you log off the fake WiFi network, the hacker who created it will at the very least have the recycled username and password to one (or more) of your online accounts, be it email, Amazon, or anything else tied to your name.

Stealing Cookies, from the Cookie Jar

On the Internet, a cookie is a temporary file automatically created by your browser to speed up your surfing ability.  If you have ever logged onto a website multiple times in one sitting and found that you only had to supply your log in credentials once, you have experienced a cookie.  Most likely, when you were experiencing the cookie, you liked it.  It made things faster, and made it so you didn’t have to remember yet another password while you browsed.

This is all and well; however, like passwords cookies can also be stolen.  In fact, hackers have developed numerous programs to steal their victims’ cookies once they have worked their way onto the same network.  One of the most well known cookie stealing tools is called Firesheep, which was developed by an independent software developer to show just how vulnerable Firefox users were and are to cookie theft.  Once a hacker has used a tool like Firesheep and stolen your cookies, they can use them just as you would, to log onto websites that you frequently use.  Depending on what these websites are, cookie theft can be disastrous.

Fake File Names: aReallySexe.jpg

Deception, deception deception.  Did we mention that Identity Theft is all about deception?

Yet another way hackers pull their deception off is by naming files things that they are not, much like is done in the case of the supposedly free “Coffeeshop WiFi.”

The reason this method can work is a case of curiosity killing the cat.  Let’s say you’re trying your hand at online dating, and you receive a “private email” from a potential match.  In this email, you get an attached file entitled sexypic.jpg.exe.  Is it a flirtatious .jpg, or is it a potentially dangerous .exe?  In this case, the answer is the latter; but, for many users, all that matters is that it says sexy.

Still, even the most novice of computer users know that any file containing .exe is one to be suspicious of.  Hackers have therefore developed a very clever workaround that they’ve been using for years.  It’s called the Right to Left Override trick, and it works by utilizing the Unicode character U+202E.

Say a hacker writes a virus and names it aReallysgpj.exe.  If you received this file as an attachment in an email, you would probably delete it immediately — even if you were the loneliest guy in the world.  But what if the file was called aReallysexe.jpg instead?  Chances are high that anyone with a sense of curiosity would open it.

How do hackers pull this off?  Simply by inserting Unicode character U+202E after aReallysgpj in the original file name:

aReallygpj [U+202E].exe

Which magically flips gpj.exe into exe.jpg, giving you aReallysexe.jpg, without changing the executable format of the file.  What’s interesting is that this only works because exe is a palindrome.

Redirecting your Hosts

When your computer looks up a website, a whole lot of complicated processes go take place.  Knowing this full well, people who write operating systems have created a number of methods to simplify things.  One of them is called the Hosts file, which is a file that exists in the background of your computer.

Kind of like cookies, the Hosts file works to speed up Internet usage by storing commonly visited domain names and their IP addresses on your computer.  Also like cookies, the Hosts file is great, up until the point it gets into the hands of a hacker.

Say an identity thief got onto your network or computer and wanted to steal your identity, but wanted to be couth about it.  If they wanted to, they could go into your Hosts file and compromise your domain name to IP address match ups.  By doing this, they would make it so that the next time you went online and typed, for example, yourfavoritewebsite.com, you’d be led to a falsified version of the site, designed by the hacker to steal your financial information.

Poisoning the Waterhole

In the case of identity theft, there isn’t always safety in numbers.  Take for example a place near your work where you and your colleagues gather to talk business.  Maybe it’s a local coffee shop.  In this case, a hacker wanting access to your company’s credentials could create a fake WAP in the hopes that one or all of you log on.  Depending on who came to your meeting, such a hacker could take down an entire company in one swipe

Identity thieves have also been known to use the waterhole technique to attack virtual meeting places, such as social media.  The specific tool that is used to do so will vary from case to case, but in all cases the social engineering tactic is the same.  People flock  to social media sites en masse, and because of this individual users fall into a false sense of security.  From 20,000 profiles all “liking” the same thing, the odds of being the chosen target are slim; but, to hacker looking for an easy target, hitting 20,000 fish in a barrel all at once can mean payday.

Freeware Bait

If you’ve spent any amount of time playing around on the Internet, you’ve probably downloaded a free program or two.  In our recent article on PUPs, we detailed the dangers of doing so excessively.  What we didn’t mention, however, is that freeware can harbor much more than PUPs — it can also hide malicious code.

The freeware bait method is particularly sneaky, because it doesn’t kick in until weeks or months after initial download.  Say for example you’re developing your own blog, and you download a free readership counter that you place at the bottom of each one of your posts.  The counter works marvelously, counting each visit and making you seem like a popular, well read author.  The counter also contains a link to the website you downloaded it from as a built in way to advertise itself.

At first, you’re fine with this link because you like your little counter and you think other people should get to use it for free as well.  Then, one day, the person who developed the counter — actually a nefarious hack — decides to change the link so that it directs anyone who clicks on it to a website containing malware.

…Suddenly, your readership hates you, and no one is coming to your blog.

More Prevention

9015760_sIf you’ve taken the time to read through the entry points and tools detailed above, or even if you just skimmed through them, there is still one very important takeaway from the preceding section.  There are infinitely many ways for a hacker to work their way onto your computer and steal your identity, and determined hackers are limited only by their imagination.

This means two things for those of us who want to ensure prevention.  One is to maintain a mindful presence whenever you’re using your computer.  It might not seem like it, but using a computer is a lot like driving a car.  Just about anyone can do it, without having to know what’s going on under the hood — and just about any kind of disaster could occur if you’re not paying attention.

Emsisoft Is Your Seat Belt

If you drive down the highway, you’re at risk of getting in a car wreck.  If you log onto the Internet, you’re at risk of identity theft — no matter who you are or where you’re coming from.  Like safe driving, maintaining a secure computer is all about being attentive, defensive, and educated.  This is why drivers are licensed to drive, and why many pros think users should be licensed to browse the Internet.

No one person can catch everything though.  Accidents happen, usually when you’re closest to home and usually when you least expect them.  People get blindsided, and as such car manufacturers have developed numerous safety features, such as seat belts and air bags.  It’s for this same exact reason that companies like Emsisoft develop Anti-Malware.

Realistically, you can do a large part of an Anti-Malware’s job on your own, just by paying attention.  But you can’t catch everything, and more than that paying attention takes lots of effort and time.  The entry points and tools listed in this article and the one before it are really only the tip of the iceberg when it comes to the ways and means of identity theft.  Learning everything would literally require a full time job — and chances are you probably already have one.

This is exactly why Emsisoft was made into a business: to be the full time solution to busy people’s malware problems.  We do the legwork so that you don’t have to, and for those of you who are curious we provide informative tips like these along the way.

Like a seat belt, Emsisoft is as simple as a (couple) click(s).  We’re here to protect you and your computer unobtrusively, while ensuring a comfortable, enjoyable ride.  Our hope is that in the event of an accident, our software can help keep you and your identity from flying out the window.

In the coming weeks, we’ll be sure to post even more malware tips and developments for anyone out there who wants to stay informed.  And as for the rest of you, well, watch out for those sexe.jpgs.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a Great (Malware-Free) Day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next