“But I don’t have anything a Hacker would want”

“But I don’t have anything a hacker would want”, is often the reply I hear when I’m explaining the importance of strong passwords, software updates, and other tasks to improve their cyber hygiene.

“I don’t do online banking” or “I don’t have personal information stored on my computer” come in as the follow up statements.

What this tells me is that many of us have a false sense of what a cyber criminal wants.

Sure, financial gain does appear to be the motivation for many cyber criminals. Draining a bank account would be a easy pay day, but it could also be risky.

Many cyber criminals are opportunistic. They may not be targeting you specifically but if you don’t take precautions you’ll end up one of the unlucky targets they happen across.

Think of the internet like a car park, and computers as the cars. If you haven’t patched your systems, or make a habit of using a single password, you’re leaving your car unlocked in a public place.

A criminal can walk around the car park trying to unlock each an every car, once inside he might be able to take the loose change in the centre console, or take a laptop sitting on the backseat.

You would notice your laptop missing. But would you notice if the criminal took a few coins from the centre console?

A cyber criminal can scan the internet looking for computers that haven’t had the latest patches installed. These patches fix vulnerabilities in software that could potentially leave your computer “unlocked”.

Passwords are like keys. How convenient would it be to have one key that opens your house, car, safety deposit box, and mailbox? Say you lose one of these keys. How convenient is it for a criminal to then go around and access all your things with the one key?

Sure, in real life you’re probably going to notice a missing key. But digital things work a little differently. You might lose a file, but have an exact copy stored in a backup. You could have a copy of a file, and someone else could have the exact same copy of the file at the same time.

Would you know if a service you use lost a copy of a password?

In a data breach, cyber criminals are able to steal data (lose a key), and the company still maintains a copy of their own. The cyber criminal who initially stole the data can then sell it to other cyber criminals.

If this data happens to hold copies of passwords, a cyber criminal can then use these password to access the account of those users. If you use the same password everywhere, well, you can see where we are going.

You’ve left the car unlocked, you use the same keys for everything, the dog walker lost a copy of your key and didn’t tell you about it. You might still be thinking “But I don’t have anything a hacker would want”.

I’m sorry, but you do.

A DDoS attack (or Denial of Service Attack) is where a cyber criminal floods a website with traffic in order to slow down a website and try and take it offline. This is often done in protest (perhaps the website has different views to the cyber criminal, and she is angry), for the lulz (or for fun as it is known), or even just to cover up a separate attack that the cyber criminal is undertaking on the same site.

Back to our car – perhaps the criminal is going to use it to damage the property of a big corporation in protest. Perhaps he is going to cruise around town doing burnouts and driving through the garden of a local park ‘for the lulz’, or perhaps he has found one of your lost keys and is going to wander in a steal the jewellery in your home, whilst at the exact same time doing a burnout, out the front of your house to keep you distracted. All because you inadvertently left the car unlocked.

While it seams silly that the the criminal is in two places at once, that’s exactly how things are online. A cyber criminal can be doing multiple nefarious activities simultaneously; she can be attacking a website with a DDoS while also stealing the customer database.

To count as a DDoS (Distributed Denial of Service), the attack has to come from multiple sources. Computers (or other devices) that an attacker has compromised will be added to what is known as a botnet. This network of thousands of computers can have their resources pooled together to undertake malicious activities.

Resources such as storage are also something a cyber criminal requires. Perhaps she has some questionable material and need somewhere to store it. Perhaps she is selling the data stolen from another website. Instead of hosting it on her own servers, she might provide access to your computer and the buyer can download the information from there.

The car analogy still works here. Your car (the vulnerable un-patched computer), that you think is safe and locked, is sitting in a car park (the internet), completely open for anyone to access.

Remember the dog walker that lost a copy of your key (passwords) earlier. We’ll apparently he lost a copy of all his clients keys. The criminal who found them is storing them in your car. He found a buyer who will pop by your car later on to collect them. It doesn’t even matter if your using the car when the buyer comes along, he’s almost invisible.

This is really convenient for the cyber criminal because its your computer and not tied directly to him.

The purchaser of these stolen passwords, can use your email and password combination to then attempt to log into other service you use online.

Remember before I mentioned how convenient it was that you had a single key that opened the car, house, mailbox, and everything else? Yep. Ouch.

You might be thinking again, “But I don’t have anything a hacker would want”.

Facebook is a trove of information and everyone likes to overshare. “Happy Birthday Grandma”. Grandma is pretty tech savvy these days. We only communicate over Facebook.

“Hi Grandma! I’m in a bit of a pickle, I’m overseas at the moment and I have just had my wallet and phone stolen. I’ve been able to setup a temporary bank account and was wondering if you could transfer a couple of hundred dollars to it. The details are xxxxx. Thanks Grandma, I’ll be back home (hopefully) in time to pop by and wish you happy Birthday. Love from your Grandson and definitely not the cyber criminal who just bought access to this account.”

Look at that, you had exactly what a cyber criminal wanted. Access to Grandmas money.

It might not go down exactly like that, but your accounts as well as your computer can be used to attack other unsuspecting people.

I mentioned before whether or not you would notice a few coins missing from your centre console. You probably wouldn’t at first glance, but perhaps down the track.

If this was a cyber criminal taking files (the coins) from your PC, you probably wouldn’t notice at all because you are left with a copy even when she takes a copy.

What files do you store on your PC? Photos? Is there something that could be used for blackmail?

Do you have data that could be used for identity theft?

What about the drivers licence you scanned and emailed to the car dealership that time? What about the bill that Telstra insists on sending digitally? It has your name, address, and phone number listed on it.

You might not be doing online banking, but that’s not the only way you can lose money. A cyber criminal can use these details for identity fraud and have an expenses paid online shopping experience on your dollar.

“But I don’t have anything a hacker would want”, except for everything.

How do you protect yourself?

Passwords are hard. This is why we are all using the same old Petsname1! or Farm2810$ for our passwords. Don’t use the same password for everything. Even a variation of the same password is a bad idea.

Use a unique passwords for every account you have. This can make it difficult to remember, but it is OK to have them written down in a notebook stored securely at home. A password manager would be an even better choice.

To increase your password security, enable 2FA (Two Factor authentication) on all accounts that support it. If you are not sure if a services offers 2FA you can look it up on Two Factor Auth List.

Update software and Operating Systems. Windows can be updated by holding the Windows Key and pressing R. In the run dialog box type in control update and then press enter. Click the button that says Check for Updates.

Running a Windows Operating System that is out of support means it is no longer being maintained and therefore not receiving any security patches. If you are running Windows Vista or XP you really need to upgrade. Vista has been out of support for almost two years. Windows XP a lot longer.

If you are running Windows 7, your should aim to upgrade before January 2020.

Other software can be updated via its own menus within the software. It can be hard to keep track of versions when we have multiple programs installed. PatchMyPC is a free program for home users to easily update all the software on their PC.

While these task aren’t going to make you 100% secure, it is a good start. I have written multiple articles in the past on how to stay secure online. Check out our Tech Tips articles for more information.