PhotoHere's a useful tip if you want to avoid getting your computer hacked: whenever you see one of those “this website is not safe” or “this website will harm your computer” warnings, stay away from that website.

Such advice sounds almost too obvious to mention, yet psychology researchers at Brigham Young University recently determined that it is worth mentioning — more specifically, that even presumably computer-savvy people who “ought to know better” will nonetheless ignore those security warnings.

BYU researchers Bonnie Anderson, Brock Kirwan and Anthony Vance tried a little experiment wherein it appeared that they'd hacked into study participants' personal laptops and caused major damage. That didn't really happen, of course; what happened was, study participants were surveyed about their own attitudes toward computer security.

Then, in an apparently unrelated task, they were asked to use their own computers to log on to a website filled with pictures of Batman, and divide the pictures into two categories: photography or animation.

Damage warnings

The researchers loaded the website with links, many of which had damage-warnings attached to them. Students who ignored too many “warnings” and clicked on links anyway eventually saw a terrifying (though completely fake) message on their screen: a laughing skull and crossbones, a 10-second countdown timer and the words “Say goodbye to your computer,” all courtesy of an alleged “Algerian hacker.” And even those students whose survey answers suggested they took computer security very seriously would often click on those “dangerous” links.

Brock Kirwan, an assistant professor of Psychology and Neuroscience, said that “A lot of people don’t realize that they are the weakest link in their computer security …. The operating systems we use have a lot of built-in security and the way for a hacker to get control of your computer is to get you to do something.”

Or to not do something: consider, for example, how many people don't even bother changing the default passwords on their IP cameras, leaving everything from their baby monitors to their home-security camera feeds accessible to anyone who knows the default code.

Some personal-security matters are beyond your control: if you have and use a credit card, you're at risk if that credit card or any of the stores where you used it get hacked. But as the recent Brigham Young study and the IP camera-password fiasco conclude, many of the worst hackings result from things you can control, yet don't.

In real life, if you visit a compromised website, you won't see a skull-and-crossbones logo or anything else letting you know you made a mistake.


Share your Comments