Without cyber alarm: The world of hackers - finally understandable

contents

1. What is a hack?

"Hacking means testing the limits of what's possible, in the spirit of playful cleverness." With this description, the well-known American programmer Richard Stallman tries to describe the work of a hacker, which is a difficult task in his view, because hacks are extremely diverse.

While hackers only spend a few seconds in some movies playing around with the computer to penetrate a computer system, the reality is different: there is often a day or week of detailed work behind a successful hack. And a computer system is just one of many goals hackers are dedicated to today. For example, supposedly smart refrigerators can also be remotely controlled and manipulate Internet-capable vibrators.

The Brockhaus Encyclopaedia states that the word "hacking" originated in the 1970s in the United States and referred to "intensive and enthusiastic (and obsessive) computer work" . If you follow a broad definition, you do not even need a computer for a hack.

Hacking can also mean using a device or object differently than originally intended - for example, from the manufacturer. So it's a hack to cook the salmon fillet in the dishwasher, of course well wrapped in foil - or even to fix a zipper with a paperclip. On YouTube, such little everyday tricks make the rounds as "life hacks" . Even television series hero MacGyver can therefore be described as a hacker.

The broad definition fits the idea that even democratic elections can be hacked (see question 10). This does not necessarily require an intervention by software: it is enough to scatter false information or to launch deliberately explosive publications or leaks.

Sometimes a hack is just an original or bold idea to exploit an existing rule system. An example of this are two, at first glance, strange "party" money sales campaigns, which gave the satirical party a bigger grant from the state, but at the same time drew attention to weaknesses in the party financing system.

2. Who is a hacker?

In the "Jargon File", a time-honored compendium of the hacker scene, it says, "It's better to be described by others than hackers than to call themselves that." This quote shows: The word "hacker" is in the scene In contrast to the majority of the public, they often only hear about hackers when the media asks for new online scams or leaks of user data that criminals use for credit card fraud, for example. Intelligence NSAs have not helped put hacking in a good light.

The author Steven Levy, whose "Hackers: Heroes of the Computer Revolution" is considered the most important book on the early scene, goes so far as to speak of a "perverting the original meaning of the word" because of this discrepancy in perception: the word Hackers were in the early years - when it was due to the lack of networking even fewer attack scenarios - had been a compliment. "It was not until the movie 'WarGames' [1983] came out that the impression prevailed that a hacker is someone who steals data," says Levy.

Incidentally, the Federal Office for Information Security (BSI), Germany's most important Internet authority, also defines hackers positively: as technology enthusiasts who "break down" the products and software developed by other people to understand how they work. "

This fits in with the view of the Chaos Computer Club (CCC), a German-based and globally renowned association of hackers. The CCC writes: "You become a hacker if you have internalized the hacker ethics in addition to the required knowledge of information technology systems." Find out what the hacker ethic is about in the next answer.

3. Are there rules for hackers?

Above all, criminal hackers have one rule: they do not get caught. Things are different with IT security researchers. They hack to uncover gaps or try new things.

Hackers author Steven Levy was one of the first to formulate principles for hackers. With his so-called hacker ethics he drew a common mindset , which prevailed among the American hackers of the fifties and early eighties. Levy summed up the principles in six rules, many hackers refer to it today:

• Access to computers and everything that can show you how this world works should be unlimited and complete.
• All information must be free.
• Mistrust authorities - promote decentralization.
• Assess a hacker for what he does and not for criteria such as appearance, age, race, species, gender or social status.
• You can create art and beauty with a computer.
• Computers can change your life for the better.

The Chaos Computer Club has added two more rules to Levy's ethics, which was part of his book in 1984: "Do not waste people's data" is a vaguely vague claim for respect for the data a hacker encounters Has access. The last rule is "Use public data, protect private data" and has become a guiding principle of the CCC.

The club does not explicitly exclude further updates. It is said that hacker ethics can evolve just like the rest of the world. "Of course, everyone should be able to think along, who in principle can make friends with this hacker ethic," writes the CCC.

So although there are rules, there is no system to sanction violations within the scene. The hacker ethic is not a legal system and rather idealistic than practical.

4. Who were the first hackers?

The origins of the hacker culture are many in the America of the fifties. The birthplace is the Tech Model Railroad Club (TMRC) of the Massachusetts Institute of Technology (MIT). The computer expert and MIT student Peter R. Samson , about the author as Steven Levy among the first hackers, coined with his TMRC dictionary in 1959 important terms of the scene.

Levy roughly categorizes the beginnings of hacker culture into three eras: between the fifties and the seventies, the "real hackers" re-opened the field of software development. Students of the MIT Artificial Intelligence Lab (MIT AI Lab) and the Stanford AI Lab were working with the new mainframes back then, and hackers like Bill Gosper and Richard Greenblatt are from this era. Marvin Minsky, a pioneer of Artificial Intelligence research, was both in charge of MIT.

According to Levy, the "hardware hackers" followed the "real hackers". They helped to make computers cheaper, smaller and thus more suitable for everyday use. This group includes Apple co-founder Steve Wozniak . He was involved - like Steve Jobs - in a founded in 1975 California hobbyist called Homebrew Computer Club. One of the first members of this club was Lee Felsenstein . He brought in 1981 with the Osborne 1 the first commercially available portable computer on the market.

Also Microsoft founder Bill Gates made itself in these years a name. His attitude to demand money for the use of his software Altair BASIC made for a groundbreaking fight in the scene. It has long followed the principle of "all information must be free".

According to author Levy, the "hardware hackers" were followed by the "game hackers" . Hackers of this era, such as John D. Harris, modified game systems and games, freed them from copy protection, or made them work on other platforms.

Der Spiegel described in 1983 the almost exclusively male-dominated early hacker scene as follows: "They operate their hobby in the catacomb-like escapes of university data centers or hide, if the monthly check is sufficient for one of the magic boxes, with a home computer in the dorm They keep away from discos, clubs and other social hangouts on campus. "

5. Is hacking legal?

In Germany, hackers have narrow legal limits . Anyone who sneaks into secure corporate networks or private computers commits a crime, emphasizes IT lawyer Thomas Feil, for example. The attacker does not even have to read or modify files in order to risk a fine or imprisonment of up to three years. Encrypting data with ransomware can even result in up to ten years imprisonment in Germany.

But if a hacker acts on behalf of a company and tests its security measures, he remains impunity. Lawyer Feil advises hackers to have such orders confirmed in writing. Because: "We have a hard time judging what is good and what is criminal hacking ."

As soon as a hacker attack on a company is discovered, experts search for digital traces of the attackers. Corporations hire either private IT forensic experts or work with police experts. "Often the companies do not show the attacks, because they are embarrassed when it gets to the public," says lawyer Feil.

In such secrecy companies threaten in the future under certain circumstances, according to the EU data protection regulation a fine. Among other things, the paper states that hacker attacks on personal data must be reported.

In addition, hackers do not justify themselves if they invade a corporate network. According to § 202c of the Criminal Code - also known as Hackerparagraf - it is sometimes sufficient to get digital hacker tools or to own them. "In criminal law, this is more or less the same as having a pressure plate for counterfeit money," says lawyer Feil. "The paragraph is controversial and is rarely used."

The Chaos Computer Club strongly criticizes the paragraph: There are "no objective criteria that could be used to establish that a program is solely for legal or illegal purposes," they say. The law creates more insecurity rather than more security: testing by security researchers would be hindered or prevented.

6. Hackers in court: Famous cases

Even though hackers are good at blurring their tracks (see question 17), there are always sensational trials with them at the dock.

In the case of the so-called telecom hacker, for example, the punishment followed relatively quickly: in November 2016, a British 29-year-old had attacked numerous Internet routers. At around 1.25 million German Telekom customers were subsequently disturbed Internet, telephone and television. In the summer of 2017, a Cologne court sentenced the man to a year and eight months on probation, in the UK, he is also threatened with a penalty.

There has also been a worldwide stir with various judgments against US hackers: Kevin Mitnick , who portrays himself as the "most famous hacker in the world", for example, fooled corporations and US authorities over the phone for years. He had to go to jail twice.

Also convicted in the US in 2014 was Hector Xavier Monsegur, better known under the pseudonym Sabu . Monsegur was active in the hacktivists of Anonymous and LulzSec (see question 8), who are said to have stolen customer data on a large scale around 2011 at Sony. After his arrest, Sabu had become an FBI informant and gave the investigators clues to over 300 online attacks. He was sentenced to seven months' imprisonment.

Quite different is the case of the indictment against the young and idealistic US hacker Aaron Swartz in the US, who was one of the most famous faces behind the Reddit website. Swartz fought for an open internet and freedom of information and tapped, among other things, a not freely accessible database for academic articles.

In 2011, the prosecution accused him of allegations of fraud and data theft. From April 2013, Swartz should answer for it in court, threatened him up to 35 years in prison. But it did not come to a process anymore. In January 2013, Swartz committed suicide at age 26.

There followed a wave of worldwide sympathy. At the time, Tim Berners-Lee, the inventor of the World Wide Web, tweeted, "Righteous hackers, we're one less, all parents, we've lost a child, let's cry."

7. What are White Hats, Black Hats and Gray Hats?

Hackers are not the same as hackers - the most meaningful categorization therefore distinguishes hackers from the goals they pursue: Is it about an IT security researcher who wants to uncover gaps and thus improve data security? Or a criminal who hacks systems to extort his victims?

Who - in simple terms - pursues honorable goals, adheres to the hacker ethics (see question 3) and does not want to harm anyone with his work, is often referred to as White Hat . If White Hats find a vulnerability, they use it responsibly, notify the affected manufacturer first and give them time to fix the gap. In some cases, White Hats work on behalf of companies and help them to find gaps.

In contrast, Black Hats are criminal hackers. They invade corporate networks without permission, intercept passwords or exploit security vulnerabilities for their own purposes and to the detriment of others - mostly to earn money. A Trojan that is supposed to capture account information and credit card information comes from a black hat, not someone who sees itself as a white hat.

Gray hats, on the other hand, are - as the name suggests - in a gray area. For their purposes, Gray Hats also rely on illegal methods and sometimes take no account of the interests of companies and users. Unlike Black Hats and classic criminals, however, they are often not concerned with money, but with fame and reputation in the hacker scene.

8. What is behind Anonymous and LulzSec?

In addition to White Hats, Black Hats and Gray Hats, there is a fourth hacker category in many definitions: the so-called hacktivists . "They are often politically motivated or, for example, want to use their actions to serve the public good or to demand and promote freedom of expression," writes the BSI and mentions Anonymous, the world's most well-known hacktivist group.

Anonymous is a loose collective. This openness makes it easy to declare yourself part of the collective - and difficult to uniquely identify actions. Anonymous once arose through the anarcho-webforum 4Chan. Anonymous activists, for example, campaign for freedom of expression and against Internet censorship, as well as they are always against Scientology - also publicly, in the street. In protests, Anonymous sympathizers like to wear Guy Fawkes masks, the hallmark of the movement.

In addition to Anonymous, groups such as LulzSec fall into the category of hacktivists. Behind the name was a coalition of young hackers who caused a sensation especially around the year 2011. LulzSec saw the net as a playground for their own actions and acted largely unmolested by the hacker ethics (see question 3).

9. What happens when hackers discover a security hole?

If hackers have hacked something, there are various possibilities for them. You can

A certain moral principle of committed white-hat hackers (see question 7) would choose the last variant - and thus opt for responsible disclosure, the so-called Responsible Disclosure .

If the manufacturer is aware of the gap and has closed it, the knowledge of the danger now banned can subsequently be made public. Through this procedure, the hacker but waived part of the attention. After all, it is more interesting for the media and users around the world to be informed or informed about the dangers that are actually threatening.

Other hackers, the Gray Hats (see question 7), sometimes also publish vulnerabilities without notifying them in advance. So the affected company has no chance to close it in advance. The result is often a bigger public echo. In addition, the pressure on the company to close the vulnerability as quickly as possible. Such a procedure is also called Full Disclosure .

In order to motivate hackers to first contact them with any gaps in their services, corporations such as Facebook and Google IT experts lure with so-called bug bounty programs . The Deal: A company pays the discoverer of a vulnerability a reward, but it provides the company with the knowledge of his find.

With paperwork and legal pitfalls, hackers who are capable of discovering new loopholes, but should not come, advises BSI companies. "In particular, it is recommended for the manufacturer side to make a clear statement that discoverers of a vulnerability have no legal steps to fear, provided that they comply with the regulations and specifications of the manufacturer."

10. Spectacular hacks of the recent past

Headlines in recent years have been the global wave of attacks with the blackmail Trojan WannaCry . For example, in 2017 the Trojan paralyzed computers in British hospitals, including Deutsche Bahn.

The Yahoo group made a hack with a huge number of affected people public in October 2017: A data leak with Yahoo has resulted in the fact that in the year 2013 personal data of a total of about three billion user accounts fell into the hands of third parties. After all, up to 500 million customer data were at risk in 2018 as a result of an unknown attack on a reservation system used by the Marriott hotel chain .

Great interest also aroused hacker attack on Ashley Madison . In 2015, millions of records of users who logged in on the page jump portal landed on the net. In 2018, the German chat platform Knuddels had to admit that it had lost the data of hundreds of thousands of members.

An even bigger uproar was a hacker attack on Facebook , in which strangers in the summer of 2018 had captured data on 30 million profiles. The case gained momentum at the time, because Facebook had previously been accused in the wake of the scandal surrounding Cambridge Analytica, too little to do to protect the data of its users.

Eating a lot, especially for the tabloid press, was a Sony hack a few years earlier. In 2014 numerous internal emails of the entertainment company had been leaked - it was suspected that it might have been a revenge action by or on behalf of North Korea.

Another spectacular attack was made by hackers who remotely controlled a Jeep Cherokee in 2015. The US inventors left it in the middle of the highway during a braking and did not aim to do any damage. Drivers of networked cars should have the idea that their vehicle could suddenly follow strange orders, but have unsettled.

Even politicians are not spared hacker attacks: attackers - presumably on behalf of Russia - attacked the Bundestag in 2015, with around 16 gigabytes of data flowing away at that time.

In the run-up to the US presidential election in 2016, the US Democrats also had to face phishing attacks, presumably driven from Russia. As a result, landed - including through the unveiling organization WikiLeaks - numerous internal e-mails from the election campaign on the Internet - and possibly influenced the election decision of the Americans in favor of Donald Trump.

The so-called BTX hack is an example of a very early hack. In 1984 he made the Chaos Computer Club known. The hackers Steffen Wernéry and Wau Holland uncovered a kind of digital bank robbery vulnerabilities of the screen text system of the post. From a distance they facilitated the Hamburger Sparkasse by 135,000 marks.

11. How do hackers get hold of foreign data?

A good hacker not only understands computer systems, he can also seduce people into giving him information. One of the oldest tricks in Internet fraud is therefore one that requires little technical knowledge: social engineering .

The attacker treats his victim to lies and asks for help - or he offers lucrative business opportunities. Such stories should encourage users to reveal log-in data, click on infected email attachments, or transfer money. A well-known form of social engineering is the Enkeltrick.

Even so-called phishing attacks are classic manipulation tricks with which criminal hackers try to access the access data of users, for instance for online banking. The attackers are happy to pretend to be employees of banks or online providers such as Paypal, Ebay and Amazon. They fake emails, websites and text messages, and insist that the victims enter their usernames and passwords in fake forms that are similar to the original.

In a man-in-the-middle attack , an attacker jams between two devices that communicate with each other. For example, if a user is running online banking with their laptop through a wireless router, the attacker may try to manipulate the data they send on the move.

Another way to get passwords is the brute-force method , the crowbar among the hacker tools. Instead of spying on the access data of the users, the attackers try out all sorts of passwords on login pages - automated. This works especially if users have opted for simple passwords and if log-in page allows any number of entries.

One way to distribute malware is drive-by downloads. This is generally called the unconscious and unintended downloading of software. A website or an ad can sometimes be manipulated from the outside so that the mere retrieval with a certain browser causes the victim to get malicious software (see question 13) onto the computer, as it were (drive-by).

12. What are DDoS attacks?

Web sites, services and servers with so-called distributed denial-of-service attacks , short DDoS attacks , can be temporarily rendered unusable with congestion attacks. By a mass call of an Internet offer or a whole server the goal is to be overloaded and so paralyzed.

Criminals try to use this method, among other things, to collect protection money from large companies that would suffer financially from a prolonged loss of their network presence and their reputation could be at stake.

For a congestion attack to succeed, enough attackers are needed - that's why hackers like to use a botnet in a DDoS attack. This digital zombie army consists of hijacked devices connected to the Internet. Their owners usually do not get along that their device is part of a remote-controlled computer army and unnoticed helps with attacks on external servers or pages.

Incidentally, it does not take hacking skills to initiate a DDoS attack. Corresponding tools or botnets for an overload attack can also be rented.

13. From ransomware to snooping software: what malicious programs are there?

Malware or malware refers to all computer programs that perform malicious or unwanted functions on a system. For different purposes, there are different programs - such as spying on computers, remote control or encryption.

Classic anti-virus software should recognize such programs and keep them away from the computer. However, as the BSI warns in its management report on computer security, typical anti-virus software provides only basic protection, "because new malware variants are generated faster than they can be analyzed." According to the BSI report, several hundred thousand new malware variants are detected daily.

The old distinction between viruses (which, for example, infect individual files), worms (which propagate themselves) and Trojans (which pretend a function, but then do something completely different) hardly plays any role. According to the BSI, terms are often used interchangeably.

It makes more sense to focus on the purpose for which different types of malware are used. For example, spyware or "snooping software" is used to spy on user behavior on the computer. This can be software like a keylogger recording keystrokes - or programs that allow a microphone or camera to turn on unnoticed.

A botnet client, on the other hand, serves to gain power over a device in order to make it part of a botnet, that is, part of a remote-controlled computer army (see question 12). Malware can turn malicious software into classic computers, as well as routers or networked televisions and home appliances. If an attacker has infiltrated a Trojan, he can force the devices remotely to repeatedly head for a particular server or website or send spammails in bulk.

Ransomware or ransomware Trojans such as Locky or WannaCry are also becoming more and more popular. Such ransomware encrypts the files on the affected machine and demands ransom for a key that can be used to recover the documents. Often, however, the payment, often in the digital currency Bitcoin (see question 20), does not lead to the attackers releasing the data again.

14. What are zero-day exploits and why are they explosive?

Zero-day vulnerabilities are security holes that are not yet known to the manufacturer - and thus could not be resolved.

Programs designed to exploit zero-day gaps are called zero-day exploits . These exploits can be very valuable in the IT world: Manufacturers naturally want to know about vulnerabilities in their systems first, so many rewards have been solicited for clues. However, on the black market, zero-day exploits can often bring much more money to hackers. In addition to providers of security systems, for example, governments or their secret services and security authorities have an interest in knowledge of zero-day vulnerabilities.

But it is controversial whether states may hoard secret software gaps for their own purposes: Many security researchers demand that governments should commit themselves to buy no such gaps and thus to fuel the market. Moreover, if they were aware of zero-day vulnerabilities, they should not keep that to themselves, researchers say. Instead, the authorities should inform the affected manufacturer, so that he can close the gaps - for the benefit of all users.

What happens when state actors lose control of a zero-day vulnerability, WannaCry showed in 2017. The blackmail Trojan spread over a zero-day exploit called Eternal Blue . It concerned Windows computers and was in the possession of the US secret service NSA. The knowledge of the NSA, however, fell into the wrong hands - unknown people with the pseudonym "Shadow Brokers" published the attack route and thus made possible the construction of the blackmail Trojan (see question 13).

The most well-known zero-day exploit is the Stuxnet case (see question 16). The complex computer worm has probably been specifically designed to attack Iranian nuclear facilities and exploited four different zero-day vulnerabilities .

15. Are we in "cyberwar"?

Cyberattack, Cyber ​​Strategy, Cyberwar: When it comes to Internet-related threats, politicians and the media like to use the cloudy prefix "Cyber". The word cyberwar even appears in the dictionary, which defines it as a "highly technical means of information technology-using form of modern warfare".

However, it is controversial whether and to what extent humanity really lives in times of cyberwar. That starts with the definition. Some people understand cyberwar as any attack by a state on computers or networks of another state to do damage. Russia's military, in turn, speaks of information warfare , in which cyber operations are only a subcategory, in addition to the targeted dissemination of false news or propaganda. In the Russian understanding, information war is also a term that can be used at any time, even outside of wartime.

It is also difficult to compare the multi-faceted activities of allegedly government-sponsored hacker campaigns such as the Russian APT28 group (also known as "Sofacy Group" and "Fancy Bear") or the NSA TAO section with classic warfare.

16. The case Stuxnet

The Stuxnet attack, which became popular in 2010, is considered by many experts to be the clearest case of any form of cyber war to date (see question 15). The computer worm attacked Iranian nuclear plants and had been spread over USB sticks. He damaged Iran's irreparable up to a thousand uranium centrifuges. Iran's plans were at least paralyzed by this sabotage.

Because it is extremely costly and expensive to develop a malicious program like Stuxnet, security experts like Bruce Schneier suspected shortly after the discovery of the worm that only a state player with considerable resources could be behind it. As possible authors of the software were fast the USA and Israel. A report by the "New York Times" confirmed this suspicion in the summer of 2012.

Will there be more frequent attacks like Stuxnet in the future - and maybe Germany will be involved too? That's hard to estimate. In any case, the German Armed Forces wants to get more involved in the online world. As early as 2015, a hacker unit is said to have hacked into the Afghan mobile network - an offensive mission. In 2017, it was said in Bundeswehr advertising for recruitment that Germany's freedom "in the cyberspace defended" will. But if war can now also prevail in the net, it also needs new legal foundations for the German online army, remarks critics.

17. Why is it so hard to track down hackers?

With many big hacker attacks the authors remain in the dark. This is in the nature of a hack: In flagranti nobody gets caught, there are only clues . At best, some common suspects come into focus. At the state level, these are often North Korea, Russia, China or the USA.

In the IT world, trying to trace an attack is called attribution . It is a highly speculative process, emphasizes Costin Raiu, head of the global research and analysis unit at Russian antivirus software maker Kaspersky. Certainly you can never be: "We never meet the statement: this or that country is responsible."

To analyze new hacking tools, companies like Kaspersky have built huge databases of millions of malware snippets that the company receives from corporate clients as well as individuals. Such collections make it possible to match new malicious code with old examples and thus to recognize code recycling.

However, hackers can take advantage of this fact and deliberately use code snippets that are associated with other hacker groups. Even intelligence agencies like the CIA seem to be using obfuscation programs wrong track , as a WikiLeaks publication suggests.

Here is a small selection of factors that malware analysts pay attention to:

However, the code is often "just a snapshot," stresses Trend Micro from Japan. The approach of the attackers, for example, which servers are used, is often far more meaningful. And even the selection of victims of an attack can sometimes draw conclusions about the attackers, it is said by the US company FireEye.

18. What is the Darknet?

If one hears as a layman of the Darknet, it is mostly about media reports to a criminal offense. The Darknet - despite its name - is by no means just a dark corner for criminals. In one point, however, fits the image of the "dark network": In fact, the darknet is difficult for laymen to see through and browse than the open World Wide Web (WWW).

In principle, there is not just one Darknet, but different ones. They work differently, but the goal is always the same: users, such as journalists and human rights activists , should be able to remain anonymous when they move around the darknet and use chat rooms or social networks. Likewise, the Darknet provides criminals with a platform to use their services to trade drugs, trade prohibited material, or look for hacks for illegal purposes.

Darknet data is typically transmitted encrypted, so darknet is harder to monitor than the WWW . The most well-known Darknet is accessible via the so-called Tor Browser , which some people also use to be harder to identify while surfing the WWW.

Tor uses a technique called Onion Routing . Requests are redirected on different routes via different servers, each of which does not know the actual destination. After passing through the stations, the communication returns to the network via an exit node. So communication is in different layers, like an onion. This is how the sender and recipient should remain anonymous. In the past, however, Tor users have been repeatedly exposed.

With the Tor Browser, you can access pages that you can not access with normal browsers. In Darknet, there are so-called hidden services . These are usually anonymously operated websites and servers that are not accessed via the IP address or a classic address such as www.google.de or www.spiegel.de. Hidden service addresses end in .onion and consist of long number and letter combinations. To find one's way around, there is a kind of Wikipedia for those interested in the overview.

19. What are Bitcoin?

Bitcoin is the world's best known and one of many cryptocurrencies . It is not controlled by the banks, because the digital money is exchanged directly and decentralized on many computers worldwide managed and created, that is: calculated . (How this works, read here). Behind Bitcoin and most of the alternatives is the so-called blockchain technology , the approach that all transactions are stored in a database decentralized.

As the digital money in the form of individual Bitcoins or Bitcoin parts migrates from one participant to another, third parties and thus investigators are very difficult to track. When making transfers, it is not the names of the exchange partners that are displayed, but only pseudonyms.

For Darknet dealers, but also for criminal hackers like the makers of ransomware , Bitcoin is attractive. At the same time, fraudsters sometimes try to program software in such a way that they dig for digital money in the background - without the users even knowing it - with elaborate computing processes.

The digging with own or third party computing power is a way to get digital money - but the technical requirements and the effort are much higher than a few years ago. The second way is online exchanges such as Bitcoin.de, where you can exchange his euro or dollar in Bitcoin. Like real money Bitcoins can be looted from third parties.

In recent years, Bitcoin has become increasingly a speculative currency: The price of crypto currency since 2009, when you could buy a bitcoin still for a few cents, has climbed to the equivalent of several thousand dollars per Bitcoin today. In case of a sudden price drop, a dealer hack or technical problems but you may lose money quickly.

20. How can you protect yourself from hackers?

The bad news is: In principle, every system can be hacked. The key question is: how fast and how easy? Because users can make it significantly more difficult for attackers to do damage.

Here are twelve basic rules for online life:

These tips show that even without special computer knowledge, it is possible to increase your own safety. Many attacks can be avoided with common sense. As a rule, more safety is also associated with less comfort for the user. But if you make it easy for yourself, it usually makes it easy for hackers, too.

Read the full version of this article on mirror.de.

Authors: Markus Böhm, Jörg Breithut, Angela Gruber, Judith Horchert

Collaboration : Patrick Beuth

Documentation: Peter Wetter

Final Editorial: Sebastian Hofer

Illustrations: Michael Walter

Production: Guido Grigat

Layout : Katja Braun, Hanz Sayami

Programming : Guido Grigat, Frank Kalinowski, Chris Kurt

Here are all the episodes published so far: 5G, Brexit, General Data Protection Regulation, Trump's Russia Affair, Oil, Fifa, Financial Crisis in Greece, Refugee Crisis, G20 in Hamburg, Hacking, Impeachment, "Islamic State", Carnival, Climate Change , War in Syria, Artificial Intelligence, North Korea Conflict, Panama Papers, Putin - Russia's Eternal President, Pension, Taxes, TTIP, Turkish Constitutional Reform, US Primary Elections, US Election, VW Waste Affair, Election 2017, Interest