THE BLOG
05/19/2014 02:01 pm ET | Updated Jul 19, 2014

What Are Some Computer Hacks That Hackers Know But Most People Don't?

This question originally appeared on Quora: What are some computer hacks that hackers know but most people don't?.
2014-05-19-kborders.jpeg
Answer by Kevin Borders, Former NSA Employee, Security Researcher

Social context is more important than technical sophistication.

The most effective hackers insinuate themselves into existing social contexts to exploit human trust and override common sense. A hacker might do the following:

  1. Find a list of your possible contacts through LinkedIn, Facebook, or your employer's/school's website.
  2. Spam everyone you know with common malware that has a low success rate.
  3. Once a few gullible people are hacked, search through their e-mail and social networking accounts to find existing threads that you have with them.
  4. Use a low-tech payload that would normally arouse suspicion (like a password-protected zip file), but associate it with an ongoing conversation. Example: "Excited to meet up for dinner next week. Check out the menu I found for the restaurant, the steak looks really good!"
Such a well-crafted attack could catch even the most tech-savvy target off guard, because the context makes you assume that it is coming from a real person you trust.

How can you protect yourself?

This type of attack is really difficult to prevent. Never opening e-mail attachments or clicking on links (even as part of ongoing conversations with known associates) is not practical, but here are some other things you can do to help:

  • Always keep your system up-to-date with the latest versions of your operating system, web browser, document readers, Flash, Java, etc.
  • Restrict your privacy settings on social networks so that the names of your friends are not public.
  • Treat context-aware e-mails from friends with the same level of caution as anonymous e-mails. Still beware of any fishy file extensions or types (.exe or .zip file).
  • If something looks suspicious or out of place, call the sender and ask if the message is legitimate.
For a more in-depth discussion of this topic, see: Social networks and context-aware spam More questions on Quora: