Articles by the cybersecurity community

Guest Post - Jacob Weller - The Worst #Passwords of 2019

Thanks to IT professional Jacob Weller who, being passionate about supporting others to increase their cyber security awareness, has kindly provided a guest post about the worst passwords of 2019.



So as xmas is upon us and the year draws to a close, I thought it would be a good time
to write my first security article..So here it is...

The Worst password of 2019...

This is a good time to remind everyone on how a simple but effective password can be your best defence against scams and hackers this xmas and years....

Don't give them an early xmas present!!!

So without further ado, here are the worst passwords of 2019.

1 - 123456 (rank unchanged from 2018)
2 - 123456789 (up 1)
3 - qwerty (Up 6)
4 - password (Down 2)
5 - 1234567 (Up 2)
6 - 12345678 (Down 2)
7 - 12345 (Down 2)
8 - iloveyou (Up 2)
9 - 111111 (Down 3)
10 - 123123 (Up 7)
11 - abc123 (Up 4)
12 - qwerty123 (Up 13)
13 - 1q2w3e4r (New)
14 - admin (Down 2)
15 - qwertyuiop (New)
16 - 654321 (Up 3)
17 - 555555 (New)
18 - lovely (New)
19 - 7777777 (New)
20 - welcome (Down 7)


"Need some pointers on creating a cyber-strong password? Visit https://www.staysmartonline.gov.au/Protect-yourself/Doing-things-safely/Passwords-passphrases")

Bio

Jacob Weller is a virtuoso who is highly experienced Information Technology Officer at University of Queensland. He prides himself in being passionate about contributing to the improvement of Technology whilst being an experienced IT Professional, in a wide range of areas, including Desktop Support, Service Desk Analysis, System Administration and Cyber Security. Jacob's keen interest in cyber security revolves around awareness and helping to develop programs and initiatives to keep people informed and aware of threats and prevention.

Guest Post - Shelly Mills - What does #phishing have to do with black juju?

Thanks to my colleague Shelly Mills  for writing this post to provide an interesting look at phishing.

Phishing is a form of fraud used by scammers to steal sensitive information such as account credentials or banking information, by disguising emails to look like legitimate emails from reputable organisations and people you trust. 

Because of the ease of sending bulk phishing emails, it has become a common method for criminals to use to try and obtain your money. In Australia, citizens lost $1 444 162 to phishing scams in 2019 (https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=31&date=2019 

But, who exactly is phishing you?  

Phishing scams are usually run by criminals. There are various different types of criminals who use cyber as a method to commit their crime [follow this hyperlink to the story on cyber criminals]. Organised crime syndicates, lone-wolves, etc...  

 ....... And then there the Ghanaians, who believe their phishing scams need to be blessed though a black magic ritual in order to be successful.  
This practice is called “Sakawa” - the combination of internet-based fraud (usually via phishing scams) with traditional African black magic rituals (commonly referred to as “juju”).   Once sending out a mass phishing email, the scammer will visit their local black magic priest to bless the scam through a voodoo ritual.  

In fact, as Sawaka grows, there are now fake black magic priests scamming the internet scammers who are getting their scams blessed by these fake priests, who then send their scams out to scam the rest of the world. 

Further watching: 

Further reading: 




Excerpt from book Unmasking the Hacker - DDoS and Botnets

It is Sunday 15 December 2019 as this is published and I am working on editing and writing more for my book and hope to have it in a good state to self publsh by by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated with them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is about DDoS and Botnets



A way for criminals to cause major disruptions to the networks or websites of businesses for malicious reasons such as hacktivism or financial gain, is a type of cybercrime called a Distributed Denial of Service (DDoS) attack. The criminals behind these DDoS incidents may not have created the malware themselves, as they may have purchased from others who have created it to sell as a type of malware as a service (MaaS), and they may not actually perform the DDoS themselves, as they may purchase the services from other criminals as a DDoS for hire. 

As many computers are needed to create the network traffic to cause a DDoS, criminals infect the computers of individuals and businesses, via malicious attachments in spam emails for example, to act as their slaves, or bots. These infected computers, which collectively form a botnet, are not just used to deliver DDoS however, as criminals also use them to send spam emails and malware.

An example of a denial of service incident occurred in 2012, when DDoS attacks were launched against the websites of both the United Kingdom Home Office and politician Theresa May. These attacks prevented legitimate visitors to those websites and, the decentralised hacktivist group, Anonymous publicly declared it was in response to a proposed extradition of Wikileaks founder Julian Assange to Sweden1. In November 2012 a man was arrested in England due to his alleged association2 with these cybercrime incidents.  

Another example of hacktivism, in this case allegedly to demonstrate that certain game console companies hadn’t invested enough in cybers security, occurred towards the end of 2015. A hacker group calling themselves the Phantom Squad used the social media platform Twitter to share its alleged motivations to take down the gaming networks of two large companies, in a DDoS attack in a similar manner to another group, the Lizard squad.


1 https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange
2 https://www.scmagazineuk.com/article/1483374

Sample page of book Unmasking the Hacker

#Cybercrime - five tech support scam mitigation tips


Also known as remote access scams, the criminal aims to convince their potential target that their computer has malware. Once they gain traciton with this story, the criminal then tells the target that they need to download remote access software so the computer can be fixed. These scams may be via cold calling, web site pop-ups or even via scam emails.

1.  Remember that telecommunications and computer companies do not proactively call people unsolicited to tell them there is malware on their computers.
2.  Do not give remote access of your computer to anyone unless you can confirm the request is legitimate and from a genuine technical support company that you do business with.
3.    Do not believe pop-ups that state your computer has malware and suggest you call a number or download and run software to repair it.
4. If you have already been scammed delete any software they asked you to install, change your passwords, call your financial institutions to cancel any credit card that may have been provided to the scammer and to attempt to claim back any money that has been scammed.
5. Share Tech Support scam information with others.


These points and more are included in Unmasking the Hacker.

#Cybercrime - Five points to consider



1. Anyone can fall victim to cybercrime. None of us are immune. Never believe yourselves to be above being scammed, as criminals can exploit that false sense of security.

2. Cybercrime is more than scams and malware, it also encompasses other cyber enabled criminal activities such as child exploitation.

3. Stay aware and share your knowledge of cybercrime, malware, scams, and other cyber enabled criminal activity to support others to also be vigilant.

4. The victims of cybercrime are not at fault, the criminals are. Let's change the narrative & stop victim blaming.

5. Collaborate to harden our communities against cybercrime.











Excerpt from book Unmasking the hacker - The world of the web


It is Sunday 01 December 2019 as this is published and I am working on editing and writing more for my book and hope to have it in a good state to self publsh by by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated wiht them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is on the world wide web.

“The Web as I envisaged it, we have not seen it yet. The future is still so much bigger than the past.” – Sir Tim Berners-Lee[i]
Cybercrime, hackers and the dark web are often terms used together and, the idea of a part of the internet that is used for criminal activities by these shadowy hackers sounds both horrifying and mysterious. The internet brings information from all over the world, crossing geographical boundaries, to the computers of individuals and businesses, and it also used to commit crimes and drop malware. To help demystify cybercrime it helps to include a basic explanation of the internet, including a brief history of the world wide web and then look at the differences between the dark, deep and surface web.
Although the terms are sometimes used interchangeably, the internet and the world wide web are not the same thing. The internet is the structure in which the world wide web communication and retrieval framework exists. The internet dates back to at least fifty years with the Advanced Research Projects Agency Network (ARPANET)[ii] when the United States Defense Advanced Research Projects Agency (DARPA) researched ways for computers to communicate with each other[iii]. The research was referred to as the internetting project which gradually evolved into the term internet. Over the years the researchers developed a way for the computers to transmit data via linked packet systems with the transmission control protocol (TCP) and the internet protocol (IP).
The concept of the world wide web was proposed in 1989 by Sir Tim Berners-Lee to establish a more efficient way to share information between researchers and universities. By 1990, he and his colleagues at CERN had developed a better way for the internet to be navigated, with the Hyper Text Markup Language (HTML) that created a standardised internet communication framework. The use of hypertext links, also known as hyperlinks, however, dates back much further to the 1960s. The online system, that used hypertext links, was known by the acronym NLS and was created by Douglas Englebert and implemented by the Augmentation Research Centre (ARC)[iv]. As an aside this system was also known for its windowed screens and the use of a mouse. Hyper Text Transfer Protocol (HTTP), also developed at CERN in work initiated by Berners-Lee, is the framework in which computers transmit and receive information over the internet. The first iteration of this protocol had one method, called GET, to obtain a web page.
By 1991, the World Wide Web was open for anyone to use and was, as we know, later keenly adopted.



[i] ilva, D. (2009, April 22). Internet has only just begun, say founders. Retrieved from Phys Org: https://phys.org/news/2009-04-internet-begun-founders.html

[ii] Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., ... & Wolff, S. S. (1997). The past and future history of the Internet. Communications of the ACM40(2), 102-108.

[iii] Friedman, L. W., & Friedman, H. H. (2015). Connectivity and convergence: A whimsical history of Internet culture. Available at SSRN 2628901.

[iv] Press, L. (1986). The ACM conference on the history of personal workstations. ACM SIGSMALL/PC Notes12(4), 3-10.