Feb 20, 2021
Quashing popular internet and cyber security mythology
Part 2
Click here if you have not read part one yet.
In a land far far away lived Anansi the Spider. Every morning Anansi had to travel quite the distance just to get the day’s newspapers. The journey was a long one and he had to get different newspapers from various places miles apart. He was constantly tired and dreaded every morning’s trip. Being a cunning one, he decided to formulate a plan. He came up with the idea to create large chutes from the various newspaper publications to his house. The logic behind this was quite simple. He would pay the companies for a month’s supply of newspapers and every morning they would drop the papers in the chute linked to his house. What he did next was to create a large web in the middle of his house where all the papers would come together and be stuck to it. He could then sit in the comfort of his home and just flip the newspaper pages attached to the web. And that my lovely readers, is the TRUE story of how the first website and monthly subscription came about. (source: Dude trust me!)
Welcome to Part 2 of our internet and cybersecurity mythology series where we debunk the various stories and rumors you have heard over time. Let us get into it then.
1. An antivirus will solve all my problems
An antivirus is a computer program written to detect, block and quarantine (no pun intended hehe!) viruses, malware, spyware and ransomware. Think of it as the white blood cells of the computer. When most people install an antivirus, the idea is that it will protect them from every single piece of malicious exploit on Earth. And that’s where most people are wrong. First of all, an antivirus will do its job of protecting you against what it knows or is available in the software. When a new malware or virus signature appears on the cyber space it takes a while before your antivirus provider reverse engineers it and pushes an update to prevent your computer from getting infected by that particular virus. If your provider is not quick enough you can get infected. This is why it is imperative to always update your antivirus software. Secondly, an antivirus is not going to prevent you from a phishing attack. A phishing attack allows an attacker to steal a user’s legitimate credentials to email, websites, credit card information and so on. This attack could be done with an email containing a link that would lead you to a fake site and steal the details you provide. So, in as much as an antivirus is quite good at what it does. It is paramount that you apply a bit of wisdom when dealing with crucial information and downloading files from shady sites since most anti-viruses cannot protect you in that domain.
2. I will know if my computer has been compromised
This myth is the big one. Cyber-criminals are born and bred in stealth. When they decide to attack your computer there isn’t likely to be a red flag that pops up. They have ways of compromising and infiltrating your device without any discernible trace. But let’s make all things equal and say you notice suspicious activity on your computer. There are several articles online detailing signs, steps and procedures to verify a compromise. While these signs are a good meter, they are also slightly flawed since they are not set in stone. The average user who suspects his computer has been compromised will go through all the signs and is likely to pick the only one that suits the situation and call foul play. This is called an unconscious bias recruitment. This is where you overlook other information and instead, focus on things that fit your view. So, as you go through all the signs, most do not likely fit your situation but as soon as you see a positive one, you run out of your bedroom shouting to the world that you have been compromised. The gag is, it is likely that you may or may not have been compromised. There are concrete signs that can prove that you actually have but they are few and the rest are just probabilities. It could probably be an app gone rogue or even your RAM acting up. So, before you go about bragging to your coworkers that the “blue screen of death” means hackers in Russia have targeted them, do a proper test first. Outline any activity done on your computer in the past two weeks i.e. from downloading software, updates, inserting USB sticks etc., that could have caused what you are experiencing. Then, go through the signs and note down the ones you are experiencing. In the end you might still not be able to tell whether you have been compromised but you would have a fair idea of what is actually afflicting your computer.
3. Hackers are bad people
Imagine a figure wearing a black hoodie and sunglasses in a dark room, hunched over in front of a computer and typing furiously like a life was dependent on it while random green lines streamed on the computer’s monitor. Then the figure yells ‘I’m in’ after 30 seconds. This is what most people think of when someone mentions the word ‘hacker’. The truth is most hackers are actually quite difficult to pick out. They are regular people and are not like the stereotypes portrayed on TV. Most of them are not even individuals but are whole organizations that are sometimes funded by their governments. Generally, there are three types of hackers:
· White Hat Hackers:
These are the “good” hackers. They use their skills to make the internet a safer place. Some actually break into servers for fun and report the information to the companies so that they can be fixed.
· Gray Hat Hackers:
These are the “lukewarm” hackers. They do not hack for personal gain or for malicious reasons but they are likely to break a few laws in the course of their exploits. In summary they sometimes act legally and sometimes not. Most of them hack to bring to light political agendas or detrimental social constructs. So even though the cause might be noble, the methods are not legal.
· Black Hat Hackers:
These are the “bad” hackers. They are the one that give the word its negative association. They commit crimes knowingly and exploit companies, you, your devices and anything they can lay their hands on for their financial gain.
Out of these three, there’s only a probable 0.01% chance that they might be dressed like I described in the introduction. So, next time the word ‘hacker’ pops up in your conversation please do not think of Darth Vader sitting behind a computer and typing at 170 wpm because that is outrageous and far-fetched. Someone like your next-door neighbor probably fits the description better.
4. I do not have any data worth protecting
I will just go out on a limb and say everyone has uttered this statement before. You might think you have no money or you do not have anything to hide. You are just an average Joe using the internet so your data does not need protecting or no one cares about it. And it is quite a logical way to think except that when we say data, we are not only talking about your credit card information or your passwords. Your phone model, IP address, battery status to your usage of all the free social media apps you sign up for could be used to build a demographic profile or personal profile. Have you ever come to think about why most of the social media apps you use are free? Because in actuality they are not. When you accept the Terms and Conditions, you are basically signing away your right to privacy. All the information they collect is then sold to marketers and advertisers which makes them a lot of money. So for instance you could have a phone with a really bad battery, because this is recorded and sold to advertisers you could start seeing ads on phones with bigger batteries or battery saver apps and the like. Sort of scary isn’t it?So next time you think you do not have any data worth protecting, ask yourself why hackers break into these companies just to steal data from servers that do not store bank details, Social Security Numbers, credit card or tax information?
This concludes our series on quashing popular internet and cyber security myths. I hope a lot was taken from this and you are now better equipped to recognize misinformation and educate others.
Always remember that your data is worth a lot to malicious attackers so take all necessary steps to protect it. Update all your devices to the latest software and security patches. Also make liberal use of well-built security applications, two-factor authentications, password managers and end-to-end encrypted (E2E) messaging applications.
Most of all make sure to educate yourself on the best online security practices and read from proper news outlets that do not spread misinformation about various happenings on the internet and cyberspace.
