Unfortunately, tools for online criminals to crack passwords are up for grabs – a visit to the dark web is enough to get a good impression. What easily obtained programs are regularly used by cybercriminals? In this column, we put these – and other – questions to expert Patrick Jordens. He is the director of Trusted Third Party (TT3P), a Dutch company specializing in cybersecurity. TT3P helps companies better protect themselves from hackers.
Patrick Jordens
Patrick Jordens (b. 1969) is an entrepreneur with a heart for digital security. He is the director of Trusted Third Party and founder of DMCC Group, which helps organizations comply with all external laws, regulations, and internal policies in the privacy and consumer law field. He is also a guest lecturer in marketing, data privacy, and ethics at the Hogeschool van Rotterdam.
How exactly do cybercriminals obtain “cracking tools”?
“You can’t just google them; criminals must access the dark web. And to get to the dark web, again, you need a special browser: the TOR browser. I’m not going to tell you here how to get one, because I think that would be like leaving a kid in a candy store. But you can assume that it’s not all that difficult. You surf there completely anonymously and encounter the most terrible things. So I would advise against going there.”
What kind of tools should we think of?
“Programs for brute-force attacks, for example. That’s how criminals gain access to a system. There are several tools available that can try all possible password combinations without too much effort on the user’s end. They often start with simple passwords, such as QWERTY, or Welcome2024. And from there they search for more combinations.
To put it in perspective, we log into a system once. If an error occurs, maybe twice in a minute. In a brute-force attack, hundreds of login attempts are made per minute.”
Do you have any other examples of tools?
“Cybercriminals also sometimes search the dark web for ransomware as a service. These are encryption software offered by parties to less technically savvy people. Hackers can use that software for a certain price. Tools like that encrypt data so the hacker can demand a ransom, for example. Ransom as a software is responsible for extensive attacks on companies worldwide.”
Last time, we talked about malware. Is that also making the rounds on the dark web?
“Very much so. These programs give attackers complete control over infected systems. They are also called Trojan horses. The problem is that you often don’t even realize that such a program is running in the background. Meanwhile, the malware can activate your webcam, share files, and pick up keystrokes. How scary is that?”
So what can one do about this?
“To better protect yourself from brute-force attacks, it’s best to use complex passwords. Avoid welcome123 and QWERTY. Instead, choose a passphrase.
And, of course, don’t click on random links to protect yourself from malware. Because then you can be sure that no crazy stuff will be installed on your computer, allowing a hacker to look in without you realizing it.”
How can you find out if your computer is infected?
“You can check for unusual activity in Task Manager or run full scans with antivirus and anti-malware tools. You can also monitor your network traffic with tools such as netstat and Wireshark to detect if your PC is infected with malware. The point, however, is that you need to be a bit more technically savvy than average to do this. Watch for symptoms such as slow performance, unexpected pop-ups, and suspicious network connections. In doubt? Consider restoring the system or seeking professional help.”