What do a 15-year-old hacker, Julian Assange, inattentive administrators, and the War Thunder forum have in common? They were all involved in data leaks from the Pentagon. This article will explore several of the most prominent examples of leaks linked to one of the world's most secure agencies, as well as discuss the experience of interaction between the U.S. Department of Defense and ethical hackers.

Jonathan James

According to the U.S. Department of Defense, the first hacking of the Pentagon occurred in 1999 by a 15-year-old named Jonathan James, known among hackers as C0mrade. Jonathan found a server with a backdoor that allowed anyone to connect. He connected to the server, installed a sniffer, and gained access to all the traffic. This server belonged to a unit of the Department of Defense. Within a month, the boy intercepted numerous credentials, which he used to access the Department of Defense computers and download a vast amount of emails from Pentagon employees' mailboxes. Jonathan did all this not for personal gain but out of simple curiosity. Naturally, the intrusion was noticed, investigated, and the juvenile perpetrator was found. Jonathan's case is unique because he became the first minor in the U.S. to go to jail specifically for hacking.

Gary McKinnon

Two years after Jonathan James's story, another young hacker managed to breach this fortress alone. In January 2001, Gary McKinnon, a systems administrator from London, first broke into the American military computer system. Instead of wondering "how to hack the Pentagon," he simply found a flaw in the security system. Gary created a Perl program that identified administrator-status computers without a password. To the U.S. military ministry's embarrassment, there were many such machines. For 13 whole months, Gary studied the contents of Pentagon and later NASA computers unpunished. He was searching for evidence of extraterrestrial life and, according to him, found it. A year after his first intrusion, Gary was exposed, but he managed to avoid responsibility because a wave of protest arose, and the UK authorities did not extradite him to the U.S.

Julian Assange

Discussing whether the Pentagon was hacked, one cannot overlook Julian Assange, the founder of WikiLeaks. Since 2006, the portal has been publishing classified materials from the Pentagon and other U.S. law enforcement agencies. It is not known for certain whether Assange hacked government servers himself or if he received documents from third parties. But as the creator and distributor of information, he faces numerous charges, with a total criminal sentence of 175 years of imprisonment.

Edward Snowden

To extract and publicize classified Pentagon documents, hacking is not always necessary. Sometimes the danger lies within the employees themselves, who disagree with the methods of the military ministry. The most striking example is Edward Snowden. In 2013, he was an employee of the military system and had access to classified documentation. He learned about the massive U.S. surveillance of citizens of various countries around the world. Deciding to disclose the data, Snowden downloaded nearly 2 million secret documents onto a flash drive and took it out of the NSA office hidden in a simple Rubik's Cube. Then came the publications in the world media, major disclosures, accusations of espionage, fleeing the country, and a safe haven in Russia. It should be noted that there was also no selfish motive in this case.

Case of Jack Teixeira

In 2023, a loud scandal erupted related to the leak of classified Pentagon documents. Their photos appeared on the Discord platform, the 4Chan forum, Twitter, and some Telegram channels. Initially, it was thought that the Russians had hacked the Pentagon, but it later turned out that the leak was again related to a person working in the system and having access to secret information. Later, the world was shocked by footage of the arrest of Jack Teixeira—an Air Force pilot in red shorts being led by heavily armed American special forces. The information published by Teixeira contained secret documents concerning the conflict in Ukraine and revealing U.S. surveillance of partner countries. Jack was accused of espionage and now faces many years in an American prison.

Curious Cases

There have been many curious cases in the history of the Pentagon and similar agencies that led to the disclosure of official information. For example, last year a story surfaced about a typo that caused letters from the U.S. Department of Defense to go to mail addresses in Mali for years. Confidential information about U.S. (and French) military technology often surfaced on the War Thunder game forums so frequently that moderators had to publicly explain why their forum became a treasure trove of secret drawings. The U.S. military department did not overlook careless administrators either. Data can be found on at least one case when an unprotected Pentagon server with sensitive information was "shining" online for a long time. There are probably more such unpublicized incidents.

Pentagon and ethical hackers

If the human factor problem is solved by tightening internal policies toward employees, the Pentagon website and the entire U.S. Department of Defense infrastructure are protected by ethical hackers. As early as 2016, a government vulnerability search program called Hack the Pentagon was launched on the HackerOne platform. More than 100 potential breaches in ministry defense were discovered, and over 1,400 pentesters participated in the project. The number of participants is easily explainable. First, hacking the Pentagon online is the dream of any hacker. Secondly, the first bug bounty program of the Ministry of Defense was conducted on a paid basis. Individual payouts ranged from $100 to $15,000, with a total budget of $75,000. The next program was conducted in 2018 and focused on publicly accessible websites of the Ministry of Defense. 

By the end of 2020, the department was hacked more than 12,000 times, but within controlled tests. Hackers were no longer paid for finding vulnerabilities but were awarded points on the HackerOne platform. The start of the third bug bounty program of the Pentagon was announced in 2023. But this time, hackers were invited to try to penetrate systems that control mechanical operations, such as heating and air conditioning in the main building, the Pentagon's heating and cooling installation, a modular office complex, and a parking lot. The task of the hackers is to identify weaknesses and vulnerabilities and provide recommendations for improving and strengthening the overall security situation.

Conclusion

It is naive to think that in the modern world there are objects that simply cannot be hacked. And the Pentagon is no exception. Today we have told only a few stories related to hacking and data leakage from the U.S. military department. But there are many more incidents that have not been publicly disclosed. Meanwhile, the Pentagon does not close itself off and actively uses external specialists to find vulnerabilities and weak spots in the system. This is the right tactic that helps the ministry improve its cybersecurity and respond more intelligently to attempts at penetration.

The introduction of children to technology is happening at an increasingly younger age. This early exposure to the digital world, while beneficial in many ways, also carries significant risks due to the evolving tactics of cybercriminals. Parents must stay updated on the latest cybersecurity threats targeting young internet users to ensure their safety. 

Today, we aim to shed light on various cybersecurity trends and provide practical advice for parents to safeguard their children's online presence.

AI and its impact on young users

Artificial Intelligence (AI) is rapidly transforming numerous industries, and its applications are becoming a part of daily life, from chatbots to personalized online shopping experiences. This technological advancement naturally attracts the curiosity of children, who often use AI tools for educational purposes or entertainment. A UN study indicated that approximately 80% of young participants interact with AI multiple times daily. However, these interactions are not without risks, including data privacy breaches, exposure to cyber threats, and inappropriate content.

Children often use AI applications for seemingly innocuous activities like photo editing. These apps might prompt users to upload personal photos, which could then be stored in unknown databases or used in ways the user did not intend. Parents must guide their children in using these applications cautiously, ensuring no personal information is visible in the background of photos or shared through the app.

AI chatbots, while useful, can sometimes provide content that is not age-appropriate. Imagine a scenario where a parent has installed an AI chatbot on their child's smartphone to assist with homework and answer educational questions. One day, the child decides to ask the chatbot a seemingly innocent question about birds. However, instead of receiving a child-friendly response, the chatbot generates inappropriate content related to adult topics or includes explicit language, causing the child to stumble upon content that is not age-appropriate.

In this example, the AI chatbot, though designed to be helpful, has failed to filter or moderate its responses properly, leading to a potentially harmful and inappropriate experience for the child.

The world of gaming and its hidden dangers

Gaming is a popular activity among children, with statistics showing that 91% of children in the UK aged 3-15 play digital games. This vast digital playground, however, also exposes them to potential attacks from cybercriminals. In 2022 alone, security solutions identified over seven million attacks related to popular children's games, marking a significant increase from the previous year. Games designed for younger children, such as Poppy Playtime and Toca Life World, were targeted.

The gaming environment often includes unmoderated voice and text chats, which can be a breeding ground for cybercriminals. These criminals can build virtual trust with young players, similar to how they would in person, by offering gifts or promises of friendship. Once trust is established, they can extract personal information, encourage clicking on phishing links, or even groom the children for more sinister purposes.

Moreover, when children can't find an app or game in their region, they might look for alternatives, which often turn out to be harmful copies. This danger exists even on trusted platforms like Google Play. Between 2020 and 2022, the research identified over 190 apps infected with the Harly Trojan on Google Play, secretly signing up users for paid services. The downloads of these apps are estimated at 4.8 million, but the real number of victims could be higher.

Both children and adults are vulnerable to this trend. Understanding cybersecurity basics is crucial. For instance, it's vital to examine the permissions an app seeks when you install it. Consider a basic flashlight app – it has no reason to request access to your text messages or camera. Being alert to these details is crucial for maintaining online security.

Fintech for kids: Opportunities and risks

One emerging trend is the development of financial products and services tailored for children as young as 12. These specialized offerings, such as bank cards and digital wallets designed for kids, present both promising opportunities and notable risks for young consumers and their parents.

Opportunities:

• Financial Education: Fintech products for kids can be powerful tools for teaching financial literacy from an early age. 
• Parental Control: Fintech solutions designed for children often come with built-in parental control features. These features allow parents to monitor their child's spending, set spending limits, and receive real-time notifications of transactions. 
• Digital Payments: In an increasingly cashless society, introducing children to digital payments and financial technology at a young age can help them adapt to the changing financial landscape.

Risks:

• Cybersecurity Threats: As fintech products for children gain popularity, they become attractive targets for cybercriminals. Cybersecurity risks include phishing scams, identity theft, and data breaches. 
• Social Engineering: Cybercriminals may use social engineering tactics to manipulate children into revealing sensitive information or making unauthorized transactions. 
• Financial Implications: While fintech products offer financial education opportunities, they also expose children to the risk of overspending or making unwise financial decisions. 

Navigating online privacy with growing children

As children mature, they develop a greater understanding of personal space and privacy, which extends to their online activities. With the internet becoming more accessible, children are increasingly conscious of these aspects. Therefore, when parents decide to install digital parenting apps on their children's devices, the reaction from the kids might not always be positive.

This situation necessitates that parents develop the ability to effectively communicate with their children about their online experiences and the significance of using digital parenting tools for their safety, while also respecting their personal space. It's important to set clear boundaries and explain the purpose of these apps to the children. Regularly checking in with them and modifying the app's restrictions as the child grows and becomes more responsible is also crucial for maintaining a healthy balance.

A quick note on smart home devices

As a final thought, to ensure that this article is comprehensive, it’s important to note that the rise of smart home devices has made life more convenient but also more vulnerable to cyberattacks. Children, who are often users of these devices, can unknowingly become targets for cybercriminals. For example, some security studies on a popular smart pet feeder uncovered serious vulnerabilities that could allow unauthorized access and data theft. Parents must ensure the security of these devices and educate their children on safe usage practices.

Final thoughts 

In conclusion, as technology continues to advance, so do the challenges and risks associated with its use, particularly for young users. Parents play a critical role in educating and protecting their children from these evolving cyber threats. By staying informed and engaging in regular discussions about online safety, parents can help ensure a safer digital environment for their children.

Web browsers stand as gatekeepers of information, offering a semblance of privacy through a feature widely known as "Incognito mode." This mode, known variably as "Private" in Opera, "InPrivate" in Internet Explorer and Microsoft Edge, and simply "Incognito" in Google Chrome, suggests a veil of confidentiality. These names suggest a level of confidentiality, which can mislead some users about the actual capabilities of this mode. In this article, we have shed light on what Incognito mode really does, how it protects data, and how to maintain privacy online.

Understanding incognito mode

Incognito mode is a browser feature designed to hide certain online activities from other users of the same device. When activated, the browser stops saving:

• The history of search queries and visited pages;
• Cookies and site data;
• Information entered in forms;
• Passwords for autofill purposes.

Moreover, files downloaded while in Incognito mode won't appear in the device's download history. However, it's important to note that the websites you visit, your system administrator, and your internet service provider can still track your actions.

Myths surrounding incognito mode

One of the most pervasive myths about Incognito mode is its supposed ability to render users invisible to internet service providers (ISPs), governments, and malicious software. Contrary to popular belief, Incognito mode does not make one's online activities invisible to ISPs or shield against government surveillance. Nor does it offer any protection against viruses or malware. The mode merely ensures that the local browsing history, cookies, and site data are not stored on the user's device once the session is ended.

Another dangerous misconception is the belief that Incognito mode can protect users from all forms of online tracking. While it does prevent the storage of cookies and browsing history on the device, it does not hide the user's IP address or encrypt their internet traffic. Websites visited, as well as network administrators and ISPs, can still track online activities. This misunderstanding can lead users to overestimate the protection Incognito mode offers, potentially engaging in risky online behaviors under the false assumption of complete anonymity.

Appropriate uses for incognito mode

Despite its name, Incognito mode cannot guarantee complete privacy or data protection on the internet. Users should keep this in mind when using it. However, Incognito mode does offer several convenient features:

• It can keep your browsing interests hidden from family members or colleagues;
• It allows you to log into multiple accounts simultaneously by opening additional sessions in Incognito mode;
• It makes it harder for websites to collect information about your preferences for targeted advertising;
• It enables you to access your accounts on shared devices without leaving your account open to others. 

We recommend considering more reliable protection measures than just Incognito mode. If you're the sole user of your device, Incognito mode might not be particularly useful. Focusing on more effective measures such as antivirus protection, using a VPN, and controlling app permissions is advisable. If you're concerned about your data, consider regular backups and encryption.

Built-in VPNs and incognito mode

Some browsers offer built-in VPNs when using Incognito mode. Unfortunately, these are only partial measures that provide relative security for user information online. While Incognito mode can hide your browsing history within the browser, a built-in VPN might not be as reliable as a standalone application. For instance, a VPN provider can be hacked, or it might share user data with third parties. 

Free VPN services might collect user data for analytics or severely limit the performance of such solutions. It's also important to be wary of "dangerous" VPN servers that steal personal data, as they sit between the user and the web resource. Additionally, some VPNs may come bundled with malicious modules (e.g., miners) that financially benefit the VPN or browser owner at the expense of unsuspecting users.

Wrapping up – maintaining privacy online

For robust data protection and complete confidentiality, Incognito mode is insufficient. Additional tools are necessary. One solution for ensuring anonymity online is using a VPN from trusted vendors. A Virtual Private Network encrypts your data and hides your IP address. Other protective measures include:

• Using secure, up-to-date browsers;
• Installing and regularly updating antivirus software on your devices, as well as antivirus plugins for browsers to prevent visiting malicious sites and downloading suspicious files;
• Using complex and unique passwords for each account, along with two-factor authentication where possible;
• Exercising caution when opening and downloading files from unreliable sources to avoid malware;
• Only using VPN services from trusted vendors;
• Carefully reviewing the privacy policies of websites and services to understand how they handle user data.

Remember the importance of common sense and digital hygiene. Avoid downloading files indiscriminately, clicking on unknown links, or entering sensitive information on suspicious websites. While Incognito mode is a convenient feature, it's most effective when used correctly and with an understanding of its limitations.

Cybersecurity — as complex as it sounds — is an essential concept that we all need to be aware of in this day and age. Computers, phones, and smart devices have become an extension of our bodies at this point, which makes their security paramount. From your family photos to your bank details and social media handles, everything lives inside these devices. That’s why a security breach could have potentially life-changing consequences. With viruses and malware getting more advanced than ever, it’s no longer just a programmer’s job to care about cybersecurity. Every user should have at least a basic understanding of it to be able to implement it onto their devices. 

But, most of us aren’t too tech-savvy, so we can’t even understand the most basic computer terms. That’s why the first step is to get familiar with cybersecurity jargon so that you can easily grasp and follow tutorials online. In this article, we’re covering some of the most common cybersecurity terms and phrases. We’ve handpicked the most important ones, so read till the end and don’t miss any. Let’s get into it!

Phishing

Phishing is a malicious way to get unsuspecting users to click on shady links or attachments, or get them to reveal sensitive information by posing as a legitimate organization or business. Some attempts can be spotted easier than others depending on how sophisticated the setup is, and the user’s level of awareness.

Trojan

Sometimes, harmful code can be disguised as a legitimate program, application, or file, which is called a Trojan. 

Keylogger

A keylogger is a software tool that can monitor and record all keystrokes entered by a user. Through the data gathered by a keylogger, hackers can easily steal sensitive information like login details, credentials, OTPs (one-time passwords), private texts, and much more.

Account hijacking

Account hijacking is where a hacker takes control of a user’s account with malicious intent like stealing sensitive information or sharing problematic content through their platform. You could see it as a form of online identity theft, making it one of the biggest cybersecurity threats faced by celebrities and influential personalities.

DevSecOps

DevSecOps seem like gibberish at first glance, but it’s a combination of the words “development,” “security,” and “operations.”

The combined term refers to a software development approach that integrates security solutions into the development process right from the get-go. It’s ideal because, with cybersecurity threats, prevention really is better than cure. 

Digital footprint

As an online user, anything you do online creates a “footprint” consisting of your activities on the internet. For instance, what you post, what you like, the purchases you make, or simply the web pages you browse through. That’s your digital footprint. 

Cyber insurance

It’s a type of insurance that helps large organizations cover the risk of financial losses that may occur as a result of data breaches or cyberattacks.

Threat vector

Hackers or cyber attackers use a certain method or path to get into their target device, network, or system, referred to as the “threat vector.” 

IP address

An Internet Protocol (IP) address consists of a series of numbers associated with WiFi routers, servers, computers, and just about anything that’s connected to the Internet. Just like your standard home address, an IP address specifies the location of a system or device, letting users find it anywhere on the global network.

Malware

Malware is one of the most common words used within the cybersecurity space. It’s short for “malicious software,” and can be any code that’s meant to cause harm to systems or computers. Depending on how dangerous it is, it can steal, delete, and spy on information, or even destroy a system altogether.

Virus

A computer virus is a specific type of malware that’s designed to corrupt, change, or delete information from a system. Like viral diseases, a computer virus also passes onto other systems through in-built multiplication means like sending out emails with malware as attachments, etc. 

Antivirus software

Antivirus software, as the name suggests, is a computer program that’s responsible for preventing, detecting, and getting rid of malware. Getting a strong antivirus service for your Mac or Windows PC is the most important step you can take to reinforce your cybersecurity defenses as an average user.

VPN

Most of us already know or use VPNs, without ever even knowing what it stands for. It’s an acronym for “Virtual Private Network,” whereby the user’s actual IP address gets replaced by the VPN’s — granting them digital anonymity and making a cyber attacker’s life much harder. 

Cryptojacking

Cryptojacking is another modern threat for unsuspecting users where hackers can start using your computer’s processing power to mine cryptocurrency in an unauthorized manner. This slows down performance and starts jacking up your utility bills while the user has no clue.  

Data encryption

Data encryption is the process of encoding data such that no third party can access it unless they have a decryption key. 

Data protection

Data protection is an umbrella term that consists of many different practices designed to prevent private info from getting exposed to the wrong eyes. Data encryption, for instance, is one of the examples of data protection. 

DDoS attacks

Distributed Denial of Service (DDoS) is a method used by attackers to render a server or site unusable. It involves overwhelming it with bots or malicious traffic in volumes that are way over the capacity it’s meant to handle.

Worm

A worm is a particularly nasty type of malware that can reproduce itself just to spread to other networks and computers. They can either slow down the computer by compromising its resources or steal data.

Conclusion

Now that you know some of the most commonly used cybersecurity jargon, you can hopefully start to educate yourself on this crucial topic. This vocabulary should allow you to comprehend basic cybersecurity tutorials to perform regular tasks like installing an antivirus program, performing a scan, and quarantining or removing threats from your computer. All the best!

Every year, billions of people go to the polls to determine their next political leaders. The results of elections around the world, from India to the United States to Europe, shape the geopolitical situation for years to come. Cybercriminals love to exploit important and large-scale events, and elections are no exception.

With every election, there are warnings about disinformation, deep fakes created by artificial intelligence, and possible interference in the electoral process in different countries. However, not only are government agencies and political parties targets, but millions of voters also actively read political news and discuss hot topics online.

This article examines the multifaceted goals of election cyberattacks. 

Goals of cyber attacks during elections

One of the primary objectives of cyber attacks during elections is to manipulate public perception. Disinformation campaigns, spearheaded by state-sponsored actors or independent hacker groups, aim to sow discord and confusion among the electorate. These campaigns often employ social media platforms to spread false information, create fake news, and amplify divisive narratives.

During the 2017 French Presidential Election, hackers leaked a trove of emails from Emmanuel Macron's campaign just days before the election. The data breach, known as "MacronLeaks," involved the theft and public release of thousands of internal documents. While the attack did not ultimately alter the election outcome, it demonstrated the potential for cyber espionage to disrupt and influence electoral processes.

Beyond shaping public opinion, cyber attackers often target the technical infrastructure that supports elections. This can include voter registration databases, voting machines, and election management systems. The goal here is to disrupt the electoral process, either by causing delays, creating confusion, or directly altering vote counts.

Cyber attackers frequently aim to steal sensitive information during elections. This information can include voter data, internal communications of political parties, or confidential documents. The stolen data can then be used for various purposes, such as blackmail, further disinformation, or direct financial gain.

Another significant goal of election-related cyber attacks is to undermine voter confidence in the electoral system. By creating a perception of insecurity and vulnerability, attackers aim to diminish public trust in the legitimacy of election results. This can lead to lower voter turnout, increased skepticism towards elected officials, and overall democratic destabilization.

In some cases, the explicit aim of cyber attacks during elections is to directly influence the outcome. This can involve hacking into voting systems to alter vote counts or manipulating voter registration databases to disenfranchise specific groups of voters.

Cyber attacks during elections can also target political campaigns themselves. By hacking campaign websites, stealing sensitive strategy documents, or launching denial-of-service attacks, malicious actors aim to disrupt the operations and effectiveness of political campaigns.

Lastly, cyber attacks during elections can serve broader economic and geopolitical objectives. By destabilizing a rival nation's political landscape, state-sponsored attackers can gain strategic advantages. This can involve weakening the targeted nation's international standing, creating favorable conditions for economic negotiations, or simply asserting dominance in the cyber domain.

Combating cyber attacks on elections

To combat these multifaceted threats, governments and organizations worldwide have implemented a range of strategies and technologies. Here are some key measures:

Strengthening cybersecurity infrastructure
Investing in robust cybersecurity infrastructure is critical. This includes deploying advanced intrusion detection systems, encrypting sensitive data, and regularly updating software to patch vulnerabilities. Many countries have established dedicated cybersecurity agencies to oversee these efforts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) plays a crucial role in protecting election infrastructure. CISA collaborates with state and local election officials to provide guidance, resources, and real-time threat intelligence. By fostering partnerships and promoting best practices, CISA helps bolster the resilience of election systems.

Enhancing public awareness
Educating the public about the tactics used in disinformation campaigns is vital. Media literacy programs and public awareness campaigns can help voters identify false information and reduce the impact of manipulative content.

International cooperation
Cyber threats often transcend national borders, making international cooperation essential. Sharing intelligence, collaborating on cybersecurity research, and developing common frameworks for election security are crucial steps in addressing the global nature of these threats. The European Union Agency for Cybersecurity (ENISA) works to enhance the cybersecurity capabilities of EU member states. ENISA provides expertise, conducts training exercises, and facilitates cooperation among nations to improve the security of electoral processes across Europe.

Implementing auditable voting systems and promoting transparency
Adopting voting systems that provide a verifiable paper trail can help ensure the integrity of election results. Post-election audits can detect and address any discrepancies, bolstering public confidence in the electoral process. Transparency in the electoral process is essential to maintaining public trust. Governments and election officials should communicate openly about the measures in place to secure elections and the steps taken to address any incidents. Estonia is a pioneer in digital voting, having implemented a secure online voting system since 2005. The system uses advanced encryption and authentication methods to ensure the security and integrity of votes. Additionally, Estonia provides transparency through public access to audit logs and extensive voter education.

Final thoughts 

Cyber attacks during elections are a real threat to democratic processes worldwide. Understanding the diverse objectives of malicious actors, from manipulating public perception to disrupting electoral infrastructure, is crucial for developing effective defenses.

By strengthening cybersecurity infrastructure, enhancing public awareness, fostering international cooperation, implementing auditable voting systems, and promoting transparency, we can better protect the integrity of elections. As technology continues to advance, so too must our strategies to safeguard our most fundamental democratic processes from cyber threats.

If you have access to the internet, you’ve likely heard about “Hamster Kombat,” a game that has caused quite a stir worldwide. Alongside its not-so-obvious financial prospects and the risk of wasting your time, there are significant cybersecurity risks to be aware of. This article delves into the cybersecurity risks that users of Hamster Kombat and similar clicker games face.

What are clicker games and what makes them unique?

Clicker games, also known as incremental games, revolve around the repetitive action of tapping the screen to earn in-game currency. The coins you collect can be spent on upgrades that speed up the earning process or even automate it entirely. When the game runs in the background without any player input, it is often referred to as an “idle game.” These games are designed for endless progression and level advancement without demanding constant attention.

The appeal of clicker games dates back to 2013, when they first captured the public’s interest due to their simplicity and ability to provide a welcome distraction from daily life. Fast forward to 2024, and we see the resurgence of this genre with the introduction of Hamster Kombat, popularly known as the “hamster game.” 

The creators promised that the in-game currency could eventually be exchanged for real money once the Hamster Kombat coin was listed on a cryptocurrency exchange. Other clicker games like Yescoin, Blum, TapSwap, BIRD, 1WIN Token, and MemeFI have also emerged, each offering potential earning opportunities.

The risks faced

One of the main risks is phishing by the developers of clicker games. There have been instances where individuals join such projects and are asked to authenticate on phishing sites to “verify their Telegram account.” This can compromise the user’s Telegram account, exposing personal conversations and potentially leading to further phishing campaigns. For example, the compromised account could be used to send phishing links to all contacts.

In some projects, users are asked to enter their seed phrase to recover access to their cryptocurrency wallet. This is often presented as necessary for linking the wallet and withdrawing cryptocurrency. Unfortunately, this results in users losing all the cryptocurrency stored in the compromised wallet.

Another risk involves installing malicious software disguised as tasks or upgrades for the game account. Users may be prompted to “install an app on your smartphone to mine 30% more coins.” 

Such software can compromise the security of the user’s device, leading to data theft or unauthorized access to personal information.

In the least harmful scenarios, fraudulent projects result in wasted time and pointless task completion. Players receive no payments, while scammers profit from their subscriptions to external Telegram channels.An illustrative example is Hamster Kombat, where a hacker claimed to have exploited a vulnerability. By manipulating the game’s web version on Telegram, the hacker was able to earn all the in-game currency instantly by inputting the desired values into the browser console. This exploit highlights the importance of robust security measures and the potential risks associated with online games.

Information security threats in mobile gaming

Mobile gaming is not immune to cyber threats. There are several ways cybercriminals can attack users, categorized into risks related to users and those associated with irresponsible developers.

User-related risks include phishing, social engineering, malware, and client-side attacks. Phishing involves tricking users into divulging personal information by pretending to be a legitimate service. Social engineering manipulates users into performing actions or sharing confidential information. Malware can be introduced through malicious apps or updates, compromising the device’s security. Client-side attacks exploit vulnerabilities in the user’s device or applications.

Developer-related risks involve non-compliance with information security standards, unethical data collection, lack of security updates, exploitation of known vulnerabilities, and selling user data to third-party companies. 

Indeed, developers may not adhere to industry standards for data protection, leading to vulnerabilities. Unethical data collection practices can result in excessive user data being harvested and sold. A lack of security updates can leave applications vulnerable to attacks. 

Known vulnerabilities may be exploited if not addressed promptly, and user data may be sold without consent.

Additionally, game developers themselves may be dishonest and share user data with third parties. Popular games attracting hundreds of thousands of users are an enticing target for cybercriminals.

How to protect yourself

Using strong passwords is a fundamental step in protecting your online accounts. Ensure your passwords are complex and unique to each account, making them harder to guess or crack.

Enabling two-factor authentication (2FA) provides an additional layer of security. Where possible, enable 2FA for your accounts. This adds a second step to the login process, typically involving a code sent to your phone or email, making it more difficult for unauthorized users to gain access.

Avoiding suspicious links and offers is crucial. Be cautious of links and offers that seem too good to be true. These can often be phishing attempts designed to steal your personal information or credentials. Regularly updating your operating system and apps is essential for mitigating known vulnerabilities. Software updates often include security patches that protect against the latest threats. Ensure your devices and applications are always up to date.

Verifying the authenticity of requests for personal information or credentials can prevent phishing attacks. Always double-check the source of such requests and ensure they are legitimate before providing any information. Installing reliable antivirus software can help detect and prevent malware infections. Choose a reputable antivirus solution and keep it updated to protect your device from malicious software.

Additional cybersecurity measures

Using a Virtual Private Network (VPN) can add a layer of security by masking your IP address and encrypting your internet connection, making it harder for cybercriminals to track your online activities. VPNs are especially useful when accessing public Wi-Fi networks, which are often less secure.

Regularly backing up your data ensures that you have copies of your important information in case of a cyber attack or data loss incident. Store backups in a secure location, separate from your main devices, to protect against ransomware and other threats.

Always use secure, encrypted connections (HTTPS) when entering personal information online to protect your data from being intercepted. Check for the padlock icon in the address bar to ensure the connection is secure.

Staying informed about the latest cybersecurity threats and how to counter them is crucial. Participate in cybersecurity training and stay updated with reliable sources of cybersecurity news. Knowledge is a powerful tool in protecting yourself from cyber threats. Regularly monitor your accounts for any suspicious activity. Early detection can help mitigate the damage caused by unauthorized access. Set up alerts for unusual account activity and review your account statements regularly.

The future of clicker games and cybersecurity

As clicker games continue to evolve, so will the methods used by cybercriminals. Developers and players alike must remain vigilant and adopt robust security practices. The integration of blockchain technology in these games presents new opportunities and challenges. While blockchain can enhance security through decentralized and transparent processes, it also introduces complexities that require careful management.

One emerging trend is the use of smart contracts in blockchain-based games. Smart contracts can automate and secure transactions, but they are also susceptible to vulnerabilities if not properly coded. Ensuring that smart contracts are audited by cybersecurity experts is essential to prevent exploits.

Final thoughts 

Clicker games, while entertaining, come with a variety of cybersecurity risks. Users must remain vigilant and practice good cybersecurity hygiene to protect their personal information and devices. By being aware of these risks and taking proactive measures, players can enjoy these games without compromising their security.