Are the phone hackers real?

Security

"Interesting" for end users are primarily five types of hackers identified by the security provider Sophos. Who are these guys called "hackers"? We present them and explain how you can protect yourself properly against them ...

  1. The digital petty criminal
    Earning money with illegal activities on the Internet - petty criminals want to make a quick buck with their technical skills. It's about spamming, phishing, drive-by downloads, black hat SEO and ransomware. In order not to become a victim, one should surf carefully, install updates regularly and not download everything that sounds interesting.
  2. The fun hacker
    The script kiddies want to prove their IT skills to themselves and use ready-made scripts to break into other people's computers in order to expose malware. Curiosity and sporting ambition are what drives you, not your finances. If you want to protect yourself from the fun hackers, you shouldn't use outdated software, keep your computer and all browser plugins up-to-date and neither open dubious websites nor e-mails.
  3. The scout and collector
    The scout and gatherer uses every opportunity to access data - including connection data - continuously and with every digital communication process. Real professionals are at work here. Behind it are not only state investigators and secret services, but also large corporations that are interested in the digital customs of their customers. Although there is no direct damage to the mass data collection, these activities can represent a significant invasion of privacy and, under certain circumstances, represent a massive encroachment on fundamental civil rights. The best protection against this desire is a conscious handling of your own data.
  4. The smartphone hacker
    There are still few smartphones that are as well protected against attacks and malware as desktop PCs and servers. A lucrative business for criminals to get physical access to the devices with viruses, Trojans and manipulated apps and then to take over their owners - often by means of social engineering. Protection: Avoid public WLANs, only install verified apps and strong password protection. Ideally, full device encryption.
  5. The parasite
    The parasite is an email hacker who prefers to operate under a stolen identity. Purely for financial reasons, he has specialized in intercepting and reading third-party e-mails in order to then use online shops and services or send spam at third-party costs. So change your (strong!) E-mail passwords regularly, and bring a healthy mistrust of attachments and links in e-mails.

The digital petty criminal

You have a wide variety of skills, sometimes organize yourself in groups and just want to earn money - as quickly as possible, as easily as possible. Every means is fine for them - spam emails, phishing of online banking accounts, black hat SEO, drive-by downloads or the currently particularly popular blackmail ransomware: digital petty criminals are more technically skilled than the average person and make use of their knowledge. More and more often, their criminal cyber tours also hit companies. So be careful - maybe tomorrow your computer will be encrypted without you noticing anything ...

Protection: If you want to defend yourself against this difficult-to-calculate group of hackers, you should always be up to date with the current update and patch status, only install programs that are actually useful for something and remove any administration rights from normal standard users - for example under Windows. Most attacks by petty criminals can already be prevented in this way.


  1. With a deceptively real-looking Ebay request and the threat of calling in the police, the phishing scammers get the victim to respond.

  2. If you click on the answer button, ...

  3. ... you come to a fake eBay input mask.

  4. Even alleged auction participation is fake ..

  5. After registering on the fake site, you will be redirected to a regular Ebay site. However, that runs nowhere. But phishing victims may not even notice the data theft.

  6. Now the fraudsters are in possession of the access data and can wreak havoc with the hijacked Ebay account.

The fun hacker

In the early years of the PC they were widespread - script kiddies who wrote destructive scripts "just for fun" and used them to attack other computers. In some cases considerable damage conceals the fact that this "species" of hackers is not aiming for money, but for satisfying their curiosity, their gambling instinct and their "sporting" ambition.

A subgroup of fun and leisure hackers are the online game cheaters who manipulate a game with lazy tricks in order to give themselves an advantage - for example through rapidly improved skills - and the game community a fun-free game.

Protection: There is nothing you can do about game cheaters - the manufacturers of the games have to remedy this. Against the script kiddies in general, the regular patching of all systems and programs as well as not visiting unknown and dubious websites or opening corresponding e-mails also help.

  1. Blackholing's father
    Dmitry Fedotov, also known as “Paunch”, is less known as a hacker than as the developer of the hacking tool Blackhole. Blackhole is a kind of web application for spreading malware and spyware that hackers can rent for a subscription fee of 1500 US dollars per year - and with updates about new vulnerabilities in Java, Flash or until they are arrested Internet Explorer has been updated. The programmer from Togliatti, arrested by the Russian authorities in October 2012, is also said to be the author of the Cool Exploit Kit and of Crypt.AM.
  2. The ruler of the credit cards
    The Russian hacker, who was arrested in June 2012 in the Netherlands along with Vladimir Drinkman, allegedly stole vast amounts of credit card information over the years as a member of a group of five cybercriminals from August 2005 to July 2012. Together with Aleksandr Kalinin, Roman Kotov, Mikhail Rytikov and Vladimir Drinkman, Smilianets is supposed to be working with companies like Nasdaq, 7-Eleven Carrefour and J.C. Hacked Penny. A total of 160 million credit card and credit details were stolen and used for financial fraud. The damage to the companies is said to be around 300 million US dollars. The US process is ongoing.
  3. FBI's most wanted
    Evgniy Mikhailovich Bogachev, also known as lucky12345 and slavik, made it to first place on the FBI's “Cyber ​​Most Wanted” list in 2014. The American authorities see in him the man behind the botnet "Gameover Zeus". With the help of the malware of the same name, he is said to be responsible for a botnet of up to a million computers that was used to spy out bank passwords and distribute malware. The damage would amount to about one hundred million US dollars. According to the American authorities, Bogachev is in Russia.
  4. The phishing expert
    The Latvian Alexey Belan is said to have stolen the user data of several million customers of three US companies between January 2012 and April 2013. He is on the FBI's list of the most wanted hackers, but the name of the damaged company is just as unknown as the amount of damage. It is said to be three unnamed e-commerce companies from Nevada and California. Since the reward is $ 100,000, the damage should be substantial.

The scout and collector

Data everywhere - a paradise for this type of hacker. It searches for and finds data and information on every occasion - every communication process - and saves them. What sounds a lot like data retention does not necessarily have to be controlled by the state - large corporations such as Google, Facebook, Apple and Microsoft are also interested in the surfing and communication behavior of their users. This is where real money can be earned - for example, by making predictions about consumer behavior and then reselling it to interested advertisers along with the personal data. Even if direct damage rarely occurs, permanent surveillance is an encroachment on citizens' privacy.

Protection: You can only protect yourself from spies if you handle your own data critically and carefully - which is best completely encrypted. Important: Address, bank details and date of birth should only be disclosed if there is no other way and you can trust the person making the inquiry.

  1. 1st place: administrator
    The simple "administrator" gets into many systems ...
  2. 3rd place: user1
    And if the administrator doesn't help, the simple user remains ...
  3. 4th place: admin
    ... and the short form of the administrator.
  4. 5th place: alex
    Alexander the Great might have enjoyed it - just like with the hacker passwords, "alex" is also at the forefront of the username.
  5. 6th place: pos
    Because many of the attacks relate to point-of-sale systems (PoS), you can give it a try ...
  6. 7th place: demo
    Maybe there is something like a sample access for demonstration purposes ...
  7. 8th place: db2admin
    The DB2 Administration Server from IBM can be administered with this command. So it's no wonder that this username appears in all hacker databases.
  8. 9th place: Admin
    As usual.
  9. 10th place: sql
    SQL is a database language, among other things, for processing data stocks. Many web servers work with it - so it's understandable why this is also a popular username.

The smartphone hacker

More than 45 million people in Germany use their smartphones. In view of this huge market, it is not surprising that criminals have specialized in this area - it is astonishing how few smartphone users are still not aware of the security of their smartphone, which faces the same dangers as a classic desktop PC.

Smartphone hackers initially target user data - in the end, of course, it's all about the money again. In order to get direct access to a mobile device, viruses and Trojans are smuggled in - often via manipulated apps, phishing or fake e-mails - which then open a backdoor that the legitimate owner of the smartphone is not aware of. Weak points. But also watch out for social engineering attacks - not that you get a supposed WhatsApp message from your best friend in Australia who urgently needs money. You would probably never see that again.

Protection: Anyone who is aware that a smartphone is nothing more than a compromised computer and installs appropriate security tools such as virus scanners or app monitoring and only uses apps from trustworthy sources makes it more difficult for hackers. And apps also have gaps! You should therefore always patch as quickly as possible. Be careful in public WLANs - risk of honeypots! Protect your smartphone with a strong password and change it regularly.

  1. 1st place: x
    A simple x seems to be enough in many places to get into it.
  2. 2nd place: Zz
    Anyone who is familiar with the Unix shell knows that the vi text editor requires you to enter two capital zs to save files. It is not known whether this is the origin of this popular password - but the similarity is astounding.
  3. 3rd place: Start123
    A typical standard password from device manufacturers. If you don't change it, it's your own fault.
  4. 4th place: 1
    Almost even easier than the x, the 1 in the list is only 4.
  5. 5th place: P @ ssw0rd
    Replacing letters with numbers or special characters is not a real innovation either ...
  6. 6th place: bl4ck4ndwhite
    Michael Jackson once sang "It don't matter if you're black or white" - it doesn't matter here either, but the combined theory of colors certainly creates a hacking mood.
  7. 7th place: admin
    The classic should of course not be missing.
  8. 8th place: alex
    It is extremely unlikely that Tote Hosen singer Campino has had a hand in this. For many hacking routines, however, the following applies: Here comes Alex ...
  9. 9th place: .......
    You have to go over seven points ...
  10. 10th place: administrator
    ... and you end up with the IT expert par excellence, the admin.

The parasite

They literally sail "under a false flag" - the parasites who like to hack several thousand or millions of e-mails in order to access personal data under which they will soon appear themselves. With stolen identities, you can do good business at someone else's expense - shopping on Amazon and Ebay, watching films on Netflix. And just before the end of the day, start a global spam campaign with the strange e-mail address.

Parasite hackers are tech-savvy and operate completely in the background - the potential victims only notice what has happened when it's too late. Some never even notice.

Protection: Therefore, always instill a healthy basic distrust of unknown e-mail senders and change your (hopefully strong) e-mail passwords regularly.

  1. Hacker on the server
    The Process Explorer shows processes on computers and allows a comprehensive analysis.
  2. Hacker on the server
    You can remove bot malware with free tools like Norton Power Eraser.
  3. Hacker on the server
    There are also special programs for removing rootkits.
  4. Hacker on the server
    Check whether the security settings of your receive connectors have been manipulated.
  5. Hacker on the server
    SmartSniff offers easy recording of the current network traffic on a computer.
  6. Hacker on the server
    With the free Microsoft Network Monitor you can follow the data traffic in networks. It doesn't always have to be Microsoft networks.
  7. Hacker on the server
    With TCPView you can display network connections of servers.
  8. Hacker on the server
    CurrPorts also clearly shows you the open ports on your servers.
  9. Hacker on the server
    With netstat you can also show network connections of computers.
  10. Hacker on the server
    The advanced security monitoring in Windows Server 2012 R2 provides an important overview of the security of user accounts.