Hacking Identity Theft: Entry points, tools and prevention



Identity theft has been around as long as there has been identity.  Long before the age of computers, people specialized in the art of forgery, to pose as others and to use their assets to their advantage.

Identity Theft: Ways and means

Before computers and before what has become the ubiquitous connectivity of modern day life, information was much scarcer.  Identify thieves had to work a lot harder to uncover their victim’s details; however, once they found what they wanted it was often much easier than it is today to get away with the crime.

The emergence of large scale credit bureaus in 1970s marked a new era in identity theft.  These bureaus specialized in the collection of individuals’ financial information, and they quickly became targets for maleficent con-men looking for an easy score.  Primitive identify theft consisted of cold-calling such credit bureaus and conning customer service reps into giving away the essentials, like a person’s DOB and SSN.  Identity thieves could then use these credentials to log onto government databases and access financial activity records.

Before the Internet became what it is today, these records were about all identity thieves had to work with.  Such records were usually just a simple list of where a person held financial accounts, and nothing more.  Identity thieves had to use these records as leads, and contact the places where their victim banked directly, over the phone.  They’d then have to swindle their way past yet another customer service rep, and hope to get an account number – the prized payoff and score.

Today, all of this has changed.  Smooth talking con-men who could charm their way past yesterday’s customer service reps have been replaced by the modern day hacker, who instead manipulates the encrypted data of 1s and 0s.

Identity Theft: Today

Today, everything from your checking account to that party you went to last Friday night is located somewhere on the web.  It’s no longer just one governmentally controlled database accessible only to those who know your SSN.  If you spend any significant amount of time online, just about anyone who knows how to use Google can probably find out where you live and what you do for a living in a matter of minutes.  And for a motivated hacker, this is more than enough of a lead.

Modern day identity theft works on the premise that “the thing” one wants to steal is located on the target’s personal computer.  This “thing” is usually a collection of passwords and records that will allow further access to personal financial accounts.

Technical details aside, what modern day identity theft boils down to is placing a malicious program onto a victim’s computer that will allow the hacker free reign to all of their files.  For even moderately competent hackers, creation of such a program is quite simple.

Identity Theft: Tools

There are a number of programs a hacker can use to get what they want from your computer, and while identity theft protection is far from dependent on a technical understanding of these tools, it can useful to be acquainted with them.

Log keystrokes

A log keystrokes program is exactly what it sounds like – a program that records what you’re typing and shows it to the hacker.  Log keystrokes programs are usually used to discover passwords to financial accounts, but they can also be leveraged to monitor a target’s online communications.

Brute Force password hacking

Many hackers have the formulation of passwords down to a science and can simply figure out your password through a series of educated guesses or through the use of an algorithm.  The unfortunate reality of password security is that it usually isn’t that secure.  Most people reuse their passwords, and most of these passwords are relatively easy to guess.

Let’s say for example that you were born in 1960 and that you have a pet dog named Sarge, so you decide to make your password Sarge1960.  Let’s say that you also have a Facebook account that lists your birthday and features tagged photos of you and Sarge.  Any hacker with a pulse and the inclination is going to figure you out.

Backdoor access

If a hacker wants to get into your computer to steal passwords or files or to remotely monitor your activity, they can install a “backdoor” entryway.  Backdoor programs exploit weaknesses in your network security and allow the hacker to come and go as they please, without your knowledge or permission.

Many backdoor entryways are created when unsuspecting computer users download “Trojan Horses,” which are programs designed to look like useful software that actually establish backdoor entries behind the scenes.  Trojans are just one of multiple ways a hacker can get into your system, though.  As we will see, there are actually numerous routes of access, many of which are easy to overlook, and all of which would make the con-men of yesterday proud.

Identity Theft: Infiltration

Today’s identity thieves are armed with many forms of software and computerized tools, but these tools are absolutely useless unless they are installed on your computer.  Accordingly, determined hackers have been known to go to great lengths to get their malware on their victims’ computers.

Physical implantation

Though not the most creative method, physical implantation is tried and true and extremely effective.  If a hacker really wants to establish a backdoor entry or a log keystrokes program on your computer, they can simply break into your home and install the file while you are away.

Attacking your wireless network

Hackers can camp outside your home and attempt to identify your wireless network.  If you have a Wireless Protected Setup (WPS), breaking in is surprisingly easy.  Once inside your network, hackers can pretty much do whatever they want.  This includes stealing your sensitive information right then and there, establishing a backdoor entryway, or simply implanting any other type of virus they’d like.

Fooling you onto their network

Hackers often fool their targets into logging onto wireless networks in public places.  For example, a hacker could wait for their target at a coffee shop, set up a network called “Coffee Shop’s Free Wi-Fi,” and thereby dupe the target into logging on.  Once the connection is made, the hacker may be able to monitor what you are doing online, view your computer’s files, or implant a virus.

Malicious Email

In I challenged hackers to investigate me and what they found out is chilling, gonzo journalist Adam Penenberg challenges 3 white hat hackers to steal his digital life.   The hackers ultimately succeeded, and they did so through means of malicious email.

By now, even the most inexperienced of computer users knows full well not to open phishy sounding email from a mysterious stranger with an offer that’s just too good to be true – but hackers know this, and have creative ways of working around it.

In Penenberg’s case, the hackers leveraged the fact that the journalist’s wife ran her own Pilates studio.  They then posed as a young woman applying for a job as an instructor.  They went as far as finding a real woman online and using linkage to her social media profiles to craft a convincing ruse.  In their “email application,” they included a “video resume” attachment.  Penenberg’s wife ended up opening this attachment on her laptop, and from there the hackers had a field day.

Malicious Websites

Hackers can also get what they want from you by creating malicious websites.  Links to such websites can be supplied to their targets in any number of ways.  For example, a hacker could pose as person with interests similar to your own, and post a friendly invitation to visit their “blog” on your social media profile.  The “blog” would actually be a phishing site or a means of getting you to download malware.

A malicious website could also use the Trojan horse technique, and pose as a site that’s offering free software.  The software could be advertised as anything useful, such as a PC tuner or even an antivirus system.  While running, the software would indeed appear to be what it had been advertised as, however, in reality, this appearance would actually be masking some sort of virus, such as a key logger or backdoor.

Malicious Hardware

Believe it or not, one of the most creative and seemingly innocuous approaches to identity theft infiltration is through malicious hardware, such as an infected flash drive.  This method is mostly used when identity thieves have a specific target in mind.  If a hacker has done their research and found out where you live or work, they can simply load their malware onto a flash drive and drop it somewhere where you are likely to find it, in the hope that curiosity will kill the cat and you’ll plug the drive into your computer.  If that doesn’t work, they could simply go to where you work, and wait for the right opportunity to “borrow your printer” on the pretense that they need to “print out a resume” for a job interview.

Depending on the type of job you have, this may or may not work, but a determined identity thief seeking a means of infiltration is limited only by the nefariousness of their imagination.

Identity theft: Prevention

While the means of identity theft have most certainly changed, the essence of approach is fundamentally the same and probably will be forever.  Silver-tongued con men and maleficent hackers both rely on establishing a pretense and fooling their targets into giving away their personal information.

The truth is that if a hacker wants into your life bad enough, they will probably find a way in.  Hackers are highly intelligent, and sometimes a bit crazy.  Fortunately, however, most individuals don’t have enemies of this nature.  More often, hackers target corporations over individuals, because the larger size allows for more modes of entry and a greater degree of anonymity.

No one is completely immune to identity theft, though, and in addition to well-designed antivirus software there are many common sense measures that all basic computer users should put into place.

Familiarity with the tools and means of modern day identity theft outlined above is a great start, but even those who know nothing about the world of hacking can protect themselves from identity theft with a healthy dose of skepticism.  If you’ve been around for a while, you can probably spot a con-man or a scam when you see one, and in the world of computers the warning signs and acts of pretense are in many ways the same.

As in day-to-day life, anything you’re unfamiliar with should be put under the strictest review before you open it with your computer.  Unfamiliar file extensions and phishy emails from strangers are best ignored.  Remember that Public Wi-Fi usage is Public.  And whatever you do, don’t create an excel sheet of all your passwords ever.  That’s just asking for identity theft, from just about anyone who can open a file and read.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a Great (Malware-Free) Day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next