A presidential election steered by Russia, which allegedly leaked the Democratic National Committee’s private communications to damage Hillary Clinton. An ongoing epidemic of “ransomware” – malicious computer software that destroys one’s personal files — that crippled hospitals, factories, and other critical infrastructure worldwide.
It’s a harsh reality — the computers and devices we use every day to deliver the news, do our homework, and keep up with friends can be turned against us by criminals and rogue states. It’s easy to despair that hackers are unstoppable and will always find terrifying new ways to disrupt our lives. But with a little education about computer security, we can put their threats into perspective — and do our part to build a safer, more secure and more connected society.
Surprisingly, cybercriminals usually don’t actually break into computers, according to a 2015 Verizon report on cyber-espionage. Instead, they manipulate the humans that operate them, using so-called “phishing” techniques to trick victims into submitting passwords, sending money, or installing viruses that hijack machines. The bad guys do this by sending fake emails and making spoofed phone calls while pretending to be legitimate authorities, employers, or relatives.
These scams can be highly sophisticated. The criminals often use searchable information to make their phony messages more convincing — last year, they impersonated the University of Texas financial aid office and used the public directory to call students by their real names. And in 2014, a phishing email purporting to be sent by the UT library system came complete with a fake UT EID login screen.
To avoid getting phished, be careful when any email, webpage, or phone call asks you for your personal information or demands you to run software on your computer — it’s easy for cybercriminals to forge nearly any identity they want. Don’t hesitate to contact the organization in question if a message seems fishy, even if it threatens you with an account closure, disciplinary action, or arrest. These are common techniques that cybercriminals use to pressure victims into complying with their demands.
Once cybercriminals successfully phish some users of a computer network, they can use security flaws in computer software — what we commonly refer to as “hacks” — to gain further access and do more damage. That’s exactly how the “WannaCry” ransomware spread so quickly back in May – once a single computer was infected by a rogue email attachment, the virus propagated itself to the rest of the network using security exploits developed by the NSA.
We can defend ourselves against these hacks by keeping our software patched against security holes. Turn on automatic updates for your programs where available – such as the web browser plugins Java and Adobe Flash — to make the process seamless and hassle-free. Reboot your personal computer and phone whenever they need to install updates. It may seem inconvenient, but remember that each security update could prevent you from becoming the next victim of cyberattacks like WannaCry.
Using the Internet will always come with risks, but it doesn’t have to be scary. Let’s keep it safe and secure for everyone on the Forty Acres — and ultimately, the world.
Author's note: To learn more about personal cybersecurity, see the UT Information Security Office’s Protect Your Privates campaign.
Ryan Young is a computer science senior from Bakersfield, California. He is a senior columnist.