Just when you thought the Internet was safe! Ehh…ok, nevermind. What I meant to say was, people…you need to stop leaving yourself vulnerable out there on the Internet. And while we’re talking about this, let’s clarify one thing: there’s a major difference between you getting hacked and getting phished. More on that in a minute, but for now, let’s see what George Bronk is up to these days.
It appears that Mr. Bronk has been trolling Facebook looking for women who might have been leaving clues in and around their profiles that could allow George to gain access to their accounts. He chose women because like any self-respecting creeper, he has a preference. Once he had the information he needed to get into the email accounts, he would search through folders looking for nude photos and/or videos that they may have sent to their husbands or boyfriends. George would then send these files to that person’s contact list, thus exposing their personal lives to family, friends and co-workers.
Unlike most “hackers”, George’s approach wasn’t that he found clues that would lead him to figure out the actual password, nor was he using any brute force attacks on the accounts. What he did was actually pretty clever and a great eye-opener for you. Using personal information like where you’re from, names of your family members, home addresses, phone numbers, etc., he would click on the “Forgot password” links at various webmail sites and plug in the correct answers for the security questions to get a password sent to him.
George Bronk was sentenced to 4 years in prison for violating the personal privacy of women in 17 states, Washington D.C. and even London. He was also charged with possession of child pornography which added 8 more months. More on George Bronk.
Once in the account(s), he would change the password to lock the person out and begin his attack. Now by me agreeing that it’s a clever approach does not condone his actions—it simply reminds us just how easy it can be to lose access to your personal data. Using easy-to-remember answers on those security questions falls right into the same realm of using the same password for all of your online accounts. It’s just a bad idea.
Hacked and Phished
As soon as someone loses access to an online account or they start seeing mysterious wall posts on their Facebook profile, the first thing they tell all their friends is that they got hacked. While in some cases, this might be true, 99% of the time, it is not the case. What most likely happened is that you got phished. There are two reasons why someone would say hacking instead of phishing: 1. They don’t know the difference or 2. They do know the difference and realized that getting phished makes them look like a fool.
Being hacked means that your account was compromised in some way by an attacker that has made entry into the computers and or servers where your information is stored. For example, if someone hacked into the Facebook computers and had access to everyone’s account profiles and all information tied to them.
Being phished means that someone set out to attack you personally (or you were part of an attacked group) and have made entry into your account directly using a password that you inadvertently gave them. For example, someone sends you an email saying you need to login to Facebook to verify your account. you click on the link, see a page that looks like Facebook, fill out your username and password and then nothing appears to happen. You think it was some computer glitch and proceed to login to Facebook again through Facebook.com. What just happened was that you entered your username and password on a page that wasn’t Facebook and thereby sent that info to your attacker.
The difference between these is like night and day. Having your Facebook account hacked would be something out of your control because the attack happened to systems out of your reach. It just happened to be that your account was on those systems. On the same note, hacked systems usually affect thousands if not hundreds of thousands of users all at once.
If your car got stolen because someone broke into to it, hotwired it and drove off, that would compare to a hacking event. If you gave your keys to a stranger because they told you they were going to go get your car washed for you and they never came back, that compares to a phishing event.
My two cents
Always use strong passwords. Never use the same password for every account. If you really have to, at least don’t use your Gmail password for your bank account! As we learned above, it appears that even a secure password is not very secure if the reset questions are easy to guess. With that said, try answering questions with different answers. I remember when I would see the “What was the name of your first pet?” question…rather than providing the real answer, I’d use a name of an ex-girlfriend. This made it funny to me, but it also made it very secure as nobody could ever guess that answer.
Lesson learned today: always protect your online accounts just as you would protect your house and other belongings.