maybe there are several factors or some stuff that made these people be vulnerable
Users are not just nicknames in the computer world. They "consist" at least of:
- themselves (the real persons who sleep, eat etc);
- their devices (PCs, phones, laptops, tablets, smart TVs
smart toasters etc);
- ways to connect their devices to bitcointalk.org server or any-other-Internet-server (routers, WiFis, DNS etc);
- public Internet-services related to themselves and bitcointalk.org or any-other-Internet-service.
And almost any of these can be vulnerable.Themselves. Root of evil in most cases. Here we've got:
- weak passwords (only lazybones didn't mention the weak passwords);
- passwords we use for different services (for example, identical password for facebook and for bitcointalk.org, so if facebook account gets hacked, it's highly possible that bitcointalk.org gets hacked too);
- many fine human qualities like stupidity, nonchalance, curiosity and inattention: passwords written on piece of paper and then sticked to monitors to be shown on youtube-video; "indifference" to URLs of sites where people plan to work with money (phishing, yes); irrepressible aspiration to read messages from tax service that tax service never sends; desire to tell everyone that you're
Satoshi Nakamoto engaged in crypto currency - in other words, everything that can be described as "security ignorance".
(I'm sure I didn't mention them all.)
Their devices. Here we've got:
- poorly protected operation systems: because you need to use Qubes OS but continue to use outdated and unconfigured Windows HP - or because you start everything with "root" privileges
(it's better to include in "Themselves" paragraph though);
- viruses, malwares, keyloggers and other "gifts" for antivirus-free machines (and for users who like to download the super-files from cool site letshackeverythingdotcom);
-
spy sly scripts, applications and browser extensions (which - of course! - they received from the same letshackeverythingdotcom).
(I'm sure I didn't mention them all.)
Methods and devices to connect. Here we've got:
- our IPs;
- leaky cheap routers;
- sincere third-party workers who come to configure our leaky cheap routers;
- curious neighbors (or curious neighbors' children) who decided to check if they're good hackers or not;
- public WiFi's, which curious neighbors and their curious children use to check if they at least can "listen" to something that doesn't have a password;
- poorly protected devices connected to home networks.
(I'm sure I didn't mention them all.)
Public Internet-services. Here we've got:
- weak passwords for public Internet-services (e-mail, for example);
- poor protection when you can use better protection (when someone doesn't use the 2fA, right);
- autologin and "remember my password" - especially when you log in from device using by a bunch of people;
- trivial security questions in social media or e-mails (for example, someone sets a question "the name of my dear kitty" for his/her social media account - when everybody knows everything about that kitty from his/her posts).
(I'm sure I didn't mention them all.)
We're surrounded, folks.
