Man in the Middle Attacks
First off, I apologize to everyone that accepted the video that my hacker provided. I am embarrassed. I got hacked being a Cybersecurity Consultant. I was having a fun day at a football game. I had quite a bit to drink which made me extra social and therefore acceptable to a hack. I updated my Facebook with my exciting event that I was attending, and noticed a friend shortly later sent me a video asking me, “I this you?” I was immediately excited and wanted to see this video. I had clicked on the video multiple times confused why Facebook was not giving me access. Due to my intoxication, and my eagerness to see if the video had me in it, I did not realize the damage I had done. I got back to my apartment, which is full of my colleagues. they had instantly known I was hacked when they were getting instant messengers from me while they could hear me snoring in the background. I realize this probably would have not happened if I was more educated in preventing this.
I have hacked multiple people through Facebook, with permission of course, and it is so easy. So, I knew right away the time and place that the event occurred of me being hacked. I always stress to people that they should never click on anything in emails. Not only can I access your Facebook, but I can also access your computer. Your saved accounts, pictures, applications, and camera. Probably best to power off your computer when it's not in use.
How do I do it? it's easy to access anything once you click on something. It's like asking permission without really asking for it. once you accept a download, video, picture, or just trying to click on a link that seems legit. It's amazing how easy it is to trick someone into doing something if they are manipulated into thinking they need to do it. Going back to a video, asking “did you really do this on video?” we as people hope people are looking out for us, and therefore hackers pray on this.
Even if you feel like it’s a legit link from a childhood friend or bank, you should never trust it. Usually, a pop up will occur that requests you to put in credentials, login, and password. My method of attack would let you know your password has been breached, and that you needed to click my spoofed link (that I made look like a legit Facebook one) and give me your login information. This not only gives access to your Facebook, but also your computer. Although the attack I experienced did not do this, it made multiple trusted friends, family, and acquittances loose my trust.
I hope to regain some of that trust by providing this information. The attacks are called man in the middle attacks, they intercept your connection between you and your target. What is a man in the middle attack? Man in the middle attack intercepts communication between two systems, such a laptop or cell phone, where communication between two users is monitored and modified by an unauthorized party or hacker. How do you avoid these attacks? hopefully by educating you, I can help prevent you from being a victim.
Avoid using WIFI connections. It's very easy for hackers to access your computer if you connect to a network. if you need to use a WIFI connection that you do not own, you can get extra protection for your phone and computer by using a virtual private network (VPN).
When accessing websites, make sure you use HTTPS appose to HTTP. HTTPS ends with S due to having security. By accessing HTTP sites, you make your device vulnerable to the website provider. Your device should be able to notify you if you are accessing an unsecure site. Hopefully this helps you if your security is disabled.
Avoid phishing emails by always accessing urgent emails directly through the trusted website by typing it into your browser, never click within an email. It is very easy to make a fake email that looks legitimate from a bank or social media. A red flag for man in the middle attacks, is when emails request your credentials, such as a login and password. Even if you have a private network, it could be unsecured.
It’s a good practice to log into your router to ensure that it’s secure with encryption, WPA2 or WPA3. If your router is using older technology WEP, WPA, or a provided weak encryption, a hacker can gain access to your devices on your network. I would also disable broadcasting your wireless service set identifier (SSID). By disabling your SSID, no one will be able to see your wireless point, but it can be typed in manually on your device.
Last of all, make sure you do not save login, passwords, or remain logged into sensitive applications or websites.
I hope this helps in securing you from future headaches and unneeded stress as education is the first step in preventing attackers from obtaining information that can ultimately ruin your life. I have recently started my career in cyber security consulting after being in the information technology field for about fifteen years. I have pursued this career in order to help people such as yourself. Please reach out if you have any questions or comments!
Reference:
Zerouniverse.com2020 What is man in the middle and how to prevent it